Log all configuration changes
There is a feature to record all configuration changes to an in-memory log per host or server, it records any change performed on Wildfly, for example: deploy an application, add a datasource, change any configuration, add any resource. This blog post will show how it works.
Notes:
- For this blog post, domain mode will be used.
- After a domain or server restart all configuration changes are lost, because this is an in-memory logging.
- If you want a persistent audit logging, you must use the audit logging feature on
/host=master/core-service=management/access=audit
path. - You can control the number of changes to be kept in memory (
max-history
attribute), but be aware it will take up JVM memory so be careful about its size.
What is a configuration change
The Configuration Change
is a JSON like structure:
{
"operation-date" => "2018-07-17T20:42:27.728Z",
"domain-uuid" => "65fe503f-64bb-4f7f-af30-9526b516f523",
"access-mechanism" => "HTTP",
"remote-address" => "localhost/127.0.0.1",
"outcome" => "success",
"operations" => [{
"operation" => "composite",
"address" => [],
"steps" => [{
"name" => "max-heap-size",
"value" => "256m",
"operation" => "write-attribute",
"address" => [
("host" => "master"),
("server-config" => "server-two"),
("jvm" => "default")
]
}],
"operation-headers" => {
"access-mechanism" => "HTTP",
"caller-type" => "user"
}
}]
}
The change structure is:
- Access Mechanism: The source api that issued the command, native is a native api call (jboss-cli.sh) or HTTP.
- Remote Address: The source network address of the client that originated the change.
- Outcome: success or fail.
- Operations: Each change may be a single operation or a collection of operations.
- Operation: A single operation on a single resource address, in the example above it is
write-attribute
- Address: The path of the change, in the example above, the address is
/host=master/server-config=server-two/jvm=default
- Name, Value pair: The attribute and value to change, in the example above it is:
max-heap-size=256m
Configuration changes in domain and standalone mode
For domain mode the feature Configuration Changes
may be per host and per profile. The Configuration Changes
per host, will log all changes performed on the specific host and the servers under it. The Configuration Changes
per profile, will log any changes performed on the specific profile and the associated server. For Wildfly 13, HAL handle only the Configuration Changes
per host, but current HAL version (to be released with Wildfly 14) also features Configuration Changes
per profile.
For standalone mode, the Configuration Changes
will log any change.
Loading configuration changes panel
Navigate to Runtime
-> Hosts
-> select a host, the click on the arrow to display de drop-down menu, then select Configuration Changes
The following screen is displayed, click the button to enable the recording of the changes.
It will ask for the maximum number of entries to be recorded. Then, after confirmation, the following screen is displayed.
It shows the last change on top.
Show configuration changes
After a couple of changes there is the following entries, a detailed description of this view:
- Filter search results: On the top left, you can filter the results by:
- outcome: valid values: failed, success
- operation name
- address
- access mechanism: native or HTTP
- Sort by:
- Outcome
- Operation date
- Remote address
- Access Mechanism
The Access Mechanism means the native comes from jboss-cli.sh or API calls, the HTTP is self explanatory.
On the top right, there are two action buttons:
- Disable: Disable the Configuration Changes, it will remove the resource
/host=master/subsystem=core-management/service=configuration-changes
- Reload: Reload the configuration changes list, by calling
/host=master/subsystem=core-management/service=configuration-changes:list-changes()
After many changes are perfomed, there is a list of configuration changes.
For each item on the list, there is a button View
to show the full individual change.
If the change is large with many items, it will not be displayed right away, you must click on it to show, then the item will expand to show the change with more details.
Then a large view of the change is displayed.
For any message, you can click on the View
button on the right to show the full raw message.
Pagination
On the bottom, there is a navigation bar to paginate the results
Disable the Configuration Changes
To disable, you must click on the Disable
button.