This page contains an example of a script that installs a Cmd agent via Ansible. You can easily use it to download different versions of the Cmd Control and Cmd Audit agents.

Before reading this page, you should know how to automate agent deployment, and may want to review how to deploy the agent in containers

Last-tested Ansible version:

This was last tested with Ansible v2.8.2 (and Python v2.7.16). 

The Ansible playbook 

What the playbook does:

  • Uses your Cmd API key to download and install the agent. (Please note the download URL is subject to change in future releases.)

  • Configures the agent and verifies that it's enabled.

  • Removes the installer.

The playbook:

- hosts: all
become: true
architecture: amd64 # Supported values: amd64
format: deb # Supported values: rpm, deb
version: # Supported values: a supported version number, or blank for the latest version
agent_type: "" # Supported values: cmd (Cmd Audit agent), ccf (Cmd Control agent)
sub: # Your Cmd web app subdomain (e.g. sub1, sub2, sub3)
- name: "Check if Cmd agent is installed"
path: /sbin/cmd_daemon
register: cmd_daemon_file

- name: "Fetch the agent installer package"
url: https://{{ sub }}{{ agent_type }}?architecture={{ architecture }}&format={{ format }}&version={{ version }}
dest: /tmp/{{ agent_type }}-{{ version }}.{{ format }}
project-key: "{{ api_key }}"
when: cmd_daemon_file.stat.exists == false
notify: clean up cmd installer

- name: "Install agent"
deb: /tmp/{{ agent_type }}-{{ version }}.{{ format }}
when: cmd_daemon_file.stat.exists == false

- name: "Verify agent is enabled on restart"
enabled: yes
name: cmd

- name: "Set API key"
content: "{{ api_key }}"
dest: /etc/cmd/cmd.prj
owner: root
group: root
mode: 0640
notify: restart cmd

- name: "Configure server_name (and groups)"
content: "server_name={{ ansible_hostname }}\ngroups=\nurl=https://{{ sub }}\nsos_url=https://{{ sub }}\n"
dest: /etc/cmd/config.ini
owner: root
group: root
mode: 0640
notify: restart cmd

- name: restart cmd
name: cmd
state: restarted

- name: clean up cmd installer
state: absent
path: "/tmp/ccf{{ agent_type }}-{{ version }}.{{ format }}"

How to use this example:

Review the playbook and modify it as needed for your OS

Required configuration
Input values for: 

  •  api_key  — Your Cmd project key.  

  •  architecture   — Currently, the only valid value is  amd64 .

  • format — Either deb or rpm , depending on the target OS.

  • version — The version of the agent you wish to download. Use a supported version number, or leave it blank for the latest version.

  • agent_type — Choose whether to install the Cmd Control or Cmd Audit agent. Use ccf for the Cmd Control agent, or cmd for the Cmd Audit agent. (Make sure that the version number you specify matches the agent_type .)

  • sub — Your Cmd instance's subdomain. For example, if your Cmd web app is at , your subdomain is "sub1". If it's at , your subdomain "sub2".

Optional configuration

  • Server group(s) — To add servers to one or more server groups, add the group name's after  ngroups= , e.g.:  ngroups=prod . Valid characters for server groups are: 0-9 , a-z , A-Z , - , and _ . For multiple server groups, use a comma-delimited list with no spaces, e.g.:  groups=Test1,Test2,Test3 .

  • Proxy for downloads — Learn to configure a proxy for tasks like  get_url

The server's Cmd server name is set to the  ansible_hostname  using Ansible facts.

How to test:

To test this, you can use Vagrant to run an Ansible playbook against a VM:

  • Create a new directory, and put the following Vagrantfile into it:

Vagrant.configure("2") do |config| = "debian/buster64"
  config.vm.provision :ansible do |ansible|
    ansible.playbook = "playbook.yml"
  • In the same directory, create  playbook.yml  from the example playbook, above.

  • Update the configuration variables.

  • In a shell, execute  vagrant up  in the directory.

Within a few minutes, your new server will appear in the Cmd web app, on the Servers page.

Did this answer your question?