Run make_server_node.pyc

Use the make_server_node.pyc script to convert an install into either a specific service or a Shared Services server for a Splunk SOAR (On-premises) cluster.

Create a Shared Services server

A single Shared Services server becomes a single point of failure. Any problems on the Shared Services server impact your entire Splunk SOAR (On-premises) cluster. For production use, build a server for each service rather than a single Shared Services server.

Note: A single Shared Services server is not recommended for production use. This mode is primarily intended for Proof of Value or demonstrations.

Create a Shared Services server: 

/opt/phantom/bin/phenv python /opt/phantom/bin/make_server_node.pyc

Making a Shared Services server also generates the /opt/phantom/bin/mcn_responses.json file, which can be passed as an argument to make_cluster_node.pyc to help set up the first Splunk SOAR (On-premises) node in your cluster.

Note: The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.

Create a specific function server

Create a specific function server, such as an HAProxy load balancer, PostgreSQL database, file share, or Splunk Enterprise as root or using sudo: 

/opt/phantom/bin/phenv python /opt/phantom/bin/make_server_node.pyc --<option argument>

Repeat once on separate systems for each server.

Valid arguments:

  • fs - sets up a single server GlusterFS for file shares.
  • db - sets up the internal PostgreSQL database to be used as an external PostgreSQL database.
  • proxy - installs and configures HAProxy to serve as a load balancer for your Splunk SOAR (On-premises) cluster.

make_server_node.pyc prompts and warnings

The make_server_node.pyc script issues a warning that you are about to permanently change your Splunk SOAR (On-premises) instance.

The changes are:

  • Splunk SOAR (On-premises) is removed from system boot scripts.
  • Disabling the internal Splunk SOAR (On-premises) database.
  • Configuring file shares.
  • Installing HAProxy to act as a load balancer.
  • You must respond to the warning with "y" for yes to proceed.

You are prompted to supply information for the TLS certificate.

  • Country Code
  • State Code
  • City
  • Organization
  • Organization unit
  • Hostname (or IP address)
  • Email address

The remaining prompts are:

  • The subnet on which PostgreSQL will accept connections.
  • Set the passwords for the postgres and pgbouncer user accounts.
  • Password for the user account.

When the script completes it writes the file /opt/phantom/bin/mcn_responses.json.

Logs are written to /var/log/phantom/make_server_node/make_server_node_<date and time>.log.

Additional configuration steps for unprivileged clusters

Perform the following steps on the load balancer or Shared Services server as root or as a user using sudo to get elevated permissions.

  1. Set SELINUX to allow HAProxy to bind to your custom HTTPS port.
    Note: If SELINUX is disabled, then skip this step.
    semanage port --add --type http_port_t --proto tcp <HTTPS PORT>
  2. Conditional: If you receive an error that the port is already defined, use --modify instead of --add.
    semanage port --modify --type http_port_t --proto tcp <HTTPS PORT>