Twinkle Lath

Setting up a Node-X (Decoder/Concentrator/Log Decoder/Archiver) in NW 11.0

Discussion created by Twinkle Lath Employee on Jan 18, 2018

Pre-requisite: A Node-0 i.e Admin Server(aka SA Server in 10.x versions) must be installed first.


1)Login to the new Node-X machine with the default root credentials
2)Now once you run /opt/rsa/platform/nw-bootstrap/bin/nwsetup-tui. 
   Select the "No" for the choice of the device being an admin server.
3)Select Fresh Install on the next screen.
4)Select the type of configuration you need for Network
   -Static IP Configuration
    -Use DHCP
5)Select the management interface. The One that is Up and connected to the target network.
  Assign the network configuration as required
6)Select the repo location for the install. In this case Node-X can use the already setup Node-0 repo(or external repo, make sure the url have version number )
7)Next enter the IP of Node-0(Admin Server IP) that Node-X will connect to.
8)Select Install Now on the next screen.
9)Once the process completes, the Node-X is in a BOOTSTRAPPED state. It must be ORCHESTRATED through the Node-0 (Admin server) UI.
10)Next go into the Node-0 (Admin Server) UI. Go into ADMIN > HOSTS, you will be prompted to add enable new devices. If it doesn't prompt, click on "discover".
To find the exact host, compare the node_id on UI with "/etc/salt/minion" file on Node-X.
11)Enable the host,then the new Node-X device will appear in the host list.
12)Click on install,choose the appropriate service.


Logs to Look For

  Log FilesExecutable
chef-solo/var/log/netwitness/config-management/chef-solo.log &&  /var/log/netwitness/config-management/cache/stacktrace-out.log
security-cli-client /var/log/netwitness/security-client/security-client.log


Important Points to Note:
-Make a note of user "deploy_admin" password, as it is used for Orchestration.
-Make sure you use same password for all the user "deploy_admin" in all the nodes.
-This user connects to rabitmq,mongo db, more or like guest user in 10.x versions.
-When an appliance is re-imaged, it has only one rpm i.e. rsa-bootstrap rpm.
-When we run /opt/rsa/platform/nw-bootstrap/bin/nwsetup-tui, this installs two more rpms i.e. nw-config & nw-component.
-When we install from UI, the corresponding rpms for that services are installed.
-When we click on install, it checks for the hardware details, and then ask to select the service which can be deployed on that appliance.
Example: For if an appliance doesn't meet the criterion of being an ESA, we don't see an option of installing ESA service on that host.
-When we click on install, on the back-end it runs a Chef-solo command to install rpms.