Deploying a Cyberwatch satellite node with Podman
The Podman orchestrator is available on an experimental basis. To ensure deployment stability, the Swarm orchestrator is recommended. If you have any questions or require assistance, please contact Cyberwatch support.
This page purpose is to give the procedure to install Cyberwatch in satellite mode without using swarm for communication between the nodes.
To ensure proper communication between the master and the satellite, both Cyberwatch instances must have the same version.
Requirements
Network prerequisites and flows matrix
Required flows to set up a satellite node:
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| satellite node | master node | TCP | 3306 | Connection to the SQL database |
| satellite node | master node | TCP | 6379 | Connection to the Redis cache database |
| satellite node | harbor.cyberwatch.fr | TCP | 443 | Cyberwatch Docker images registry |
| satellite node | dl.cyberwatch.com | TCP | 443 | Cyberwatch package repository |
Hardware prerequisites
- 2 vCPU
- RAM 8 GB
- 20 GB of disk space in
/home/cyberwatch
You can check the hardware prerequisites with these commands:
vCPU:
lscpu | grep "CPU(s):"RAM:
free -mDisk space in
/home/cyberwatch:df /home/cyberwatch
Master node installation
Follow the standard deployment procedure and stop before configuring Cyberwatch
Configure Cyberwatch:
Configure Cyberwatch for a master node embedding the database:
sudo cyberwatch configure --masterConfigure Cyberwatch for a master node with an external database:
sudo cyberwatch configure --master --no-db
Satellite node installation
Follow the standard deployment procedure and stop before configuring Cyberwatch
Execute the following command on master node:
sudo cyberwatch show-secretsWrite the output of the previous command to file
/etc/cyberwatch/secrets.envof the satellite node:sudo vim /etc/cyberwatch/secrets.env sudo chown root:cyberwatch /etc/cyberwatch/secrets.env sudo chmod 640 /etc/cyberwatch/secrets.envExecute the following command on master node:
sudo cyberwatch show-root-certWrite the output of the previous command to file
/etc/cyberwatch/certs/cbw-root-ca-cert.pemof the satellite node:sudo mkdir -p /etc/cyberwatch/certs sudo vim /etc/cyberwatch/certs/cbw-root-ca-cert.pemConfigure Cyberwatch:
sudo cyberwatch configure --satellite
Functionality validation
Verify that the satellite node is able to reach the master node:
sudo cyberwatch logs sidekiq