4.2 Configuring CIS

The Cloud Integrated Storage (CIS) provides a console to configure CIS and its infrastructure components.

NOTE:Before configuring CIS or infrastructure services on any server, ensure to select CIS pattern using the YaST configuration.

4.2.1 Accessing the CIS Configuration Console

  1. Point your browser to https://<OES server IP address or the host name>:8105.

  2. Specify the user name or FQDN of the eDirectory administrator in the user name, specify the password, then click Login. For example, cn=admin,o=acme.

    The CIS Configuration welcome page explains the configuration flow of CIS components.

  3. Review the flow, and then select the type of deployment as per your requirement.

    IMPORTANT:Before configuring the CIS, ensure that there is sufficient disk space available on the root file system for CIS to function properly.

4.2.2 Deployment Types

It includes the following:

Configure CIS as a Standalone Server in Root (/) Path

Choose this option to configure Apache Kafka, Apache ZooKeeper, OpenSearch, database and CIS services on the same server.

Prerequisites

  • Before you start with CIS configuration, ensure to meet the requirements mentioned in Section 3.3, CIS Requirements are met.

  • A local database is created during CIS Standalone server configuration. Ensure that there is no database already configured on this server.

  • If you prefer an external database ensure that the database is installed and configured. For information on how to install and configure MariaDB, see Section B.0, Installing and Configuring MariaDB. If you want to use already configured database (MariaDB or MS SQL) with CIS, ensure that the database is up and running.

Procedure

  1. On the CIS deployment page, select Configure CIS as a Standalone Server deployment type and then click Next.

  2. Configuration Location: Specify the following:

    • Hostname / IP Address: Specify the fully qualified domain name (FQDN) or IP address of the server where CIS will be configured. For example, wdccisserver.labs.wdc.acme.com.

    • Configuration Path: Specify the path to store CIS configuration files and log files. By default, the path is set to root (/).

  3. Database: By default Use external database is disabled. In this case, you must specify the MariaDB password to configure the local database.

    If you prefer to Use external database, perform the following steps:

    1. Select either MariaDB or MS SQL database.

    2. Specify the database host name or IP address and port. By default, the database port for MariaDB is 3306 and MS SQL is 1433.

    3. Specify the user name and password for the database.

    4. Use secure connection: Enables or disables the database connection to be secure. By default, this option is disabled.

      If MariaDB database is selected, ensure to meet the following prerequisites before proceeding in the GUI:

      1. Ensure to copy MariaDB client certificates to the CIS server at /etc/opt/novell/cis/db/certs.

      2. In the MySQL configuration file (/etc/my.cnf) under the [mysqld] section, update the following paths:

        [mysqld]
        ssl=1 
        ssl-ca=/etc/opt/novell/cis/db/certs/ca-cert.pem
        ssl-cert=/etc/opt/novell/cis/db/certs/client-cert.pem
        ssl-key=/etc/opt/novell/cis/db/certs/client-key.pem
      • Client CA Certificate file path: Specify the path of client Certificate Authority (CA) file in .pem format.

      • Client Certificate file path: Specify the path of the client certificate file in .pem format.

      • Client Key file path: Specify the path of the key file associated with the client certificate in .pem format.

  4. Docker Network Setting: The default subnet of cisnet docker is 172.16.0.0/16. If the default subnet conflicts with your current network, modify the subnet address.

    For example: 192.168.0.0/16 or 10.10.0.0/16

    NOTE:When creating a custom subnet with a mask, ensure that the host minimum and maximum subnet addresses do not overlap with existing subnet ranges. To accomplish this, choose a subnet address and mask combination that is compatible with your network topology, ensuring that the host range is outside of any existing subnet ranges.

  5. Infrastructure Server: Specify the following:

    • ZooKeeper: By default, it is configured with the CIS server IP and ZooKeeper port is 2181.

    • OpenSearch: By default, it is configured with the CIS server IP and OpenSearch port is 9400.

    • Kafka: By default, it is configured with the CIS server IP and Kafka port is 9092.

