Deploy a cluster of independent Cyberwatch nodes with Swarm (Recommended)
This page purpose is to give the procedure to install Cyberwatch in satellite mode without using swarm for communication between the nodes.
Requirements
Network prerequisites and flows matrix
Required flows to set up a satellite node:
Source | Destination | Protocol | Port | Description |
---|---|---|---|---|
satellite node | master node | TCP | 3306 | Connection to the SQL database |
satellite node | master node | TCP | 6379 | Connection to the Redis cache database |
satellite node | download.docker.com | TCP | 443 | Docker installation and updates |
satellite node | harbor.cyberwatch.fr | TCP | 443 | Cyberwatch Docker images registry |
satellite node | dl.cyberwatch.fr | TCP | 443 | Cyberwatch package repository |
Hardware prerequisites
- 2 vCPU
- RAM 8 GB
- 20 GB of disk space in /var/lib/docker/
You can check the hardware prerequisites with these commands:
vCPU:
lscpu | grep "CPU(s):"
RAM:
free -m
Disk space in /var/lib/docker/:
df /var/lib/docker/
Master node installation
Follow the standard deployment procedure and stop before configuring Cyberwatch
Configure Cyberwatch:
Configure Cyberwatch for a master node embedding the database:
sudo cyberwatch configure --master
Configure Cyberwatch for a master node with an external database:
sudo cyberwatch configure --master --no-db
Satellite node installation
Follow the standard deployment procedure and stop before configuring Cyberwatch
Execute the following command on master node:
sudo cyberwatch show-secrets
Write the output of the previous command to file
/etc/cyberwatch/secrets.env
of the satellite node:sudo vim /etc/cyberwatch/secrets.env sudo chmod 600 /etc/cyberwatch/secrets.env
Execute the following command on master node:
sudo cyberwatch show-root-cert
Write the output of the previous command to file
/etc/cyberwatch/certs/cbw-root-ca-cert.pem
of the satellite node:sudo mkdir -p /etc/cyberwatch/certs sudo vim /etc/cyberwatch/certs/cbw-root-ca-cert.pem
Configure Cyberwatch:
sudo cyberwatch configure --satellite
Verify that the satellite node is able to reach the master node:
sudo cyberwatch logs sidekiq