Quickstart tutorial

This quickstart tutorial will guide you through Rudder's installation process on a dedicated platform and creating and applying a rule to secure SSH access.

Install Rudder

Install Vagrant and Virtualbox

This quickstart is based on Vagrant and Virtualbox for simplicity reasons. It is of course possible to install Rudder without those tools by following Rudder's documentation.

You first have to install Virtualbox:

apt-get install virtualbox

or

yum install virtualbox

Then Vagrant in version 1.4 minimum. If this version is not available on your distribution, you can download it on vagrant's site. Otherwise:

apt-get install vagrant

or

yum install vagrant

Install a platform with a Rudder server

Normation provides a Vagrant configuration ready for testing Rudder with Vagrant.
You first need to download it:

git clone https://github.com/Normation/rudder-vagrant.git
cd rudder-vagrant

Then run a Rudder server and a VM with a Rudder agent. This cans take some time, you can take a cup of coffee.

vagrant up

If installation worked, you should now be able to access the login page on Rudder at this URL https://localhost:8081/rudder

none

Connect to Rudder server

Go to https://localhost:8081/rudder Then use the following informations to connect:

Login: admin
Password: admin

Now you can peek around and discover Rudder's interface.

none

Accept the node into Rudder

A node is only managed by Rudder after it has been accepted. Accepting is when you check that the node is really the one you want to trust.

To do this, go into "Node Management / Accept new node", click on "Select all" then on "Accept into Rudder".

Rudder then ask you to confirm the acceptation, click on "Accept".

You now have a Rudder server installed and a node ready to be configured.

none
none

Use Rudder to configure a service

Add a directive

A directive is a configuration with parameters for a specific service.
We'll first start with the creation of an SSH configuration.

Let's go into "Configuration Policy / Directives" then select the technique "OpenSSH Server".

Name the directive

Click on "Create with last version then enter the name "Secure SSH Server".

Then click on "Configure".

Change configuration

Change "Allow password authentication" to "No".

Change "Allow root to login using SSH" to "No".

You can play around with OpenSSH configuration too, to make it match your needs.

Then click on "Save".

none
none
none

Add a rule

A rule is the application of a directive set to a machine set.

Once a rule is applied, the configuration described in its directives will be applied on all corresponding machines.

Let's create a rule to secure nodes.

Go into "Configuration Policy / Rules" then click on "New Rule".

Name the rule "Securing servers" then click on "Save".

Configure the rule

In the rule's parameters, click on "Secure SSH Server" then on "All managed nodes" to apply the directive we just create to all nodes managed by Rudder. Then click on "Save".
none
none

Let Rudder apply the rule

Rudder will check every 5 minutes that the rules are well applied. You just have to wait 5 minutes to have the rule applied on the node.

On the other hand you probably want to apply it now. It is possible to force Rudder agent to run.

Just connect to the node:

vagrant ssh node

Then ask the agent to update and run:

sudo rudder agent update
sudo rudder agent run

Once the node is up to date, we can display the final compliance in the web interface. It is available either on the home page or separately for each rule on the rule page.

You can see that the rule has well been applied. In the rule page, you may see an incomplete compliance at first. This is what happens when rules applications is not finished on all nodes.

You now have a secured SSH server on your node.
Note that if you add a new machine to this Rudder infrastructure, it will automatically be configured by this rule without any additional action.

none

Need a hand?

The team is at your disposal yo help you!