Remove server farm remote DB

ovenforksqueeSecurity

Nov 3, 2013 (3 years and 7 months ago)

76 views

Remove server farm remote DB

Operation on slave machine:

1.

Get

local DB password in clish console:

[root@sp1 ~]# cat /root/.pgpass

localhost:5432:iwss:sa:aaadedbacb

2.

Run “/usr/iwss/setup
-
postgres
-
env.sh” on the slave machine and follow
the instructions.

Specify PostgreSQL server name or IP address:
<Local_DB>

Specify port number of PostgreSQL [ 5432 ]:
<Port>

Specify database name of PostgreSQL [ iwss ]:
<DB_Name>

Specify the user name for PostgreSQL [ sa ]:
<User_Name>

Specify the password for user "sa":
<SA_Pwd>

Connection via psql successful

Connection via unixODBC successful

Modifying intscan.ini

Updating ODBC configuration files


Do you want to create tables and stored procedures on the designated
PostgreSQL server ?

( y/n ) [ n ]


--

Notice
--


All existing data in the IWSS related table will be lost if you select
YES


n

Using CATALINA_BASE: /usr/iwss/AdminUI/tomcat

Using CATALINA_HOME: /usr/iwss/AdminUI/tomcat

Using CATALINA_TMPDIR: /usr/iwss/AdminUI/tomcat/te
mp

Using JRE_HOME: /usr/iwss/AdminUI/jre

Using CATALINA_BASE: /usr/iwss/AdminUI/tomcat

Using CATALINA_HOME: /usr/iwss/AdminUI/tomcat

Using CATALINA_TMPDIR: /usr/iwss/AdminUI/tomcat/temp

Using JRE_HOME: /usr/iwss/AdminUI/jre

Stopping databas
e logging daemon...


Starting DataBase logging daemon ...

Please wait while the InterScan Web Security Suite daemon is being
checked...ok


Shutting down the InterScan HTTP daemon...

Shutting down SCIP daemon...

No need to update /etc/iscan/intscan.ini and
/var/iwss/postgres/pgdata/postgresql.conf.

No need to update /etc/squid/squid.conf.

Starting the InterScan HTTP daemon...

Initializing SCIP daemon...

Please wait while the InterScan Web Security Suite daemon is being
checked.....ok


Stopping InterScan Web Security Suite FTP daemon ....

All InterScan Web Security Suite FTP has stopped.

Stopping metrics management daemon...

>>>>

Starting metrics management daemon...

IWSS PostgreSQL environment set
-
up finished successfully.

3.

Update

remo
te_db


key

in
“/etc/iscan/intscan.ini” on slave machine.

#
/etc/iscan/intscan.ini

[Database]

remote_db = no

4.

Make sure
following
configuration of section “[Database]” and
“[Database_Log]” are set to local DB in “/etc/iscan/intscan.ini” on slave
machine.

#
/etc/iscan/intscan.ini

[Database]

# ODBC Data Source Name for connecting database.

DSN=IWSS

# The name for the database that stores iwss information.

DB=iwss

# DB Server hostname

DB_HOSTNAME=localhost

# DB Server port

DB_PORT=5432

# The path points to the
SQL statements location.

SqlPath=/usr/iwss/sql/postgresql

# Whether the connection uses SQL authentication or Windows
authentication

# Note that Windows Authentication only works with MSDE/SQL Server

sql_auth=yes


[Database_Log]

# ODBC Data Source Name for

connecting database.

DSN=IWSS_LOG

# The name for the database that stores iwss information.

DB=iwss

# DB Server hostname

DB_HOSTNAME=localhost

# DB Server port

DB_PORT=5432

5.

Clear server farm configuration.

1. Click Administration
-
>IWSVA Server Farm.

2. Uncheck checkbox of

Enable for use in a multiple IWSVA server
configuration




Operation on master machine:



Check that the “/var/iwss/postgres/pgdata/pg_hba.conf” file has the
following line, and remove it.

“host

all all 10.168.100.7 255.255.255.0 password”

(10.168.100.7 is slave server ip
-
address)

#
/var/iwss/postgres/pgdata/pg_hba.conf


# TYPE DATABASE USER IP
-
ADDRESS IP
-
MASK METHOD


local all all

p a s s w o r d

# I P v 4
-
s t y l e l o c a l c o n n e c t i o n s:

h o s t a l l a l l 1 2 7.0.0.1 2 5 5.2 5 5.2 5 5.2 5 5 p a s s w o r d

# I P v 6
-
s t y l e l o c a l c o n n e c t i o n s:

h o s t a l l a l l ::1 f f f f:f f f f:f f f f:f f f f:f f f f:f f f f:f f f f:f f f f

p a s s w o r d

2.

Set the firewall configuration setting postgresql_port in the network.in
i
configuration file to “0”

#/etc/iscan/network.ini

[network]

postgresql_port=
0

restart the firewall to unblock the PostgreSQL listen port.

[root@sp1 ~]# service
iptables restart

3.

Clear server farm configuration.

1. Click Administration
-
>IWSVA Server Farm.

2. Uncheck checkbox of

Enable for use in a multiple IWSVA server
configuration