After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Run make_server_node.pyc
Use the make_server_node.pyc script to convert an install into either a specific service or a Shared Services server for a cluster.
A single Shared Services server becomes a single point of failure. Any problems on the Shared Services server impact your entire cluster. For production use, build a server for each service rather than a single Shared Services server.
A single Shared Services server is not recommended for production use. This mode is primarily intended for Proof of Value or demonstrations.
Create a Shared Services server:
Making a Shared Services server also generates the /opt/phantom/bin/mcn_responses.json file, which can be passed as an argument to make_cluster_node.pyc to help set up the first node in your cluster.
The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.
Create a specific function server
Create a specific function server, such as an HAProxy load balancer, PostgreSQL database, file share, or Splunk Enterprise as root or using sudo:
Repeat once on separate systems for each server.
Valid arguments:
- fs - sets up a single server GlusterFS for file shares.
- db - sets up the internal PostgreSQL database to be used as an external PostgreSQL database.
- proxy - installs and configures HAProxy to serve as a load balancer for your cluster.
make_server_node.pyc prompts and warnings
The make_server_node.pyc script issues a warning that you are about to permanently change your instance.
The changes are:
- is removed from system boot scripts.
- Disabling the internal database.
- Configuring file shares.
- Installing HAProxy to act as a load balancer.
- You must respond to the warning with "y" for yes to proceed.
You are prompted to supply information for the TLS certificate.
- Country Code
- State Code
- City
- Organization
- Organization unit
- Hostname (or IP address)
- Email address
The remaining prompts are:
- The subnet on which PostgreSQL will accept connections.
- Set the passwords for the postgres and pgbouncer user accounts.
- Password for the user account.
When the script completes it writes the file /opt/phantom/bin/mcn_responses.json.
Logs are written to /var/log/phantom/make_server_node/make_server_node_<date and time>.log.
Additional configuration steps for unprivileged clusters
Perform the following steps on the load balancer or Shared Services server as root or as a user using sudo to get elevated permissions.
- Set SELINUX to allow HAProxy to bind to your custom HTTPS port.
If SELINUX is disabled, then skip this step.
semanage port --add --type http_port_t --proto tcp <HTTPS PORT> - Conditional: If you receive an error that the port is already defined, use
--modifyinstead of--add.semanage port --modify --type http_port_t --proto tcp <HTTPS PORT>
| Convert an existing instance into a cluster | Run make_cluster_node.pyc |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.2, 6.3.0, 6.3.1
Download manual
Feedback submitted, thanks!