Red Hat Training

A Red Hat training course is available for Red Hat JBoss Operations Network

6.12. Controlling Configuration Drift

Configuration drift is the accumulation of changes, over time, to the desired or administrator-defined configuration. These changes can be trivial, accidental, or incremental, but it moves the resource outside the intended settings.
Configuration drift and JBoss ON's drift monitoring are covered in detail in the drift chapters of "Managing Resource Configuration."
For EAP 6, plan a drift strategy that covers all of the critical configuration and provides a path to remediation, possibly without requiring administrator intervention, to help preserve production systems:
  1. Set drift definitions that track the critical configuration directories, such as domain/configuration/ andstandalone/configuration/, but that exclude directories which will have constantly changing data, such as logging, library, and data directories. Even within the configuration directories, create exclude rules for the host_xml_history/, domain_xml_history/, and standalone_xml_history/ directories, since those are not proper configuration files and should not be tracked.
  2. Once the desired configuration is in place, pin that configuration to the drift definition. This sets the desired configuration as the baseline. All changes will be compared against that baseline.
  3. Create an archive of the blessed configuration.
  4. Create a bundle definition that can be automatically deployed to reset the EAP 6 configuration and remediate drift.
    When creating the he destination should be the platform of the EAP 6 resource. The destination could be the standalone server or the domain controller, but using the platform allows you to deploy the bundle to an expendable directory, like /tmp/mybundles/holding, and then run a post-install task that copies the configuration files into the configuration directory.
    Deploying a bundle generally removes whatever existing files are in the target directory and replaces them with the bundle. There are ways to control that behavior, but, generally, it is safest to have the contents of the bundle match exactly what the final deployment will be.
    Since it may not be feasible to have the entire configuration directory in the bundle, deploying to a separate location on the filesystem preserves the configuration directory, and only the important configuration files are updated (when they are copied by the Ant task).
    For more on bundles and remedying drift, see the bundles chapter in "Deploying Applications and Content" and the drift-bundle CLI example script in "Writing JBoss ON Command-Line Scripts."
  5. Set up alerts for configuration drift that do two things:
    • Send a notification email to administrators.
    • Run a CLI script on the platform that automatically deploys the bundle.
    "Setting up Monitoring, Alerts, and Operations" has information on how to configure alert notifications that launch a JBoss ON server-side script or that run an operation on another resource.

Note

Changing the EAP 6 resource configuration, changing JVM definition settings, adding server groups and managed servers, or changing configuration settings all edit the EAP 6 configuration files, domain.xml and standalone.xml. That will trigger a drift alert, if alerting is configured.