This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA 10.4- Puppet and NAT'ed IP..

Anonymous
Not applicable

‎2014-12-29 09:24 AM

Hi,

 

I have the following architecture (10.4.0.2 from 10.3.4):

  • One  Security Analytics appliance
  • One hybrid appliance (log collector / decoder / concentrator)
  • One Remote Log collector VM) on a customer site
    • Its IP is NAT'ed from the Security Analytics Appliance
    • The IP of the Security Analytics appliance is NAT'ed from this Log collector

 

The provisioning of the Remote Log collector fails because the IP of the SA is not the NAT'ed IP in /etc/mcollective/server.cfg  and this configuration file is always override by the puppet agent.

 

How override the sa_server value on the Security Analytics(Puppet Master) for this Log Collector ?

 

(I guess that's in the mongodb node definition..)

0 Likes
3 REPLIES 3

Anonymous
Not applicable

‎2014-12-29 09:30 AM

1: Manually change the IP address in csr_attributes.yaml file.

2: Change the value for sa server IP parameter to actual IP in following file on SA server:

/etc/puppet/modules/mcollective/templates/server.erb

change the value for plugin.rabbitmq.pool.1.host = <actual IP> instead of parameter and save the file.,

This is the file that gets deployed.

Now once you change this, actual SA IP that should be used will get deployed instead of NAT'ed IP.

Anonymous
Not applicable
In response to Anonymous

‎2014-12-29 09:51 AM

Hi ,

 

Thanks for the quick reply

1: Manually change the IP address in csr_attributes.yaml file.

Already done.

2: Change the value for sa server IP parameter to actual IP in following file on SA server:

/etc/puppet/modules/mcollective/templates/server.erb

change the value for plugin.rabbitmq.pool.1.host = <actual IP> instead of parameter and save the file.,

In my real production architecture, I have multiple Remote Log Collectors with different NAT and some Remote Log Collectors without NAT.  So, this solution doesn't scale.

 

I think it's better to override the value of sa_server in the "puppet way".

 

According to the configuration of the puppet master in /etc/puppet/puppet.conf, nodes definition are store in the internal MongoDB(TokuMX) database.

 

# mongo
> use puppet
> db.nodes.find({query:{node:"UUID"}}).pretty()
{
        "_id" : ObjectId("ObjectID"),
        "node" : "",
        "classes" : {
                "base" : ""
        },
        "enviroment" : ""
}

IMHO, I should add the value sa_server to the node configuration to override the global configuration. Something like this :

>db.nodes.update(
{
                {node:"UUID"}
                {"sa_server":"NAT'ed IP"}
                               
})
> db.nodes.find({query:{node:"UUID"}}).pretty()
{
        "_id" : ObjectId("ObjectID"),
        "node" : "",
        "classes" : {
                "base" : ""
        },
        "enviroment" : "",
        "sa_server":"NAT'ed IP"
}

 

Please advise

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-12-29 10:20 AM

Hi ,


Another possibility:  as the hostname puppetmaster.local defined in /etc/hosts always resolve to the good IP address, should I replace <%= @sa_server %> by puppetmaster.local in the following templates :


/etc/puppet/modules/yumconfig/templates/rsa.erb

/etc/puppet/modules/mcollective-client/templates/client.erb

?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.