This guide describes how to bake the Cmd Control agent into a master image for automated deployment. It provides background knowledge important for the various infrastructure-specific installation guides.
(Separate guides describe how to install Cmd on a single server with a shell script, and how to deploy the Cmd Audit agent.)
Prerequisite:
Make sure you are installing on one of the supported OSes.
Outline:
Step one: Find your project key
Each Cmd project has a unique project key.
Locate the key for the Cmd project where you'd like servers to appear:
Make sure you are in the correct project.
Click Sessions at the top of the web app.
Click Manage servers on the right side (under the graph).
Click Add server near the middle of the page.
Click Auto-deploy.
Click Copy.
Save the key for later.
Step two: Download and install an agent binary
You can download any supported agent version from the web app (Option 1), or an endpoint (Option 2). (To download a Cmd Control agent, you must use a project key from a Cmd Control project.)
Download the agent binary
Option 1 — Download from the web app:
To download from the web app, go to 'Project & app settings > Agent > Agent updates', and click Download Agent Package.
Note: Disable 'automatic agent updates' to avoid surprises.
Option 2 – Download from the endpoint:
Alternatively, you can use an HTTP request to automatically download the agent.
Install the agent binary
Use one of these commands, replacing the binary name as needed:
- For Ubuntu-based or Debian-based systems:
sudo dpkg -i ccf-1.4.2.amd64.deb
- For Redhat/CentOS based systems (other than SUSE):
sudo rpm --install ccf-1.4.2.x86_64.rpm
- For SUSE:
sudo rpm --install ccf-1.4.2.opensuse.x86_64.rpm
Step three: Bake the image
Bake the image, then proceed to step four.
Examples:
Step four: Set the project key
Use the project key you copied in step one. Echo it to /etc/cmd/cmd.prj :
sudo mkdir /etc/cmd
echo -n <project key> | sudo tee /etc/cmd/cmd.prj
Step five: Configure the agent
Configure the agent by creating a config file at /etc/cmd/config.ini
. Use this file to manage the following settings:
Required configuration
For every instance of the image, set a url
and an sos_url
:
For
url
, set the following:url=https://<SUB>.c-app.cmd.com/ws
For
sos_url
, set the following:https://<SUB>.sos-app.cmd.com/
Replace <SUB>
with the subdomain of your Cmd project. For example, the following commands would be correct for a web app instance with the URL https://sub1.app.cmd.com/:
URL:
echo url=https://sub1.c-app.cmd.com/ws | sudo tee --append /etc/cmd/config.ini
SOS_URL:
echo sos_url=https://sub1.sos-app.cmd.com | sudo tee --append /etc/cmd/config.ini
Optional configuration
For every instance created from the image, you'll have the option to set three additional configuration variables: server name, server group and http proxy.
To define server name:
echo server_name=<define_server_name> | sudo tee --append /etc/cmd/config.ini
Note: server names can't exceed 128 characters, and must consist of these characters:
- a-z
- A-Z
- 0-9
- space , _ , : , . , -
For AWS, replace <define_server_name> with:
$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
For GCP, replace <define_server_name> with:
$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/id" -H "Metadata-Flavor: Google")
To define server groups:
echo groups=<define_server_groups> | sudo tee --append /etc/cmd/config.ini
Replace <define_server_groups> with the name of the group where servers included in this auto-deployment belong. Valid characters for server groups are: 0-9
, a-z
, A-Z
, -
, and _
.
To include multiple groups use "," (e.g., export groups=groupA,groupB,groupC).
To define http proxy:
echo http_proxy=<http_proxy_url> | sudo tee --append /etc/cmd/config.ini
Replace <http_proxy_url> with the ip:port of your proxy.
(e.g., http_proxy=10.10.10.10:8080)
To enable the agent status API:
echo diagnostics_interface=1 | sudo tee --append /etc/cmd/config.ini
Step six: Enable the agent to start at boot
For OSes that use systemd:
systemctl enable cmd
For OSes that use Upstart:
initctl enable cmd
Step seven: Start the agent
For OSes that use systemd:
systemctl start cmd
For OSes that use Upstart:
initctl start cmd
Example project key and config files:
/etc/cmd/cmd.prj:
9e05129dba2db43e9bc535bf39b27839626fd082e93d0b211f2506ea3517915e16ee6c420c7c874b10a2ea9e353e17e959b4a5f57ed1cfd5ccf80af1363603fe
/etc/cmd/config.ini:
server_name=demo-name
groups=test1,test2,test3
http_proxy=192.168.1.100:8080
diagnostics_interface=1
Next:
Check out the Agent deployment guides collection.
Get additional support
If you encounter difficulties in automating the deployment, please contact us.