Use the
crsetup.sh setup script to install the
Cyber Recovery software.
Prerequisites
Ensure that you satisfy all preinstallation requirements (see
Getting Started).
For a
Cyber Recovery software installation, we recommend using SELinux as the Linux Security Module for added operating system security. Because SELinux provides granular access control, be careful when configuring security contexts for
Cyber Recovery files and directories.
About this task
The installation procedure takes approximately five minutes.
NOTE To deploy the
Cyber Recovery virtual appliance, go to the next topic.
Steps
Log in to the
Cyber Recovery management host as
root.
Optionally, enable SELinux.
Download the
Cyber Recovery installation package to a directory with approximately
1.5 GB of free space.
Untar the installation package:
# tar -xzvf <installation package tar file>
The file is untarred to the
staging directory (within the current directory). The extraction includes the
crsetup.sh setup script.
Go to the
staging directory and make the
crsetup.sh setup script an executable script:
# cd staging
# chmod +x ./crsetup.sh
Verify that the prerequisite software is installed:
# ./crsetup.sh --check
If any prerequisites are not satisfied, do not proceed with the installation.
Use the
hostname -i command to determine if there are multiple IP addresses that are associated with the management host. If the command returns multiple IP addresses, use the following command to specify the IP address for the
Cyber Recovery software to use to communicate with the
DD storage in the
Cyber Recovery vault:
# export dockerHost=<IP address>
If you need to impose specific Docker subnets, follow these steps. Otherwise or if you plan to readdress the Docker network after the installation, go to step 8.
Stop the Docker services:
systemctl stop docker.service
Add a
default-address-pools definition for your environment to the
/etc/docker/daemon.json file.
NOTE This code is an example; use values that are appropriate for your environment.
Update the configuration:
systemctl daemon-reload
Restart the Docker services:
service docker start
Verify that the
docker0: interface is allocated from the pool that is defined in step b.
Begin the installation:
# ./crsetup.sh --install
When prompted, press Enter to view the End User License Agreement (EULA). Enter
q to exit the EULA at any time, and then enter
y to accept the EULA.
If you decline the EULA, the installation stops. Otherwise, the installation continues.
The installation procedure attempts to create a Linux user (cyber-recovery-admin) on the management host in the
Cyber Recovery vault. It assigns a reserved UID:GID of 14999 to the cyber-recovery-admin user. This user owns specific installation directories.
If the reserved UID:GID 14999 is assigned to another user or the cyber-recovery-admin user exists but is not assigned the reserved UID:GID 14999, the installation procedure issues a warning message. Otherwise, the installation procedure continues.
If the installation procedure displays a warning about creating the cyber-recovery-admin user, indicate if you want to continue or cancel the installation.
If you complete the installation, the Cyber Recovery software operates correctly, however, a non-cyber-recovery-admin user might own some installation directories.
When prompted, specify the directory where you want to install the
Cyber Recovery software or press Enter to accept the default location.
When prompted, specify the directory where you want to install the database or press Enter to accept the default location.
Output is displayed about creating directories, loading Docker containers, and starting the Docker registry and MongoDB database.
NOTE The installation procedure also creates internal IP addresses that enable communication between the Docker containers.
At the prompts , enter and confirm a lockbox passphrase, database password, and
crso user account password of your choosing.
The crso is the default security officer and can be considered the superuser. You log in to the
Cyber Recovery software initially as the crso.
The passphrase and password requirements are:
Between 9-64 characters
NOTE For FIPS compliance, the lockbox passphrase must be at least 14 characters, and after a power loss, the passphrase must be changed.
At least one numeric character (0-9)
At least one uppercase character (A-Z)
At least one lowercase character (a-z)
At least one special character: ~!@#$%^&*()+={}|:";<>?[]-_,^'.
CAUTION
Do not forget the lockbox passphrase; it cannot be recovered. If you forget or lose the passphrase, a fresh installation of the
Cyber Recovery software is required.
The lockbox passphrase is required to perform updates and reset the Security Officer's password.
Results
The installation procedure starts
Cyber Recovery services and then exits.
The installation procedure loads the
cyber-recovery.service file. If the
Cyber Recovery management host restarts after a shutdown, this file directs the management host to start the
Cyber Recovery services automatically.
NOTE At this time, the full system control options are not configured. If you run the systemctl command for
cyber-recovery.service, the status is displayed as inactive.
Next steps
In your browser, go to the URL shown at the end of the installation script. Then, log in to the
Cyber Recovery UI using the default Security Officer (crso) account and the password that you created.
NOTE If your system has an active firewall, ensure that the ports that are listed at the end of the installation script are open on the firewall.
If you:
Enabled SELinux in step 2, the
Cyber Recovery software might not start after a reboot due to unlabeled context type and custom policies. Change the SELinux context (see
Changing the SELinux context).
Readdressed the Docker network during this installation, verify that bridge interfaces and the Docker
cr_back and
cr_front networks are on separate subnets that are based on the
default-address-pools configuration in the
/etc/docker/daemon.json file.