English

Cloud Secure Agent Installation

Contributors netapp-alavoie dgracenetapp Download PDF of this topic

Cloud Secure collects user activity data using one or more agents. Agents connect to devices in your environment and collect data that is sent to the Cloud Secure SaaS layer for analysis. See Agent Requirements to configure an agent.

Before You Begin

  • The sudo privilege is required for installation, running scripts, and uninstall.

  • The Docker CE package must be installed on the VM hosting the agent.

    To determine if the Docker CE package is installed, use the following command:
    sudo rpm -qa |grep -i docker-ce
    If the package is installed, the command returns the package name, for example:
    docker-ce-18.03.1.ce-1.el7.centos.x86_64

  • The Docker-client-xx or Docker-common-xx native RHEL Docker packages are not supported. These packages do not support the docker run cli format that Cloud Secure supports.

    Use the following commands to determine if these packages are installed:
    sudo rpm -qa | grep -i docker-client
    sudo rpm -qa |grep -i docker-common

Steps to Install Docker

  1. Install the required dependencies:
    sudo yum install yum-utils device-mapper-persistent-data lvm2

  2. Add docker stable repository to your system:
    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

  3. To use the latest version of Docker CE, enable repositories that are disabled by default:
    sudo yum-config-manager --enable docker-ce-edge

  4. Install the latest version of Docker CE using the following command:
    sudo yum install docker-ce
    (Version must be higher than 17.06)

  5. Start Docker
    sudo systemctl start docker

  6. Use the following command to automatically start Docker on system reboot:
    sudo systemctl enable docker

Docker Installation Reference

Steps to Install Docker on a VM Without Full Access to the Internet

Steps
  1. Uninstall existing docker installation:

    sudo rpm -qa | grep docker
    sudo rpm -e <rpms>

  2. Install Docker-ce

    1. Download all required rpms and copy them to the VM on which the agent is to be installed.

      https://download.docker.com/linux/centos/docker-ce.repo
      sudo yum-config-manager --add-repo <repo_file>
      https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.09.0-3.el7.x86_64.rpm
      https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-18.09.0-3.el7.x86_64.rpm
      https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
      sudo rpm -i <rpms>
      sudo systemctl enable docker
      sudo systemctl start docker

Steps to Install Agent

  1. Log in as Administrator or Account Owner to your Cloud Secure environment.

  2. Click Admin > Data Collectors > Agents > +Agent

    The system displays the Add an Agent page:

    Add agent 1
  3. Select the operating system on which you are installing the agent.

  4. Verify that the agent server meets the minimum system requirements.

  5. To verify that the agent server is running a supported version of Linux, click Versions Supported (i).

    add agent 2
  6. Click the Copy to Clipboard icon to copy the installation command.

  7. Run the installation command in a terminal window.

  8. The system displays the following message when the installation completes successfully:

    new agent detect
After You Finish
  1. You need to configure a User Directory Collector .

  2. You need to configure one or more Data Collectors.

Files Created During Installation

  • Installation directory:

    /opt/netapp/cloudsecure/agent

  • Installation logs:

    /var/log/netapp/cloudsecure/install
    /opt/netapp/cloud-secure/logs

  • Agent Logs:

  • You can use the following command to verify the agent installed correctly:
    sudo grep -irn register /opt/netapp/cloudsecure/agent/logs/agent.log

  • Use the following script to uninstall the agent:
    sudo cloudsecure-agent-uninstall.sh

Network Configuration

Use the following commands to open ports to be used by Cloud Secure.

Steps
  1. sudo firewall-cmd --permanent --zone=public --add-port=35001-35100/tcp

  2. sudo firewall-cmd --reload

  3. sudo iptables-save | grep 35001

    sample output:

  4. -A IN_public_allow -p tcp -m tcp --dport 35001 -m conntrack -ctstate NEW -j ACCEPT

Troubleshooting Agent Installation Errors

Known problems and their resolutions are described in the following table.

Problem: Resolution:

Agent installation fails with error:
"File name too long" errror

To correct this error use the sh shell to run the command.

Agent installation fails to create the ~/agent/logs folder and the install.log file provides no relevant information.

This error occurs during bootstrapping of the agent. The error is not logged in log files because it occurs before logger is initialized.
The error is redirected to standard output, and is visible in the service log using the journalctl -u cloudsecure-agent.service command. This command can be used for troubleshooting the issue further.

Agent installation fails with ‘This linux distribution is not supported. Exiting the installation’.

The supported platforms for Cloud Secure 1.0.0 are RHEL 7.x / CentOS 7.x. Ensure that you are not installing the agent on a RHEL 6.x or CentOS 6.x system.

Agent Installation failed with the error:
"-bash: unzip: command not found"

Install unzip and then run the installation command again. If Yum is installed on the machine try “yum install unzip” to install unzip software

Agent Installation failed with the error:
"Adding cssys user to docker group
Usermod: group ‘docker’ does not exist"

Install Docker service and then run the installation command again.