-
Notifications
You must be signed in to change notification settings - Fork 73
/
policyServerManagement.html
423 lines (370 loc) · 17.6 KB
/
policyServerManagement.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
<lift:surround with="common-layout" at="content">
<head>
<title>Rudder - Management</title>
<style type="text/css">
.deca input {
width: auto;
}
.deca input.deleteNetwork {
width: 20px;
}
button.defaultButton {
margin-top: -1px;
margin-left: 15px;
padding: 2px;
width: 100px;
}
select.twoCol {
width:auto
}
select {
min-width:50px
}
.defaultButton span.ui-button-text {
padding: 0;
}
</style>
</head>
<div class="portlet">
<div class="portlet-content">
<div class="inner-portlet">
<div class="page-title">Client-server communication</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>Configure the networks from which nodes are allowed
to connect to the Rudder policy servers to get their updated
configuration policy.</p>
<p>
You can add as many networks as you want, the expected
format is: <b>NetworkIP/mask</b>, for example
"42.42.0.0/16".
</p>
</div>
</div>
<hr class="spacer" />
<div>
<div
class="lift:administration.EditPolicyServerAllowedNetwork.render">
<div id="allowedNetworksForm" class="deca">
<div id="policyServerDetails"/>
<div id="policyServerText"/>
<form class="lift:form.ajax">
<table>
<thead>
<tr>
<th width="20px">Delete</th>
<th width="200px">Allowed network</th>
<th></th>
</tr>
</thead>
<tbody id="allowNetworkFields">
<tr>
<td class="delete"><input
class="deleteNetwork" type="submit"
value="delete" /></td>
<td><input name="network"
class="networkField" /></td>
<td><lift:Msg errorClass="error">[error]</lift:Msg></td>
</tr>
</tbody>
</table>
<input id="addNetworkButton" type="submit" value="Add a network" />
<input id="submitAllowedNetwork" type="submit" value="Submit" />
</form>
</div>
<hr class="spacer" />
</div>
</div>
<hr class="spacer" />
<div class="deca">
<h3>Security</h3>
<div class="lift:administration.PropertiesManagement.denyBadClocks" id="denyBadClocksForm">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 50%;">
<span style="float:left">Require time synchronization between nodes and policy server: </span>
<span id="denyBadClocksTooltip" />
</label>
<input id="denyBadClocks" type="text"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textright" style="font-weight:bold;width: 50%;">
<span style="float:left">Use reverse DNS lookups on nodes to reinforce authentication to policy server: </span>
<span id="skipIdentifyTooltip" />
</label>
<input id="skipIdentify" type="text"/>
</div>
<hr class="spacer"/>
<input type="submit" value="[save]" id="cfserverNetworkSubmit"/>
<lift:Msg id="updateCfserverNetwork">[messages]</lift:Msg>
</form>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<h3>Protocol</h3>
<div class="lift:administration.PropertiesManagement.networkProtocolSection" id="networkProtocolForm">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label for="reportProtocol" class="threeCol textight" style="font-weight:bold;width: 50%;">
<span >Use UDP in place of TCP for syslog communication between node and servers:
<img src="/images/icInfo.png" style="padding-left:15px; margin:0; float:none" tooltipid="reportProtocolTooltip" title="" class="tooltipable" />
</span>
<div class="tooltipContent" id="reportProtocolTooltip">
Rudder uses syslog to transfer report messages from nodes to relay and
servers. By default, syslog uses TCP, which allows to minimize the loss in reports.
On the contrary, UDP allows to handle cases where the TCP connection does not respond and
may block syslog for the node.
