In large enterprise Deep Security AMI deployment, Deep Security Relay (DSR) also resides in Deep Security Manager (DSM) node, with many different Deep Security Agent (DSA) versions imported and installed on different server OS and builds /var default partition of 35GB may not be enough.
DSR stores the agent package and pattern updates on /var/opt/ds_agent/relay/www directory, disk partition on /var might get full and cause package and pattern update issues on DSR. In case where removing packages from DSM console is not viable, increasing the size of partition on /var can be another option.
Change the values accordingly if you will increase the partition by a different value.
- Increase DS AMI /dev/sdb EBS volume depending on your required disk space.
The default size is 128GB which is already partitioned automatically during deployment. For example, if you need to increase /var partition by 20GB, change EBS size to 148GB. You can find the /dev/sdb EBS volume at EC2 description page.
After increasing EBS volume, it will take at least 1 minute to reflect in AMI, run the following command to verify:
lsblk
Expected output:
- Resize physical volume of /dev/sdb:
pvresize /dev/sdb
Expected output:
- Extend logical volume for /dev/mapper/hardenedpartitions-var:
lvextend -L 55G /dev/mapper/hardenedpartitions-var
Note that 55G means changing the partition size to 55GB. You may change the value depending on your requirements.
Expected output:
- Extend file system:
resize2fs /dev/mapper/hardenedpartitions-var
Expected output:
- Verify /var partition change:
df -h
Expected output: