Go to Cmd
Ansible install playbook example
An example of how to deploy the Cmd agent with Ansible
Ben Ironside avatar
Written by Ben Ironside. Updated over a week ago

This page contains an example of a script that installs a Cmd agent via Ansible. You can easily use it to download different versions of the Cmd Control and Cmd Audit agents.

Before reading this page, you should know how to automate agent deployment, and may want to review how to deploy the agent in containers

Last-tested Ansible version:

This was last tested with Ansible v2.8.2 (and Python v2.7.16). 

The Ansible playbook 

What the playbook does:

  • Uses your Cmd API key to download and install the agent. (Please note the download URL is subject to change in future releases.)

  • Configures the agent and verifies that it's enabled.

  • Removes the installer.

The playbook:

---
#######-CONFIGURATION-#############
  - hosts: all
    become: true
    vars: 
        api_key: <ANSIBLE_EXAMPLE_API_KEY> 
        architecture: amd64   # Supported values: amd64
        format: deb           # Supported values: rpm, deb 
        version:              # Supported values: a supported version number, or blank for the latest version
        agent_type: ""        # Supported values: cmd (Cmd Audit agent), ccf (Cmd Control agent)        
        sub:                  # Your Cmd web app subdomain (e.g. sub1, sub2, sub3)
###################################
    tasks:
      - name: "Check if Cmd agent is installed"
        stat:
          path: /sbin/cmd_daemon
        register: cmd_daemon_file

      - name: "Fetch the agent installer package"
        get_url:
          url: https://{{ sub }}.c-app.cmd.com/download/{{ agent_type }}?architecture={{ architecture }}&format={{ format }}&version={{ version }}
          dest: /tmp/{{ agent_type }}-{{ version }}.{{ format }}
          headers:
            project-key: "{{ api_key }}"
        when: cmd_daemon_file.stat.exists == false
        notify: clean up cmd installer

      - name: "Install agent"
        apt:
          deb: /tmp/{{ agent_type }}-{{ version }}.{{ format }}
        when: cmd_daemon_file.stat.exists == false

      - name: "Verify agent is enabled on restart"
        service:
          enabled: yes
          name: cmd

      - name: "Set API key"
        copy:
          content: "{{ api_key }}"
          dest: /etc/cmd/cmd.prj
          owner: root
          group: root
          mode: 0640
        notify: restart cmd

      - name: "Configure server_name (and groups)"
        copy:
          content: "server_name={{ ansible_hostname }}\ngroups=\nurl=https://{{ sub }}.c-app.cmd.com/ws\nsos_url=https://{{ sub }}.sos-app.cmd.com\n"
          dest: /etc/cmd/config.ini
          owner: root
          group: root
          mode: 0640
        notify: restart cmd

    handlers:
      - name: restart cmd
        service:
          name: cmd
          state: restarted

      - name: clean up cmd installer
        file:
          state: absent
          path: "/tmp/ccf{{ agent_type }}-{{ version }}.{{ format }}"

 
 
How to use this example:

Review the playbook and modify it as needed for your OS

Required configuration
Input values for: 

  •  api_key  — Your Cmd project key.  

  •  architecture   — Currently, the only valid value is  amd64 .

  • format — Either deb or rpm , depending on the target OS.

  • version — The version of the agent you wish to download. Use a supported version number, or leave it blank for the latest version.

  • agent_type — Choose whether to install the Cmd Control or Cmd Audit agent. Use ccf for the Cmd Control agent, or cmd for the Cmd Audit agent. (Make sure that the version number you specify matches the agent_type .)

  • sub — Your Cmd instance's subdomain. For example, if your Cmd web app is at sub1.app.cmd.com , your subdomain is "sub1". If it's at sub2.app.cmd.com , your subdomain "sub2".


Optional configuration

  • Server group(s) — To add servers to one or more server groups, add the group name's after  ngroups= , e.g.:  ngroups=prod . Valid characters for server groups are: 0-9 , a-z , A-Z , - , and _ . For multiple server groups, use a comma-delimited list with no spaces, e.g.:  groups=Test1,Test2,Test3 .

  • Proxy for downloads — Learn to configure a proxy for tasks like  get_url

The server's Cmd server name is set to the  ansible_hostname  using Ansible facts.
 

How to test:

To test this, you can use Vagrant to run an Ansible playbook against a VM:

  • Create a new directory, and put the following Vagrantfile into it:

Vagrant.configure("2") do |config|
  config.vm.box = "debian/buster64"
  config.vm.provision :ansible do |ansible|
    ansible.playbook = "playbook.yml"
  end
end

  • In the same directory, create  playbook.yml  from the example playbook, above.

  • Update the configuration variables.

  • In a shell, execute  vagrant up  in the directory.

Within a few minutes, your new server will appear in the Cmd web app, on the Servers page.

Did this answer your question?