This quickstart is based on Vagrant and Virtualbox for simplicity reasons. It is of course possible to install Rudder without those tools by following Rudder's documentation.
You first have to install Virtualbox:
apt-get install virtualbox
yum install virtualbox
Then Vagrant in version 1.4 minimum. If this version is not available on your distribution, you can download it on vagrant's site. Otherwise:
apt-get install vagrant
yum install vagrant
Normation provides a Vagrant configuration ready for testing Rudder with Vagrant.
You first need to download it:
git clone https://github.com/Normation/rudder-vagrant.git cd rudder-vagrant
Then run a Rudder server and a VM with a Rudder agent. This cans take some time, you can take a cup of coffee.
If installation worked, you should now be able to access the login page on Rudder at this URL https://localhost:8081/rudder
A node is only managed by Rudder after it has been accepted. Accepting is when you check that the node is really the one you want to trust.
To do this, go into "Node Management / Accept new node", click on "Select all" then on "Accept into Rudder".
Rudder then ask you to confirm the acceptation, click on "Accept".
You now have a Rudder server installed and a node ready to be configured.
A directive is a configuration with parameters for a specific service.
We'll first start with the creation of an SSH configuration.
Let's go into "Configuration Policy / Directives" then select the technique "OpenSSH Server".
Click on "Create with last version then enter the name "Secure SSH Server".
Then click on "Configure".
Change "Allow password authentication" to "No".
Change "Allow root to login using SSH" to "No".
You can play around with OpenSSH configuration too, to make it match your needs.
Then click on "Save".
A rule is the application of a directive set to a machine set.
Once a rule is applied, the configuration described in its directives will be applied on all corresponding machines.
Let's create a rule to secure nodes.
Go into "Configuration Policy / Rules" then click on "New Rule".
Name the rule "Securing servers" then click on "Save".
Rudder will check every 5 minutes that the rules are well applied. You just have to wait 5 minutes to have the rule applied on the node.
On the other hand you probably want to apply it now. It is possible to force Rudder agent to run.
Just connect to the node:
vagrant ssh node
Then ask the agent to update and run:
sudo rudder agent update sudo rudder agent run
Once the node is up to date, we can display the final compliance in the web interface. It is available either on the home page or separately for each rule on the rule page.
You can see that the rule has well been applied. In the rule page, you may see an incomplete compliance at first. This is what happens when rules applications is not finished on all nodes.
You now have a secured SSH server on your node.
Note that if you add a new machine to this Rudder infrastructure, it will automatically be configured by this rule without any additional action.