  6. Click Next.

  7. Admin Context: Specify the following:

    • CIS Admin Name with Context: Specify the LDAP distinguished name (DN) of the user who administers the CIS server. For example, cn=admin,o=acme.

    • Admin Password: Specify the password for the CIS administrator.

    • Agent Search Context: Specify the LDAP distinguished name (DN) of the container object under which the NCP server objects of the OES server resides that connects to the CIS server. The OES server includes the agents that connects to the CIS server. The CIS admin user must have supervisory rights on this server context.

  8. Click Next. Review the configuration summary and then click Finish.

  9. Restart the agent services in all the servers connected under Agent Search Context for connecting to CIS server and displaying the status of the servers in the CIS Management Console.

    systemctl restart oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

    systemctl status oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

Configure CIS as a Standalone Server in NSS Media

Choose this option to configure Apache Kafka, Apache ZooKeeper, OpenSearch, database and CIS services on the same server.

Prerequisites

  • Before you start with CIS configuration, ensure to meet the requirements mentioned in Section 3.3, CIS Requirements are met.

  • A local database is created during CIS Standalone server configuration. Ensure that there is no database already configured on this server.

  • If you prefer an additional database ensure that the database is installed and configured. For information on how to install and configure MariaDB, see Section B.0, Installing and Configuring MariaDB. If you want to use already configured database (MariaDB or MS SQL) with CIS, ensure that the database is up and running.

Procedure

  1. On the CIS deployment page, select Configure CIS as a Standalone Server deployment type and then click Next.

  2. Configuration Location: Specify the following:

    • Hostname / IP Address: Specify the fully qualified domain name (FQDN) or IP address of the server where CIS will be configured. For example, wdccisserver.labs.wdc.acme.com.

    • Configuration Path: Specify the path /home or /media/nss/VOLUMENAME to store CIS configuration files and log files depending on your requirement.

      If you are using /media/nss/CISVOL, then it is recommended to create a new volume for CIS. When using an existing volume, ensure that the space available is 100 GB or more. You must LUM enable the cisuser and cisgroup. For more information, see Section 4.6, LUM Enabling CIS User and Group.

      If /media/nss/CISVOL is a cluster volume, then you need to modify the resource to update the Load and Unload script with CIS service. For more information, see Modifying the Load, Unload, and Monitor Scripts.

  3. Database: By default Use external database is disabled. In this case, you must specify the MariaDB password to configure the local database.

    If you prefer to use external database, perform the following steps:

    1. Select either MariaDB or MS SQL database.

    2. Specify the database host name or IP address and port. By default, the database port for MariaDB is 3306 and MS SQL is 1433.

    3. Specify the user name and password for the database.

    4. Use secure connection: Enables or disables the database connection to be secure. By default, this option is disabled.

      If MariaDB database is selected, ensure to meet the following prerequisites before proceeding in the GUI:

      1. Ensure to copy MariaDB client certificates to the CIS server at /etc/opt/novell/cis/db/certs.

      2. In the MySQL configuration file (/etc/my.cnf) under the [mysqld] section, update the following paths:

        [mysqld]
        ssl=1 
        ssl-ca=/etc/opt/novell/cis/db/certs/ca-cert.pem
        ssl-cert=/etc/opt/novell/cis/db/certs/client-cert.pem
        ssl-key=/etc/opt/novell/cis/db/certs/client-key.pem
      • Client CA Certificate file path: Specify the path of client Certificate Authority (CA) file in .pem format.

      • Client Certificate file path: Specify the path of the client certificate file in .pem format.

      • Client Key file path: Specify the path of the key file associated with the client certificate in .pem format.

  4. Docker Network Setting: The default subnet of cisnet docker is 172.16.0.0/16. If the default subnet conflicts with your current network, modify the subnet address.

    For example: 192.168.0.0/16 or 10.10.0.0/16

    NOTE:When creating a custom subnet with a mask, ensure that the host minimum and maximum subnet addresses do not overlap with existing subnet ranges. To accomplish this, choose a subnet address and mask combination that is compatible with your network topology, ensuring that the host range is outside of any existing subnet ranges.

