Rudder 3.0 – A major step forward

Hello folks, 2015 starts with a lot of new promising changes for Rudder!

After all the polishing work we did to Release Rudder 2.11, we decided that the next Rudder version would have a lot of new features and improvements. With a list of feature that long, we decided that the next version will be a new major version, 3.0.

The main features of Rudder 3.0 ‘Galleon’ are:

  • Web interface comes with a new design (using Bootstrap) for a better user experience
    • A new dashboard on the home page
    • A new menu
    • Better pages display
    • Improve all reporting display
  • A Command Line Interface (CLI) for Rudder agent
  • You can assign key/value pair to nodes via REST API
  • Environment variables of Nodes can be used in Directives and Techniques (both ncf and standard)
  • A new compliance mode named ‘changes-only’ that significantly reduces bandwidth usage of reporting
  • New OS support:
    • Red Hat Enterprise Linux (RHEL) 7 and derivatives
    • Debian 8
    • SystemD services management
  • Improved performance
  • Old Techniques are now deprecated, to encourage usage of the latest version of technique instead of using old buggy ones

 

New web interface

We want to provide the best user experience as possible with Rudder and as of 2.11, there are a lot of things we can improve.

A new Dashboard

Before Rudder 3.0 we had a static page as a homepage for Rudder. We found that it didn’t include enough informations, so we enhanced it.

To improve this page, we created a dashboard containing informations about your whole IT (global compliance, how the compliance is distributed between Nodes, OS Distribution…) and still providing access to every parts of Rudder (Rules, Directives).

dash

We hope that our new dashboard will now be frequently used to have a global view over your system and help you master it.

A new header menu

We replaced the previous header menu with a new navigation menu which is very small, making a lot more space for content viewing.

Rudder New Nodes Management

The menu provide access to all pages of the webapp, contrary to the old version in which you had to click several times to access all of them.

It also display several informations on the global status (number of change request, status of policy generation, and user logged in)

The header menu is always visible so you don’t have to scroll up to change of page.

Improved page display

Rudder’s main pages contain everything you need, so we did not add new informations there. However, we reorganised them to greatly improve user experience:

  • With the new header menu, we don’t need anymore the small left menu to navigate. We removed it so we have more space for the page.

png;base641539ffb8c21f6d38

  • We changed the Directive page totally.
    • You still have the directive tree on the left, but now when you click on a Directive, it is now displayed on the right part so you can switch between directive very easily!
    • We also removed the tabs system for the directive details, so now you see the whole directive

png;base646f31869595b24a19

  • Actions buttons (Clone,Disable,Delete,Save) on Rules and Directives so you can always use them when editing them.
  • We globally make more space for the content

 

More and better reporting

We want Rudder to provide you as much feedbacks about compliance of your IT as possible.

The previous compliance definition only counted full success reports towards compliance whereas the new version also counts partial success. That’s why we replaced all compliance percentage by a progress bar, showing a detailed state of your compliance instead of a partial information.

png;base645e11a02493048904

In one look, you will understand how much your IT is ok (green part), in error (red), have not answered (blue, orange). So you don’t have to look deeper to understand what’s going on.

You can see the detailed bars on Node reporting (tab “Reports” in a Node details) for each Rule applied to a Node. A compliance bar is also displayed for every Rule in the table so you clearly see which Rule is not correct directly.

png;base641a616b5ac4a31a48

Next to that bar you can also see a small graph, that graph represents the how many changes (repaired reports) there was on that Rule over the last 3 days, so you can now see Rule activity.

Rule details reporting is now more complete: Directive based reporting now use compliance bar, like other reporting display.

png;base64efd3032b95266a44

But we added two new sections:

  • A Node based reporting table, almost like Directive but starting from a Node point of view,

png;base64ed3fe63b8cf29898

  • A graph displaying the Rule activity, like the one you got in the table, but below it you have a table to see which changes there really was (really similar to what you have in Technical logs)

png;base6469b206e7a428e184

Last but not least, a global compliance overview is now available on the dashboard on the home page, in one look, you can now see if there is a problem.

That’s a lot of changes for Rudder web interface in 3.0, and we haven’t talked yet about the new features we added!

