These documents were birthed out of the necessity for building re-usable and ephemeral CP4S instances that are integrated various security technologies for Cyber Range scenarios. The end goal was to be able to create a set of Gold images of all security tools, including CP4S that are fully configured, integrated and ready for use that is deployable via orchestration. Another requirement was that we need to be able to run multiple scenarios in a day, requiring no more than 30-60 minutes for a new environment to initialize. Out of this requirement we also wanted to gain education around Redhat OCP (RedHat OpenShift Container Platform) and Cloud Pak for Security (CP4S). Understand that this implementation is not for production environments and is a “work in progress”. Our testing and usage have been very successful, but we have not fully vetted the solution against short- and long-term problems that may arise. As we discover any issues and work arounds, we will update this blog.
The process is broken up into three different part because of the many steps and pieces involved to put this together.
Part One: “The Setup” (10 Pages)
This document will walk you through all the necessary steps and configurations that you will need to take to set up your environment:
a. Firewall Installation (using OpnSense) and configuration
b. Jumpbox installation and a breakdown of all the packages you will need to install on your jumpbox
c. Setting up your LDAP and DNS server
d. Setting up your OpenShift Install with the deployment of Terraform
e. Configuring the terraform.tfvars variables.tf vm/variables.tf vm/main.tf
f. Additional Steps (SSH Keys) and uploading the rhcos-4.6.x.ova to templates folder on the vCenter
g. Setting up the LDAP Connector with Windows Active Directory
Part Two: “Storage” (16 Pages)
This document will walk you through all the necessary steps and configurations that you will need to install/configure OpenShift Container Storage.
Part Three: “Install CP4S and Post Install Steps” (3 Pages)
This document will walk you through:
The CP4S “Preinstallation-task”, instructions on how to Install IBM Cloud Pak® for Security in an environment with internet connectivity (link provided) ,
- The necessary steps and configurations are needed in the values.conf file you need to configure before you install CP4S.
- Commands to validate the CP4S installation after it has completed
- Post install instructions to configure an LDAP (Lightweight Directory Access Protocol) connection for your product cluster.
- Optional additional steps to shut down a OpenShift Cluster with Storage and Application PODS. There is a backup that needs to be taken from one of the control plane nodes to capture the clusters state before shutdown in the event of a recovery. All these steps should be taken from the bastion node from which you deployed the cluster. The steps were taken from Red Hat support and documentation.
Authors: Nat Prakongpan, Matt Dobbs, Bill Hankard, Anthony (Tone) Johnson