On the prod server, we noticed that the file Standalone-full-ha.xml was deleted and then got restored by chef to original state. I am not sure how this happened but there was a backup folder created in the standalone_xml_history folder with the timestamp and Standalone-full-ha.v1.xml got backed up in the timestamped directory. I have compared the changes of this file to the file that chef re-created and there is no difference. This has happened multiple times.

Few things we verified - 

• There was no mv or rm commands run for the standalone-full-ha.xml file
• There was no jboss-cli commands that were manually run
• There was a restart done just before the file got deleted/moved in one scenario.

Identity Manager non-vAPP

The logs show no indication of what may have caused standalone files to be manipulated. Aside from the installation software, the deployed Identity Manager application contains no code whatsoever that can execute an rm, mv or other similar linux commands.

IDM non-VAPP does not have any such hooks into the filesystem, nor does it have the ability to stop or start the server.

It seems that the issue is occurring at either an application server (Wildfly/JBoss) level or at the O/S level, or possibly via the chef integration, and you may want to engage your app server and O/S teams for a deeper investigation.