Artifact and Audit Log Cleanup Settings in IBM UrbanCode Deploy
Author: Randy Langehennig
Version: 1.1, 01/13/2023
Overview
Many of our clients have invested in IBM UrbanCode Deploy (UCD) which is an excellent solution used to automate their application deployments. Maybe you are an administrator of the solution, or maybe you are onboarding applications and components in the solution today. The purpose of this blog is to try and highlight a couple of administrative areas that are often overlooked initially as clients implement the solution:
- Artifact Cleanup Policies
- Audit Log
The primary reason an administrator cannot overlook this topic is because artifacts and audit logs are the two biggest contributors to disk growth and usage on the filesystem. The deployable artifacts are on the filesystem for your UCD Server installation. The audit log will consume more and more of your database space which ultimately lives on a filesystem as well on your database server. The purpose of this blog is to help you address both of these growth areas proactively.
Artifact Cleanup Policies
The IBM UrbanCode Deploy (UCD) solution has a version repository built-in to the solution called codestation. This is where your component versions are stored and leveraged for your deployments. This repository is on the filesystem of your UCD Server in a location that looks as follows: /opt/IBM/ucd-server/appdata/var/repository.
Over time, the repository will grow on the filesystem as more and more component versions are added to the system. Eventually, you may run into an issue where new component versions are not able to be created and you will then find out that you ran out of disk space. At that time, configuring artifact cleanup policies will become a high priority item for you and your team.
Here are the steps I followed to help reduce disk usage on my demo instance that is configured in the IBM Cloud:
- Login to your UCD web console as a ‘admin’ user.
- Click on the Settings tab at the top of the page
- Click on ‘System Settings’ under the System column as shown above.
- View the ‘Artifact Cleanup’ section as shown below:
NOTE: by default, the artifact cleanup will run every night at midnight (0). I kept this setting for my demo environment.
- Notice the ‘Default Application Snapshot Retention (days)’ setting. If you have created snapshots that contain component versions, you will need to change this value from the default of -1 (which means to keep all snapshots indefinitely). Read the tool tip help for more details. Change this default setting to an appropriate number.
NOTE: if you do not change this setting from the default of -1, this can impact the cleanup of older component versions that may be inside a snapshot.
- Further, change the settings from the default of -1 for these remaining four settings:
Default Version Retention for Component (days)
Default Number of Versions to Retain for Component
Default Version Retention for Environment (days)
Default Number of Versions to Retain for Environment
- Here is what my personal settings looked like for my demonstration environment after I made my edits:
- You should begin to see space free up on your filesystem after your artifact cleanup policies are put into practice.
Audit Log
The audit log is often overlooked during an installation of IBM UrbanCode Default from an administrator perspective. For my demonstration environment in the IBM Cloud, here is what my audit log page looked like as I began to see space fill-up related to my backend database (MySQL):
Notice that I had 720,486 items in my audit log and this is a pretty small installation! This can be much larger for our clients for their PRODUCTION instance. All the audit logs are stored by default in your back-end database. You may begin to see the ds_audit_entry database table growing in size as shown below:
To mitigate this and put in place audit log settings, follow these steps:
- Login to your UCD web console as an admin user.
- Click on Settings at the top of the page as shown below:
- Click on ‘Audit Log’ in the System section as highlighted above
- Click the ‘Audit Log Settings’ button as shown below:
- By default, your settings will look as follows:
The first setting, ‘Enable Audit Log Entries for Read Events’, is enabled by default. This means for each click someone takes in the web console, you will get a log entry.
The second setting, ‘Enable Audit Log Cleanup’, is disabled by default. You will want to enable this and then set the appropriate ‘days to retain audit log entries’ that is best for your business along with the time of day to run the cleanup.
NOTE: As you can see, your audit logs will not be cleaned up with a default installation of the product. Please configure this cleanup to properly for your business.
- For my demonstration environment, I set my properties to look as follows:
NOTE: for this demonstration environment, a single day of audit log entries is sufficient but you will want to make sure this is set to meet your needs.
- You are all set!
You can initiate the cleanup on-demand if you do not want to wait for the daily cleanup start time. If you have a really large audit log, you may not want to run the cleanup on-demand during the middle of the working day when a lot of deployments and activity could be taking place with your UCD Server.
To manually initiate an audit log cleanup, follow these steps:
- Click on Settings at the top of the page.
- Click on ‘Audit Log’ in the Systems section as you did before on the right.
- Click on the ‘Cleanup Log’ button as shown below:
- In the dialog that appears, you will want to provide a date and time.
NOTE: In this example above, what this means for the cleanup is that it will save the audit entries after 1/11/2023 at 10am. Everything prior to 1/11/2023 at 10am will be deleted. This can be confusing so please take note of this.
- In my case, When the cleanup completed, my system went from having 720,486 audit entries to 66,769 entries as shown below:
- You are finished. If you have a really large audit log, you may not want to run the cleanup on-demand during the middle of the working day when a lot of deployments and activity could be taking place with your UCD Server.
This will help you cleanup your audit log and free up space on your database server.
Conclusion
IBM UrbanCode Deploy is a powerful solution for application deployment. The solution was specifically designed to address the application deployment space and it provides an excellent trail of audit and also provides visibility of what versions are deployed where from an inventory perspective. These are key features of the solution and artifact cleanup and audit log retention policies are areas for administrators to be mindful of and can sometimes be overlooked.
I hope you found this blog to informative and do please provide feedback in the community and we will do our best to provide more content that is helpful to you.
#UrbanCodeDeploy