  5. Infrastructure Server: Specify the following:

    • ZooKeeper: By default, it is configured with the CIS server IP and ZooKeeper port is 2181.

    • OpenSearch: By default, it is configured with the CIS server IP and OpenSearch port is 9400.

    • Kafka: By default, it is configured with the CIS server IP and Kafka port is 9092.

  6. Click Next.

  7. Admin Context: Specify the following:

    • CIS Admin Name with Context: Specify the LDAP distinguished name (DN) of the user who administers the CIS server. For example, cn=admin,o=acme.

    • Admin Password: Specify the password for the CIS administrator.

    • Agent Search Context: Specify the LDAP distinguished name (DN) of the container object under which the NCP server objects of the OES server resides that connects to the CIS server. The OES server includes the agents that connects to the CIS server. The CIS admin user must have supervisory rights on this server context.

  8. Click Next. Review the configuration summary and then click Finish.

  9. Restart the agent services in all the servers in the tree for displaying the status of the servers in CIS Management Console.

    systemctl restart oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

    systemctl status oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

Modifying the Load, Unload, and Monitor Scripts

  1. Log in to iManager.

  2. Under Roles and Tasks, select Clusters > My Clusters, then select the cluster.

    If the cluster does not appear in your personalized list of clusters to manage, you can add it. Click Add, browse and select the cluster, then click OK. Wait for the cluster to appear in the list and report its status, then select the cluster.

  3. On the Cluster Manager page or Cluster Options page, select the cluster resource to view its properties, then click the Scripts tab.

  4. Click the Load Script, Unload, or Monitor Script links to view or modify the scripts. If you modify a script, click Apply to save your changes before you leave the page.

    Changes do not take effect until you take the resource offline, and bring it online again.

    1. Edit the load script for the Cluster Pool. Add the following lines to the existing load script before the exit 0 statement.

      # start CIS services
      exit_on_error /usr/bin/systemctl start oes-cis-fluentbit.service
      exit_on_error /usr/bin/systemctl start oes-cis-configuration.service
      
      # start CIS infra services
      exit_on_error /usr/bin/systemctl start oes-cis-zk.service
      exit_on_error /usr/bin/systemctl start oes-cis-opensearch.service
      exit_on_error /usr/bin/systemctl start oes-cis-kafka.service
      
      # start CIS core services
      exit_on_error /usr/bin/systemctl start oes-cis-auth.service
      exit_on_error /usr/bin/systemctl start oes-cis-data.service
      exit_on_error /usr/bin/systemctl start oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl start oes-cis-policy.service
      exit_on_error /usr/bin/systemctl start oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl start oes-dashboard.service
      exit_on_error /usr/bin/systemctl start oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl start oes-cis-collector.service
      exit_on_error /usr/bin/systemctl start oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl start oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl start oes-cis-gateway.service
      
      # check the services
      exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-zk.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-opensearch.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-kafka.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl is-active oes-dashboard.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
      
      # restart firewall if its running
      systemctl status firewalld.service
      if [ $? -eq 0 ]; then
          ignore_error systemctl restart firewalld.service
      fi
    2. Edit the unload script for the Cluster Pool. Add the following lines to the existing unload script after the /opt/novell/ncs/lib/ncsfuncs statement:

      # stop cis services
      ignore_error /usr/bin/systemctl stop oes-cis-fluentbit.service
      ignore_error /usr/bin/systemctl stop oes-cis-auth.service
      ignore_error /usr/bin/systemctl stop oes-cis-data.service
      ignore_error /usr/bin/systemctl stop oes-cis-metadata.service
      ignore_error /usr/bin/systemctl stop oes-cis-policy.service
      ignore_error /usr/bin/systemctl stop oes-cis-mgmt.service
      ignore_error /usr/bin/systemctl stop oes-dashboard.service
      ignore_error /usr/bin/systemctl stop oes-cis-aggregator.service
      ignore_error /usr/bin/systemctl stop oes-cis-collector.service
      ignore_error /usr/bin/systemctl stop oes-cis-repaggregator.service
      ignore_error /usr/bin/systemctl stop oes-cis-repcollector.service
      ignore_error /usr/bin/systemctl stop oes-cis-gateway.service
      ignore_error /usr/bin/systemctl stop oes-cis-configuration.service
      
