Universal Agent Manager - RHEL 7 Deployment
The following procedure is provided to guide UAM administrators in the installation of the solution on Red Hat 7-based hosts. Please review carefully the prerequisites section before starting with the procedure itself.
Prerequisites
Make sure all these prerequisites are met. Otherwise, the installation procedure will fail:
- Ensure the host can connect to public URLs on the Internet.
- Ensure you can access the host through SSH by using its main service IP address. It should also be possible to open an SSH connection from the same host using that IP address.
- Download the Devo UAM software, copy it to your home folder and extract it using:
cd $HOME tar -zxvf devo-ua-deployer.tgz
- Download your Devo domain certificates:
1. Connect to your Devo domain web interface
2. Access to Administration -> Credentials in the left pane
3. Select X.509 certificates in the upper menu
4. Select your certificate, download them and rename them as:
5. Click on CHAIN CA in the upper right corner →chain.crt
6. Click on certificate on the certificate row ->domain.crt
7. Click on private key on the certificate row ->domain.key
8. Copy the files to$HOME/devo-ua-deployer/domain-certs
Installation procedure
1. Check that user configured can run sudo
command without prompt. Run the following line in an SSH session where you did not previously run any sudo command:
sudo ls
If the previous command still asks for a password, you can use the next command to avoid it:
sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers "
2. Ensure base and extra RHEL7 repositories are configured and enabled:
In order to prepare the environment to deploy in RHEL7.X, repositories need to be configured. As of today, we will be using CentOS repositories while Red Hat official repositories are under validation. Follow the workaround below:
As root
user, create the next two files in /etc/yum.repos.d
/etc/yum.repos.d/centos7-base.repo
[base] name=CentOS-7 - Base mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=0 #gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos7
/etc/yum.repos.d/centos7-extra.repo
[centos7-extra] name=Centos 7 extra baseurl=http://mirror.centos.org/centos/7/extras/x86_64 #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir #failovermethod=priority enabled=1 gpgcheck=0 #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
3. Install EPEL repository:
wget -O /tmp/epel-release-latest-7.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum install /tmp/epel-release-latest-7.noarch.rpm && rm /tmp/epel-release-latest-7.noarch.rpm
4. Install Ansible:
sudo yum install ansible
5. Change the working directory to the path where the installation package was extracted:
cd $HOME/devo-ua-deployer
6. Install the Ansible playbooks' dependencies:
ansible-galaxy install -r playbooks/roles/requirements.yaml
7. Edit the inventories/py2-1host-example.yaml
file based the particular requirements of the installation. Refer to the generic deployment guidelines for additional information. If no additional requirements are needed, edit the file by following the next step.
10. Set the following properties under all.hosts.devo-ua-manager
yaml section:
ansible_host
: Devo Universal Agent Manager IP.ansible_user
: User that will run Devo UAM. Same as the user that has been configured previously in sudoers.ansible_password
: Password- If you want to use a private key instead of user and password please check the generic deployment guidelines section.
11. Set the following properties under all.vars yaml
section:
duam_relay_entrypoint
: tcp://FQDN_CENTRAL_RELAY:443
. Where FQDN_CENTRAL_RELAY
is the FQDN of your central Devo relay :Â
- If your domain is deployed in the US Cloud (us.devo.com): t
cp://us.elb.relay.logtrust.net:443
- If your domain is deployed in the EU Cloud (eu.devo.com):
tcp://eu.elb.relay.logtrust.net:443
- If your domain is deployed in a different cloud, contact your Devo representative to know your entry point.
- To send the data via a Devo Relay instead of sending it directly to Devo check here to find out more.
12. Create docker/user/config.json
file with valid empty JSON body:
echo '{}' > docker/user/config.json
13. Run the Ansible playbook:
ansible-playbook -i inventories/py2-1host-example.yaml playbooks/devo-universal-agent.yaml
Once the installation process finishes, you can connect to server app using https://DUAM_IP:8080, where DUAM_IP
is the Devo Universal Agent Manager IP. User and password were configured in your inventory file.
Upon agent installation, all monitored endpoints (please refer to Universal Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required. This is an example screenshot:
Troubleshooting
Use the following commands to verify the status of all the services exposed by the UA Manager:
To check the status port 8080:
systemctl status devo-ua-manager
To check the status port 8081:
systemctl status nginx