Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
AFS
/
infrastructure-notes
2
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

More great changes

Brad Poulton 5 yıl önce
ebeveyn
8cdd94ace6
işleme
8675129403
4 değiştirilmiş dosya ile 14 ekleme ve 2 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 2 1
      New Customer Setup.md
  2. 5 0
      ScaleFT Notes.md
  3. 6 0
      Splunk Notes.md
  4. 1 1
      Terraform Splunk ASG Notes.md

+ 2 - 1
New Customer Setup.md
Dosyayı Görüntüle 

@@ -172,7 +172,7 @@ Everything up to this point is pre-setup / staging.  Now you need to merge your
 
 * Peer with CM, SH, and HF
 
 * Update MC topology
 
 
-## Create New Vault Engine for Customer
 
+## Create New Vault Engine for Customer for Feed Management
 
 Naming Scheme: onboarding-<customer-name>
 
 Example: onboarding-la-covid
 
 
@@ -184,3 +184,4 @@ Example: onboarding-la-covid
 
 
 If the grain is not there, follow troubleshooting steps in Salt Upgrade Notes.md
 
 
+## Got POP nodes? Ensure they are talking to Moose Splunk for Splunk UFs

+ 5 - 0
ScaleFT Notes.md
Dosyayı Görüntüle 

@@ -103,6 +103,7 @@ Salt grain/pillar is used to determine if dev or prod
 
 salt '' state.sls os_modifications.scaleft
 
 
 Troubleshooting 
+tail -200 /var/log/messages | grep sftd
 
 level=error msg="task init failed" err="Server is deleted" task=refreshServerToken
 
 remove device.token, place the enrollment.token and restart
 
 
@@ -113,6 +114,10 @@ vim /etc/sft/sftd.yaml
 
 restart the service
 
 systemctl restart sftd
 
 
+ERROR: error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
 
+ssh_exchange_identification: Connection closed by remote host
 
+
 
+SOLUTION: reenroll with ScaleFT, apply all updates, restart server. 
 
 ## ScaleFT Projects

+ 6 - 0
Splunk Notes.md
Dosyayı Görüntüle 

@@ -78,3 +78,9 @@ index=app_vault
 
 | search title=app_mscas OR title = app_o365 OR title=dns OR title=forescout OR title=network OR title=security OR title=Te
 
 
 
+## coldToFrozenScript
 
+
 
+Yes, this is a mess. Moose is running a version of splunk that breaks with the coldToFrozen script being pushed from the CM in an app. To get around this, i moved it to /usr/local/bin. The other customers have the script in the app. 
+
 
+ERROR: runcoldToFrozen and get SyntaxError. 
+SOLUTION: upgrade the awscli with pip3 ( run the splunk.indexer state. )

+ 1 - 1
Terraform Splunk ASG Notes.md
Dosyayı Görüntüle 

@@ -355,7 +355,7 @@ in outputs.conf for splunk nodes
 
 [user_info]
 
 PASSWORD = KbxvB97DBTXFcxKOqm0P
 
 ```
 
-KbxvB97DBTXFcxKOqm0P
 
+
 
 
 6.2 disable the service to prevent it startup back up
 
 7. use tf to destroy the instances then remove the code from TF. <- this is tricky create new git branch