Pre-requisite
Discovery Source Prioritization over WSUS
In case different discovery sources reveal the same set of endpoints that are discovered by WSUS and you would like to keep the meta-data that comes from the discovery source (override the WSUS data when the merge between the different discovery sources happen) , please add the following property to the intigua.properties -
1. SSH to JetPatch application Server
2. Edit the intigua.properties file (vi /usr/share/tomcat/default/conf/intigua.properties) and add the priority you would like. This is an example of Active Directory prioritized over WSUS
#1 Default value VSPHERE,AMAZON_EC2,ARM,ASM,WSUS,AD
#2 First elements has higher priority
#3 Not listed DS types has higher priorities then listed in the list
#4 To prefer ActiveDirectory DS over WSUS while others will have higher priority set-up the following:
discovery-source.priority-list=AD,WSUS
3. Save file and exit
4. Restart tomcat (service tomcat restart)
Change Discovery Source Timeouts
Note1: For WSUS Discovery, see this article.
Note2: In order to manually force a discovery source refresh, you can disable, then re-enable that discovery source.
- SSH to the JetPatch application Server
- Edit /usr/share/tomcat/default/conf/intigua.properties
- Add and configure the relevant discovery sources to the properties file
// Amazon
discovery-source.AWS.success.sleep-time.min (default 10)
discovery-source.AWS.error.sleep-time.min (default 20)
// Active directory
discovery-source.AD.success.sleep-time.min (default 10)
discovery-source.AD.error.sleep-time.min (default 20)
// VCenter
discovery-source.VC.success.sleep-time.ms (default 500)
discovery-source.VC.error.sleep-time.min (default 5)
// Azure ARM
arm.sleep.success.minutes (default 5)
arm.sleep.error.minutes (default 5)
Active Directory Syncing
Regular Syncing (Every 10 Minutes by Default, Assuming Success):
- JetPatch checks for and adds new computers created or changed in the last 10 minutes.
- However, it does not immediately remove computers or update changes in security groups.
Full Scan (Every 24 Hours):
- Every 24 hours, JetPatch performs a full scan to update all computers, including removals and security group changes.
- In order to manually force a full scan source, you can disable, then re-enable Active Directory discovery.
Sync Timing:
- After a successful sync, JetPatch waits 10 minutes before the next check.
- If there’s an error, JetPatch waits 20 minutes before trying again.
- These intervals can be configured using the polling properties mentioned in the previous section.
AWS Organizations Multi-Account Support
JetPatch can connect to the Master (or Trusted) account in a given AWS Organization, allowing the user to have access to list the available child (or Trusting) accounts and to assume the role of all child accounts.
Initial configuration
In the AWS Organizations management account, perform below steps
- Create IAM user demo-master
- Attach AWS-managed inline policy
- AmazonEC2ReadOnlyAccess
- AWSOrganizationsReadOnlyAccess
Create customer inline policy demo-sts-assume-policy. Below is the JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}
In the AWS organization member account, perform the below steps
- Pre-requisite- All the member accounts should have IAM Roles created
- Create IAM Role example member-role
- Attach AWS managed inline policy
- AmazonEC2ReadOnlyAccess
- Under Trusted relationships add Trusted entries as below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<managemnt-account-number>:<user>"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
In JetPatch In order to use this feature, you must enable it in intigua.properties
aws.members.fetch=true;
In order to modify the default member role, use the “aws.members.role“ in intigua.properties
aws.members.role="demo-slave-role";
For any troubleshooting, search for AssumeRole in the discovery.log of the manager logs.
Comments
0 comments
Please sign in to leave a comment.