Page tree
Skip to end of metadata
Go to start of metadata

Contributor content

This topic was created by a BMC Contributor and has not been approved. More information.

Compliance remediation may require conditionally passing different values to the targets. This is possible with the use of Local Parameter Instances, or, alternatively, Local Parameter Instances linked to Custom Property Classes. Special attention must be given to how the rules are created and how the remediation packages are created.

In the following example scenario, three directories reside on a system — /tmp/DEV, /tmp/TEST, and /tmp/PROD. Each of these directories contains configuration files named myfile.properties and myconfig.properties. These files contain three settings that are formatted as name=value pairs: MyEnv and MyDatabase in myfile.properties, and MySetting in myconfig.properties. Currently, all six files contain the same entries (TEST). We need to push a configuration change to these files to match the actual environment (parent directory). This is a very simple example, but it can be extrapolated to plan for a more complex use case. Parallel steps are presented below for the following two methods:

  • Using only Local Properties, which are accessible from only the one specific template object.
  • Using a Custom Class, which enables you to model the application, so that you can reuse the structure for other objects.

This example guides through the following tasks:

Configuring the component template that you will use to discover components

For this task you can choose between creating a component template using Local Properties or using a Custom Property Class:

To create the template using Local Properties

  1. Create a component template and allow Discover, Browse, Compliance, Remediation, and Auto-Remediation.
    Initially leave the parts empty.
  2. On the Local Properties tab of the Template, perform the following steps:
    1. Create a property called INSTANCE_NAME. Create another called DATABASE_NAME.
    2. On the Instances tab of the Local Properties create three new instances, DEV, TEST, and PROD. 
    3. Set the INSTANCE_NAME to the same value in all three instances, and set DATABASE_NAME to something unique for each instance.
  3. On the Parts tab of the template add a new Directory part of /tmp/??INSTANCE_NAME??.  You can do this by clicking the page icon in the middle bottom of the Select Parts dialog box.  Do not select any Included Operations for the directory part.
  4. On the Local Configuration Objects tab, add a new Configuration File. Use the OS type(s) for your environment, and type in the path of /tmp/??INSTANCE_NAME??/myfile.properties. Select the name = value grammar.
  5. Repeat step 4 for the myconfig.properties configuration file.
  6. On the Discover tab, add a discovery rule of Directory /tmp/??INSTANCE_NAME?? exists.
  7. On the Parts tab, ensure that Browse and Compliance are selected for the two parts.
  8. Save the template.

To create the Template using a Custom Property Class

  1. In the Property Dictionary create a new Class or SubClass called ParameterRemediation
    1. In this new Class create two new properties — INSTANCE_NAME and DATABASE_NAME.
    2. On the Instances tab of the Class create three new instances — DEV, TEST, and PROD.
    3. Set the INSTANCE_NAME to the same value in all three instances, and set DATABASE_NAME to something unique for each instance.
  2. Create a component template and allow Discover, Browse, Compliance, Remediation, and Auto-Remediation.
    Initially leave the parts empty.
  3. On the Local Properties tab of the Template, perform the following steps:
    1. Create a new Property called MYAPP of type ParameterRemediation.
       
    2. On the Instances tab of the Local Properties create three new instances — DEV, TEST, and PROD. 
    3. Set the MYAPP property value to the Property Instance of ParameterRemediation that corresponds to the new instance.
  4. On the Parts tab of the template add a new Directory part of /tmp/??MYAPP.INSTANCE_NAME??. You can do this by clicking the page icon in the middle bottom of the Select Parts dialog box. Do not select any Included Operations for the directory part.
  5. On the Local Configuration Objects tab, add a new Configuration File. Use the OS type(s) for your environment and type in the path of /tmp/??MYAPP.INSTANCE_NAME??/myfile.properties.  Select the name = value grammar.
  6. Repeat step 5 for the myconfig.properties configuration file.
  7. On the Discover tab, add a discovery rule of Directory /tmp/??MYAPP.INSTANCE_NAME?? exists.
  8. On the Parts tab, ensure that Browse and Compliance are selected for the two parts.
  9. Save the template.

Running discovery based on your component template

Create and run a component discovery job using the new template, and run this against your test system where you created the directory structure.

