Pre-requisite
Discovery Source Prioritization over WSUS
In case different discovery sources reveal the same set of endpoints that are discovered by WSUS and you would like to keep the meta-data that comes from the discovery source (override the WSUS data when the merge between the different discovery sources happen) , please add the following property to the intigua.properties -
1. SSH to JetPatch application Server
2. Edit the intigua.properties file (vi /usr/share/tomcat/default/conf/intigua.properties) and add the priority you would like. This is an example of Active Directory prioritized over WSUS
#1 Default value VSPHERE,AMAZON_EC2,ARM,ASM,WSUS,AD
#2 First elements has higher priority
#3 Not listed DS types has higher priorities then listed in the list
#4 To prefer ActiveDirectory DS over WSUS while others will have higher priority set-up the following:
discovery-source.priority-list=AD,WSUS
3. Save file and exit
4. Restart tomcat (service tomcat restart)
Change Discovery Source Timeouts
- SSH to the JetPatch application Server
- Edit /usr/share/tomcat/default/conf/intigua.properties
- Add and configure the relevant discovery sources to the properties file
// Amazon
discovery-source.AWS.success.sleep-time.min (default 10)
discovery-source.AWS.error.sleep-time.min (default 20)
// Active directory
discovery-source.AD.success.sleep-time.min (default 10)
discovery-source.AD.error.sleep-time.min (default 20)
// VCenter
discovery-source.VC.success.sleep-time.ms (default 500)
discovery-source.VC.error.sleep-time.min (default 5)
// Azure ASM
discovery-source.ASM.success.sleep-time.min (default 10)
discovery-source.ASM.error.sleep-time.min (default 20)
// Azure ARM
arm.sleep.success.minutes (default 5)
arm.sleep.error.minutes (default 5)
AWS Organizations multi-account support
JetPatch can now connect to the Master (or Trusted) account in a given AWS Organization, allowing the user to have access to list the available child (or Trusting) accounts and to assume the role of all child accounts.
Initial configuration
In the AWS Organizations management account, perform below steps
- Create IAM user demo-master
- Attach AWS-managed inline policy
- AmazonEC2ReadOnlyAccess
- AWSOrganizationsReadOnlyAccess
Create customer inline policy demo-sts-assume-policy. Below is the JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}
In the AWS organization member account, perform the below steps
- Pre-requisite- All the member accounts should have IAM Roles created
- Create IAM Role example member-role
- Attach AWS managed inline policy
- AmazonEC2ReadOnlyAccess
- Under Trusted relationships add Trusted entries as below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<managemnt-account-number>:<user>"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
In JetPatch In order to use this feature, you must enable it in intigua.properties
aws.members.fetch=true;
In order to modify the default member role, use the “aws.members.role“ in intigua.properties
aws.members.role="demo-slave-role";
Note - This new feature is available as of 4.2.4 UR6.
For any troubleshooting, search for AssumeRole in the discovery.log of the manager logs.
Comments
0 comments
Please sign in to leave a comment.