Go to Cmd
Terraform deployment example
How to deploy Cmd agents with Terraform
Ben Ironside avatar
Written by Ben Ironside. Updated over a week ago

This page contains an example of using a remote-exec Terraform provisioner to install the Cmd Control agent on a VM hosted on AWS.

This example assumes:

  • SSH access has already been allowed in any applicable firewalls.

  • The target VMs are configured to allow Terraform to access them via SSH, with its public key.

Last-tested version of Terraform:

This was last tested with Terraform v0.12.24.

Instructions:

  1. Choose a directory. This example uses a directory called terraform_cmd .

  2. In the terraform_cmd directory, create the two files shown below
    ( cmd_config.tf and ccf_installer.sh ).

  3. Change the following variables in ccf_installer.sh :

  • CMD_API_KEY — Your Cmd project key.

  • CMD_ARCH — Currently, the only valid value is amd64 (includes x86_64).

  • CMD_PKG_FORMAT — Either deb or rpm , depending on the target OS.

  • CMD_PKG_VERSION — The version of the agent you wish to download. Use a supported version number, or leave it blank for the latest version.

  • CMD_AGENT_TYPE — Choose whether to install the Cmd Control or Cmd Audit agent. Use ccf for the Cmd Control agent, or cmd for the Cmd Audit agent. (Make sure that the version number you specify matches the agent_type .)

  • CMD_SUB — Your Cmd instance's subdomain. For example if your Cmd web app is at sub1.app.cmd.com , use "sub1". If it's at sub2.app.cmd.com , use "sub2".

4. In the terraform_cmd directory, run terraform apply .

5. After the command completes, Cmd will begin monitoring the VM.

The terraform configuration file:
This terraform configuration file creates a VM using AWS, then uses the script below
( ccf_installer.sh ) to install the Cmd Control agent on the VM.

cmd_config.tf

provider "aws" {
  region = "us-west-2"
}

data "aws_ami" "ubuntu" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "web" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t2.micro"
  
  provisioner "file" {
    source = "ccf_installer.sh"
    destination = "/tmp/.ccf_installer.sh"
    connection {
      user = "ubuntu"
      host = self.public_ip
    }
  }
  provisioner "remote-exec" {
    inline = [
      "chmod +x /tmp/.ccf_installer.sh",
      "sudo /tmp/.ccf_installer.sh"
    ]
    connection {
      user = "ubuntu"
      host = self.public_ip
    }
  }
}

ccf_installer.sh

This script uses your Cmd api key to download the specified version of the Cmd Control agent, and installs it.

#!/bin/bash
CMD_API_KEY="TerraformExampleKey"
CMD_ARCH="amd64"      #Supported architecture: amd64 
CMD_PKG_FORMAT="deb"  #Supported formats: rpm, deb
CMD_PKG_VERSION=""    #A supported version number, or "" for latest
CMD_AGENT_TYPE="ccf"  #Supported values: cmd, ccf
CMD_SUB="sub2"        #Your Cmd webapp subdomain(e.g. sub1, sub2, sub3)

mkdir -p /etc/cmd/
cat <<- EOF > /etc/cmd/config.ini
server_name=$(hostname)
groups=
http_proxy=
url=https://${CMD_SUB}.c-app.cmd.com/ws
sos_url=https://${CMD_SUB}.sos-app.cmd.com
EOF

echo "${CMD_API_KEY}" > /etc/cmd/cmd.prj
chown root:root /etc/cmd/cmd.prj /etc/cmd/config.ini
chmod 0644 /etc/cmd/cmd.prj /etc/cmd/config.ini

curl -L -o /tmp/${CMD_AGENT_TYPE}-${CMD_PKG_VERSION}.${CMD_PKG_FORMAT} -H "project-key: ${CMD_API_KEY}" "https://${CMD_SUB}.c-app.cmd.com/download/${CMD_AGENT_TYPE}?architecture=${CMD_ARCH}&format=${CMD_PKG_FORMAT}&version=${CMD_PKG_VERSION}"
dpkg -i /tmp/${CMD_AGENT_TYPE}-${CMD_PKG_VERSION}.${CMD_PKG_FORMAT}
rm /tmp/${CMD_AGENT_TYPE}-${CMD_PKG_VERSION}.${CMD_PKG_FORMAT}

systemctl restart cmd

Related resources

See more agent installation guides

Did this answer your question?