Configure CIS Services

Choose this option to configure CIS as a single node or a NCS (Novell Cluster Services) cluster resource.

Prerequisites

  • Before you start with CIS configuration, ensure that the database and infrastructure services (in cluster mode) are configured.

  • Ensure that the cluster resource host name or IP address is reserved for the cluster configuration.

  • For CIS server to function in a cluster environment, ensure that all nodes are configured with OES 2018 SP2. Novell Cluster Services must be installed and running on the servers that have CIS installed. For information, see Installing, Configuring, and Repairing Novell Cluster Services in the OES Cluster Services for Linux Administration Guide.

Procedure

  1. Configuration Location: Specify the following:

    Configure CIS as a NCS cluster resource: Configures CIS in a cluster environment. By default, this option is enabled.

    • Hostname / IP address: Specify the server address for standalone and resource or virtual IP address or hostname of the NCS cluster resource where the CIS server is part of.

    • Configuration Path: Specify the NSS media path to store CIS configuration files and log files. For example, /media/nss/CISVOL1.

  2. Database: Specify the following:

    1. Select either MariaDB or MS SQL database.

    2. Specify the database host name or IP address and port. By default, the database port for MariaDB is 3306 and MS SQL is 1433.

    3. Specify the user name and password for the database.

    4. Connection Parameters: If your MS SQL is configured with connection parameters, specify the value.This is not a mandatory field.

    5. Use secure connection: Enables or disables the database connection to be secure. By default, this option is disabled.

      If MariaDB database is selected, specify the following:

      NOTE:Ensure to copy MariaDB client certificates to the CIS server.

      • Client CA Certificate file path: Specify the path of client Certificate Authority (CA) file in .pem format.

      • Client Certificate file path: Specify the path of the client certificate file in .pem format.

      • Client Key file path: Specify the path of the key file associated with the client certificate in .pem format.

  3. Infrastructure Server Host name / IP address: Specify the host name or IP address of all the configured Infrastructure server HA nodes. Separate multiple entries with a comma.

  4. Click Validate. If there are errors, ensure to resolve them before you proceed.

  5. CIS Admin Name with Context: Specify the LDAP distinguished name (DN) of the user who administers the CIS server. For example, cn=admin,o=acme.

  6. Admin Password: Specify the password for the CIS administrator.

  7. Agent Search Context: Specify the LDAP distinguished name (DN) of the container object under which the NCP server objects of the OES server resides that connects to the CIS server. The OES server includes the agents that connects to the CIS server. The CIS admin user must have supervisory rights on this server context.

  8. Click Next. Review the configuration summary and then click Finish. This configures CIS in the 1st node in the cluster.

  9. On configuring the CIS services, the servercert.pem and serverkey.pem are copied to /etc/opt/novell/cis/certs location. The servercert.pem is configured with the hostname and IP address of the cluster node.

    For CIS server to function as a cluster resource, you must replace it with the newly created servercert.pem file. For creating this certificate file, refer to the CIS Administration guide.

  10. To configure additional nodes to be part of this CIS cluster: Log in to iManager and do the following:

    1. Under Roles and Tasks, select Clusters > My Clusters, then select the cluster.

    2. In the Cluster Manager page or Cluster Options page, select the cluster resource to view its properties, then click the Scripts tab.

    3. Click the Load Script, Unload Script, or Monitor Script links to view or modify the scripts. If you modify a script, click Apply to save your changes before you leave the page.

      1. Edit the unload script of the Resource Pool. Add the following lines before the NSS unloads statement.

        ignore_error /usr/bin/systemctl stop oes-cis-fluentbit.serviceignore_error /usr/bin/systemctl stop oes-cis-auth.serviceignore_error /usr/bin/systemctl stop oes-cis-data.serviceignore_error /usr/bin/systemctl stop oes-cis-metadata.serviceignore_error /usr/bin/systemctl stop oes-cis-policy.serviceignore_error /usr/bin/systemctl stop oes-cis-mgmt.serviceignore_error /usr/bin/systemctl stop oes-cis-aggregator.serviceignore_error /usr/bin/systemctl stop oes-cis-collector.serviceignore_error /usr/bin/systemctl stop oes-cis-repaggregator.serviceignore_error /usr/bin/systemctl stop oes-cis-repcollector.serviceignore_error /usr/bin/systemctl stop oes-cis-gateway.serviceignore_error /usr/bin/systemctl stop oes-cis-configuration.service

      2. Edit the load script for the Resource Pool. Add the following lines before the exit 0 statement.

        #update the links/bin/bash /opt/novell/cis/bin/update_cislinks.sh cis <New media path># start the servicesexit_on_error /usr/bin/systemctl start oes-cis-fluentbit.serviceexit_on_error /usr/bin/systemctl start oes-cis-configuration.serviceexit_on_error /usr/bin/systemctl start oes-cis-auth.serviceexit_on_error /usr/bin/systemctl start oes-cis-data.serviceexit_on_error /usr/bin/systemctl start oes-cis-metadata.serviceexit_on_error /usr/bin/systemctl start oes-cis-policy.serviceexit_on_error /usr/bin/systemctl start oes-cis-mgmt.serviceexit_on_error /usr/bin/systemctl start oes-cis-aggregator.serviceexit_on_error /usr/bin/systemctl start oes-cis-collector.serviceexit_on_error /usr/bin/systemctl start oes-cis-repaggregator.serviceexit_on_error /usr/bin/systemctl start oes-cis-repcollector.serviceexit_on_error /usr/bin/systemctl start oes-cis-gateway.service# wait before checking their statussleep 5# check the servicesexit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-configuration.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-auth.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-data.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-metadata.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-policy.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-collector.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service# restart firewall if its runningsystemctl status SuSEfirewall2.serviceif [ $? -eq 0 ]; then ignore_error systemctl restart SuSEfirewall2.servicefi

      3. Edit the Monitor script of the Resource Pool. Add the following lines before the exit 0 statement.

        exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-auth.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-data.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-metadata.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-policy.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-collector.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-gateway.serviceexit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service

      4. Changes do not take effect until you take the resource offline, and bring it online again.

For trademark and copyright information, see Legal Notices.