-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Operations Network
5. Managing Configuration Drift
5.1. Understanding Drift
- What directories (and files within those directories) matter for drift monitoring? Even though a drift definition is defined for a resource, the actual drift detection is performed at the directory level. Drift monitoring, then, can hit anywhere on a platform — even outside resources managed by JBoss ON.
- How do you identify a change? Do you compare it to the version immediately before it or to an established baseline?
5.1.1. Drift Definitions and Detection
/etc/
that only includes changes to *.conf
files, the elements in the drift definition are:
Value context: fileSystem Value name: /etc Includes: **/*.conf
Note
Table 1. Combinations to Include Specific Files
Files to Monitor for Drift | 'Includes' Path | 'Includes' Pattern |
---|---|---|
/etc and all its subdirectories | Blank | Blank |
For *.conf files in /etc and all subdirectories | . | **/*.conf[a] |
For *.conf files only in the /etc directory, with no subdirectories (/etc/*.conf) | . | *.conf |
For *.conf files only in a subdirectory one level below /etc (/etc/*/*.conf) | Not possible | Not possible |
For any file in a specific subdirectory (yum.repos.d/) below /etc | yum.repos.d (subdirectory name) | Blank |
[a]
This must have a double asterisk for the directory part. It will not work with a single asterisk.
|
Note
5.1.2. Snapshots, Deltas, and Baseline Images
Note
- It can compare against the next-most recent version of the files.
- It can compare against a defined, stable baseline.
Figure 4. Rolling Snapshots
Figure 5. Pinned Snapshots
5.1.3. Destination Directories with Special File Types
ln -ls /home/dev/libs /usr/share/jbossas/server/libs
libs/
directory in the JBoss AS home directory, it will follow the symlink back to /home/dev/libs
, and include all of those files in the drift snapshot.
Important
excludes
parameter in the drift definition to exclude the symlink.
Note
excludes
parameter in the drift definition to exclude any named pipes in the target directory.
Table 2. Drift Definitions and Unix File Types
File Type | Supported by Drift? |
---|---|
File | Yes |
Directory | Yes |
Symbolic link | Yes |
Pipe | No |
Socket | No |
Device | No |
5.1.4. Drift and Resource Types
rhq-plugin.xml
descriptor, then that resource type supports drift. The template is a starting point (not an enforced configuration, like alert or metric collection templates).
- All platforms
- JBoss EAP 6 (AS 7), and all resources which use the JBoss AS 5 plug-in
- JBoss AS/EAP 5, and all resources which use the JBoss AS 5 plug-in
- JBoss AS/EAP 4 (deprecated)
Note
5.1.5. Back to Drift Monitoring
Drift monitoring is the ability to track changes to target locations. The JBoss ON GUI allows you to view snapshots all together, compare changes for individual files between snapshots, view the current configuration, and view change details. It also provides inventory and drift reports and indicates, at a glance, whether a resource is compliant with an associated pinned snapshot.
A specific alert condition exists that will trigger an alert whenever there is drift. For rolling snapshots, this will send an alert once (and only once) for each drift snapshot. For pinned snapshots, the drift alert is fired for every detection run for as long as the resource is out of compliance, even if there are no subsequent changes.
Note