</div>
</label>
<input id="reportProtocol" type="text"/>
</div>
<hr class="spacer"/>
<input type="submit" value="[save]" id="networkProtocolSubmit"/>
<lift:Msg id="updateNetworkProtocol">[messages]</lift:Msg>
</form>
</div>
</div>
<hr class="spacer" />
</div>
</div>
<div id="complianceMode" class="lift:administration.PropertiesManagement.complianceMode"/>
<div id="cfagentSchedule" class="lift:administration.PropertiesManagement.cfagentSchedule"/>
<div class="inner-portlet">
<div class="page-title">Configure change audit logs</div>
<div class="portlet-content">
<div class="lift:administration.PropertiesManagement.changeMessage" id="changeMessageForm">
<div class="intro">
<div>
<p>If enabled, prompt users to enter a message explaining the reason for each configuration change they make.<br/>
These messages will be stored in each <a href="/secure/utilities/eventLogs">Event log</a> and as the commit message for the underlying git repository in <span id="configurationRepoPath"></span></p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 20%;">Enable change audit logs:</label><input id="enabled" type="checkbox"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 20%;"><span style="float:left">Make message mandatory: </span><span id="mandatoryTooltip" /></label><input id="mandatory" type="checkbox"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 20%;"><span style="float:left">Explanation to display: </span><span id="explanationTooltip" /></label><input id="explanation" type="text"/><input id="restoreExplanation" type="button"/>
</div>
<hr class="spacer"/>
<input type="submit" value="Reload" id="changeMessageSubmit"/>
<lift:Msg id="updateChangeMsg">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Configure Change Requests (validation workflow)</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>If enabled, all changes to configuration (Directives, Rules, Groups and Parameters) will be submitted for validation via a Change Request. <br/>
A new Change Request will enter the "<b>Pending validation</b>" status, then can be moved to "<b>Pending deployment</b>" (approved but not yet deployed) or "<b>Deployed</b>" (approved and deployed) statuses.<br/>
Only users with the "<b>validator</b>" or "<b>deployer</b>" roles are authorized to perform these steps (see <i>/opt/rudder/etc/rudder-users.xml</i>).<br/>
<br/>
If disabled, all changes to configuration will be immediately deployed.</p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<div
class="lift:administration.PropertiesManagement.workflow"
id="workflowForm">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textright" style="font-weight:bold;width: 20%;">Enable Change Requests:</label><input id="workflowEnabled" type="checkbox"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textright" style="font-weight:bold;width: 20%;"><span style="float:left">Allow self validation: </span><span id="selfValTooltip"/></label><input id="selfVal" type="checkbox"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textright" style="font-weight:bold;width: 20%;"><span style="float:left">Allow self deployment: </span><span id="selfDepTooltip"/></label><input id="selfDep" type="checkbox"/>
</div>
<hr class="spacer"/>
<input type="submit" value="Reload" id="workflowSubmit"/>
<lift:Msg id="updateWorkflow">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Configure file retention</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>Every time Rudder modifies a file (by file editing or copying from a remote source), a copy of the overwritten file is kept under <i>/var/rudder/modified-files/</i>.<br/>
Also, the full output from each agent run is stored in a file under <i>/var/rudder/cfengine-community/outputs/</i>.
These files are automatically removed to save on disk space. You can configure the retention time (Time To Live) they are kept for here.</p>
</div>
</div>
<div class="deca">
<div class="lift:administration.PropertiesManagement.cfengineGlobalProps" id="cfengineGlobalPropsForm">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 300px;">
<span style="float:left">Number of days to retain modified files: </span>
<span id="modifiedFilesTtlTooltip" />
</label>
<input id="modifiedFilesTtl" type="text"/>
</div>
<hr class="spacer"/>
<div class="wbBaseField">
<label class="threeCol textright" style="font-weight:bold;width: 300px;">
<span style="float:left">Number of days to retain agent output files: </span>
<span id="cfengineOutputsTtlTooltip" />
</label>
<input id="cfengineOutputsTtl" type="text"/>
</div>
<hr class="spacer"/>
<input type="submit" value="[save]" id="cfengineGlobalPropsSubmit"/>
<lift:Msg id="updateCfengineGlobalProps">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Logging</div>
<div class="portlet-content">
<div class="lift:administration.PropertiesManagement.loggingConfiguration" id="storeAllLogsForm">
<div class="intro">
<div>
<p>All nodes in Rudder send reports via syslog to this Rudder root server. These logs are stored in an SQL database in order to determine compliance information displayed in this web interface. However, it can be useful to also store this information in a plain text log file, for example for statistics or debugging purposes. The option below enables this.</p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textight" style="font-weight:bold;width: 40%;">
<span style="float:left">Log all reports received to /var/log/rudder/reports/all.log: </span>
</label>
<input id="storeAllLogsOnFile" type="text"/>
</div>
<hr class="spacer"/>
<input type="submit" value="[save]" id="loggingConfigurationSubmit"/>
<lift:Msg id="loggingConfiguration">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Usage survey participation</div>
<div class="portlet-content">
<div class="lift:administration.PropertiesManagement.sendMetricsConfiguration" id="sendMetrics">
<div class="intro">
<div>
To help the Rudder team continue to improve this software day after day, we are running a survey to collect usage statistics.<br/>
These statistics are submitted anonymously, and include overall statistics about your instance of Rudder
(number of Rules, Directives, Nodes, etc). No potentially-sensitive data is included
(only stock Rudder-provided techniques are examined, no hostnames, etc).
