Version

Cb Response 5.1.1, 5.2.x Cluster Implementations

Note: For standalone implementations, you can follow this guide: Change Server IP Or Domain Name Address (Single Node) 

Topic

You can use the following steps for changing your server IP in Cb Response. Please note that you will need to have a delay after changing this setting as all endpoints would need to check in first to pull down the new server IP. Any offline endpoints that don't check in will either need to have sensor reinstalled or registry edited to point to the new server.

Steps

1. Update Sensors from the UI
   

   Warning: Verify the chosen settings sensor checkin url and port. You'll only have one shot to update this setting correctly. A sensor will checkin with the old information that the server is currently on and update that information locally (in the registry for windows). The next time it tries to checkin, it will be to the new server url and port and it will no longer attempt to connect to the old address. This means that if you update this information incorrectly, this will need to be updated by changing the server to that address, or performing Step 3 for all sensors. Changing the group setting in the UI back will only work for sensors had not checked in yet, all others will not get that setting reverted back automatically.

   1. Open the WebUI, then navigate to Administration > Sensors and select Edit Settings
   2. Change the Server Address to the new IP while keeping the same port number
      

      Warning: Support's recomendation is to keep the default sensor communication port, 443. There are additional configuration changes that need to be made in /etc/cb/cb.conf and /etc/cb/nginx/conf.d/ in order for the sensors to communicate on a custom port

   3. Repeat Step b for each sensor group if they exist
2. Update Master from the Command Line
   

   Run this after all online sensors have checked in

   1. Stop Cluster "/usr/share/cb/cbcluster stop"

   2. Change the server IP using normal OS commands for configuring the network interface

   3. Update record to point to the new cbserver IP in the UI

      1. Update the IP address of the master node
         

         psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW IP>' WHERE node_id=0;"

      2. Update the IP addresses of the minion nodes if applicable. 

         Note: Minion 1 is Node 1

         psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW IP>' WHERE node_id=<NODE ID>;"

   4. Update /etc/cb/cbcluster.conf to match new IPs for all relevant nodes

   5. Update /etc/sysconfig/iptables to accept traffic from new minion IPs if applicable

   6. Update /etc/hosts to redirect to match new IPs for all relevant nodes
3. Update Minions from the Command Line
   1. Change the server IP using normal OS commands for configuring the network interface if applicable
   2. Update /etc/cb/cb.conf to match new master IP
      1. Update psql DatabaseURL value
      2. Update Redis RedisHost value
   3. Update /etc/cb/cbcluster.conf to match new IPs for new master IP (and minions if applicable)
   4. Update /etc/sysconfig/iptables to accept traffic from new master IP (and minions if applicable)
   5. Update /etc/hosts to match new IPs for new master IP (and minions if applicable)
4. Start services on the Master from the Command Line
   1. Start Cluster "/usr/share/cb/cbcluster start"
   2. Verify that ~/.ssh/known_hosts has been updated
5. Update Remaining Sensors
   1. For any clients that did not check-in before the server address is changed please modify the SensorBackendServer setting.
      1. For Windows this is located at HKLM\SOFTWARE\CarbonBlack\config\SensorBackendServer
      2. For MacOs and Linux, this value is stored in /var/lib/cb/sensorsettings.ini