Managing Agent Configuration Policies

You can use Agent Configuration Policies to define and manage Agent configurations from the Application Server. Perform the following tasks to manage Agent Configuration Policies:

• Creating and applying an Agent Configuration Policy
• Editing an Agent Configuration Policy
• Deleting an Agent Configuration Policy
• Detecting and resolving policy conflicts

Prerequisites

Make sure that you have the following authorizations for creating and applying policies:

For information about these and additional authorizations, see System-authorizations.

Creating and applying an Agent Configuration Policy 

Do the following:

1. Log in to the TrueSight Server Automation console with the BLAdmin user credentials.

2. In the left pane, right-click Agent Policies and do the following:

   1. Click Agent Policy folder.
   2. Specify a folder name.

   All Agent Configuration Policies are listed in this folder. You can also create sub folders.

3. Right-click the folder that you created and click New > Agent Configuration Policy.
4. Provide a policy name and an optional description, and click Next.
5. (optional) On the Access Control list page, grant policy view or creation rights to other user roles. By default, the BLAdmins role has all the required privileges for Configuration Policy management. For information about granting authorizations or applying ACL templates or polices, see ACL-template-Permissions.
6. Click Finish. The policy is created and listed under the folder. The policy details to be configured are displayed in the editor.
7. On the General tab, verify the policy name and description.

8. On the Configurations tab, configure these Agent configuration files: exports, users.local, and users
   
   

   Do the following:

   1. Under Agent configurations, select the file that you want to configure.
   2. Select one of these operating systems: Windows or Linux

   • • (Windows) Do the following:

     1. 
        
        1. To update the file, make sure that the Enable check box is selected.
        2. In the File Contents field, add or update the file content or import the content of a local file or a file on the server using option.

     • (Linux) Do the following:

     1. 
        
        1. To update this file, make sure that the Enable check box is selected.

        2. From the Mode list, select one of these modes:

           • 0600 (RSCD only) - Select when the target servers contain only the RSCD Agent. This is the default mode.
           • 0644 (Repeaters) - Select when the target servers are used as repeaters. 

           We recommend creating separate policies based on these modes.

        3. In the File Contents field, add or update the file content or import the content of a local file or a file on the server using option.

9. On the Policy Scope tab, define rules to apply the policy and preview the targets to validate the rules:
   
   

   Do the following:

   • Configure one or more rules to apply the policy to targets. For example, perform these steps to set a rule to apply the policy based on a specific location:
     
     1. Click .
     2. Select the TARGET*LOCATION property, equals or contains as operator, and specify a location name, such as Austin.
     3. Click OK.
        The policy will be applied to all the targets that are available in the Austin data center. You can perform some additional customizations, such as changing the rule order and operators to set how multiple rules will be used. The Routing Rules Expression shows whether the rule conditions are valid. If the expression is detected to be invalid, update the rule conditions till it becomes valid.
        
        
        
        
   • Click Evaluate to view the list of eligible targets where the policy will be applied according to the defined rules. If the number of targets is large, use the pagination to quickly navigate through the target list.
10. (optional) Update the frequency at which the policy is periodically pushed to the Smart Agent. The policy is pushed only when a change is detected.
    1. At the bottom-left of the console, click Properties.
    2. Under Extended, specify a value for the INTERVAL_HOUR property. The default is two hours.
       If you want to disable this periodic policy push and apply the policy manually, specify the value as 0.
11. Save the changes.
12. To apply the policy to the targets immediately, right-click the policy name in the left pane and click Apply. The policy is applied to the eligible targets. 

13. On the Activity tab, review the count of targets where the policy was applied and the associated log events.
    
    

    Do the following:

    1. Review the target count based on the policy status.

       • Successful - Shows the count of targets where the policy was applied successfully.
       • Failed - Shows the count of targets where the policy failed.
       • Queued - Shows the count of targets for which the policy is waiting to be applied.
       • Total - Shows the total count of eligible targets where the policy was applied.

       (optional) Filter the target list.

       1. Click  and specify a string (case insensitive) to filter the target list. 
       2. Click Filter. The targets that match the specified string are displayed. 
       3. To clear the applied filter, click Clear.

       You can export and refresh the target list.

    2. Select a target from the list to review and analyze the associated logs that are displayed in the Log events section. You can export and refresh the log events.

14. On the Results tab, check the last policy run details, such as date and timestamp.
    
    

    Do the following:

    1. In the left pane, right-click a policy run.
    2. Do any of the following:
       
       • Click Delete to delete the policy job run. 
       • Click Refresh to refresh the policy job run.
       • Click Show Log to view the logs associated with the policy job run.
       • Click Export Log to export the logs associated with the policy job run.

Editing an Agent Configuration Policy 

Do the following:

1. Log in to the TrueSight Server Automation console with the BLAdmin user credentials.
2. In the left pane, navigate to the required policy folder under Agent Configuration Policies.
3. Double-click the policy to view its details.
4. Make the required changes in any or all of these tabs: General, Configurations, and Policy Scope
5. Save the changes.
6. To push the modified policy changes to the targets immediately, right-click the policy and click Apply. Otherwise, the Application Server will push the policy changes during the next scheduled auto apply policy interval.

Deleting an Agent Configuration Policy 

Do the following:

1. Log in to the TrueSight Server Automation console with the BLAdmin user credentials.
2. In the left pane, navigate to the required policy folder under Agent Configuration Policies.
3. Right-click the policy to be removed, and click Delete.
   If the policy is already applied to the targets, you are prompted to confirm deletion.

The Smart Agent removes the policy details from the memory and storage after receiving a work request containing the policy removal instructions. 

Detecting and resolving policy conflicts 

A target server can have only a single policy applied to it. A conflict occurs when the same target is matched by multiple policy rules. If a policy is already applied to the target server, the other matching policies are marked as conflict and are not applied to the target. 

To identify the policy conflict and resolve it, do the following:

1. Log in to the TrueSight Server Automation console with the BLAdmin user credentials.

2. Create a smart group with the following condition. This condition is based on the AGENT_CONFIG_POLICIES server property that contains all the policies that are mapped with a server.

   Any Server Where ??AGENT_CONFIG_POLICIES?? count greater than 1

   
   All the servers with policy conflict are displayed under this smart group. For more information about creating a smart Group, see Defining-a-smart-group.

3. Check the AGENT_CONFIG_POLICIES property of all the servers listed under the smart group to identify the conflicting policy names.
   
   
   
   
4. In the left pane, navigate to the required conflicting policy folder under Agent Configuration Policies.
5. Double-click the policy to view its details.
6. On the Policy Scope tab, modify the rule condition and save the changes.
7. Click Apply to apply the changes immediately or wait for the Smart Agent to apply the policy during the next scheduled periodic check.

Related topic

Agent-Configuration-Policies