We highly value your privacy, as we do our own, so we will never share individual submissions (only globally compiled statistics).<br/>
If you want to check the information that is sent, just run "/opt/rudder/bin/rudder-metrics-reporting -v" on your Rudder server. This won't send any information without your consent.<br/>
This information is very valuable to the development team, as it helps us focus on the features that matter most and better understand what our users care about.
Please consider participating in the survey!
</div>
</div>
<hr class="spacer" />
<div class="deca">
<form class="lift:form.ajax">
<div class="wbBaseField">
<label class="threeCol textight" for="sendMetricsCheckbox" style="font-weight:bold;width: 20%;">Send anonymous usage statistics:</label><input id="sendMetricsCheckbox" type="checkbox"/>
</div>
<hr class="spacer"/>
<input type="submit" value="Reload" id="sendMetricsSubmit"/>
<lift:Msg id="sendMetricsMsg">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Clear policy caches</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>Clear cached data. This
will trigger a full policy update, and regenerate
all promise files.</p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<div class="lift:administration.ClearCache.render"
id="clearCacheForm">
<form class="lift:form.ajax">
<input id="clearCacheButton" type="submit"
value="[Clear cache]" />
<lift:Msg id="clearCacheNotice">[error]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Manage dynamic groups</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>Groups in Rudder can be static (fixed list of nodes) or dynamic (the list of nodes is built from a search query).<br/>
To take into account new nodes and changes to their inventory, dynamic groups must be reloaded regularly.<br/>
Currently, Rudder will automatically do this reload every <b id="dynGroupUpdateInterval">5</b> minutes (see <i>/opt/rudder/etc/rudder-web.properties</i>).
</p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<div class="lift:administration.DyngroupReloading.render"
id="dyngroupReloadingForm">
<form class="lift:form.ajax">
<input id="dyngroupReloadingButton" type="submit"
value="[Reload dyngroups]" />
<lift:msg id="dyngroupReloadingNotice"
errorClass="error">[error]</lift:msg>
</form>
</div>
</div>
</div>
</div>
<div class="inner-portlet">
<div class="page-title">Manage Technique library</div>
<div class="portlet-content">
<div class="intro">
<div>
<p>Techniques in Rudder are read from the filesystem (in <i>/var/rudder/configuration-repository/techniques</i>).<br/>
To take into account new Techniques and changes, the Technique library must be updated regularly.<br/>
Currently, Rudder will automatically do this update every <b id="techniqueLibraryUpdateInterval">5</b> minutes (see <i>/opt/rudder/etc/rudder-web.properties</i>).
</p>
</div>
</div>
<hr class="spacer" />
<div class="deca">
<div
class="lift:administration.TechniqueLibraryManagement.reloadTechniqueButton"
id="reloadTechniqueLibForm">
<form class="lift:form.ajax">
<input type="submit" value="Reload" />
<lift:Msg id="updateLib">[messages]</lift:Msg>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</lift:surround>