I’ve finally gotten around to upgrading the vRLI Configuration Management and Audit Tool to handle the full deployment process as well as clustering! Let’s take it for a spin to see what the new features allow us to do!
1. First we need to deploy the vRLI VMs from OVA that can be downloaded from my.vmware.com. Once they have been fully booted and you see them serving the following webpage we can start. You can close your browser at this point; nothing is required here other than we are checking to make sure that they are fully booted.
2. The tool uses a JSON configuration file that you can see a sample of by running the program with a “-d” flag or browsing the first part of the Python (my recommended approach). You can also generate a simplified version by calling the wizard using a “-b” flag. For now, I’m going to create my configuration file based on the sample in the documentation with a single Master Node under the “fqdn” key and 2 Secondary Nodes under the “nodes” key in my JSON file. This means that when the script is done I will have a new, 3 node vRLI Cluster.
Let’s kick off the program and tell it to use my configuration file by running:
python li-json-api.py -f ctest.json -r
more “Deploying vRealize Log Insight (vRLI) via API”
For those of you who have followed my blog you will know that I deal with Log Insight quite a bit in our production environments. Because of this I was excited that in the latest release of Log Insight 3.3 there are several new Configuration API’s released under Tech Preview status. That said, the documentation around these APIs is very difficult to nail down. The exciting part is that I’ve just uploaded a new and unofficial standalone audit and remediation tool to my github repo! As always this code is my personal code and not supported or officially recognized by VMware.
Here’s how it works:
The tool reads the desired state of your Log Insight Server from a JSON file that you define. It can use that file to then connect to the Log Insight Server and audit it to see if it matches your desired state. If you wish you can throw in the -r switch and the script will make the Log Insight Server match your desired state.
Let’s see it in action:
First up, let’s pull up the embedded documentation by running the script with the -d switch to see what the JSON file needs to look like. I’ve taken pains to try and include complex examples so that you won’t be left in the dark on anything.
After creating a new JSON file with our desired state it’s time to run the tool in audit only mode by just specifying the -f flag and the name of our JSON file. The results that come back are that we have several areas that need remediation (email, event forwarders) and 1 (content packs) that cannot be remediated yet (hopefully in a later version).
That’s all good but we want the tool to fix those issues so we append the -r flag
If you run the tool again the output comes back as all objects matching desired state but the nice thing is that you don’t need to run it again. Once the remediation HTTP POST is sent to the server the tool will automatically go back and query the server for the configuration to verify that your changes have been implemented and the server is now set correctly. It will then show you success in the message immediately following the remediation step.
The portions of Log Insight that the tool has the ability to configure are:
Event Forwarder Configuration
Active Directory Configuration
Content Packs (audit only right now)
Stay tuned as I plan on updating the tool over time as more APIs are released and as my python knowledge increases. In the meantime happy auditing and automatic remediation!