This guide describes how to bake the Cmd Control agent into a master image for automated deployment. It provides background knowledge important for the various infrastructure-specific installation guides.
(Separate guides describe how to install Cmd on a single server with a shell script, and how to deploy the Cmd Audit agent.)
Outline
- Find your project key
- Download and install an agent binary
- Bake the image
- Enter your project key in /etc/cmd/cmd.prj
- Configure the agent
- Enable the agent to start at boot
- Start the agent
- Examples of cmd.prj and config.ini
Step one: Find your project key
Each Cmd project has a unique project key.
Locate the key for the Cmd project where you'd like servers to appear:
- Make sure you are in the correct project.
- Click Sessions at the top of the web app.
- Click Manage servers on the right side (under the graph).
- Click Add server near the middle of the page.
- Click Auto-deploy.
- Click Copy.
- Save the key for later.
Step two: Download and install an agent binary
You can download any supported agent version from the web app (Option 1), or an endpoint (Option 2). (To download a Cmd Control agent, you must use a project key from a Cmd Control project.)
Download the agent binary
Option 1 — Download from the web app:
To download from the web app, go to 'Project & app settings > Agent > Agent updates', and click Download Agent Package.
Note: Disable 'automatic agent updates' to avoid surprises.
Option 2 – Download from the endpoint:
Alternatively, you can use an HTTP request to automatically download the agent.
Install the agent binary
Use one of these commands, replacing the binary name as needed:
- For Ubuntu-based or Debian-based systems:
sudo dpkg -i ccf-1.4.2.amd64.deb
- For Redhat/CentOS based systems (other than SUSE):
sudo rpm --install ccf-1.4.2.x86_64.rpm
- For SUSE:
sudo rpm --install ccf-1.4.2.opensuse.x86_64.rpm
Step three: Bake the image
Bake the image, then proceed to step four.
Examples:
Step four: Set the project key
Use the project key you copied in step one. Echo it to /etc/cmd/cmd.prj :
sudo mkdir /etc/cmd
echo -n <project key> | sudo tee /etc/cmd/cmd.prj
Step five: Configure the agent
Configure the agent by creating a config file at /etc/cmd/config.ini
. Use this file to manage the following settings:
Required configuration
For every instance of the image, set a url
and an sos_url
:
- For
url
, set the following:url=https://<SUB>.c-app.cmd.com/ws
- For
sos_url
, set the following:https://<SUB>.sos-app.cmd.com/
Replace <SUB>
with the subdomain of your Cmd project. For example, the following commands would be correct for a web app instance with the URL https://sub1.app.cmd.com/:
URL:
echo url=https://sub1.c-app.cmd.com/ws | sudo tee --append /etc/cmd/config.ini
SOS_URL:
echo sos_url=https://sub1.sos-app.cmd.com | sudo tee --append /etc/cmd/config.ini
Optional configuration
For every instance created from the image, you'll have the option to set three additional configuration variables: server name, server group and http proxy.
To define server name:
echo server_name=<define_server_name> | sudo tee --append /etc/cmd/config.ini
Note: server names can't exceed 128 characters, and must consist of these characters:
- a-z
- A-Z
- 0-9
- space , _ , : , . , -
For AWS, replace <define_server_name> with:
$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
For GCP, replace <define_server_name> with:
$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/id" -H "Metadata-Flavor: Google")
To define server groups:
echo groups=<define_server_groups> | sudo tee --append /etc/cmd/config.ini
Replace <define_server_groups> with the name of the group where servers included in this auto-deployment belong. Valid characters for server groups are: 0-9
, a-z
, A-Z
, -
, and _
.
To include multiple groups use "," (e.g., export groups=groupA,groupB,groupC).
To define http proxy:
echo http_proxy=<http_proxy_url> | sudo tee --append /etc/cmd/config.ini
Replace <http_proxy_url> with the ip:port of your proxy.
(e.g., http_proxy=10.10.10.10:8080)
To enable the agent status API:
echo diagnostics_interface=1 | sudo tee --append /etc/cmd/config.ini
Step six: Enable the agent to start at boot
For OSes that use systemd:
systemctl enable cmd
For OSes that use Upstart:
initctl enable cmd
Step seven: Start the agent
For OSes that use systemd:
systemctl start cmd
For OSes that use Upstart:
initctl start cmd
Example project key and config files:
/etc/cmd/cmd.prj:
9e05129dba2db43e9bc535bf39b27839626fd082e93d0b211f2506ea3517915e16ee6c420c7c874b10a2ea9e353e17e959b4a5f57ed1cfd5ccf80af1363603fe
/etc/cmd/config.ini:
server_name=demo-name
groups=test1,test2,test3
http_proxy=192.168.1.100:8080
diagnostics_interface=1
Next:
Learn How to deploy Cmd in containers.
Check out the Agent deployment guides collection.
Get additional support
If you encounter difficulties in automating the deployment, please contact us.