Deploy a cluster of independent Cyberwatch nodes with Swarm (Recommended)

This page purpose is to give the procedure to install Cyberwatch in satellite mode without using swarm for communication between the nodes.

Requirements

Network prerequisites and flows matrix

Required flows to set up a satellite node:

SourceDestinationProtocolPortDescription
satellite nodemaster nodeTCP3306Connection to the SQL database
satellite nodemaster nodeTCP6379Connection to the Redis cache database
satellite nodedownload.docker.comTCP443Docker installation and updates
satellite nodeharbor.cyberwatch.frTCP443Cyberwatch Docker images registry
satellite nodedl.cyberwatch.frTCP443Cyberwatch package repository

Hardware prerequisites

  • 2 vCPU
  • RAM 8 GB
  • 20 GB of disk space in /var/lib/docker/

You can check the hardware prerequisites with these commands:

  • vCPU:

    lscpu | grep "CPU(s):"
    
  • RAM:

    free -m
    
  • Disk space in /var/lib/docker/:

    df /var/lib/docker/
    

Master node installation

  1. Follow the standard deployment procedure and stop before configuring Cyberwatch.

  2. Configure Cyberwatch:

    • Configure Cyberwatch for a master node embedding the database:

       sudo cyberwatch configure --master
      
    • Configure Cyberwatch for a master node with an external database:

       sudo cyberwatch configure --master --no-db
      

Satellite node installation

  1. Follow the standard deployment procedure and stop before configuring Cyberwatch.

  2. Execute the following command on master node:

    sudo cyberwatch show-secrets
    
  3. Write the output of the previous command to file /etc/cyberwatch/secrets.env of the satellite node:

    sudo vim /etc/cyberwatch/secrets.env
    sudo chmod 600 /etc/cyberwatch/secrets.env
    
  4. Execute the following command on master node:

    sudo cyberwatch show-root-cert
    
  5. Write the output of the previous command to file /etc/cyberwatch/certs/cbw-root-ca-cert.pem of the satellite node:

    sudo mkdir -p /etc/cyberwatch/certs
    sudo vim /etc/cyberwatch/certs/cbw-root-ca-cert.pem
    
  6. Configure Cyberwatch:

    sudo cyberwatch configure --satellite
    
  7. Verify that the satellite node is able to reach the master node:

    sudo cyberwatch logs sidekiq