- Compliance Policy Flow
- Create a couple of conditions for the new compliance policy
- Find the Policy action to use
- Find the Policy event to use
- Create the Compliance Policy for Finance Servers
- Create the Compliance Policy Profile for Finance Servers
- Assigning new policy to policy profile
- Assigning the policy profile to a virtual machine
- Querying the policy profiles and related policies of the virtual machine
- Requesting a compliance check on the virtual machine
- Waiting for the compliance check to complete
- Querying all compliances run for the virtual machine
- Querying the virtual machine and its latest compliance result including the last compliance status
Compliance Policy Flow
Create a couple of conditions for the new compliance policy
Request:
POST /api/conditions
{
"action" : "create",
"resources" : [
{
"name" : "finance_mem_req",
"description" : "System Memory Requirement for Finance Systems",
"expression" : {
">=": {
"field": "Vm-mem_cpu",
"value": "4096"
}
},
"towhat" : "Vm"
},
{
"name" : "finance_cpu_req",
"description" : "System CPU Requirement for Finance Systems",
"expression" : {
">=": {
"field": "Vm-num_cpu",
"value": "2"
}
},
"towhat" : "Vm"
}
]
}
Response:
{
"results": [
{
"href": "http://localhost:3000/api/conditions/8",
"id": "8",
"name": "finance_mem_req",
"description": "System Memory Requirement for Finance Systems",
"expression": {
"exp": {
">=": {
"field": "Vm-mem_cpu",
"value": "4096"
}
},
"context_type": null
},
"towhat": "Vm",
"file_mtime": null,
"created_on": "2020-03-24T17:19:21Z",
"updated_on": "2020-03-24T17:19:21Z",
"guid": "b67a564d-5290-4245-b4bc-4d75d0890951",
"filename": null,
"applies_to_exp": null,
"miq_policy_id": null,
"notes": null,
"read_only": null
},
{
"href": "http://localhost:3000/api/conditions/9",
"id": "9",
"name": "finance_cpu_req",
"description": "System CPU Requirement for Finance Systems",
"expression": {
"exp": {
">=": {
"field": "Vm-num_cpu",
"value": "2"
}
},
"context_type": null
},
"towhat": "Vm",
"file_mtime": null,
"created_on": "2020-03-24T17:19:21Z",
"updated_on": "2020-03-24T17:19:21Z",
"guid": "2c3c6fd1-c6a4-44e7-8a86-b1f44c1e2572",
"filename": null,
"applies_to_exp": null,
"miq_policy_id": null,
"notes": null,
"read_only": null
}
]
}
Find the Policy action to use
Request:
GET /api/policy_actions?expand=resources&filter[]=name=compliance_failed
Response:
{
"name": "policy_actions",
"count": 42,
"subcount": 1,
"subquery_count": 1,
"pages": 1,
"resources": [
{
"href": "http://localhost:3000/api/policy_actions/34",
"id": "34",
"name": "compliance_failed",
"description": "Mark as Non-Compliant",
"created_on": "2019-08-08T19:40:10Z",
"updated_on": "2019-08-08T19:40:10Z",
"guid": "47969a3f-4eb8-4e7b-b7d2-542e4c0cb0d5",
"action_type": "default",
"options": {
}
}
],
"actions": [
{
"name": "query",
"method": "post",
"href": "http://localhost:3000/api/policy_actions"
}
],
"links": {
"self": "http://localhost:3000/api/policy_actions?attributes=name%2Cname&expand=resources&filter%5B%5D=name%3Dcompliance_failed&offset=0",
"first": "http://localhost:3000/api/policy_actions?attributes=name%2Cname&expand=resources&filter%5B%5D=name%3Dcompliance_failed&offset=0",
"last": "http://localhost:3000/api/policy_actions?attributes=name%2Cname&expand=resources&filter%5B%5D=name%3Dcompliance_failed&offset=0"
}
}
Find the Policy event to use
GET /api/events?expand=resources&filter[]=name=vm_compliance_failed
Response:
{
"name": "events",
"count": 191,
"subcount": 1,
"subquery_count": 1,
"pages": 1,
"resources": [
{
"href": "http://localhost:3000/api/events/119",
"id": "119",
"name": "vm_compliance_check",
"description": "VM Compliance Check",
"created_on": "2019-08-08T19:40:12Z",