After running discovery you should be left with three components on the target server.

When browsing one of these components, you see the directory and the configuration file and its parts.

Creating a BLPackage for remediation

  1. Right-click one of the components that were discovered in the previous task, browse it, right-click on the myfile.properties configuration entry and select Add to Depot > As BLPackage.
     
  2. Choose a location to store the BLPackage.
  3. Accept the defaults in the package creation wizard and then open the BLPackage.
  4. Create two local properties in the BLPackage: INSTANCE_NAME and DATABASE_NAME
  5. Edit the MyEnv and MyDatabase values as shown in the following image, using ??DATABASE_NAME?? for the MyDatabase setting and ??INSTANCE_NAME?? for MyEnv.
  6. Save and close the BLPackage.
  7. Repeat steps 1-6 to create another BLPackage for the myconfig.properties configuration file object.

Creating compliance rules in the component template

For the creation of compliance rules, once again, choose between using Local Properties or using a Custom Property Class:

To create compliance rules using Local Properties

  1. Open the component template that you created previously.
  2. On the Compliance tab, add a new rule.
    Add the following basic condition:
    "Configuration File Entry:/tmp/??INSTANCE_NAME??/myfile.properties//MyEnv"."Value1 as String (All OS)" equals "??INSTANCE_NAME??"
    "Configuration File Entry:/tmp/??INSTANCE_NAME??/myfile.properties//MyDatabase"."Value1 as String (All OS)" equals "??DATABASE_NAME??"
  3. On the Remediation tab within the rule, select the BLPackage that you created earlier and fill in the Value settings as shown below. Allow auto-remediation if you like.
  4. Save the rule.
  5. Create another rule and remediation for the myconfig.properties entry using the second BLPackage created previously.

To create compliance rules using a Custom Property Class

  1. Open the component template that you created previously.
  2. On the Compliance tab, add a new rule. 
    Add the following basic condition: 
    "Configuration File Entry:/tmp/??MYAPP.INSTANCE_NAME??/myfile.properties//MyEnv"."Value1 as String (All OS)" equals "??MYAPP.INSTANCE_NAME??"
    "Configuration File Entry:/tmp/??MYAPP.INSTANCE_NAME??/myfile.properties//MyDatabase"."Value1 as String (All OS)" equals "??MYAPP.DATABASE_NAME??"
  3. On the Remediation tab within the rule, select the BLPackage that you created earlier and fill in the Value settings as shown below. Allow auto-remediation if you like.
  4. Save the rule.
  5. Create another rule and remediation for the myconfig.properties entry using the second BLPackage created previously.

Running a Compliance Job for compliance analysis and remediation

  1. Using the template, create a Compliance Job and run it against the three components for the template.

  2. Right-click the Server View node and select Remediate. You can remediate at the Server, Component, or Rule level. 
    Then, in the Remediate Job Result window, enter your input for the following job specifications:

    • A name for the remediation job.
    • A location for storing the associated BLPackages.
    • A location for storing Deploy Jobs or a Batch Job (in the case of multiple Deploy Jobs) that are generated by the remediation job.
    • If you have multiple rules in the component template that use the same properties (with the same names, created for the same purpose), ensure that you clear the Keep each local property name unique in remediation package check box, so that each property is listed only once in the BLPackages associated with the job. Otherwise, the BLPackage will have duplicate property names created (such as INSTANCE_NAME (2)) for those duplicate properties.
      In our example we will clear the Keep each local property name unique in remediation package box, because both Rule1 and Rule2 reference the INSTANCE_NAME property.
    • If you want to target the Components instead of the Server object, clear the Use servers as remediation target option. This requires that the Deploy action is checked in the associated Component Template. This would be required if the role running the remediation does not have access to the server object, or if there are required properties set at the Component level that are used in the Deploy Job.
  3. The Remediation Job wizard will pop up a Batch Job. This Batch Job will control the multiple Deploy Jobs necessary for remediating the target components. Inspect the child jobs, to ensure that the property values that are being passed on to the BLPackage in each child job are appropriate for the instance.


  4. Run the Batch Job, and then re-run the Compliance Job and see that all instances are compliant.