A remediation action runs a local script in a node. The script executes on the machine from which it was invoked or on the node specified by the remediation action configuration. You can use this type of action to automate your runbook procedures. You can optionally configure the remediation action to require human approval before the script is started. See Actions Requiring Approval.
Prerequisites for Local Script Actions
- The Standalone Machine Agent must be installed running on the host on which the script executes. To see a list of installed machine agents for your application, click View machines with machine-agent installed in the bottom left corner of the remediation script configuration window.
- To be able to run remediation scripts, the machine agent must be connected to an on-premise Controller or to a SaaS Controller via SSL. Remediation script execution is disabled if the machine agent connects to a SaaS Controller on an unsecured (i.e., non-SSL) HTTP connection.
- The Standalone Machine Agent OS user must have full permissions to the script file and the log files generated by the script and/or its associated child processes.
- The script must be placed in <agent install directory>\local-scripts.
- The script must be available on the host on which it executes.
- Processes spawned from the scripts must be daemon processes
A remediation script is run on the machines that you specify in the remediation script configuration. You can run the script from the machine affected by the violation that triggered the action or from a central management server. It is not necessary for an app agent to be running on the machine on which the script executes, just a machine agent.
The following remediation action, named increasePool, executes a local script named runbook.sh, which increases the size of the connection pool on the JVM.
A policy named ConnectionPoolPolicy triggers this action when the Resource Pool Limit Event fires:
Creating a Local Script (Remediation) Action
Create a Local Script Action
- Follow the instructions in To create an action, selecting Remediation > Run a script or executable on problematic Nodes in the Create Action window.
- Enter a name for the action.
In the field that terminates the Relative path to script entry, enter the rest of the path to the executable script.
Remediation scripts must be stored in a sub-directory of the machine agent installation. The sub-directory must be named "local-scripts". The following paths are all valid:
Click the + to enter the absolute paths of any log files that the script writes to that you want included in the script output.
Enter the timeout period for the script process in minutes.
If you want to require approval before the script action can be started, check the Require approval before this Action check box and enter the email address of the individual or group that is authorized to approve the action. See Actions Requiring Approval for more information.
Specify the nodes on which the action will run
When you bind the action to a policy, you specify the nodes on which the script should execute. You can configure the number of nodes or the percentage of nodes or you can configure a specific node. This flexibility allows you to configure scripts to run from a central management server, not just the node on which the violation occurred.
In the Configure Action window of the Policy Actions tab, do one of the following:
- Select Execute Action on Affected Nodes.
- Enter the percentage of the nodes or the number of nodes on which to run the script.
- To designate the specific node on which to run the script, select Execute Action on Specified Node.
- Click Select Node.
- From the popup node browser select the node on which the script should run.
- Click Select.
The selected node is displayed in the Configure Action window.
- Click Save to save the configuration.
Click Change if you want to designate a different node.
See the output of the local script
- Click the Events itab in a dashboard to navigate to the Events list.
- Locate the row for the event that triggered the action for which you want to see the results.
- In the Actions column, click the remediation script icon.
- In the script result list, select the script output that you want and click Download Local Script Result.