Step 2: Setting up the appliance systems
You must install packages and Ansible® content
and complete configuration steps on each of the appliances.
About this task
Complete the following steps on each of the SOAR Platform appliances.
Procedure
-
Ensure that the
resadmin
sudo user password is the same on both appliances. - Copy the resilient-optional-packages-repo.run file to the /tmp directory on each of the SOAR Platform appliances.
-
As the
resadmin
user, run the following command and follow the on-screen instructions to install the packages:sudo bash soar-optional-packages-repo-rhel8-<release_number>.run
-
Enable the repository.
sudo yum --disablerepo="*" --enablerepo="resilient_optional" list available
-
Install the Yum packages.
sudo yum --noplugins install lsyncd
This command also installs the
rsync
package. -
To ensure secure communication between the two appliances when you sync files, you must
generate a public/private ssh key pair for the
resfilesync
user.ssh-keygen -t rsa -b 4096 -C "resfilesync@res-dr"
When prompted for the file in which to save the key, enter the following value:/usr/share/resilient-dr/ansible/files/id_rsa
When prompted for a password, press Enter to leave it empty. It is a requirement to not specify a password.
-
Copy the /usr/share/resilient-dr/ansible/templates/ssh_vault.template.yml
file to the /usr/share/resilient-dr/ansible/files directory and rename the
copied file to
ssh_vault.yml
. -
Using the generated SSH key pair, copy the
id_rsa
private key content and paste it, replacing the<INSERT_PRIVATE_KEY_HERE>
tag, as shown in the following example.Note: Ensure that you maintain the correct YAML syntax structure and alignment. -
Complete a similar procedure for the public key by replacing the
<INSERT_PUBLIC_KEY_HERE>
tag in thessh_vault.yml
file with theid_rsa.pub
content. Make sure that you keep the key on a single line and maintain the YAML syntax, as shown in the following example:Important: The indentation and formatting must be exactly as defined by the YAML format. The entire contents must have the same indentation from start to finish for each inserted key.Example:# Place your private and public ssh keys here ssh_key_files: /home/resfilesync/.ssh/id_rsa: owner: "resfilesync" group: "resfilesync" mode: "0600" content: | -----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAsO4znU2B6rESLao5MetjScpuTefV89PflTRnh0iEVuzck/QY No0y5oWyC1r8BRRveTjYJM8uf4QC2RyN1VMQFA66sqPBpsegHayQmrEfssIgcHh6 u3m7DReh6l0PyEb86fG92yAywAvzeLyFqRfjaUUws79/bDInBNWRNjilufCovGaE PV+l3wOvi6mZ3L8Ps4khxxeXqmrgAKSG/ElJYuE9JFhCFN1JpNAgvxArxoR8gKaO oa4X/vvuhp2K0cFvNTTXA/rzsiiazkt4b812IJnLYTHwLxY1eL6PGKJyUBUc4531 wdefwdfadfaerfaef233refdzvdfsavq34rtefcdsfv4fr234feq3fqervavdvvc eddfvqerfgyougettheideavszdfgvsbdfgbnrstghwergsvddvaegfvaefgsfbg 9bVm01CVKUJtxcbd77nDDLp1LGb3FsAnvj4atbiu/q0LPygKkIAFXedEV0psWlwH gCM9n3Dzs9qm7r9kyfH0ud9YYS/nz6x0i6ZRF5jwhNy0C+PWQeyVzWlv3QfN9ALY Z1IPNVScxAjJCzDjqhP_____SAMPLE_____iQIv/UQGws1nyKJWFaeffeffFEFEF YvOafmpudnpMFlILHNl8t1c4AZEL/1Jt0TF9bCbBnQ0tlEZ9WkrvFCcHw1OhpIHH 1KMpSGSWUfVw9TatZf0icwQRPxwImC2vAoIBAQCYoHcAPeYlFXcNZfVvLUQtA6qr nlrxrkLZDCZTrgCt4QxU5egGWFlosjHk0TqCElBq5aB4fjPTck/PNLGvdLcxlsnN piafGrbCbxuZ1kqqPhbVCA7bjsgW5X7ljLwhhE4B6iOuB7j/sHFD7kMhYamtVJRR B+C9KUNx3hTc8ILDbnC4O6lijJzPmx1F3L3OeHbzHB/tXNZdLIrL5Gt/ckA3+0ow NuOuaZV2FLlyVa0UjUaAKirN/c68d/G3MJdQFEsARI9TNc+uhOCY+8rTr35dAliG LfsxTtDA+1ftKmt+I28PdgZpPz0X9QAws6Wd/QCIAI3BF5Dz7rT02KveJKPOEFJU -----END RSA PRIVATE KEY----- /home/resfilesync/.ssh/id_rsa.pub: owner: "resfilesync" group: "resfilesync" mode: "0644" content: | ssh-rsa AAAAB3NzaC1yc2EAAADFVBNJR56SO2djdvdvvgyuoldfgwADA==resfilesync@resilient.localdomain
-
Activate the built-in Ansible environment.
source /opt/ansible-venv/python/ansible-python-env-latest/bin/activate
-
To protect the keys, encrypt the
ssh_vault.yml
file by typing the following command from the /usr/share/resilient-dr/ansible/files folder.ansible-vault encrypt ssh_vault.yml
Important: Because of an Ansible limitation, you must use the same password when you encrypt the following vault files on each appliance.- group_vars/all/vault
- ansible/files/ssh_vault.yml
- ansible/files/ssl_certs_vault_file
ansible-vault decrypt <filename>
What to do next
Ensure that you complete these configuration steps on both of the SOAR Platform systems.
After the appliances are configured, proceed to Step 3: Configuring Postgres for SSL.