How to migrate sensors to a different Cb Response server/cluster via groups
Cb Response 5.x
Cb Response 6.x
The following outlines the steps to move sensors from one server/cluster to another via group settings.
It is recommended that the steps outlined in this document be done when migrating to a new server. Performing the following actions between two active servers will require re-installing sensors on the target server if certificates are changed.
Verify certificates match on both servers/clusters in /etc/cb/certs/
All nodes on a cluster must have matching certificates.
If a server/cluster's certificates have been imported from another server, update the permissions
chown root:cb cb-server.* cb-client-ca.*
chmod 644 cb-server.* cb-client-ca.*
If the certs did not match during the destination server's original installation, any sensor groups that were created before the certificate update will need to have their group certificates revoked. Any sensors previously checking into a group that has the certificate revoked will need to be re-installed in order to receive the new group certificate. See Cb Response: How to revoke a sensor group certificate
Create a new migration sensor group
Open the WebUI, then navigate to Administration > Sensors > Migration Group and select Edit Settings
Change the Server Address to the new Master Address
Verify the chosen settings Server URL's URL and port match the destination server. Once a sensor updates that information locally (in the registry for Windows), the next time it tries to checkin, it will be to the new server URL. This means that if you update this information incorrectly, the sensor will not check into either server and cannot receive updates. Changing the group setting in the UI back will only work for sensors that have not checked in yet, all others must be re-installed.
When ready, move a test sensor to the migration group. The next time the sensor checks in, it will be directed to the new server/cluster. Once the sensor registers with the new server, it will appear in the Default Group. Please note that you will have a delay after changing this setting as all endpoints need to check in first to pull down the new server address.