Acasă Explorează Ajutor
Înregistrare Autentificare
AFS
/
infrastructure-notes
2
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: a3cd9c5921
Ramuri Etichete
infrastructure-...
/
MDR ScaleFT Notes.md

MDR ScaleFT Notes.md 2.7 KB
Istoric Crud

OKTA owns scaleft

To add a user to a scaleFT group, just add them to the matching group in OKTA, ScaleFT will automagically query OKTA to pull the new user in via a service account.

Client Setup Download and install Sft.

https://www.scaleft.com/docs/setup/enrolling-a-client/

Enrole a new client sft enroll --team mdr

#this will configure your location ssh config file. Add !User as shown below. sft ssh-config $HOME/.ssh/config

sft list-servers

use a bastion host with scaleft sft ssh -bastion dev-bastion dev-salt-master

resolve server (get ID) sft resolve proxy

ssh into id of the server ssh d430bf67-c655-4280-b8ab-9b8bd90ec0

~/.ssh/config FOR MACS #SFT configuration. Add the !User centos to ssh using the msoc_build key Match exec "/usr/local/bin/sft resolve -q %h" !User centos

ProxyCommand "/usr/local/bin/sft" proxycommand  %h
UserKnownHostsFile "/Users/bradpoulton/Library/Application Support/ScaleFT/proxycommand_known_hosts"

SCP push a file works with scaleFT scp deleteme.txt dev-bastion:~/deleteme scp junk_index_new.tar.gz dev-bastion:~/junk_index_new.tar.gz

SCP pull a file

Duane's script

#!/usr/bin/env bash # #

sftp_as2 afs-splunk-sh splunk

REMOTE_HOST=$1 REMOTE_USER=$2 SFTP_SUBSYSTEM="/usr/libexec/openssh/sftp-server" function usage { echo "sftp_as afs-splunk-sh splunk" } if [[ $# -ne 2 ]]; then

    usage
    exit 1

fi sftp -s "sudo -i -u $REMOTE_USER $SFTP_SUBSYSTEM" $REMOTE_HOST

#usage ./sftp_as2 dev-saf-splunk-indexer-1 brad_poulton

Agent/Server Setup

Salt pushes out token and agent then starts the agent. The agent connects to ScaleFT and updates the webpage.

Reenroll the agent if they are not showing up in the scaleft.com website. systemctl restart sftd

Install dir /etc/sft

enrollment token (gets deleted after server is enrolled successfully) /etc/sft/enrollment.token

remove the server's auth token to force them to reauth with scaleft.com (use this if you have deleted the server in the webpage) rm -rf /var/lib/sftd/device.token

Configuration file cat /etc/sft/sftd.yaml

Salt grain/pillar is used to determine if dev or prod

salt '' state.sls os_modifications.scaleft

Troubleshooting level=error msg="task init failed" err="Server is deleted" task=refreshServerToken remove device.token, place the enrollment.token and restart

Temporarily change the name (salt state currently is not working on the name for dev-salt-master) Change the name and cannical name in sftd.yaml vim /etc/sft/sftd.yaml

restart the service systemctl restart sftd

Projects

servers belong to projects people / groups can be granted access to projects, which gives access to the related servers