Dear Valued Customer, We are upgrading our customer portal to enhance your experience. For Support, please send mail on support@seqrite.com Thank you for your patience and understanding. Best regards, Seqrite

How-To Articles

High Availability Automation Setup Installation Guide for EPS 8.2

04-09-2023 01:02:48

Overview: This document will help users to configure the High Availability setup for EPS 8.2 console within the network. High availability focuses on ensuring maximum availability, regardless of disruptions or events that may occur.

Applicable Version: EPS 8.2

Following are the pre-requisites and steps to configure HA Setup.

Prerequisite:
Product Key: Enable the HA flag on the key. Note that the HA can only be enabled after the key is activated.
• 1 Floating IP in the same network (it should be a reserved IP not allocated to any machine)
• 3 HA Ubuntu 22.04 Machines - 2 with the required normal hardware setup for EPS and 1 with lower configuration for Auxiliary node (for example, 2CPU/4GB RAM).

High Level Architecture:

1. To set up Node 1 and Node 2,

- Run the following commands in sequence:
• sudo apt update
• apt --fix-broken install

- Install EPS setup and check application login post activation.
-
After completing the EPS installation on both the nodes, manually deploy the eps.war file to ensure HA compatibility.
- Download the war from the link eps.war on both the nodes at below location:
- Server Path: /opt/Seqrite_EndPoint_Security/wildfly/standalone/deployments.
- Run the following commands in sequence again
• sudo apt update
• apt install sshpass -y
• apt --fix-broken install
- Reboot Node 1 and Node 2 and check if login is working in standalone.

2. To Setup Auxiliary Node
- Steps to Install Ansible.
• sudo apt update
• apt --fix-broken install
• sudo add-apt-repository ppa:ansible/ansible-2.10
• sudo apt install ansible
• apt install sshpass -y
To re validate the installation of sshpass and Ansible, execute: apt install sshpass ansible -y & Below shown output is expected.


- Execute below to change locale encoding -
Ansible requires the locale encoding to be UTF-8,
• sudo nano/etc/default/locale
Make below changes mentioned:
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8

Or

sudo update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8

• Validate changes after above command is executed, less/etc/default/locale
Reboot the Auxiliary Node to implement the above changes.
• To check ansible Installation, execute: ansible --version


3. Make the following changes in /etc/ansible/ansible.cfg in Auxiliary Node:

• set `host_key_checking` to `False` (Uncomment the line if commented)
• set `log_path` to `/var/log/ansible.log` (Uncomment the line if commented)

Add below:

[defaults]
log_path = /var/log/ansible.log
host_key_checking = False
Execute: export ANSIBLE_HOST_KEY_CHECKING=False

4. Setup for HA Automation Script in Auxiliary Node:

Copy HA build zip file from: /EPS8.2_HA_Config.tar.gz. to /root directory.
To extract, run: tar -xzvf EPS8.2_HA_Config.tar.gz.

5. Ansible Configuration details:
• Ansible playbooks and inventories are located within the ha_automation/ansible directory.
• Navigate to the inventories directory and ensure to update the hosts.ini and vars.yml files with the necessary parameters as needed.
• In the hosts.ini file, update the IP addresses of the nodes for a 3-node deployment. However, avoid making changes to any existing host groups such as [all_nodes] or [eps_nodes], as modifying them might result in playbook failures.


• In the vars.yml file, ensure that you provide the accurate floating IP address along with the corresponding CIDR or subnet mask. You can validate the CIDR by executing the command ip a. It is important to ensure that the subnet mask matches the physical IP addresses of the nodes to prevent any issues with the assignment of the floating IP.


6. To avoid lock errors on all three nodes, follow these steps:
• apt-get update – Rerun to check if any new updates.
• apt --fix-broken install
• apt-get -y purge unattended-upgrades.
• systemctl disable --now apt-daily.timer
• systemctl disable --now apt-daily-upgrade.timer
• systemctl daemon-reload

Note:
Wait for 15 to 20 minutes to allow all machines to stabilize. During this time, various processes such as updates, snapd updates, and unattended-upgrades will run on the auxiliary node. You can monitor these processes using the top command or by checking CPU usage.
After the 15- to 20-minutes, use the top command to verify CPU usage and ensure that no processes are holding any locks.

• Execute to check lock: sudo lsof /var/lib/dpkg/lock

Run HA Automation Script: To configure HA using Ansible, execute the following command with the root user privileges from ha_automation/ansible directory.
Execute HA Automation: ansible-playbook site.yml -i inventories/hosts.ini --ask-pass

NOTE: skip --ask-pass if paswordless-ssh connection between controller and remote nodes have been established.

The above command should run the automation script with necessary changes.


• To verify the cluster's status after the setup:
Execute: pcs status


7. Setup Alert: Execute below in Node1 or Node 2
/opt/Seqrite_EndPoint_Security/eps_alert/eps_alert.sh --enable

### Use --disable to disable the alerts

• The email recipient in the alerts is dynamically selected by Ansible based on the recipient configured by the Quick Heal EPS 8.2 installer for the health check scripts during startup. The source email address is eps@seqrite.com.