Articles in this section

See more

How-To: Set or Change Mounted Volumes Directory

Avatar
Uri Ben-dor
  • Updated
Follow

This procedure will guide you through the steps required to mount the docker volumes used by Exabeam Cloud Connectors (a.k.a SkyFormation) server to a directory of your choice. This procedure is intended for modifyning a pre-installed server. If the server hasn’t been installed yet please provide a mounted directory during the install process.
This procedure relates to 2.4.x versions only.

We differentiate between two different scenarios:

  • The docker volumes are already mounted to a local directoy (SRC_VOLUMES_DIR) and you only want to move it to another local directory (DST_VOLUMES_DIR). We’ll refer to it as option A.
  • Docker volumes are currently not mounted, data is saved under the docker root directory and you want all the Exabeam CC volumes data to be stored under specific local directory (DST_VOLUMES_DIR). We’ll refer to it as option B.

To figure this out please inspect one of the Exabeam CC volumes (here we arbitrarily choose sk4_conf) by running:

sudo docker volume inspect sk4_conf

If, in the JSON object printed to console, Options is null then the volume is not mounted (option B), the volume data is stored under the docker root directory and the full path can be found, in the JSON, under Mountpoint.

[
    {
        "CreatedAt": "2019-12-30T17:16:36Z",
        "Driver": "local",
        "Labels": {
            "com.docker.compose.project": "sk4",
            "com.docker.compose.volume": "conf"
        },
        "Mountpoint": "/var/lib/docker/volumes/sk4_conf/_data",
        "Name": "sk4_conf",
        "Options": null,
        "Scope": "local"
    }
]

Note: Docker root directory, in the above example, is /var/lib/docker and the volumes root directory (SRC_VOLUMES_DIR) is /var/lib/docker/volumes

If, on the other hand, Options is not null then the mounted directory is specified under the Options.device

[
    {
        "CreatedAt": "2019-12-30T15:08:19Z",
        "Driver": "local",
        "Labels": {
            "com.docker.compose.project": "sk4",
            "com.docker.compose.volume": "conf"
        },
        "Mountpoint": "/var/lib/docker/volumes/sk4_conf/_data",
        "Name": "sk4_conf",
        "Options": {
            "device": "/opt/exabeam/data/sk4/conf",
            "o": "bind",
            "type": "none"
        },
        "Scope": "local"
    }
]

Note: Docker root directory, in the above example, is /var/lib/docker and the volumes mounted root directory (SRC_VOLUMES_DIR) is /opt/exabeam/data/sk4. Although docker allows you to set, for each volume, a different configuration, Exabeam Cloud Connectors does not support it in its install and upgrade procedures.

Now that we understand the current settings we can continue to follow one of the procedures below

Option A

  1. Stop the sk4compose service
systemctl stop sk4compose
  1. Copy volumes data from current root directory (SRC_VOLUMES_DIR) to a new, existing root directory (DST_VOLUMES_DIR)
rsync -aP SRC_VOLUMES_DIR DST_VOLUMES_DIR
  1. Change directory to Exabeam Cloud Connectors base directory where the docker-compose.yml is located - by default either /opt/sk4 or /opt/exabeam/data/sk4. You can find its location by looking at the Exabeam Cloud Connector’s service file /etc/systemd/system/sk4compose.service
  2. Backup docker-compose.yml
cp docker-compose.yml docker-compose.yml.bak
  1. Update volumes mounted directory in the docker-compose.yml (replace DST_VOLUMES_DIR)
docker run --rm -v `pwd`/docker-compose.yml:/sk4/docker-compose.yml "498895000136.dkr.ecr.us-east-1.amazonaws.com/upgrade-scripts:1.0.0" node map_volumes_to_dir.js -f /sk4/docker-compose.yml -d DST_VOLUMES_DIR
  1. Verify that indeed all volumes are now mounted to the DST_VOLUMES_DIR
grep device: docker-compose.yml
  1. Delete Exabeam Cloud Connectors docker volumes (this operation will not delete the actual data stored in SRC_VOLUMES_DIR)
docker volume rm $(docker volume ls -q | grep sk4_) -f
  1. Restart the Exabeam Cloud Connectors service
systemctl start sk4compose
  1. Verify Exabeam Cloud Connectors is properly working - login to the web UI, make sure all the accounts are still visible.
  2. You can now delete priviously mounted directories from SRC_VOLUMES_DIR.
    Note: if the SRC_VOLUMES_DIR is the Exabeam Cloud Connectors base directory, don’t delete YAML and ENV files. This procedure keeps the Exabeam Cloud Connectors base directory unchanged.

