Deployment Guide

Introduction

This guide will walk you through a production Synapse Rapid7 SonarSSL deployment. Synapse Rapid7 SonarSSL will register with AHA for service disovery and future devops tasks, and therefore this guide assumes the Synapse Deployment Guide has been followed.

As in the Synapse Deployment Guide, docker-compose will be used as a light-weight orchestration mechanism.

Preparation

With the Synapse Deployment Guide completed, the following items will be needed before starting the deployment:

  • Access to the running AHA container.

  • The previously chosen network name; referred to as <yournetwork> in this guide.

  • A host prepared as specified by Prepare your Hosts.

Deployment

Inside the AHA container

Generate a one-time use provisioning URL:

python -m synapse.tools.aha.provision.service 00.rapid7sonarssl

You should see output that looks similar to this:

one-time use URL: ssl://aha.<yournetwork>:27272/<guid>?certhash=<sha256>

On the Host

Create the container directory:

mkdir -p /srv/syn/00.rapid7sonarssl/storage
chown -R 999 /srv/syn/00.rapid7sonarssl/storage

Create the /srv/syn/00.rapid7sonarssl/docker-compose.yaml file with contents:

version: "3.3"
services:
  00.rapid7sonarssl:
    user: "999"
    image: vertexproject/synapse-rapid7:v3.x.x
    network_mode: host
    restart: unless-stopped
    volumes:
        - ./storage:/vertex/storage
    environment:
        - SYN_RAPID7SONARSSL_AXON=aha://axon...
        - SYN_RAPID7SONARSSL_HTTPS_PORT=null
        - SYN_RAPID7SONARSSL_AHA_PROVISION=ssl://aha.<yournetwork>:27272/<guid>?certhash=<sha256>

Note

Don’t forget to replace your one-time use provisioning URL!

Start the container:

docker-compose --file /srv/syn/00.rapid7sonarssl/docker-compose.yaml pull
docker-compose --file /srv/syn/00.rapid7sonarssl/docker-compose.yaml up -d

Remember, you can view the container logs in real-time using:

docker-compose --file /srv/syn/00.rapid7sonarssl/docker-compose.yaml logs -f

Add the Service to the Cortex

From a Storm console add the service to the Cortex:

> service.add rapid7sonarssl aha://rapid7sonarssl...

What’s next?

See the DevOps Guide for instructions on performing various maintenance tasks on your deployment!