How to Apply Configuration Changes

After making changes to the options in /etc/firemon/config.yml, the relevant playbook needs to be run in order for the new settings to take effect. Because the FMOS update command uses an Ansible playbook to update the software and configuration on the system, most settings will be applied at that time. Since it may not be feasible to run FMOS update to apply configuration changes, perhaps because an update source is not available, the FMOS redeploy command can be used instead.

Note: If a configuration change requires additional packages to be installed, FMOS redploy may fail. This is typically only the case when FMOS was installed using custom settings and the new configuration activates an additional Security Manager role. In these cases, only FMOS update can be used.

To begin redeploying configuration to the system:

  1. Log in to the FMOS console as a user with the FMOS Administrator privilege.
  2. At the command prompt type: fmos config apply

This will apply any configuration changes that affect SIP, as the command runs the secmgr.yml playbook by default. To apply changes to other system features, such as health monitoring or network time, another playbook may need to be run instead. To specify a different playbook, specify its name on the command line.

Caution! Currently, if you run the FMOS redeploy from /etc/firemon it will fail. The solution is to run the redeploy from /home/user.

Playbooks

The FMOS-autodeploy package includes several playbooks, each responsible for managing different aspects of the system:

  • secmgr.yml—this playbook is responsible for deploying the configuration for the four FireMon Security Manager roles: Application Server (AS), Database (DB), Data Collector (DC), and Normalization Worker (ND). This playbook is run by default by the fmos redeploy command.

  • fmos.yml—this playbook is responsible for deploying FMOS system configuration, including SMTP and system health monitoring.

  • initial-setup.yml—this playbook is run in the very early stage of the first boot of a new FMOS installation, before the fmos.yml playbook. It deploys critical host configuration such as hostname, network settings, user accounts, etc. A reboot is typically required after running this playbook.

Caution! DO NOT apply this playbook if the value of the FQND variable in the System Configuration File is different than the current FQDN of the machine! Doing so will change the hostname of the machine, which will most likely break communication with other machines in the FMOS ecosystem.

  • netconfig.yml—this playbook is used to apply network configuration changes to the system. Specifically, changes to members of the network mapping (such as network.dns1, network.gateway, network.interfaces, etc.) are applied when this playbook is run. The command to use for this playbook is fmos config apply netconfig