Solved: MDS R81.20 on KVM, fresh install broken.

LukeDRussell1

Hello,

I'm unable to get an MDS install working using this qcow2 image. I've been using this image for Gateway and SMS for a couple of months in my lab, everything seems to work fine. With MDS, the first symptom I noticed is I can't connect with Smart Console. SSH and Web to Gaia work fine though.

When I tried to run `api status` I would get an error about the missing file /opt/CPsuite-R81.20/fw1/conf/cpmServerSettings.props. I copied this from an SMS server to get past that error.

I also tried updating with the latest Take, but the Gaia web gui errors and suggests running `cpstop` but that doesn't work on an MDS server.
I've tried about 5 times with a fresh VM, now I'm tearing my hair out.

Some probably relevant outputs that might help:

[Expert@cp-mds:0]# mdsstat

CPM: Check Point Security Management Server is not running

+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| Type | Name               | IP address      | FWM         | FWMHA       | FWD         | CPD         | CPCA        |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| MDS  |          -         | 172.30.32.10    | down        | down        | down        | down        | down        |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
Total Domain Management Servers checked: 0     0 up   0 down
Tip: Run mdsstat -h for legend

[Expert@cp-mds:0]# mdsstart 
Starting cpWatchDog
Starting CPM Server ...
[1] 8715
CPM Server is running.
Start Search Infrastructure...
index mode was set to true
startsearch: dbsync does not run on Multi-Domain Security Management
cpwd_admin: 
Process SOLR started successfully (pid=9230) 
Starting RFL ...
cpwd_admin: 
Process RFL started successfully (pid=9262) 
Starting SmartView ...
Starting SmartView...
cpwd_admin: 
Process SMARTVIEW started successfully (pid=9311) 
Start Log Indexer...
cpwd_admin: 
Process INDEXER started successfully (pid=9594) 
Start SmartLog Server... 
cpwd_admin: 
Process SMARTLOG_SERVER started successfully (pid=9806) 

No need to run Adjuster Service - no clients were found
Starting Log Indexer...
[1]  + Done                          /opt/CPsuite-R81.20/fw1/scripts/ngm_start.sh
/opt/CPmds-R81.20/customers: No such file or directory.

[Expert@cp-mds:0]# api status

API Settings:
---------------------
Accessibility:                      Unknown
Automatic Start:                    Unknown

Processes:

Name      State     PID       More Information
-------------------------------------------------
API       Stopped   0         
CPM       Stopped   0         
FWM       Stopped   0         
APACHE    Started   8507      

Port Details:
-------------------
JETTY Internal Port:               0
JETTY Documentation Internal Port: 0
APACHE Gaia Port:                  443

Profile:
-------------------
Machine profile:                   Medium env resources profile
CPM heap size:                     1280m

                          Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

PhoneBoy

That's barely enough to run a gateway.
MDS needs a lot more resources (at least 32GB RAM, 8 Cores).
Refer to the requirements here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Se...

View solution in original post

LukeDRussell1

I increased the specs in line with the Open Server minimums for MDS (8c, 32GB, 150 GB disk) and it works immediately!

Thanks @PhoneBoy

View solution in original post

PhoneBoy

I suspect these qcow images are not set up to run MDS, which has different requirements than a regular SMS (more disk/RAM, NIC configuration).
What are the specs on the VM you’re attempting to deploy this on? (RAM/CPUs/Disk/NICs)

LukeDRussell1

It will be easy enough for me to give it more resources. I can't remember where I found the requirements, but I'm currently running 4vCPU, 6 GB, virtio NICs. I'm not sure how big the disks were. One attempt I set the data disk to 100 GB manually.

I'd be happy to take a suggestion on sizing.

the_rock

To me, that does not look like the right image for eve-ng. Did you follow below link to make sure naming is right? I know for mds, you would use same image as you were installing regular mgmt. I tested that before in eve-ng, no issues.

Andy

https://www.eve-ng.net/index.php/documentation/qemu-image-namings/

LukeDRussell1

I'm not using eve-ng.

the_rock

Sorry my bad for assuming so. Glad you got it working.

Andy

LukeDRussell1

I'm using Cisco Modelling Labs, which is built on top of KVM.

I also contributed some configs to CML-Community repo in case anyone else wants to run it. I'll add notes in that about increasing the resources for MDS.

PhoneBoy

That's barely enough to run a gateway.
MDS needs a lot more resources (at least 32GB RAM, 8 Cores).
Refer to the requirements here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Se...

LukeDRussell1

I increased the specs in line with the Open Server minimums for MDS (8c, 32GB, 150 GB disk) and it works immediately!

Thanks @PhoneBoy

Are you a member of CheckMates?

MDS R81.20 on KVM, fresh install broken.