If you are managing an application through various environments (e.g. UAT, staging, pre-prod, production) you may like to enforce that the configuration of your application is correct through each stage. However, due to the subtle differences between each environment, some slight changes to configuration are sometimes required.
This guide describes a simple web server and database application that exists through a development, staging and production life cycle. We want to monitor the configuration of each of the instances of the application through the various Environments with the same policy, but have automatic overrides depending on the Environment a node exists in.
In particular, this guide will:
- describe the application architecture and some basic configuration we would like to monitor,
- how to arrange these nodes into appropriate Node Groups and Environments in UpGuard Core,
- how to create Environment Variable Overrides for each Environment, and
- how to create a simple Policy that can be applied to each Node.
Note: It is also possible to define Node Group Variable overrides. When defining multiple variable overrides across environments and nodes, you can also define a priority or precedence order.
For the purpose of this guide, we are going to use a single web server node connected to a database. The web server could be a Linux VM running Apache web server and the postgres
The web server node will be a Linux VM running, Apache web server, for example and the database node will be a postgres server, for example. This application is deployed into 2 Environments: development, staging and production. The table below outlines the hostnames of each of the 6 nodes.
|Environment||Web Server Node||Database Node|
Arranging Nodes into Node Groups and Environments
For general information on how to add various types of nodes, please visit our Getting Started Guide.
Assuming that each of the 6 nodes have been added to the UpGuard interface, we are first going to arrange them into their respective Environments. For assistance on adding a new Environment, please refer to our guide on Creating an Environment.
Since the development and staging nodes are names with a particular suffix, when adding the new Environments, you could also specify the following node rules so that nodes can be automatically assigned to the correct Environment.
Note: we cannot define node rules for the production nodes in this scenario as the production nodes in our Environment do not have a common naming suffix. We will have to edit these nodes individually to transfer them from the Default Environment to the Production Environment.
We will next need to assign nodes into node groups. Nodes can belong to one or more node groups, and all nodes are assigned into the All Nodes node group by default. An eventual policy we create later, must be assigned to a node group, so we’re going to segment nodes into groups based on the common policy they should have applied to them. Here, we could create the following node groups for the corresponding reasons:
|Node Group||Member Nodes||Reason|
||We may have common attributes we would like to enforce across identically web servers.|
||We may have common table structure or configuration we want to validate across all databases.|
|Applications||all 6 nodes||Not so much for policy assignment, but we may want to report on the compliance and health of all 6 nodes as a group.|
For more information around creating node groups and adding nodes to a node group, please refer to our guide on Node Groups.
Creating Environment Variable Overrides
In this scenario, we are eventually going to write a policy that checks that the IP address of the corresponding DB server is correct for each web server. Instead of writing 3 separate policies for web server nodes in each Environment, we can write a single policy and use Environment Variable Overrides to look for the correct value depending on the Environment.
To create a new variable, navigate to Control > Variables then click “Create Variable”.
Here we’re going to have a variable called
database_ip and we’re going to set a default value of
192.168.1.1. For this particular scenario, it might be good practice to set the default value
of a variable to the value associated with the Development Environment and then only supply overrides
for staging and production. Click Save Variable.
Next, we need to define variable overrides for the other Environments. To add a variable override, locate the variable, click on the menu for the variable on the right hand side and click Add Override.
In the screenshot below we are defining an Environment type of override, on the Environment
Production and we’re going to use the override value
After adding a second variable override for the Staging Environment you should see the variable listed along side the overrides for each subsequent Environment.
Using the Variable and its Overrides in a Policy
On each of the web server nodes, the IP address of the associated database is defined for the
application in an environment variable called
DB_HOSTNAME. Here, we can create a new policy check
that applies to the CI path
EnvVars > * > DB_HOSTNAME. We want to check that the value of
this environment variable on each node has a value matching the variable (with any overrides applied).
The screenshot below shows how to configure this type of check. We define the attribute name
Value as we want to check the scanned environment variable’s value. We would like
Value attributes value to have an Exact Match with the value stored in our variable.
We substitute out variable into the expected value by using the mustache curly brace syntax.
After creating this policy check we would next navigate to the web server node group via the Discover > Monitored page and then assign this policy to the web servers node group. For more information on adding a policy to a node group, please refer to our guide on Creating a Policy.
The next time any of the nodes in the web servers node group is scanned, the policy will be applied and the proper variable value and any overrides will be properly substituted in.