Use a predefined policy
In this section you will:
|
You have just learnt to use the Technique Editor, which gives access to a broad range of building blocks for policies. To allow an easy configuration of common system settings, Rudder also comes with a pre-defined set of techniques, directly usable after installation.
Go to the Configuration Management → Directives page. What is a Directive? It is a simply a technique instance: a technique plus some parameters, making it an applicable piece of configuration.
We will now configure the SSH service on our nodes using the dedicated pre-built technique.
Let’s use the filter in the directive tree to find it easily:
Now click on SSH server (OpenSSH), the right part of the page will display the technique details, and the list of available versions of the technique. We will use the latest one, by clicking on Create with latest version.
This will make a new form appear, containing the configuration of the directive itself. As we said before, a technique is a parametrizable policy. A directive is a technique instance, i.e. a technique plus a set of parameters.
Defining a directive consist of choosing a technique and providing its parameters.
First, let’s give it a description. When using Rudder, keep in mind that filling all these documentation fields, though it may seem tedious, is very important for future reference, or collaboration with other. It is for example useful to include reference to external information (ticketing system, etc.), to allow keeping a track of all configuration changes. Also, note these documentation fields are rendered as markdown, so you can include links, bullet points, etc.
We now need to decide how we want to configure our SSH server. Let’s disable password authentication (it’s always a good idea anyway):
And go to the bottom of the page, click on Global configuration for all nodes (to apply it everywhere, we will see how it works later).
And click on save. It will open a window asking for confirmation and an audit message, that is used for traceability. You can leave it empty for now, and confirm.
Why a confirmation window here? Because the change we are saving will change our machines state. Once you click on save, the Rudder server will start updating configuration policies for nodes it is applied to (we will see later which ones exactly).
Let’s create a second directive, based on the technique we have just created (our demo user). Use the filter to find it in the directive tree, still on the Directives page.
This time, we will change one of the general parameters by overriding the policy mode to Audit mode.
Then apply it to the Global configuration for all nodes and save.
How to chose between built-in techniques and creating one in the technique editor?
A good rule of thumb it to use the built-in techniques when they cover your needs, and switch to the technique editor if you need to go further! |
You have just applied your first configuration policy. If you wait just a bit (at most 5 minutes), our expected state will be applied on our machine (actually only our Rudder server itself for now).
But we will have a closer look at what happens on the machine in the next section.
← Create a new policy Apply your first policies →