      # stop infra services
      ignore_error /usr/bin/systemctl stop oes-cis-kafka.service
      ignore_error /usr/bin/systemctl stop oes-cis-opensearch.service
      ignore_error /usr/bin/systemctl stop oes-cis-zk.service
    3. Edit the monitor script for the Cluster Pool. Add the following lines to the existing monitor script before the exit 0 statement.

      exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-zk.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-opensearch.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-kafka.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl is-active oes-dashboard.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service

Configure Infrastructure Services

Choose this option to configure Apache Kafka, Apache ZooKeeper, and OpenSearch in high availability (HA) mode.

A multi node high availability configuration of infrastructure server helps to increase the efficiency and availability of the infrastructure server. It is mandatory to configure atleast three HA nodes. You can configure up to seven nodes.

Prerequisites

  • Before you start with infrastructure services configuration, ensure that the requirements mentioned in Section 3.3, CIS Requirements are met.

  • Ensure that you allocate sufficient disk space for the infrastructure server.

Configuring Infrastructure Services on OES 24.2

  1. To automatically make the server HA ready, click Start.

    After successful configuration, click OK. Re-login to the console to view the steps to complete the Infrastructure service configuration (using CLI).

  2. (Using CLI) To setup the K3s cluster, perform the following on the terminal console of this server:

    1. Open a terminal console, then log in as a root user.

    2. Initialize a K3s cluster.

      cis_ext_service.sh enableha <first_node_ip>

    3. Add a manager to an existing K3s cluster.

      cis_ext_service.sh enableha <first_node_ip> <node_ip>

      NOTE:Repeat this step on every Infrastructure server node.

    4. On the last HA node, start the Infrastructure services.

      cis_ext_service.sh start

    After successful configuration of Infrastructure services, continue with Configure CIS Services.

Configuring Infrastructure Services on OES 23.4

NOTE:Docker Swarm configuration is supported only on the ext4 file systems.

  1. To automatically make the server HA ready, click Start.

    After successful configuration, click OK. Re-login to the console to view the steps to complete the Infrastructure service configuration (using CLI).

  2. (Using CLI) To setup the Docker Swarm, perform the following on the terminal console of this server:

    1. Open a terminal console, then log in as a root user.

    2. Initialize a Docker Swarm.

      docker swarm init

      NOTE:When using VXLAN, the VMXNET3 supports 8472 (when NSX is not installed) and 4789 (when NSX is installed). Any other destination port number does not work, if guest overlay offload is to be used. Ensure to enable the ports (8472 or 4789) in the firewall (UDP).

      To change the destination port when initializing Docker Swarm is:

      docker swarm init --data-path-port 8472

    3. Create a token and add a manager to this swarm.

      docker swarm join-token manager

      Command output:

      docker swarm join --token <token_value> <host_address:2377>

      Make a note of this command output, because the same output must be executed on all other HA nodes to join this Docker Swarm.

    4. After successful configuration, go to next HA node, perform step1 and then join this server to the Docker Swarm created on first node.

      docker swarm join --token <swarm_token_gererated_from_first_node> <first_node_hostname>:2377

      Repeat this step on all the infrastructure server nodes.

    5. On the last HA node, start the infrastructure services.

      sh /opt/novell/cis/bin/cis_ext_service.sh start

    After successful configuration of infrastructure services, continue with Configure CIS Services.

Configure CIS Services

Choose this option to configure CIS as a single node or a NCS (OES Cluster Services) cluster resource.

Prerequisites

Procedure

  1. Configuration Location: Specify the following:

    Configure CIS as a NCS cluster resource: Configures CIS in a cluster environment. By default, this option is enabled.