"updated_on": "2019-08-08T19:40:12Z",
"guid": "f95fd930-b70d-4198-b018-7f2fe37a33f9",
"event_type": "Default",
"definition": null,
"default": null,
"enabled": null
}
],
"actions": [
{
"name": "query",
"method": "post",
"href": "http://localhost:3000/api/events"
}
],
"links": {
"self": "http://localhost:3000/api/events?expand=resources&filter%5B%5D=name%3Dvm_compliance_check&offset=0",
"first": "http://localhost:3000/api/events?expand=resources&filter%5B%5D=name%3Dvm_compliance_check&offset=0",
"last": "http://localhost:3000/api/events?expand=resources&filter%5B%5D=name%3Dvm_compliance_check&offset=0"
}
}
Create the Compliance Policy for Finance Servers
Request:
POST /api/policies
{
"name" : "finance_server_policy",
"description" : "Finance Server Policy",
"mode" : "compliance",
"towhat" : "Vm",
"conditions_ids" : [ "8", "9" ],
"policy_contents" : [
{
"event_id" : "119",
"actions" : [
{
"action_id" : "34",
"opts" : { "qualifier" : "failure" }
}
]
}
]
}
Response:
{
"results": [
{
"href": "http://localhost:3000/api/policies/11",
"id": "11",
"name": "finance_server_policy",
"description": "Finance Server Policy",
"created_on": "2020-03-25T16:25:06Z",
"updated_on": "2020-03-25T16:25:06Z",
"expression": null,
"towhat": "Vm",
"guid": "95f28050-7947-41e4-8082-ee9cd512b5fd",
"created_by": null,
"updated_by": null,
"notes": null,
"active": true,
"mode": "compliance",
"read_only": null
}
]
}
Create the Compliance Policy Profile for Finance Servers
Request:
POST /api/policy_profiles
{
"name" : "finance_policy_profile",
"description" : "Finance Servers Policy Profile",
"mode" : "compliance"
}
Response:
{
"results": [
{
"href": "http://localhost:3000/api/policy_profiles/35",
"id": "35",
"name": "finance_policy_profile",
"description": "Finance Servers Policy Profile",
"set_type": "MiqPolicySet",
"created_on": "2020-03-24T18:56:23Z",
"updated_on": "2020-03-24T18:56:23Z",
"guid": "d4546f30-15a7-48f3-a793-cfd6d1d849a2",
"read_only": null,
"set_data": null,
"mode": "compliance",
"owner_type": null,
"owner_id": null,
"userid": null,
"group_id": null
}
]
}
Assigning new policy to policy profile
Request:
POST /api/policy_profiles/35/policies
{
"action" : "assign",
"resources" : [
{ "id" : "11" }
]
}
Response:
{
"results": [
{
"success": true,
"message": "Assigning Policy: id:'11' description:'Finance Server Policy' guid:'95f28050-7947-41e4-8082-ee9cd512b5fd'",
"href": "http://localhost:3000/api/policy_profiles/35",
"policy_id": "12",
"policy_href": "http://localhost:3000/api/policies/11"
}
]
}
Assigning the policy profile to a virtual machine
Request:
POST /api/vms/171/policy_profiles
{
"action" : "assign",
"resources" : [
{ "id" : "35" }
]
}
Response:
{
"results": [
{
"success": true,
"message": "Assigning Policy Profile: id:'35' description:'Finance Servers Policy Profile' guid:'d4546f30-15a7-48f3-a793-cfd6d1d849a2'",
"href": "http://localhost:3000/api/vms/171",
"policy_profile_id": "35",
"policy_profile_href": "http://localhost:3000/api/policy_profiles/35"
}
]
}
Querying the policy profiles and related policies of the virtual machine
Request:
GET /api/vms/171/policy_profiles?expand=resources&attributes=miq_policies
Response:
{
"name": "policy_profiles",
"count": 6,
"subcount": 1,
"pages": 1,
"resources": [
{
"href": "http://localhost:3000/api/vms/171/policy_profiles/35",
"id": "35",
"name": "finance_policy_profile",
"description": "Finance Servers Policy Profile",
"set_type": "MiqPolicySet",
"created_on": "2020-03-24T18:56:23Z",
"updated_on": "2020-03-24T18:56:23Z",
"guid": "d4546f30-15a7-48f3-a793-cfd6d1d849a2",
"read_only": null,
"set_data": null,
"mode": "compliance",
"owner_type": null,
"owner_id": null,
"userid": null,
"group_id": null,
"miq_policies": [
