Managing Drift and Compliance

Once you have inventoried configuration data on the node, you can set up rules that determine whether the node is in or out of compliance. There are two ways to determine compliance:

  1. drift from a gold standard or previous revision
  2. compliance rules. 

You can choose one or the other to determine your node’s compliance, or you can use them both in tandem. To define drift, click on the Drift link.

A modal will open where you can configure drift. One option you can choose to determine drift is a previous revision of a node’s inventoried configuration data to detect drift against. This revision may be your gold standard revision or the revision captured just after your last application deployment. Click Save.

The next time the node is inventoried, any differences between the new configuration and the selected revision or gold master will be immediately detected and highlighted in red.

A compliance rule is associated with a configuration section or item and dictates what that configuration should adhere to. To create a compliance rule, go to the Config Data tab and navigate to the configuration path where you want the rule to exist. Click on the gear icon.

If you have not created a compliance rule set yet, Orca will prompt for a name. This rule set can contain many compliance rules and be applied across Orca nodes.

From here you will be automatically taken to a new screen where you can define the compliance rule to apply to the configuration path you selected. There are many different options for compliance rules. For more detailed information on each rule, please see the user documentation.

Select your rule and click Save. To process the newly created rule, click Process Rules.