    • Hostname / IP address: Specify the server address for standalone and resource or virtual IP address or hostname of the NCS cluster resource where the CIS server is part of.

      NOTE:All IP addresses used by the master cluster IP address, its cluster servers, and its cluster resources must be on the same IP subnet. They do not need to be contiguous addresses.

    • Configuration Path: Specify the NSS media path to store CIS configuration files and log files. For example, /media/nss/CISVOL.

  2. Database: Specify the following:

    1. Select either MariaDB or MS SQL database.

    2. Specify the database host name or IP address and port. By default, the database port for MariaDB is 3306 and MS SQL is 1433.

    3. Specify the user name and password for the database.

    4. Connection Parameters: If your MS SQL is configured with connection parameters, specify the value.This is not a mandatory field.

    5. Use secure connection: Enables or disables the database connection to be secure. By default, this option is disabled.

      If MariaDB database is selected, ensure to meet the following prerequisites before proceeding in the GUI:

      1. Ensure to copy MariaDB client certificates to the CIS server at /etc/opt/novell/cis/db/certs.

      2. In the MySQL configuration file (/etc/my.cnf) under the [mysqld] section, update the following paths:

        [mysqld]
        ssl=1 
        ssl-ca=/etc/opt/novell/cis/db/certs/ca-cert.pem
        ssl-cert=/etc/opt/novell/cis/db/certs/client-cert.pem
        ssl-key=/etc/opt/novell/cis/db/certs/client-key.pem
      • Client CA Certificate file path: Specify the path of client Certificate Authority (CA) file in .pem format.

      • Client Certificate file path: Specify the path of the client certificate file in format.

      • Client Key file path: Specify the path of the key file associated with the client certificate in .pem format.

  3. Docker Network Setting: The default subnet of cisnet docker network is 172.16.0.0/16. If the default subnet conflicts with your current network, modify the subnet address.

    For example: 192.168.0.0/16 or 10.10.0.0/16

    NOTE:When creating a custom subnet with a mask, ensure that the host minimum and maximum subnet addresses do not overlap with existing subnet ranges. To accomplish this, choose a subnet address and mask combination that is compatible with your network topology, ensuring that the host range is outside of any existing subnet ranges.

  4. Infrastructure Server Host name / IP address: Specify the host name or IP address of all the configured infrastructure server HA nodes. Separate multiple entries with a comma.

  5. Click Validate. If there are errors, ensure to resolve them before you proceed.

  6. CIS Admin Name with Context: Specify the LDAP distinguished name (DN) of the user who administers the CIS server. For example, cn=admin,o=acme.

  7. Admin Password: Specify the password for the CIS administrator.

  8. Agent Search Context: Specify the LDAP distinguished name (DN) of the container object under which the NCP server objects of the OES server resides that connects to the CIS server. The OES server includes the agents that connects to the CIS server. The CIS admin user must have supervisory rights on this server context.

  9. Click Next. Review the configuration summary and then click Finish.

  10. When CIS is configured with cluster resource IP or hostname, you must replace the certificates in /etc/opt/novell/cis/certs with the certificate that you have created manually for CIS. To create the certificates, see Section C.0, Creating Certificates.

  11. Modify the Load, Unload and Monitor script.

    1. Log in to iManager.

    2. Under Roles and Tasks, select Clusters > My Clusters, then select the cluster.

      If the cluster does not appear in your personalized list of clusters to manage, you can add it. Click Add, browse and select the cluster, then click OK. Wait for the cluster to appear in the list and report its status, then select the cluster.

    3. On the Cluster Manager page or Cluster Options page, select the CIS cluster resource to view its properties, then click the Scripts tab.

    4. Click the Load Script, Unload, or Monitor Script links to view or modify the scripts. If you modify a script, click Apply to save your changes before you leave the page.

      Changes do not take effect until you take the resource offline, and bring it online again.

      1. Edit the load script for the Cluster Pool. Add the following lines to the existing load script before the exit 0 statement.

