Perform the following procedure to add a minion to a Carbon Black EDR cluster.

Prerequisites

Verify that the primary node and minion are using the same version of Carbon Black EDR.

Procedure

  1. Login to the primary server and stop the cluster services:
    /usr/share/cb/cbcluster stop
  2. Check the status to confirm that the cluster services have stopped:
    /usr/share/cb/cbcluster status
  3. To add a new minion to a RHEL 8 FIPS-enabled environment, run the following command on the minion to disable payload verification:
    echo "%_pkgverify_level signature" >> /etc/rpm/macros.verify
    Note: You cannot add a non-FIPS minion to a FIPS primary node or vice versa. All nodes must be on FIPS mode, or all nodes can be non-FIPS (FIPS disabled) mode.
  4. Run the cluster add node command:
    /usr/share/cb/cbcluster add-node
  5. If you ran the command in Step 3, remove the macro configuration:
    sed -i "s/%_pkgverify_level signature//g" /etc/rpm/macros.verify
  6. For EL 8 environments (FIPS and non-FIPS), if OpenResty has been updated to version 1.21.4.1-1b.cb.el8 across the cluster, the new minion must also have the OpenResty version 1.21.4.1-1b.cb.el8 installed.
    Note: If the minion user is non-root, it must have the required user privileges to perform the operation. See Required User Privileges.
    # /usr/share/cb/cbcluster openresty-upgrade --node <new_minion_id>

    If failures are reported during the upgrade, manually run the following steps on the minion to ensure that there are no anomalies.

    rpm -e openresty-openssl-1.0.2zd-1a.cb.el8 --nodeps
    rpm -e openresty-1.21.4.1-1a.cb.el8 --nodeps
    yum install -y openresty-1.21.4.1-1b.cb.el8 
  7. Start the cluster:
    /usr/share/cb/cbcluster start