Installing the Orchestrator on Azure and AWS with RHEL 8

This guide contains specific instructions for deploying the Insight Orchestrator on a Red Hat Enterprise Linux (RHEL) 8 server deployed in AWS or Azure. It supplements the generic script-based installation guide.

At the moment, Rapid7 recommends CentOS over RHEL. Customers requiring RHEL due to internal requirements should follow the below steps when deploying RedHat on AWS and Azure.

AWS

  1. Create EC2 instance and use ami-096fda3c22c1c990a
  2. Install iptables:
bash
1
sudo yum update
2
sudo yum install iptables-services
  1. Follow this guide for the remaining steps here

Things to note (AWS)

  • The default user for EC2 is ec2-user.
  • ec2 instances require an ssh key so your scp command would look like this:
bash
1
scp -i <private key.pem downloaded from from aws> <Location of installer on local machine>/r7-orchestrator-installer.sh ec2-user@<ec2 IP>:/tmp

Azure

Note: Azure (even following these steps) does not give consistent results. If errors do occur please follow troubleshooting tips.

  1. Create VM instance

Recommended Azure Instance

Important: Do not use any instance modified by Azure. Instead, we recommend deploying with Red Hat Enterprise Linux Raw 8.3 - Gen 1

  1. Install iptables

Note: If yum update does not run properly, try rebooting the VM. If that does not work, try recreating it. Tests have shown two RHEL instances with the same settings may yield different results in Azure. Thanks, Microsoft.

bash
1
sudo yum update
2
sudo yum install iptables-services
  1. Follow this guide for the remaining steps here

Troublshooting tips (Azure)

If the installer does not give an orchestrator key then it did not complete correctly try these steps to fix it

Rerun installer if it says a portion of the previous install is still there and blocking use the following command to remove it

bash
1
sudo yum remove <package>

If it still does not give the code try rebooting the instance. The rebooted instance should give you an orchestrator key on startup. Azure instances require an ssh key so your scp command would look like this:

bash
1
scp -i <private key.pem downloaded from Azure> <Location of installer on local machine>/r7-orchestrator-installer.sh <username>@<VM IP>:/tmp