        # update the links
        
        /bin/bash /opt/novell/cis/bin/update_cislinks.sh cis <New media path>
        
        # Beginning with OES 24.3, verify the cis subnet address 
        /bin/bash /opt/novell/cis/bin/update_docker_subnet.sh
        
        
        # start the services
        
        exit_on_error /usr/bin/systemctl start oes-cis-fluentbit.service
        exit_on_error /usr/bin/systemctl start oes-cis-configuration.service
        exit_on_error /usr/bin/systemctl start oes-cis-auth.service
        exit_on_error /usr/bin/systemctl start oes-cis-data.service
        exit_on_error /usr/bin/systemctl start oes-cis-metadata.service
        exit_on_error /usr/bin/systemctl start oes-cis-policy.service
        exit_on_error /usr/bin/systemctl start oes-cis-mgmt.service
        exit_on_error /usr/bin/systemctl start oes-dashboard.service
        exit_on_error /usr/bin/systemctl start oes-cis-aggregator.service
        exit_on_error /usr/bin/systemctl start oes-cis-collector.service
        exit_on_error /usr/bin/systemctl start oes-cis-repaggregator.service
        exit_on_error /usr/bin/systemctl start oes-cis-repcollector.service
        exit_on_error /usr/bin/systemctl start oes-cis-gateway.service
         
        # wait before checking their status
        
        sleep 5
        
        # check the services
        
        exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
        exit_on_error /usr/bin/systemctl is-active oes-dashboard.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
        
        # restart firewall if its running
        
        systemctl status firewalld.service
        
        if [ $? -eq 0 ]; then
        
            ignore_error systemctl restart firewalld.service
        
        fi
      2. Edit the unload script for the Cluster Pool. Add the following lines to the existing unload script after the /opt/novell/ncs/lib/ncsfuncs statement:

        ignore_error /usr/bin/systemctl stop oes-cis-fluentbit.service
        ignore_error /usr/bin/systemctl stop oes-cis-auth.service
        ignore_error /usr/bin/systemctl stop oes-cis-data.service
        ignore_error /usr/bin/systemctl stop oes-cis-metadata.service
        ignore_error /usr/bin/systemctl stop oes-cis-policy.service
        ignore_error /usr/bin/systemctl stop oes-cis-mgmt.service
        ignore_error /usr/bin/systemctl stop oes-dashboard.service
        ignore_error /usr/bin/systemctl stop oes-cis-aggregator.service
        ignore_error /usr/bin/systemctl stop oes-cis-collector.service
        ignore_error /usr/bin/systemctl stop oes-cis-repaggregator.service
        ignore_error /usr/bin/systemctl stop oes-cis-repcollector.service
        ignore_error /usr/bin/systemctl stop oes-cis-gateway.service
        ignore_error /usr/bin/systemctl stop oes-cis-configuration.service
      3. Edit the monitor script for the Cluster Pool. Add the following lines to the existing monitor script before the exit 0 statement.

        exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
        exit_on_error /usr/bin/systemctl is-active oes-dashboard.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
        exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
  12. Restart the agent services in all the servers connected under Agent Search Context for connecting to CIS server and displaying the status of the servers in the CIS Management Console.

    systemctl restart oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

    systemctl status oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service

  13. To add a new node to this cluster:

    1. Ensure that the CIS pattern is installed and updated with the latest patches.

    2. Ensure this node is part of the same cluster.

    3. Migrate the CIS resource to the new node.

Configure Data Scale

Choose this option to improve the latency of the data access.

Prerequisite

Before you start with CIS configuration, ensure that the requirements mentioned in Section 3.3, CIS Requirements are met.

Data and Gateway

Choose this option to configure the data and gateway service on this server. It is recommended to select this option if this is the first data scale server getting configured, because the gateway service provides load balancing on the data service.

  1. Host names: Specify the following:

    1. Data Server: Displays the host name or IP address of the local server.

    2. Configure gateway as a NCS cluster resource: Enables or disables the gateway as a NCS cluster resource. By default, this option is enabled.