Option B

  1. Stop the sk4compose service
systemctl stop sk4compose
  1. Copy volumes data from current docker volumes root directory (SRC_VOLUMES_DIR) to the new root directory (DST_VOLUMES_DIR)
# REPLACE SRC_VOLUMES_DIR with docker's volumes root directory (by default its /var/lib/docker/volumes)
_volumesDir=SRC_VOLUMES_DIR

# REPLACE DST_VOLUMES_DIR with the mounted directory in which you want all Exabeam Cloud Connectors data to be stored
_newMountedDir=DST_VOLUMES_DIR

_volumePathSize=${#_volumesDir}
for _dirName in $_volumesDir/sk4*; do
    _srcDir="${_dirName}/_data/"
    # volume name starts at _volumePathSize + length("/sk4_") + 1 
    _ind=$(($_volumePathSize+6))
    _dstDir=$_newMountedDir/$(echo $_dirName | cut -c$_ind-${#_dirName} | sed 's/sk4_//g')
    mkdir -p $_dstDir
    echo "Copy data from $_srcDir to $_dstDir"
    rsync -aP $_srcDir $_dstDir
done
  1. Change directory to Exabeam Cloud Connectors base directory where the docker-compose.yml is located - by default either /opt/sk4 or /opt/exabeam/data/sk4. You can find its location by looking at the Exabeam Cloud Connector’s service file /etc/systemd/system/sk4compose.service
  2. Verify that indeed all volumes data was copied from SRC_VOLUMES_DIR to DST_VOLUMES_DIR. As an extra measure of precaution we recommend to backup the sk4_conf, the sk4_zoo_data and the sk4_zoo_datalog mounted points.
tar -zcvf conf_volume.tar.gz `docker volume inspect --format='{{.Mountpoint}}' sk4_conf`
tar -zcvf zoo_data_volume.tar.gz `docker volume inspect --format='{{.Mountpoint}}' sk4_zoo_data`
tar -zcvf zoo_datalog_volume.tar.gz `docker volume inspect --format='{{.Mountpoint}}' sk4_zoo_datalog`
  1. Backup docker-compose.yml
cp docker-compose.yml docker-compose.yml.bak
  1. Update volumes mounted directory in the docker-compose.yml (replace DST_VOLUMES_DIR)
docker run --rm -v `pwd`/docker-compose.yml:/sk4/docker-compose.yml "498895000136.dkr.ecr.us-east-1.amazonaws.com/upgrade-scripts:1.0.0" node map_volumes_to_dir.js -f /sk4/docker-compose.yml -d DST_VOLUMES_DIR
  1. Verify that indeed all volumes are now mounted to the DST_VOLUMES_DIR
grep device: docker-compose.yml
  1. Delete Exabeam Cloud Connectors docker volumes (this operation WILL DELETE the actual data stored in docker volumes root directory. Hence backing up the data, as described in step 4, is highly recommended)
docker volume rm $(docker volume ls -q | grep sk4_) -f
  1. Restart the Exabeam Cloud Connectors service
systemctl start sk4compose
  1. Verify Exabeam Cloud Connectors is properly working - login to the web UI, make sure all the accounts are still visible.
  2. You can now delete backup archives created in step 4.

Related articles

Comments

0 comments

Please sign in to leave a comment.