At 5 minutes intervals, the CFEngine hub gathers information from all of its connected agents about the current state of the system, including the outcome of its runs. All of this information is available to you. In this tutorial we will show how to use the Dashboard to create compliance overview at a glance
Note: This tutorial builds upon another tutorial that manages local users.
We will create 3 alerts, one that shows when CFEngine repairs the system (promise repaired), one that shows when CFEngine does not need to make a change (promise kept), and one that shows CFEngine failing to repair the system (promise not kept).
Create a new alert
Log into Mission Portal, the web interface for CFEngine Enterprise.
In an empty space, Click Add.
Name the alert 'Users compliance' and leave Severity-level at 'medium'.
Click create new condition and leave Name 'Users compliance'.
Select Type to 'Policy'.
Select Filter to 'Bundle', and type 'ensure_users'.
Type Promise handle to 'ensure_user_setup'.
Type Promise Status to 'Not kept'.
- Press 'Save button' and give the Widget an descriptive name.
You have created a Dashboard Alert for our user management policy. Whenever the policy is out of compliance (not kept), we will be notified.
On the first screen below, we see that the alert has been triggered on zero of our three hosts (0 / 3). This is exactly what we want. There is no promise not kept anywhere, which means we are in compliance.
If you click on the Dashboard tab and go to the front page, you will see that our User Policy has a green check-mark. This means that the ‘not kept’ condition have not occured on any host.
In this tutorial, we have shown how easy it is to prove compliance of any of your policies by using the Dashboard alert functionality.
If you would like to get an overview of whenever CFEngine is making a change to your system, simply create another alert, but this time set the Promise Status to ‘Repaired’. This time you will see an alert whenever CFEngine is repairing a drift, for instance if a user is accidentially deleted.