      • If this option is enabled, specify the IP address of the NCS cluster resource where gateway is configured.

        NOTE:All IP addresses used by the master cluster IP address, its cluster servers, and its cluster resources must be on the same IP subnet. They do not need to be contiguous addresses.

      • If this option is disabled, the host name or IP address of the local server is displayed.

      NOTE:It is recommended to configure gateway as a cluster to avoid interruption of the service.

  2. General: Specify the following:

    1. CIS Server Address: Specify the host name or IP address where the CIS server is configured.

    2. Infrastructure Server Host name: Specify the host name or IP address of all the configured HA nodes. Separate multiple entries with a comma.

  3. Certificates: Specify the following:

    1. eDirectory Server: Displays the CIS server host name and port where the eDirectory server is configured. By default, eDirectory server port is 524.

    2. Cluster Resource Host name: Specify the fully qualified domain name (FQDN) of a NCS cluster resource where the CIS server is part of. Separate multiple entries with a comma.

    3. Cluster Resource IP Address: Specify the virtual IP address of the NCS cluster resource where the CIS server is part of. Separate multiple entries with a comma.

  4. Click Next. Review the configuration summary and then click Finish.

Data

Choose this option to configure the server as a standalone data server or connect the data server to an existing gateway server.

  1. Host names: Specify the following:

    1. Connect to Gateway server: Enables or disables the data server to connect to gateway. By default, this option is enabled.

      • If this option is enabled, displays the host name or IP address of the local server that will be connected to gateway.

        Gateway: Specify the host name or IP address of the server where gateway service is configured.

      • If this option is disabled, the host name or IP address of the local server is displayed.

  2. General: Specify the following:

    1. CIS Server Address: Specify the host name or IP address of the server that is configured with CIS.

    2. Infrastructure Server Host name: Specify the host name or IP address of all the configured HA nodes. Separate multiple entries with a comma.

  3. Certificates: Specify the following:

    1. eDirectory Server: Displays the CIS server host name and port where the eDirectory server is configured. By default, eDirectory server port is 524.

    2. Cluster Resource Host name: Specify the fully qualified domain name (FQDN) of a NCS cluster resource where the CIS server is part of. Separate multiple entries with a comma.

    3. Cluster Resource IP Address: Specify the virtual IP address of the NCS cluster resource where the CIS server is part of. Separate multiple entries with a comma.

  4. Click Next. Review the configuration summary and then click Finish.

Gateway

Choose this option to configure only the gateway service on this server. You can connect multiple data servers to this gateway server for load balancing between the OES agents and data services.

  1. Host names: Specify the following:

    1. Configure gateway as a NCS cluster resource: Enables or disables the gateway as a NCS cluster resource. By default, this option is enabled.

      • If this option is enabled, specify the IP address of the NCS cluster resource where the gateway is configured.

      • If this option is disabled, the host name or IP address of the local server is displayed.

  2. General: Specify the following:

    1. CIS Server Address: Specify the host name or IP address where the CIS server is configured.

    2. Infrastructure Server Host name: Specify the host name or IP address of all the configured HA nodes. Separate multiple entries with a comma.

  3. Certificates: Specify the following:

    1. eDirectory Server: Displays the CIS server host name and port where the eDirectory server is configured. By default, eDirectory server port is 524.

    2. Cluster Resource Host name: If gateway is configured as a NCS clustered resource, specify the fully qualified domain name (FQDN) of a NCS cluster resource where the gateway server is configured. Separate multiple entries with a comma.

      Host name: Specify the fully qualified domain name (FQDN) of the local server. Separate multiple entries with a comma.

    3. Cluster Resource IP Address: If gateway is configured as a NCS clustered resource, specify the virtual IP address of a NCS cluster resource where the gateway server is configured. Separate multiple entries with a comma.

      IP Address: Specify the IP address of the local server. Separate multiple entries with a comma.

  4. Click Next. Review the configuration summary and then click Finish.