About the installation
This topic discusses installing the Cisco Secure Dynamic Attributes Connector. You must install the connector as a user with sudo
privileges but you can run the connector as a non-privileged user.
Before you begin
Make sure your system has the following prerequisite software:
Minimum requirements for all operating systems:
We recommend you size your virtual machines as follows:
-
50 connectors, assuming 5 filters per connector and 20,000 workloads: 4 CPUs; 8GB RAM; 100GB available disk space
-
125 connectors, assuming 5 filters per connector and 50,000 workloads: 8 CPUs, 16 GBRAM, 100GB available disk space
Note
|
Failure to size your virtual machines properly can cause the dynamic
attributes connector to fail or not to start.
|
If you wish to use vCenter attributes, we also require:
To install prerequisite software, see Install Prerequisite Software.
View the Readme and Release Notes
For the latest installation information, see the following:
Readme: https://galaxy.ansible.com/cisco/csdac
Release Notes: Cisco Secure Dynamic Attributes Connector Release Notes
Get the Dynamic Attributes Connector software
To get the latest version of the dynamic attributes connector software, run the following command:
ansible-galaxy collection install cisco.csdac
Install the muster service
The muster service is another name for the dynamic attributes connector.
Run the following command from the ~/.ansible/collections/ansible_collections/cisco/csdac
directory.
ansible-playbook default_playbook.yml
[--ask-become-pass]
[--extra-vars
"
vars
"
]
Syntax Description
--ask-become-pass
|
Prompts you to enter the sudo password. Required if sudo is enabled on your machine.
|
--extra-vars
|
The following optional extra variables enable the dynamic attributes connector to use a proxy. The value you use must match the value in /etc/environment, which you configured as discussed in Install Prerequisite Software.
The following optional extra variables create a self-signed certificate you can use to securely connect to the dynamic attributes connector. If you omit these parameters, the dynamic attributes connector uses a default certificate.
-
csdac_certificate_domain
domain name for autogenerated certificate. Default value is autodetected hostname of the host (detected by ansible)
-
csdac_certificate_country_name
Two-letter country code. (Default is US )
-
csdac_certificate_organization_name
Organization name. (Default is Cisco )
-
csdac_certificate_organization_unit_name
-
Organizational unit name (Default is Cisco )
|
Example installation with a default certificate
For example, to install the software with default options:
ansible-galaxy collection install cisco.csdac
cd ~/.ansible/collections/ansible_collections/cisco/csdac
ansible-playbook default_playbook.yml --ask-become-pass
Example installation with optional certificate
For example, to install the software with an optional certificate:
ansible-galaxy collection install cisco.csdac
cd ~/.ansible/collections/ansible_collections/cisco/csdac
ansible-playbook default_playbook.yml --ask-become-pass --extra-vars "csdac_certificate_domain=domain.example.com csdac_certificate_country_name=US csdac_certificate_organization_name=Cisco csdac_certificate_organization_unit_name=Engineering"
After you create the certificate, import it into the web browser you'll use to access the connector. The certificate is created
in the ~/csdac/app/config/certs
directory.
View the installation log
The installation log is located as follows:
~/.ansible/collections/ansible_collections/cisco/csdac/logs/csdac.log
Use your certificate to connect to the dynamic
attributes connector
If you have a certificate and key, put them in the ~/csdac/app/config/certs
directory on your virtual machine.
After you perform the preceding task, restart the dynamic
attributes connector's Docker container by entering the following command:docker restart muster-ui
Log in to the connector
-
Access the dynamic attributes connector at https://ip-address
-
Log in.
The initial login is username admin
, password admin
. You are required to change the password the first time you log in.