We will install the components from the bottom up because XSOAR app needs the NFS and Database ready.
There is plenty of options for NFS, either on Windows, Linux or any public cloud native NFS services. In this guide, we will install a new one on Linux.
Step 1: have yourself a clean Linux server. In this guide, I use Ubuntu 18.04
Step 2: install NFS server
sudo apt update
sudo apt install nfs-kernel-server
Step 3: create a folder to share
XSOAR app with need to have read & write access to /var/lib/demisto (which is mounted to NFS folder). You can create any folder on NFS to share for this purpose, but I recommended to create an exact name to be easier to manage.
sudo mkdir /var/lib/demisto -p
Step 4: change owner to nobody:nogroup
As NFS will translate any root operation on client to nobody:nogroup credential, we need to chown the directory:
sudo chown nobody:nogroup /var/lib/demisto
Step 5: share the folder for XOAR app server access
Sudo vi /etc/exports
Then add one line to the file for the export purpose
/var/lib/demisto 172.17.2.4(rw,sync,no_root_squash,no_subtree_check) 172.17.2.6(rw,sync,no_root_squash,no_subtree_check)
In this setup, 172.17.2.4 and 172.17.2.6 are XSOAR App 01 and XSOAR App 02 server. Make sure the no_root_squash is added the the attribute list because it is important for XSOAR app credential to write to this folder.
Step 6: restart the NFS service and check status
systemctl restart nfs-kernel-server
Check your nfs-kernel-server status is running and use netstat to check if TCP 2049 is now listening on NFS server.
How do you feel? Ready for ElasticSearch?
コメント