How to install BloxOne CDC on Docker [Bare Metal Deployment]
Introduction:
-Why use a Cloud Data Connector?
-The Cloud Data Connector (CDC) is a piece of software that can be deployed on Docker or deployed as an OVA in an ESXI server. It can be run either on-prem or in any cloud providers depending on your requirement.
- You could visualize CDC more like a middleman who receive some data from a “source” and transfer it to a “destination”.
For example: You can send data such as “Malicious Hits” from “CSP Portal” to a destination such an external Splunk Server. In order to do so, you would need to have CDC deployed that will receive data from CSP and CDC will send the received data to Splunk. In this case, the “source” is “CSP” and the “destination” is “Splunk” in a CDC’s perspective. A keynote here is that CDC acts as a medium to transfer data from CSP to an external Splunk server.
Below is a visual representation that shows the traffic flow. [Source (CSP) => CDC => Destination (Splunk Server).]
-In a CDC’s perspective, the source is “CSP Portal” and the destination to which this data is to be forwarded to is “Splunk”.
CDC Sources: In short, a “source” is where CDC can receive data from. For example: CDC can receive data from NIOS. So, here “NIOS” is considered to the “source”. In this guide, we will be using “CSP Portal” as the “Source” for CDC.
CDC Destinations: As the name suggests, a “destination” is where the data is to be forwarded to. In this guide, we will be sending data to an external splunk server. So, the “destination” is “Splunk”.
Note: This guide is intended to test CDC in a local lab environment for testing purposes. The free Splunk version also has a limit on how much data it can index. You may want to get a license from Splunk if you plan to index more data.
If you are looking to configure it in production, reach out to your local Infoblox Systems engineer/Accounts team to deploy a production ready deployment as per your requirements.
Lab Requirements:
-Access to the CSP Portal to configure CSP.
- 1x Ubuntu 16.04.x) with Docker installed with internet connectivity.
- The Host which is going to have CDC installed should have any service listening on Port 22. For example: If the default SSH port is port 22 on this VM, then it should be changed to any other port.
-In this lab setup, I have named the CDC VM with Hostname: cdc.infobloxlab.com.
Below are the details of the VMs used in this tutorial:
|
VM |
Hostname |
Description |
System Details |
|
IP |
|
VM1 |
cdc.infoblox.com |
Runs CDC |
4 vCPU, 8GB, 64GB Disk |
|
10.0.48.87 |
In this section, we will create an On-Prem Host and enable CDC application on it. The basic workflow that we are going to do is the following:
- First, we will create an On-Prem host in the CSP portal and enable CDC application.
- Make sure to change the SSH listening port to any other port other than 22. CDC requires port 22 to be free for it work properly.
-Login to https://csp.infoblox.com with your credentials.
-Navigate to Manage>On-Prem Hosts.
Provide a name for your On-Prem host and enable Data Connector application as shown below. Once done, click on “Save & Close”.
-You would now receive a pop-up message with an API key. You would be needing this API key when we are deploying CDC on Docker in later sections of this tutorial so keep this handy.
-You can click on “Close” after you have saved the API key in your computer.
Note: You have the option to get the API key from the CSP UI later in case you forgot to copy it.
You should now see the On-Prem host that you created in the CSP UI in “Pending” state. The “Pending” status is expected as we have yet to load a VM with the BloxOne CDC image and join it to the CSP portal.
If you have got this far, you have successfully created an On-Prem Host in CSP and enabled CDC application on it. Now, we need a VM with the BloxOne docker image loaded to join it to the CSP portal.
Below are the instructions to get the docker image, load it to the docker host and register to the CSP portal.
-Click on “Administration”>” Downloads” in the CSP portal. This should take you to the various BloxOne downloads available.
-Here, we need the link for the docker image for BloxOne. Right click on “Download Package for Docker” and “Copy Link Location”.
The copied link in this example is:
Install Docker:
-Run the following commands to install docker on your Host.
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
- Logout of your SSH session and re-login after running the above.
Change SSH port from 22:
Next change the SSH port from 22 to port 23.
-Edit the SSHD configuration file:
sudo vim /etc/ssh/sshd_config
-Uncomment the above line and change the port as shown below:
-Now run the following command for the changes to take affect.
sudo service ssh restart
Once the service is restarted, you can exit out and re-login to the VM on port 23.
Now, To SSH to the VM on the new port 23, you could do the following:
sudo ssh -p 23 ubuntu@10.0.48.87
-After the SSH port has been changed, perform the following:
-Now that we copy the link to the BloxOne docker image which was taken from the CSP page. Now, we need to SSH into VM1 (refer to table in the beginning of the article), download the image. [The VM that needs to be running CDC should have SSH running on port 22. For ex: change SSH port on your VM to port 23 and restart SSH service.]
-Before setting up CDC, make sure your host Ubuntu machine is up to date and install “wget” utility. This utility will be used to download the BloxOne image. You can run the following command to upgrade and install “wget” utility.
sudo apt update && sudo apt upgrade -y && sudo apt install wget -y
Now, from VM1 run the following to download the BloxOne image.
cd ~/
Now, we have the BloxOne Docker image downloaded VM1. To load the docker image, you can run the following:
sudo docker load -i BloxOne_OnPrem_Docker_3.2.7.tar.gz
-To view the loaded image, you can use the following command:
sudo docker images
-Take a note of the image tag as we will need this later. Now, that the docker image is loaded to the host, we need to create the “blox.noa” container. Below is the syntax used to run the BloxOne application.
sudo docker run -d \
--name blox.noa \
--network=host \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/lib/infoblox/certs:/var/lib/infoblox/certs \
-v /etc/onprem.d/:/etc/onprem.d/ \
infobloxcto/onprem.agent:<ENTER-IMAGE-TAG-HERE> \
--api.key <ENTER-API-KEY-HERE>
You can replace the text in Blue with the appropriate values as per your outputs. After it is done, you can check the status of the containers as shown below:
sudo docker ps -a
Below is a screenshot of the entire process.
Important: When using the docker run command to create the container, please do not change the name of the container “blox.noa” as it may run into issues.]
-Now, blox.noa will register with the CSP portal and understand that this host needs to run the CDC application. So, it will download a few more docker images and run them. This usually takes about 5-10 minutes to download the images and run them.
-To view the list of docker images that were downloaded, you can run the following command:
sudo docker images
-Below is a screenshot from the local lab environment:
-Now, check the list of running containers on the host. You will see that there are multiple containers running on the host prefixed “cdc” which are needed to run CDC.
-Now, you should be able see that the CDC On-Prem host is “Online”. Below is a screenshot:
That’s Great! To summarize we did the following so far:
-Created an On-Prem Host in the CSP Portal and enabled CDC application.
-Logged in our VM, downloaded the BloxOne On-Prem images and loaded to the host.
-Created container “blox.noa” which downloaded additional images to run CDC application.
-Verified that the On-Prem host running CDC is “Online” in the CSP Portal.
We have full use case which documents the configuration and how to integerate CDC with Splunk. You can find it here.
Sources/References:
https://docs.infoblox.com/display/BloxOneDDI/Bare-Metal+Docker+Deployment
https://github.com/splunk/docker-splunk
https://docs.splunk.com/Documentation/Splunk/latest/Installation/SystemRequirements
