To change a Carbon Black EDR Server IP address or FQDN, perform the following steps.
For more information about
cb.conf, see the
Carbon Black EDR Server Configuration Guide.
Note:
- After updating the server IP address, a 10 minute to 1 day delay occurs during which time the endpoints check in to receive the new server IP address or FQDN.
- Any offline endpoints that do not check in must have the sensor reinstalled or the registry edited to point to the new server IP address.
- If you are using custom certificates, the hosts file is updated after registry changes are made. If this does not occur, a restart of sensor services will generate a new hosts file and allow the connection to the server's new IP address.
Procedure
- Update sensors. See the Carbon Black EDR Sensor Installation Guide.
- Update the primary node:
- Stop cluster services:
/usr/share/cb/cbcluster stop
- Change the server IP address using standard OS commands for configuring the network.
- Update the IP address of the primary node in Postgres.
- In 7.5.0 and later product versions:
/usr/share/cb/cbservice cb-pgsql start psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW IP>' WHERE node_id=0;" /usr/share/cb/cbservice cb-pgsql stop
- In product versions 7.4.0 to 7.5.0:
/usr/share/cb/cbservice cb-pgsql start psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW IP>' WHERE id=0;" /usr/share/cb/cbservice cb-pgsql stop
- In product versions prior to 7.4.0:
service cb-pgsql start psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW IP>' WHERE id=0;" service cb-pgsql stop
- If applicable, update the IP addresses of the minion nodes.
- Update /etc/cb/cluster.conf to match the new IP addresses for all relevant nodes.
- Update /etc/sysconfig/iptables to accept traffic from new minion IP addresses.
- Update /etc/hosts to redirect to new IP addresses.
- After all online sensors have checked in, update the minions.
- Change the server IP address using standard OS commands for configuring the network interface (if applicable).
- Update /etc/cb/cb.conf to match the new primary IP address.
- Update the psql
DatabaseURL
value.
- Update Redis
RedisHost
value.
- Update /etc/cb/cluster.conf to match the new IP address for the new primary IP address (and minion IP addresses if applicable).
- Update /etc/sysconfig/iptables to accept traffic from the new primary IP address (and minion IP addresses if applicable).
Note: If you are running a Carbon Black-managed firewall, run the following command on the primary and minion nodes:
/usr/share/cb/cbcheck firewall -a
- Update /etc/hosts to match the new IP address for the new primary IP address (and minion IP addresses if applicable).
- Start services on the primary node.
/usr/share/cb/cbcluster start
- Verify that ~/.ssh/known_hosts is updated.
- Update remaining clusters.
For any clients that did not check in before the server address was changed, modify the SensorBackendServer
setting on the individual sensor.
For Windows clients, this setting is located at HKLM\SOFTWARE\CarbonBlack\config\SensorBackendServer
.
For macOS and Linux clients, this value is stored in /var/lib/cb/sensorsettings.ini.
- For FIPS environments only, run the following command to reconfigure Solr keystore and certificates for proper TLS communication:
/usr/share/cb/cbcluster sync-fips-config