{
"href": "http://localhost:3000/api/policies/12",
"id": "12",
"name": "finance_server_policy",
"description": "Finance Server Policy",
"created_on": "2020-03-25T16:44:19Z",
"updated_on": "2020-03-25T16:44:19Z",
"expression": null,
"towhat": "Vm",
"guid": "e56d468c-1b1b-42f1-a4cb-4ea11924d7b3",
"created_by": null,
"updated_by": null,
"notes": null,
"active": true,
"mode": "compliance",
"read_only": null
}
]
}
],
"actions": [
{
"name": "assign",
"method": "post",
"href": "http://localhost:3000/api/vms/171/policy_profiles"
},
{
"name": "unassign",
"method": "post",
"href": "http://localhost:3000/api/vms/171/policy_profiles"
},
{
"name": "resolve",
"method": "post",
"href": "http://localhost:3000/api/vms/171/policy_profiles"
}
],
"links": {
"self": "http://localhost:3000/api/vms/171/policy_profiles?attributes=miq_policies&expand=resources&offset=0",
"first": "http://localhost:3000/api/vms/171/policy_profiles?attributes=miq_policies&expand=resources&offset=0",
"last": "http://localhost:3000/api/vms/171/policy_profiles?attributes=miq_policies&expand=resources&offset=0"
}
}
At this point, the compliance policy is properly assigned to the virtual machine. If configured via a schedule for the encompassing region, the compliance checks will run as scheduled. They can also be executed on the specific virtual machine via the API as follows:
Requesting a compliance check on the virtual machine
Request:
POST /api/vms/171
{
"action" : "check_compliance"
}
Response:
{
"success" : true,
"message": "VM id:171 name:'aab-ldap' check compliance requested",
"task_id": "35",
"task_href": "http://localhost:3000/api/tasks/41",
"href": "http://localhost:3000/api/vms/171"
}
Waiting for the compliance check to complete
One can find out when the compliance check completes by querying the task generated for it and look for the state attribute as follows:
GET /api/tasks/41
Response:
{
"href": "http://localhost:3000/api/tasks/41",
"id": "41",
"name": "VM id:171 name:'aab-ldap' check compliance requested",
"state": "Finished",
"status": "Ok",
"message": "Task completed successfully",
"userid": "admin",
"created_on": "2020-04-09T21:16:07Z",
"updated_on": "2020-04-09T21:16:12Z",
"pct_complete": null,
"context_data": null,
"results": null,
"miq_server_id": "3",
"identifier": null,
"started_on": "2020-04-09T21:16:09Z",
"zone": null,
"actions": [
{
"name": "delete",
"method": "post",
"href": "http://localhost:3000/api/tasks/41"
},
{
"name": "delete",
"method": "delete",
"href": "http://localhost:3000/api/tasks/41"
}
]
}
Querying all compliances run for the virtual machine
Request:
GET /api/vms/171/compliances?expand=resources
Response:
{
"name": "compliances",
"count": 430,
"subcount": 2,
"pages": 1,
"resources": [
{
"href": "http://localhost:3000/api/vms/171/compliances/40",
"id": "40",
"resource_id": "171",
"resource_type": "VmOrTemplate",
"compliant": false,
"timestamp": "2020-03-26T14:30:24Z",
"updated_on": "2020-03-26T14:30:24Z",
"event_type": "vm_compliance_check"
},
{
"href": "http://localhost:3000/api/vms/171/compliances/41",
"id": "41",
"resource_id": "171",
"resource_type": "VmOrTemplate",
"compliant": false,
"timestamp": "2020-03-26T20:11:53Z",
"updated_on": "2020-03-26T20:11:53Z",
"event_type": "vm_compliance_check"
}
],
"links": {
"self": "http://localhost:3000/api/vms/171/compliances?expand=resources&offset=0",
"first": "http://localhost:3000/api/vms/171/compliances?expand=resources&offset=0",
"last": "http://localhost:3000/api/vms/171/compliances?expand=resources&offset=0"
}
}
Querying the virtual machine and its latest compliance result including the last compliance status
Request:
GET /api/vms/171?attributes=last_compliance,last_compliance_status
