Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

With the introduction of the Clouds feature, you can supply details of your cloud, Amazon AWS or Microsoft Azure, and Open-AudIT will use the relevant API to retrieve a list of locations, networks, and instances, then discover each of these instances.

Full cloud auditing with all the details from a regular Open-AudIT audit AND details such as the machine type and size.

Note
titleDevice Matching Rules

To use this feature you must enable the configuration items match_mac (for AWS) and match_hostname (for Azure). This will be done automatically the first time a cloud discovery is executed. For more on Open-AudIT's matching rules see HERE: Matching Devices

How Does it Work?

Once you have your cloud credentials, it is merely a matter of creating a new cloud and running the discovery - or scheduling first/future discoveries. Make sure you also have the credentials required to log on to your cloud machines, and it is all done for you just like a regular discovery.

Clouds are a feature available to Open-AudIT Enterprise licensed customers.

Creating a Clouds Entry

Simply go to menu -> Discover -> Clouds -> Create Clouds.

You will need to supply a cloud name and type and depending on the type selected, supply the relevant credentials. Screenshots are below showing the currently supported types of AWS and Azure.


Database Schema

NOTE - Columns in the system table are as at 2018-11-05 subject to change.

CREATE TABLE `clouds` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL DEFAULT '',
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`description` text NOT NULL,
`type` enum('amazon','microsoft','google','digitalocean','') NOT NULL DEFAULT '',
`credentials` text NOT NULL,
`status` varchar(50) NOT NULL DEFAULT 'created',
`options` text NOT NULL,
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud_log` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`cloud_id` int(10) unsigned DEFAULT NULL,
`timestamp` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
`severity_text` enum('debug','info','notice','warning','error','critical','alert','emergency') NOT NULL DEFAULT 'notice',
`pid` int(10) unsigned NOT NULL DEFAULT '0',
`message` text NOT NULL,
PRIMARY KEY (`id`),
KEY `pid` (`pid`),
KEY `cloud_id` (`cloud_id`),
CONSTRAINT `cloud_log_cloud_id` FOREIGN KEY (`cloud_id`) REFERENCES `clouds` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

New colums in the system table.

 `cloud_id` int(10) unsigned DEFAULT NULL,
`instance_provider` varchar(200) NOT NULL DEFAULT '',
`instance_ident` varchar(200) NOT NULL DEFAULT '',
`instance_type` varchar(200) NOT NULL DEFAULT '',
`instance_state` varchar(200) NOT NULL DEFAULT '',
`instance_reservation_ident` varchar(200) NOT NULL DEFAULT '',
`instance_tags` text NOT NULL,
`instance_options` text NOT NULL,

The database schema can be found in the application is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the details button for the table.


API / Web Access

You can access the

/clouds

collection using the normal Open-AudIT JSON based API. Just like any other collection. Please

see the

see The Open-AudIT API documentation for further details

.

Access is provided as part of a roles permissions. Licenses is a standard resource and can have create, read, update and delete permissions.

The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).

API Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
POSTn createclouds::create/cloudsInsert a new clouds entry.
GETy readclouds::read/clouds/{id}Returns a clouds details.
PATCHy updateclouds::update/clouds/{id}Update an attribute of a clouds entry.
DELETEy deleteclouds::delete/clouds/{id}Delete a clouds entry.
GETn collectionclouds::read/cloudsReturns a list of clouds.
GETy executeclouds::read/clouds/{id}/executeExecute discovery upon a cloud.

Web Application Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
GETncreatecreate_formclouds::create/clouds/createDisplays a standard web form for submission to POST /clouds

.