This guide explains how to install the Cmd Control agent on containers running Supervisord, a tool that helps to manage multiple processes in a single container. Before reading this, you should understand how to deploy the agent in a container.
This guide is organized around several example configuration files:
- Building the Dockerfile
This example installs the latest Ubuntu version of the agent. Below, where it says "<project_key>", input your project key to automatically download the latest agent binary. (Learn how to install different versions of the agent, and how to set options such as hostname and http_proxy in how to automate agent deployment.)
RUN apt-get update
RUN apt-get install nginx -y
RUN apt-get install curl openssh-client libcap2 psmisc supervisor -y
RUN mkdir -p /var/log/supervisor
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN curl -s https://c-app.cmd.com/cmdsci/<project_key>/ccf-latest.amd64.deb > /tmp/ccf-latest.amd64.deb
RUN dpkg -i /tmp/ccf-latest.amd64.deb
RUN echo -n <project key> | tee /etc/cmd/cmd.prj
RUN rm /tmp/ccf-latest.amd64.deb
Setting ‘LD_PRELOAD=libinjector.so’ as an environment variable (shown below) will cause the agent to hook all user sessions. (Some orchestration tools may override this setting, so start by investigating your env. vars. if you need to troubleshoot.)
This file configures Nginx, as an example. Replace Nginx with the services you want Cmd to monitor and control:
command=/usr/sbin/nginx -g "daemon off;"
command=bash -c '/bin/sleep 2 && /sbin/cmd_daemon -f'
In the script, '/bin/sleep 2' creates a sleep state. This optional step prevents interleaving of logs (useful when troubleshooting), and ensures safe-start without impacting the initial container process.
Building the Dockerfile:
Test the container by executing the docker-compose binary from within your working directory, with the "--build" flag to ensure a clean run.
docker-compose up --build