Versions Compared

Old Version 5

changes.mady.by.user Nick Day

Saved on

compared with

New Version 6

changes.mady.by.user Daniel Carter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed 404 link

...

All config parsers must be valid Perl scripts, and we made this choice for efficiency reasons: a language flexible enough to parse and extract information from arbitrary configuration or status command outputs would have been almost as complicated as perl but much less robust. In addition to that you will likely change your policy rules much more often than any of the parsers.

...

At this time the policy engine provides the following pre-defined structure variables to every policy:

Variable NameDescription
$NODE

The complete node configuration status document, which generally will be a deeply structured tree.

$NODEINFOA structure that contains the most essential node-related characteristics,
i.e. node name, hostname, ip address(es), group information and so on.
$NODENAMEA convenience variable that contains only the node name, mainly for reporting and context capture.

Structure variables can be accessed in IF, THEN and EACH statements. To do so, the structure variable name is given (including the leading "$" sign), optionally followed by further substructure accessor directives (which are deliberately similar to MongoDB's Dot Notation):

...

Policy actions in THEN statements contain an arbitrary number of AND-separated ok(), exception()CONTINUE() or LAST() expressions.

ExpressionDescriptionExample
ok("rule name",contextitems...)Affirms that a node complies with "rule name"

ok("proxy arp is disabled",node=$NODENAME,interface=$INTF_INDEX)

exception("rule name",priority,contextitems...)Asserts that a node does NOT comply with "rule name"ok("IIS must not be active on DB servers",9,node=$NODENAME)
CONTINUE()
CONTINUE(LOOPVARNAME)		Skips the remaining rules in this iteration block (and possibly outer loops as well), and continues with the next iteration of LOOPVARNAME.CONTINUE(INTF)
LAST()
LAST(LOOPVARNAME)		Terminates this iteration block, possibly outer loops as well - up to and including iteration with LOOPVARNAMELAST()

Exceptions and compliance affirmations can use arbitrary "rule name" strings. Exceptions must be given a numeric priority (0 lowest, 10 highest).

...

You can now check the Complaince Status in the opConfig GUI.  Access the opConfig GUI at http://YOUR_SERVERNAME/omk/opConfig, login and then from the Menu Bar "Views -> Compliance Status".