Compliance Policy Scope

I’m fairly new to actual implementation on MIQ (and new to this forum!) so please bear with me. Also, I apologise for the size of the question :slight_smile:

I’m trying to create a Compliance Policy on my Azure instances to check the contents of a file on the server - this isn’t a real policy its simply to help my understanding of the process and to demo to a client.

I’ve created an analysis profile and control policy to read the file when executing SmartState Analysis and can see in the instance details that the file exists and can read its contents. I’ve then created a compliance policy profile (and associated policies, conditions etc.), however when I run “Check Compliance” nothing happens, and nothing exists in the DB. I can run the Policy Simulation and can see that it passes the policy condition but when I untick the “Show Out of Scope” box, the check disappears as if it wasn’t included in scope. I don’t have any scope definitions set so can anybody help explain why this is?

I haven’t used the policy stuff very much and there are like a hundred steps to actually activating a policy.
However a common mistake is, that you need to assign the policy to a VM or a Provider or whatever. Have you assigned the policy, not in the Control menu but on e.g. Compute > Infrastructure > Provider > Manage Policies?

Maybe the documentation helps too: https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/policies_and_profiles_guide/policies#creating-a-compliance-condition-to-check-host-file-contents

If that doesn’t help I think you will need to explain in more details which steps you already did. There a a lot of steps involved and you probably just missed one :slight_smile:

Hi buc,

thanks for the reply.

I’d followed the documentation and assigned to both an Instance in my Azure account and then to the whole Azure provider but no luck.

The following are the steps I’ve carried out…

  • Create a vm analysis profile to collect the contents of a test file - called default to ensure it runs without being assigned to a Control Policy action
  • Created a new VM and Instance Compliance Policy to check the test file - the policy has no specific scope defined
  • Created a condition for the policy to check the contents of the file using a regular expression - again no scope defined (Find->VM and Instance.Name = “” CHECK ALL Contents REGULAR EXPRESSION MATCHES “”)
  • Created a Policy Profile and assigned the new Compliance Policy to the profile
  • Assign the Policy to the Instance in Azure
  • Executed a SmartState Analysis, and following this I can see the file contents on the instance summary

After all of this, I click the “Check Compliance” button and nothing happens. Tailing the evm log also shows that the server is doing nothing at all after I click this button.

@yoandy — were you able to find a solution for your problem. I am experiencing the same thing for a VM that is under cloud provider (AWS).

I went over all the steps that entail creating a compliance policy–>condition–>assignment to a Policy Profile–>and then assigning it to a VM instance. However, “Check Compliance of Last Known Configuration” does nothing and ‘status’ under ‘Compliance’ section of instance details keeps showing ‘Never Verified’.

What am I missing or not doing right??? Any help will be appreciated.