Configuring apps running on an integration server

The Disaster Recovery system works with apps that run on an integration server, which is a remote system - not on the receiver or master systems. To configure your apps to work when you run the Disaster Recovery playbooks, you must update the app.config file on the integration server to point to the active SOAR instance.

You do not need to complete this configuration if you have configured the client to use an FQDN for which the DNS record has been updated. You only need to complete the following configuration if the address (IP address or host name) used by the apps needs to be updated.

Complete the following steps to configure your apps when running the DR playbooks to promote the receiver or to swap the master and receiver.

For information about the integration server, see the Integration Server Guide.

  1. Before running the Disaster Recovery playbooks, stop Resilient Circuits on the remote integration server. If the integration server is on a Linux system, the command is:
    sudo systemctl stop resilient_circuits
    If the integration server is on a Windows system, the command is:
    resilient-circuits.exe service stop
  2. Run the DR Ansible playbook to promote the receiver or to swap the master and receiver, as described in Running Disaster Recovery Ansible playbooks.
  3. Update the app.config file on the integration server to specify the IP address or FQDN of the newly active SOAR appliance.
  4. If you want the SOAR server certificate to be verified, complete the following steps:
    1. Open the app.config file.
    2. Check that the host parameter is correct, for example:
      host=<resilient.localdomain>
    3. Comment out the following line:
      line cafile=false
    4. Add the following line:
      cafile=~/.resilient/cert.cer
    5. Save the changes to the app.config file.
    6. Copy the cert from the appliance by running a command similar to the following:
      openssl s_client -connect <IP_Address> -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/.resilient/cert.cer

    Refer to the Integration Server Guide for more information about managing the SSL certs.

  5. Restart resilient-circuits on the remote host.
    Note: If you did not make copies of the example integration configuration on your appliance, such as example rules or workflow, but instead updated these examples to get them working with your setup, if you run resilient-circuits customize again and agree for the setup to be pushed to the appliance, it overwrites the changes that you made with the default integration values.