Skip to main content

Cyware Fusion and Threat Response

Deployment Procedure

Review the Prerequisites before you start the deployment. The steps to deploy the Respond application are:

  1. Download Installer Package

  2. Extract Installer Package

  3. Update Hosts File

  4. Update Vars File

  5. Install Docker and Set up Cluster

  6. Deploy Database Stack

  7. Deploy Common Services Stack

  8. Deploy Respond Application Stack

Download Installer Package

To download the latest version of the Respond installer package, run the following command:

wget https://packages.cyware.com/repository/cyware/installer/cftr/installer-cftr-release-latest.zip

Note

To download a previous version of the Respond installer package, contact the Cyware team for the download URL.

Extract Installer Package

To extract the Respond installer package, run the following command:

unzip installer-cftr-release-latest.zip

After extracting the installer package, run the following command to go to the Respond installer folder to proceed with the deployment:

cd cftr-installer
Sample Output
 root@ip-10-xx-xx-20 bin]# unzip installer-cftr-release-latest.zip
Archive:  installer-cftr-release-latest.zip
  inflating: cftr-installer/ansible.cfg
  inflating: cftr-installer/build-docker.yml
  inflating: cftr-installer/deploy-appstore.yml
  inflating: cftr-installer/deploy-cftr.yml
  inflating: cftr-installer/deploy-csap.yml
  inflating: cftr-installer/deploy-csol.yml
  inflating: cftr-installer/deploy-db-stack.yml
  inflating: cftr-installer/deploy/deploy-appstore/defaults/main.yml
  inflating: cftr-installer/deploy/deploy-appstore/files/docker-compose.yml
  inflating: cftr-installer/deploy/deploy-appstore/tasks/main.yml
  inflating: cftr-installer/deploy/deploy-appstore/templates/appstore.env.j2
  inflating: cftr-installer/deploy/deploy-appstore/templates/appstore.yml.j2
  inflating: cftr-installer/deploy/deploy-cftr/defaults/main.yml
  inflating: cftr-installer/deploy/deploy-cftr/files/docker-compose.yml
  inflating: cftr-installer/deploy/deploy-cftr/tasks/main.yml
  inflating: cftr-installer/deploy/deploy-cftr/templates/celery_newrelic.ini.j2
  inflating: cftr-installer/deploy/deploy-cftr/templates/cftr-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-cftr/templates/cftr.env.j2
  inflating: cftr-installer/deploy/deploy-cftr/templates/ml.env.j2
  inflating: cftr-installer/deploy/deploy-cftr/templates/newrelic.ini.j2
  inflating: cftr-installer/deploy/deploy-csap/defaults/main.yml
  inflating: cftr-installer/deploy/deploy-csap/files/configs/AuthKey_X9YX8UR9BU.p8
  inflating: cftr-installer/deploy/deploy-csap/files/configs/fcm_push_configs.json
  inflating: cftr-installer/deploy/deploy-csap/files/configs/nat-auth.conf
  inflating: cftr-installer/deploy/deploy-csap/files/docker-compose.yml
  inflating: cftr-installer/deploy/deploy-csap/tasks/main.yml
  inflating: cftr-installer/deploy/deploy-csap/templates/collaboration-credentials.json.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/collaborationsettings.json.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/config.yaml.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/csap-db-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/csap-stack-managed.yml.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/csap-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/csap.env.j2
  inflating: cftr-installer/deploy/deploy-csap/templates/nginx.conf.j2
  inflating: cftr-installer/deploy/deploy-csol/defaults/main.yml
  inflating: cftr-installer/deploy/deploy-csol/tasks/main.yml
  inflating: cftr-installer/deploy/deploy-csol/templates/cfg-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/co-migration-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/configservice.env.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/csol-stack.yml.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/csol.env.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/integration.env.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/sock.sh.j2
  inflating: cftr-installer/deploy/deploy-csol/templates/tenant_config.json.j2
  inflating: cftr-installer/deploy/deploy-db-stack/cop/broker1.yml
  inflating: cftr-installer/deploy/deploy-db-stack/cop/broker2.yml
  inflating: cftr-installer/deploy/deploy-db-stack/cop/broker3.yml
  inflating: cftr-installer/deploy/deploy-db-stack/cop/zookeeper.yml
  inflating: cftr-installer/deploy/deploy-db-stack/defaults/main.yml
  inflating: cftr-installer/deploy/deploy-db-stack/tasks/main.yml
  inflating: cftr-installer/deploy/deploy-db-stack/templates/cftr-postgres.sql.j2
  inflating: cftr-installer/deploy/deploy-db-stack/templates/db-stack.yml.j2
  inflating: cftr-installer/fetch-client-vars.yml
  inflating: cftr-installer/install_apps.yml
  inflating: cftr-installer/migrate-cftr-to-postgres.yml
  inflating: cftr-installer/run-setup.yml
  inflating: cftr-installer/setup-docker.yml
  inflating: cftr-installer/setup-monitoring.yml
  inflating: cftr-installer/setup/docker-network/tasks/main.yml
  inflating: cftr-installer/setup/docker-swarm/tasks/init.yml
  inflating: cftr-installer/setup/docker-swarm/tasks/main.yml
  inflating: cftr-installer/setup/docker-swarm/tasks/update.yml
  inflating: cftr-installer/setup/docker/defaults/main.yml
  inflating: cftr-installer/setup/docker/files/daemon.json
  inflating: cftr-installer/setup/docker/files/docker-8.repo
  inflating: cftr-installer/setup/docker/files/docker.repo
  inflating: cftr-installer/setup/docker/files/install-python39.sh
  inflating: cftr-installer/setup/docker/tasks/main.yml
  inflating: cftr-installer/setup/monitoring-stack/defaults/main.yml
  inflating: cftr-installer/setup/monitoring-stack/tasks/main.yml
  inflating: cftr-installer/setup/monitoring-stack/templates/filebeat.yml.dev.j2
  inflating: cftr-installer/setup/monitoring-stack/templates/filebeat.yml.j2
  inflating: cftr-installer/setup/monitoring-stack/templates/monitoring.yml.j2
  inflating: cftr-installer/swarm-init.yml
  inflating: cftr-installer/test.yml
  inflating: cftr-installer/vars/cftr/hosts
  inflating: cftr-installer/vars/cftr/vars.yml
Update Hosts File

