Bootstrapping CDF

Bootstrapping CDF is a method of installing a few basic pods onto the Kubernetes cluster created previously (when you configured EKS and worker nodes).

During this process, the CDF bootstrap script does the following:

After the CDF bootstrap process completes, you will need to import the intermediate certificate to the CDF, configure some required networking settings, then continue installation using the CDF web installation interface.

Note: If you used a non-root user to install Kubernetes, you must use the same non-root user to install CDF as well. In addition, the non-root user installation process will prompt for additional steps.

Preparing the CDF Deployer

The EKS and worker nodes you have configured are completely isolated from access from the internet, each of the nodes can access it if needed. As a result, the process of bootstrapping CDF must be performed from the bastion.

You have already copied the package arcsight-platform-cloud-installer-<version>.zip to the bastion and unpacked it during configuration of EFS. As a part of this package, the cdf-deployer.zip is included.

To prepare the CDF deployer:

Unpack the cdf-deployer.zip archive by running the following command:

unzip ./arcsight-platform-cloud-installer-<version>/cdf-deployer.zip

This will create the directory arcsight-platform-cloud-installer-<version>/cdf-deployer.

Retrieving the ECR Credentials

CDF needs the credentials to access the ECR in order to be able to download images.

To retrieve the ECR credentials:

  1. On the bastion, run the command:
    2.  ./arcsight-platform-cloud-installer-<version>/aws-scripts/scripts/upload_images_to_ECR --get-ecr-credentials
  2. The file ecr_credentials is created in the directory where the script was run, containing username, password, and ECR URL.
  3. Run the following command:
    4. source ecr_credentials
 The password retrieved here is valid for only 12 hours after creation.

To bootstrap CDF:

  1. Change the working folder to cdf-deployer and run the following command:
    ./install \
    --registry-url $ECR_URL \
    --registry-username $ECR_USER_NAME \
    --registry-password $ECR_USER_PASSWORD \
    -P <suite admin password> \
    --registry-orgname <orgname> \
    --nfs-server <Filesystem FQDN> \
    --nfs-folder <CDF ITOM volume> \
    --cloud-provider aws --external-access-host <RecordSet name>

Where:

Variables $ECR_URL, $ECR_USER_NAME, and $ECR_USER_PASSWORD come from the ecr_credentials file which you sourced previously.

<suite admin password>: Choose a password between 8 to 20 characters in length. A password must include numbers, lowercase chars, uppercase chars and special characters. Exclude whitespace characters, such as space, newline, and so on.

<orgname> : Use the same value as for upload images; check the AWS worksheet for this value.

<Filesystem FQDN>: Use the value from the AWS worksheet.

<CDF ITOM volume>: The directory on NFS/EFS into which CDF starts installation. The path is a combination of the parent directory as specified in Configure EFS for ArcSight Suite and the predefined subfolder name. For example, /srgdemo/itom-vol.

<RecordSet name> : The A-record (FQDN) used for connecting to the CDF installation and management portal. Use the value from the AWS worksheet.

Note: Ensure that you remove the trailing period from the FQDN.
./install --registry-url $ECR_URL \
--registry-username $ECR_USER_NAME \
--registry-password $ECR_USER_PASSWORD \
-P "Password@123" \
--registry-orgname srgdemo \
--nfs-server fs-ebe456b3.efs.eu-central-1.amazonaws.com \
--nfs-folder /srgdemo/itom-vol \
--cloud-provider aws \
--external-access-host srgdemo.arcsight-dev.com

After the CDF bootstrap completes, you are prompted to log in at the following URL:
https://<external access host>:3000

However, you will not be able to log in successfully yet, as there are some network infrastructure resources still to prepare, as explained in the succeeding steps.

Next Step: Securing External Communication with the RE Certificate