Deploy a cluster of independent Cyberwatch nodes with Swarm (Recommended)

This page purpose is to give the procedure to install Cyberwatch in satellite mode without using swarm for communication between the nodes.

Requirements

Required flows to set up a satellite node:

Source	Destination	Protocol	Port	Description
satellite node	master node	TCP	3306	Connection to the SQL database
satellite node	master node	TCP	6379	Connection to the Redis cache database
satellite node	`download.docker.com`	TCP	443	Docker installation and updates
satellite node	`harbor.cyberwatch.fr`	TCP	443	Cyberwatch Docker images registry
satellite node	`dl.cyberwatch.fr`	TCP	443	Cyberwatch package repository

You can check the hardware prerequisites with these commands:

Follow the standard deployment procedure and stop before configuring Cyberwatch.
Configure Cyberwatch:
- Configure Cyberwatch for a master node embedding the database:
```
 sudo cyberwatch configure --master
```
- Configure Cyberwatch for a master node with an external database:
```
 sudo cyberwatch configure --master --no-db
```

Follow the standard deployment procedure and stop before configuring Cyberwatch.
Execute the following command on master node:
```
sudo cyberwatch show-secrets
```
Write the output of the previous command to file /etc/cyberwatch/secrets.env of the satellite node:
```
sudo vim /etc/cyberwatch/secrets.env
sudo chmod 600 /etc/cyberwatch/secrets.env
```
Execute the following command on master node:
```
sudo cyberwatch show-root-cert
```
Write the output of the previous command to file /etc/cyberwatch/certs/cbw-root-ca-cert.pem of the satellite node:
```
sudo mkdir -p /etc/cyberwatch/certs
sudo vim /etc/cyberwatch/certs/cbw-root-ca-cert.pem
```
Configure Cyberwatch:
```
sudo cyberwatch configure --satellite
```
Verify that the satellite node is able to reach the master node:
```
sudo cyberwatch logs sidekiq
```