Response:
{
"href": "http://localhost:3000/api/vms/171",
"id": "171",
"vendor": "vmware",
"format": null,
"version": null,
"name": "aab-ldap",
"description": null,
"location": "aab-ldap/aab-ldap.vmx",
"config_xml": null,
"autostart": null,
"host_id": 2,
"last_sync_on": null,
"created_on": "2020-03-10T18:53:36Z",
"updated_on": "2020-03-26T01:58:16Z",
"storage_id": "7",
"guid": "30be2fa7-6b95-4a62-a163-d3107fc79d94",
"ems_id": "2",
"last_scan_on": "2020-03-18T21:13:32Z",
"last_scan_attempt_on": "2020-03-18T21:12:25Z",
"uid_ems": "4cda25de-c41c-4f68-8b3d-0cca0dc993c4",
"retires_on": null,
"retired": null,
"boot_time": null,
"tools_status": null,
"standby_action": null,
"power_state": "on",
"state_changed_on": "2020-03-10T18:53:36Z",
"previous_state": null,
"connection_state": "connected",
"last_perf_capture_on": "2020-03-26T01:58:16Z",
"registered": null,
"busy": null,
"smart": null,
"memory_reserve": null,
"memory_reserve_expand": null,
"memory_limit": null,
"memory_shares": null,
"memory_shares_level": null,
"cpu_reserve": null,
"cpu_reserve_expand": null,
"cpu_limit": -1,
"cpu_shares": 200,
"cpu_shares_level": "normal",
"cpu_affinity": null,
"ems_created_on": null,
"template": false,
"evm_owner_id": null,
"miq_group_id": "1",
"linked_clone": true,
"fault_tolerance": null,
"type": "ManageIQ::Providers::Vmware::InfraManager::Vm",
"ems_ref": "vm-825",
"ems_cluster_id": "3",
"retirement_warn": null,
"retirement_last_warn": null,
"vnc_port": null,
"flavor_id": "960",
"availability_zone_id": "23",
"cloud": true,
"retirement_state": null,
"cloud_network_id": null,
"cloud_subnet_id": null,
"cloud_tenant_id": "2",
"raw_power_state": "ACTIVE",
"publicly_available": null,
"orchestration_stack_id": null,
"retirement_requester": null,
"tenant_id": "1",
"resource_group_id": null,
"deprecated": null,
"storage_profile_id": null,
"cpu_hot_add_enabled": null,
"cpu_hot_remove_enabled": false,
"memory_hot_add_enabled": true,
"memory_hot_add_limit": null,
"memory_hot_add_increment": null,
"hostname": null,
"ems_ref_type": "VirtualMachine",
"restart_needed": null,
"last_compliance_status": false,
"last_compliance": {
"id": "41",
"resource_id": "1000000132824",
"resource_type": "VmOrTemplate",
"compliant": false,
"timestamp": "2020-03-26T20:11:53Z",
"updated_on": "2020-03-26T20:11:53Z",
"event_type": "vm_compliance_check"
},
"actions": [
{
"name": "edit",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "add_event",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "refresh",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "shutdown_guest",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "reboot_guest",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "start",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "stop",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "suspend",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "shelve",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "shelve_offload",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "pause",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "request_console",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "reset",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "request_retire",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "delete",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "set_owner",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "set_ownership",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "set_miq_server",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "scan",
"method": "post",
"href": "http://localhost:3000/api/vms/171"
},
{
"name": "delete",
"method": "delete",
"href": "http://localhost:3000/api/vms/171"
}
]
}