VMware Cloud Community
wbabineaux
Contributor
Contributor
‎03-11-2018 12:54 PM
Jump to solution

Policy Inheritance not working correctly in vROPs 6.6?

Hi all,

We have been seeing some alerts come through for VMs, that should be disabled via polices.

Alert: One or more virtual machine guest file systems are running out of disk space

Policies:

Allow VM Alerts

Disable VM Alerts

The first policy will display alerts for ~37 objects that we want to be alerted on. (Infra VMs)

The second policy is set to disable alerts for most all the other VMs. (Client VMs)

Corp Policies for VMs.PNG

As you can see, I believe I have the policy inheritance set correctly. Allow the alert first for those objects, then disable alerts for all other VMs.

VMs are in both policies via custom groups, so inheritance should be at play here.

I can confirm the above alert is enabled in the Allow VMs policy and disabled in the Disable Alert VMs policy:

Allow VM Alerts:

Allow VMs.PNG

Disable Alerts VMs:

Disable Alerts VMs policy.PNG

For some reason though, I still see that specific alert come through for VMs that are in the Disable Alerts VMs:

VM Object in disable alerts policy.PNG

VM Object shwoing alert.PNG

I believe everything is set correctly, as we have the same policies applied to 2 other Large vROps cluster.

This cluster does have VMs that are deleted/recreated on a  daily basis. (Dev or VDI VMS).

Would anyone any suggestions as to why those alerts are still coming through? Our lab is currently down and in the process of being rebuilt, so I am unable to check this in the lab.

Thanks for any and all help!

Reply
0 Kudos
1 Solution

Accepted Solutions
sxnxr
Commander
Commander
‎03-13-2018 08:55 AM
Jump to solution

"The only thing I have found is when the alert shows up, that object (VM) has just been created. Most of the alerts cancel within the same timeframe, some stay for 10-15 mins"

That is different ( or could be)

When a new object is added it is put into the default policy because there is no data available to execute the group membership rules. It will stay there until a couple of collections are completed. Once the collections are completed the VM will then be able to be moved into the correct policy based on the membership rules now having data available to enforce them.

If your default policy has the alerts enabled then they will alert as soon as the first collection is complete and will cancel when the membership rules are executed and the vms are moved into the correct group and get the correct policy.

The same thing will happen when a cluster is rebooted. All objects will be placed into the default policy for unto 20 mins until the group membership is worked out.

The reboot part will be fixed in 6.7 i have been told

View solution in original post

Reply
0 Kudos
8 Replies
Soap01
Enthusiast
Enthusiast
‎03-12-2018 02:57 PM
Jump to solution

How many nodes do you have in your vRealize Operations deployment? I ask because I was recently informed of an issue where in some cases policy changes do not filter down to all nodes and that you have to take the cluster offline/online to resolve.

Reply
0 Kudos
sxnxr
Commander
Commander
‎03-13-2018 01:42 AM
Jump to solution

I get the same thing for the HDS MP. I have all the alerts disabled but i still get alerted even after a cluster reboot. I have a 7 node cluster

Reply
0 Kudos
wbabineaux
Contributor
Contributor
‎03-13-2018 08:42 AM
Jump to solution

This is a Large node, with 8 Master/Data nodes. We are not using the Master Replica. There are 4 Remote Collectors as well.

The only thing I have found is when the alert shows up, that object (VM) has just been created. Most of the alerts cancel within the same timeframe, some stay for 10-15 mins.

I was thinking this was the issue because of the Dev work being down, tearing down VMs.

But I would think the alert should not even process if the policies were working correctly.

Reply
0 Kudos
sxnxr
Commander
Commander
‎03-13-2018 08:55 AM
Jump to solution

"The only thing I have found is when the alert shows up, that object (VM) has just been created. Most of the alerts cancel within the same timeframe, some stay for 10-15 mins"

That is different ( or could be)

When a new object is added it is put into the default policy because there is no data available to execute the group membership rules. It will stay there until a couple of collections are completed. Once the collections are completed the VM will then be able to be moved into the correct policy based on the membership rules now having data available to enforce them.

If your default policy has the alerts enabled then they will alert as soon as the first collection is complete and will cancel when the membership rules are executed and the vms are moved into the correct group and get the correct policy.

The same thing will happen when a cluster is rebooted. All objects will be placed into the default policy for unto 20 mins until the group membership is worked out.

The reboot part will be fixed in 6.7 i have been told

Reply
0 Kudos
wbabineaux
Contributor
Contributor
‎03-13-2018 10:42 AM
Jump to solution

That does in deed make sense. I was thinking of setting that alert to disabled in the Default Policy and enable it in all other policies, as those policies are nested under the Default Policy.

When looking at that, I don't think that will viable as I have objects that use the Default Policy and we do indeed need alerts on those objects.

I will continue to look and see if I can create new groups/policies so I can attempt to get this to work how we want it to work.

Update:

I will go ahead and mark sxnxr's reply as correct as I do not see a way around this as of right now. I will need to take a look at re-working the policies/groups, which would take a lot of time.

Thanks for the information and help!!

Reply
0 Kudos
koit12
Enthusiast
Enthusiast
‎03-15-2018 01:53 AM
Jump to solution

Hi,

I've experienced policy inhertiance and alert disabling issues since the vCOps 5x days.

In the past, taking the cluster offline, reboot and online would fix the issue most of the times.

I have installed vROps 6.61 Hotfix9 and it seems like the issue is finally gone 🙂

The Hotfix must be requested from GSS or you can wait for the next release.

Reply
0 Kudos
sxnxr
Commander
Commander
‎03-15-2018 03:01 AM
Jump to solution

I to have to apply HF9 as i am having alarms triggering when they are disabled in the policy. From what i have been told is that there are 17 fixes in it. I am waiting to get a lest of them.

Reply
0 Kudos
Soap01
Enthusiast
Enthusiast
‎03-15-2018 04:07 AM
Jump to solution

I also have HF9 but in my case I was needing it to resolve a licensing issue and no mention was ever made that it might include fixes for the policy issues described. I was still instructed that I may need to take the cluster offline/online but that may have just been as a precaution. I will say that I have heard that vRealize Operations Manager 6.7 may be out middle of next month and it will include allot of changes especially improvements to workload balance I believe.

Reply
0 Kudos