The hosts file includes the IP addresses of the servers on which you want to deploy the Respond application and database services. In a one-tier deployment architecture, enter the same server IP address in the swarm_managers and swarm_workers variables. To deploy the services in different servers, you can enter the IP addresses of the servers in the hosts file.

To update the hosts file, do the following:

  1. Run the following command to open the hosts file:

    sudo vi vars/cftr/hosts

  2. Update the host variables.

  3. Save and exit.

Update Vars File

The vars.yml file includes variables, such as base path, database passwords, and endpoints, that are needed for the Respond application and database services.

To update the vars.yml file, do the following:

  1. Run the following command to open the vars.yml file:

    sudo vi vars/cftr/vars.yml

  2. Update the respective values, such as base and log paths, database URLs and passwords, and more.

  3. Save and exit.

Install Docker and Set up Cluster

The Respond application and database services run as Docker containers. You must install Docker on all servers where you want to deploy the Respond services.

To install Docker on all servers, do the following on the installer server:

  1. Run the following command to download the Docker dependencies:

    yum install https://packages.cyware.com/repository/cyware-yum-hosted/libselinux-python-2.9-2.1.module_el8.2.0+308+f56412f1.x86_64.rpm

  2. Run the following command to install Docker and set up the cluster:

    ansible-playbook -i vars/cftr/hosts run-setup.yml -e"client=cftr" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 cftr-installer]# ansible-playbook -i vars/cftr/hosts run-setup.yml -e"client=cftr" -u centos

PLAY [all] *****************************************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************************************
ok: [10.xx.xx.20]

TASK [setup/docker : Start AWS CSOL deployment] ****************************************************************************************************************************************************
skipping: [10.xx.xx.20]

TASK [setup/docker : Add the cyware docker repo] ***************************************************************************************************************************************************
skipping: [10.xx.xx.20]

TASK [setup/docker : Add the cyware docker 8 repo] *************************************************************************************************************************************************
ok: [10.xx.xx.20]

TASK [setup/docker : Install the docker in the rhel/centos server] *********************************************************************************************************************************
ok: [10.xx.xx.20]

TASK [setup/docker : Install the docker in the aws server] *****************************************************************************************************************************************
skipping: [10.xx.xx.20]

TASK [setup/docker : Start Docker service] *********************************************************************************************************************************************************
ok: [10.xx.xx.20]
Deploy Database Stack