Rudder agent CLI

When maintaining an infrastructure using Rudder, you sometimes have to debug a Node and run commands on them to understand what’s going on. We identified the most common command used and we regroup them in one tool: rudder agent CLI.

On a node simply run:

rudder agent <command> [parameters ...]

 

 Available commands are :

  • disable: forbid rudder-agent to be run by cron or service
  • enable: re-enable a disabled rudder-agent
  • inventory: force the agent to create and send a new inventory
  • reinit: re-initialise the agent to make it be seen as a new node on the server
  • reset: reset agent status and cache
  • run: force run agent promises
  • update: update promises on agent
  • version: get the agent version

 

Node properties

We’ve got a lot of information about Nodes managed by Rudder through the inventory, but the inventory only contains hardware/software characteristics, and sometimes you need to personalize informations about a Node (department/country/environment… whatever your want).

This could be done before via environment variables and create groups based on that variable but this was not very handy.

In 3.0, we added the possibility to add custom properties to Nodes via Rudder API rest: http://www.rudder-project.org/rudder-api-doc/#api-Nodes-updateNodeProperties

To add some properties on a Node just run (here, shell and env_type):

curl -H "X-API-Token: yourToken" -X POST  https://rudder.example.com/rudder/api/latest/nodes/NodeID -d "properties=shell=/bin/false" -d "properties=env_type=production"

Then in rudder web interface you can create groups based and those value, and consult them on the Node details page (tab “properties”).

png;base64c3fe55d27c0fb22c

Use environment variables as parameters

Sometimes you want to have node specific values, but parameters are only globally defined for now and usage of cfengine variables is rather complex (see https://www.mauras.ch/rudder-fun-with-variables.html).

We now allow to access locally defined environment variable in Directive and Techniques. They are accessible using ${node.env[NAME]}, where NAME is name of the variable (warning: case sensitive)

Compliance mode

To compute compliance, we need to have reports from Nodes. Dozens of reports are sent at every agent run. When you have few Nodes (< 200) with a correct network, that’s not a problem. But when you’ve got a lot of Nodes, your network can become saturated with those reports. Same thing when your Nodes are on a low speed connection, you don’t want it to be completely used by rudder agent.

We want to provide an alternative to that mode, requiring far less bandwidth, by only sending changes (when state on the node is modified) and if nothing happens in a long time, send a signal to tell the server the node is alive (we call that ‘heartbeat’)

An entry in the Settings page is available to change of compliance mode.

When you select ‘change-only’ you must define the interval between two heartbeat sending.

Node parametrization

You can now have specific value for agent run for a node, overriding the global value. This can be useful when you want to ensure your compliance on a critic node, or reduce bandwidth usage on some isolated node.

png;base646aa1fb343bcd5a97

Technique deprecation

We are maintaining some Techniques for a long time, and we have release several versions for each of them. The latest version have less bugs and more features, and should be used when possible. In 3.0 we added a possibility to deprecate old technique versions. They will still be available for you to use in 3.0, but we encourage you to migrate to latest version before upgrading to a next version (3.1).

Directive using an old technique version are now highlighted with a small icon, and we improved the migration process (it’s now in the directive edit form).

png;base649a3f6fe9dd819a7epng;base64aacacb4d2e283f74

Finally

As stated in the abstract, we added support for new OS (Debian8, RHEL7) and our techniques are now systemd compliant. So we now have support for:

 

  • Debian 7, Debian8, RHEL/CentOS 6, RHEL/CentOS 7, SLES 11, Ubuntu 12.04, Ubuntu 14.04 on the server
  • All of the above plus Debian 5, Debian 6, RHEL/CentOS 3, RHEL/CentOS 5, Fedora 18, SLES 10, Ubuntu 10.04, Ubuntu 12.10 on the agent

We also improved A LOT of performance from the webapp:

  • Node display (2000 Nodes in 1 second)
  • Rule display / compliance (tenth of seconds to several seconds)
  • Lots of other improvements!

So Rudder 3.0 is the fastest Rudder that you will ever have

We hope that you will have a better experience while using that new UI and we are really looking forward to hearing your feedback about it!