This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Important information on user "deploy_admin" in NW 11.0

TwinkleLath
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2018-01-18 09:25 AM

- The password for deploy_admin user should be same across all appliances.
- This user is used to connect rabbitmq, few mongo db tables(more or like guest user in 10.x version)

 

- If you change the deploy_admin user password in the NetWitness Suite User Interface (ADMIN>Security >Select deploy-admin - Reset password)
Then, follow below:
1. SSH to the NW Server host.
2. Run the (/opt/rsa/saTools/bin/set-deploy-admin-password script.
3. Use the new password when installing any new non-NW Server hosts.
4. Run (/opt/rsa/saTools/bin/set-deploy-admin-password script on all nonNW
Server hosts in your deployment.
5. Write down the password because you may need to refer to it later in the installation.

 

- If by mistake wrong password is used for user deploy_admin on any new node while bootstrapping,the orchestration fails. 
This state can be recovered by following:
1.First get your deploy password by logging in to your Admin server with ssh and running:
security-cli-client --get-config-prop --prop-hierarchy nw.security-client --prop-name platform.deployment.password --quiet
2.You will get your deploy password, next on your Node X that fails orchestration, open the file :
/etc/netwitness/security-client/security-client-amqp.yml
3.Change the password entry in file under deploy_admin to the deploy password retrieved from the admin server in step 1.
4.Save the file, run bootstrap again on node X, this time put the correct deploy password.
5.Once boot strap for node X is done, Install the service on it through the Admin server UI. Your node X should orchestrate correctly now.

12 REPLIES 12

JoshRandall
Valued Contributor Valued Contributor
Valued Contributor
In response to RichardB

‎2019-06-13 12:51 PM

Reading from stdin is easily accomplished with echo and piping.

 

# salt "*" cmd.run "echo -e '<old_pass>\n<new_pass>\n<new_pass>' | /opt/rsa/saTools/bin/set-deploy-admin-password"

 

The only thing that might require some testing with this is if you need escape any special/control characters within your passwords.


Mr. Mongo
0 Likes

RichardB
Frequent Contributor
Frequent Contributor
In response to JoshRandall

‎2019-06-14 01:45 AM

That would only work on the SA Server and ESA as they ask for both the old and new passwords. The other servers only ask for the new password.

0 Likes

JohnSnider
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to RichardB

‎2019-06-14 10:32 AM

This would be relatively ease to script if used in conjunction with my get-all-systems11.sh script which generates the "all-systems" file, which has all the information you need to know what type of device you are trying to make the change on, for example, this is from my lab environment:

 

AdminServer,nwserver,192.168.1.129,70f95dc0-3cb6-4fd4-b9f2-ac923d0ba594,PK10T51
ESAPrimary,esa1server,192.168.1.130,a598cb6b-4bd2-4ba2-af6a-79df3dab35e6,R9L8LNM

ESASecondary,esa2server,192.168.1.131,ac923d0b-82d7-68e3-3cb6-f95dc0847dc1,R9K6RGZ
LogHybrid,loghybrid,192.168.1.133,87fc872c-68e3-45e3-9108-e30f847dc14e,PK10T0A
Malware,malanalysis,192.168.1.132,2c98e425-57a0-47d2-82d7-15795a6165f5,R90BCFWP
NetworkHybrid,pkthybrid,192.168.1.134,9a99294e-3889-48b0-9555-11d3c21e2018,PK0VTR9

 

you could grep for the AdminServer and ESA* servers for the Old/New entries, and grep -v those for all other devices.  

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.