Anyone figure out Layer File Exclusions in App Layering 2110?

[David Ray]

App Layering 2110 adds an "Advanced" feature called 'Exclude files from layers'.  See documentation at Citrix App Layering Documentation - Exclude Folders Files from Layers.  The documentation not withstanding, I cannot seem to get this to do anything.  Probably I am not understanding how to set it up or what to expect it to do.

 

It seems like this would be great for when you get a layer tatooed with something unwanted, like, maybe, an Edge update.  Deleting it is not an option since the deletion would effectively delete Edge (in this example) from the image (unless it was added again in another layer with higher priority (yes, this mess has happened to me)).

 

But in all my simple tests so far this feature, too "Advanced" for me it seems, does nothing.  It does not even enter anything into the logs mentioned in the docs.  BTW, yes, I have updated my appliance to 2110.

 

My basic test is this:  I found a simple txt file in my OS Layer.  I made a new App Layer and then edited that text file.  I added the exclusion list as described in the document excluding this txt file.  I then published an image with just the OS Layer and this new App Layer.  Not even a Platform layer... I just made it into a VM and ran it on the hypervisor and used the console.

 

I expected to see the original txt file from the OS Layer since, theoretically, the one in the App Layer is excluded from being written.  Or I considered that the txt file might be gone altogether.  But nothing happened at all.  The file was there in the image in its edited form.

 

So... likely I am not understanding what it is supposed to do.  Or, maybe, how to configure it.   Anyone else have any insight/help?

 

Thanks,
David

[Rob Zylowski]

Hi David,

 

I had to ask engineering because this is new to me as well.  This process only applies to files that would be written to the "user layer".  So the ones specified wont be written to the user layer instead they will go to the desktops writable layer.  I am requesting we make the documentation say that more directly.

[Chip Gonsalves]

Hi David,

 

As Rob has stated these exclusions are intended to prevent updates going to the user layer.  It is primarily for dealing with Anti-virus applications that tend to pollute the user layers with files and updates that should not persist from one login to the next.

 

They are only read on a deployed image with the layers that included the exclusions built into the image.

 

So in your test case that described what you should see is the log0.txt being updated with the rule that was added in your layer once you log into the machine as a user and have the user layer mounted.  And based on your description, you would see the edits that you did on the application layer.  Then any edits you do the file while logged in as the user would not persist on the next login.

 

[David Ray]

Thanks.  I was somewhat afraid that might be the case (user layers only).  This would be so helpful if it worked for application layers while they were being composited.  It would help clean up the various versions of Edge that got infected (that is how it feels) into quite a few app layers before I learned to disable the update services and scheduled tasks in the OS layer.

 

Thanks,
David