After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Run make_cluster_node.pyc
Do not use this release to create new clusters of Splunk SOAR (On-premises).
Use this release to upgrade from your current privileged deployment of Splunk Phantom 4.10.7 or Splunk SOAR (On-premises) releases 5.0.1 through 5.3.4.
If you are upgrading a privileged deployment of Splunk Phantom 4.10.7 or Splunk SOAR (On-premises) releases 5.0.1 through 5.3.4, upgrade to release 5.3.6, convert your deployment to unprivileged, then upgrade again directly to Splunk SOAR (On-premises) release 6.1.1 or higher.
If you have a privileged deployment of Splunk SOAR (On-premises) release 5.3.5, convert your deployment to unprivileged, then upgrade directly to Splunk SOAR (On-premises) release 6.1.1 or higher.
To learn how to upgrade see Splunk SOAR (On-premises) upgrade overview and prerequisites.
Use the make_cluster_node.pyc
script to configure an installed instance into a node of a cluster. This script stores the bulk of required configuration information from the PostgreSQL database.
Before running make_cluster_node
, make sure that all the required services are working, either as external services or as a Shared Services server. Additionally, make sure that the required ports and endpoints are opened in your firewall. See ports and endpoints.
Collect the required information
You need this information to answer prompts for make_cluster_node.
- IP addresses or hostnames for:
- PostgreSQL server
- HAProxy server and the port that the HAProxy server uses to accept HTTPS connections
- GlusterFS server
- Splunk Enterprise instance REST port
- Splunk Enterprise instance HTTP Event Collector port
- User names, passwords, tokens, or SSH key information for:
- pgbouncer PostgreSQL database user
- postgres PostgreSQL database user
- login password for the HAProxy server, unless it uses an ssh key
- username and password for the install being converted
- Splunk Enterprise user with
phantomsearch
permissions - Splunk Enterprise user with
phantomdelete
permissions - Splunk Enterprise HTTP Event Collector token
Not all SSH key formats are accepted by make_cluster_node.pyc
. You can use keys generated with the ssh-keygen -m PEM -t rsa -b 4096
command.
Create a node
Once you have either a Shared Services server or external services established, you convert installations of into cluster nodes.
Privileged installation
On a privileged installation, such as an RPM installation, run the make_cluster_node.pyc
script as root
or a user with sudo
permissions.
/opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc --responses /path/to/mcn_responses.json
You don't have to use mcn_responses.json
. However, if you don't supply an alternate JSON file, the script prompts you for the information needed to create mcn_responses.json
. The mcn_responses.json
file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.
Unprivileged installation
On an unprivileged installation you must first change to the directory where is installed.
- Change to the home directory.
cd <phantom_install_dir>/bin/
- Run
make_cluster_node.pyc
using python.phenv python ./make_cluster_node.pyc --responses /path/to/mcn_responses.json
You don't have to use
mcn_responses.json
. However, if you don't supply an alternate JSON file, the script prompts you for the information needed to createmcn_responses.json
. Themcn_responses.json
file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.
Run make_server_node.pyc | Set up an external PostgreSQL server |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.6
Feedback submitted, thanks!