Bootstrapping CDF

Bootstrapping CDF is a method of installing a few basic pods onto the Kubernetes cluster created previously (when you configured EKS and worker nodes).

During this process, the CDF bootstrap script does the following:

• Downloads Docker images from the ECR (Elastic Container Registry).
• Instantiates pods for various checks like the EFS space and the structure created on it.
• Creates nginx pods for use as a load balancer, and for allowing connections to the web installation process.

After the CDF bootstrap process completes, you will need to import the intermediate certificate to the CDF, configure some required networking settings, and then continue installation using the CDF web installation interface (on port 3000).

Preparing the CDF Deployer

The EKS and worker nodes you have configured are completely isolated from access from the internet, but they can access it if needed. As a result, the process of bootstrapping CDF must be performed from the bastion.

You have already copied the package arcsight-platform-cloud-installer-<version>.zip to the bastion and unpacked it during configuration of EFS. As a part of this package, the cdf-deployer.zip is included.

To prepare the CDF deployer:

Unpack the cdf-deployer.zip archive by running the following command:

# unzip ./arcsight-platform-cloud-installer-<version>/cdf-deployer.zip

This will create the directory arcsight-platform-cloud-installer-<version>/cdf-deployer.

Retrieving the ECR Credentials

CDF needs the credentials to the ECR in order to be able to download images.

To retrieve the ECR credentials:

1. On the bastion, run the command:

# ./arcsight-platform-cloud-installer-<version>/aws-scripts/scripts/upload_images_to_ECR --get-ecr-credentials

2. The file ecr_credentials is created in the directory where the script was run, containing username, password and ECR URL.
3. Run the following command:

# source ecr_credentials

To bootstrap CDF:

1. Change the working folder to cdf-deployer and run the following command:
   # ./install \
--registry-url $ECR_URL \
--registry-username $ECR_USER_NAME \
--registry-password $ECR_USER_PASSWORD \
-P <suite admin password> \
--registry-orgname <orgname> \
--nfs-server <Filesystem FQDN> \
--nfs-folder <CDF ITOM volume> \
--cloud-provider aws --external-access-host <RecordSet name>

Parameters:

Variables $ECR_URL, $ECR_USER_NAME and $ECR_USER_PASSWORD come from the ecr_credentials file which you sourced previously.

<suite admin password>: Choose a password 8 to 20 characters, with numbers, lowercase chars, uppercase chars and special characters. Exclude whitespace characters, such as space, newline, and so on.

<orgname> : Use the same value as for upload images; check the AWS worksheet for this value.

<Filesystem FQDN>: use the value from the AWS worksheet.

<CDF ITOM volume>: The directory on NFS/EFS where CDF starts installation into. The path combines from the parent directory as specified in Configure EFS for ArcSight Suite and predefined subfolder name. For example, /srgdemo/itom-vol.

<RecordSet name> : A-record (FQDN) used for connecting to the CDF installation and management portal. Use the value from the AWS worksheet.
Note: Be sure to remove the trailing period from the FQDN.

After the CDF bootstrap completes, you will be prompted to log in at the following URL:
https://<external access host>:3000You will not be able to log in yet, as there are some network infrastructure resources still to prepare.

Next, import the intermediate certificate to the CDF RE by running the following command:

# {path to cdf installer}/cdf-deployer/scripts/cdf-updateRE.sh write \

--re-ca= $INTERMEDIATE_CA \

--re-key= $INTERMEDIATE_KEY \

--re-crt= $INTERMEDIATE_CERT

Next Step: Configuring the Application Load Balancer