To deploy the Respond database stack, run the following command on the installer server:

ansible-playbook -i vars/cftr/hosts deploy-db-stack.yml -e"client=cftr" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 cftr-installer]# ansible-playbook -i vars/cftr/hosts deploy-db-stack.yml -e"client=cftr" -u centos

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [deploy/deploy-db-stack : Change ansible python interpreter to python3] ***
ok: [10.xx.xx.20]

 
TASK [deploy/deploy-db-stack : Allow Connections on DB PORT] *******************
changed: [10.xx.xx.20]
...
...
...
TASK [deploy/deploy-db-stack : Start Docker service] ***************************
changed: [10.xx.xx.20]
  
TASK [deploy/deploy-db-stack : Remove db stack from a compose file] ************
changed: [10.xx.xx.20]

TASK [deploy/deploy-db-stack : Deploy db stack from a compose file] ************
changed: [10.xx.xx.20]
 
PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=21   changed=17   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 
Deploy Common Services Stack

To deploy the common services stack, such as the Cyware Object Storage and Cyware Common Utils services, run the following command on the installer server:

ansible-playbook -i vars/cftr/hosts deploy-common-stack.yml -e"client=cftr" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 cftr-installer]# ansible-playbook -i vars/cftr/hosts deploy-common-stack.yml -e"client=cftr" -u centos

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [deploy/deploy-common-stack : Change ansible python interpreter to python3] ***
ok: [10.xx.xx.20]
.
.
.
TASK [deploy/deploy-common-stack : create directory if they don't exist] *******
changed: [10.xx.xx.20] => (item=/apps/cyware/conf)
changed: [10.xx.xx.20] => (item=/apps/cyware/cy-object-store/data)

TASK [deploy/deploy-common-stack : Change ansible python interpreter to python3] ***
ok: [10.xx.xx.20]

TASK [deploy/deploy-common-stack : Copy common stack file] *********************
changed: [10.xx.xx.20]

TASK [deploy/deploy-common-stack : Change ansible python interpreter to python3] ***
ok: [10.xx.xx.20]

TASK [deploy/deploy-common-stack : Deploy common stack from a compose file] ****
changed: [10.xx.xx.20]

PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=8    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=1  
Deploy Respond Application Stack

To deploy the Respond application stack, run the following command on the installer server:

ansible-playbook -i vars/cftr/hosts deploy-cftr.yml -e"client=cftr" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 cftr-installer]# ansible-playbook -i vars/cftr/hosts deploy-cftr.yml -e"client=cftr" -u centos
  
PLAY [all] *********************************************************************
 
TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Log into private registry and force re-authorization] ***
changed: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : create directory if they don't exist] ***************
changed: [10.xx.xx.20] => (item=/apps/cyware/conf)
ok: [10.xx.xx.20] => (item=/apps/cyware/data)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_backend/application)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_backend/celery)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_celery_beat/application)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_celery_beat/celery)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_celery_worker/application)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_celery_worker/celery)
ok: [10.xx.xx.20] => (item=/apps/cyware/logs/cftr_frontend)
ok: [10.xx.xx.20] => (item=/apps/cyware/data/fusion_export)
 
TASK [deploy/deploy-cftr : Change ansible python interpreter to python2] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-cftr : lookup firebase secret] *****************************
ok: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Copy cftr.env] **************************************
changed: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Copy ml.env] ****************************************
changed: [10.xx.xx.20]
 
TASK [deploy/deploy-cftr : Copy cftr stack file] *******************************
changed: [10.xx.xx.20]
 
TASK [deploy/deploy-cftr : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-cftr : Docker Pull Backend Image] **************************
skipping: [10.xx.xx.20]
 
TASK [deploy/deploy-cftr : Get timestamp from the system] **********************
changed: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Remove CFTR services] *******************************
changed: [10.xx.xx.20]
 
TASK [deploy/deploy-cftr : Remove docker service cftr_migrations] **************
skipping: [10.xx.xx.20]

TASK [deploy/deploy-cftr : Run Migrations Job] *********************************
skipping: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : debug] **********************************************
skipping: [10.xx.xx.20]
  
TASK [deploy/deploy-cftr : Deploy cftr stack from a compose file] **************
changed: [10.xx.xx.20]
 
TASK [deploy/deploy-cftr : Docker System Prune] ********************************
skipping: [10.xx.xx.20]
 
PLAY RECAP *********************************************************************
10.xx.xx.20                : ok=13   changed=8    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0