Child pages
  • Agent Installation

This is the documentation of the latest development version of automaIT. The documentation of the latest stable release can be found at AUTOMAIT.

Skip to end of metadata
Go to start of metadata

Description

The agent is managed by the server and executes commands on its host operating system. An agent can be started in three different modes regarding the connectability:

  • HTTP
  • HTTPS
  • SSH (not supported on Windows Platforms)

Please note:

HTTP is an unsecured protocol and should therefore only be used in exceptional cases.

automaIT comes up with predefined SSL certificates for server-agent-communication to provide a quick start up. However, this predefined configuration is quite insecure and not recommended for production use. Please refer to SSL certificates in the Configuration section on how to set up a well secured server-agent-communication.

Requirements

Operating System

Unix-like Systems

The agent should run on every Unix operating system fulfilling the software prerequisites.

For example:

  • Linux
  • Solaris
  • CentOS

Apart from a few exceptions the agent must be started as superuser (root).

The agent will switch the user with su if the server requests a command to be executed under a different user. When using sudo please keep in mind that /etc/sudoers may override environment variables or set a specific PATH.

 Windows

The agent should run on every Windows Server environment.

The agent must be started with administration rights if the agent should perform privileged actions (e.g. program installations or access restricted directories in Windows).
This can either be achieved by configuring the agent as a Windows service or by adding it as a new task to the Windows task scheduler (with activating the flag for running with highest privileges).

Java

The following Java Runtime Environment (JRE) implementations (64bit or 32bit) starting at version 7 are supported.

Version

Status

Oracle Java 64-bit, Version 7.x or 8.x

(tick) supported (recommended)

OpenJDK Java 64-bit, Version 7.x or 8.x

(tick) supported

IBM Java 64-bit, Version 7.x or 8.x

(tick) supported

If the agent start aborts with "Unsupported major.minor version 51.0" then a Java 6 is mistakenly found in PATH. Please check your PATH variable so that the bin directory of Java 7 resp. Java 8 is found first.

Installation

Installing the agent is very simple. Its not much more than expanding the archive np-agent.zip.

Do not edit any files of the agent (including agent.sh and agent.cmd) unless you are advised to do so. Files may be overwritten by the next automatic agent update.

You may only edit the configuration files config.properties and logback.xml.

For simplicity HTTPS is the preconfigured connection method. Find further details on how to customize the SSL connections in SSL certificates.

 Unix-like Systems

The agent is delivered as compressed file in zip format.
This can be unzipped using the unzip command. To use unzip it may be required to install this first.

su -
mkdir -p /opt/automait/agent
cd /opt/automait/agent
unzip np-release-<VERSION>/np-agent.zip
chmod -R 0700 /opt/automait/agent

Windows

The agent is delivered as zipped archive file. This may be unzipped directly in the Windows explorer or by using an external application like 7-Zip or WinZip.

mkdir C:\automait\agent
cd C:\automait\agent
7z.exe x np-release-<VERSION>\np-agent.zip

Startup

 Unix-like Systems

Running process unattached to a terminal

On Linux and Unix the agent runs commands without the possibility for the user to provide input via keyboard, thus the process is not allowed to be attached to a terminal. To ensure this constraint the agent needs to be started via the setsid command. To make it a background task, nohup can be used.

The agent is started as root via the /opt/automait/agent/agent.sh script. It is a permanently running process. 

su -
setsid nohup /opt/automait/agent/agent.sh

Windows

Manual startup

The agent is started via the C:\automait\agent\agent.cmd command file. It is a permanently running process. 

C:\automait\agent\agent.cmd

Usage of JAVA_HOME environment variable

The agent.cmd startup file evaluates the environment variable JAVA_HOME to find the path to the configured java installation. Please note that this path must not be quoted as this is already done by the startup script.

 

Task Scheduler startup

The Agent is started via a preconfigured Windows task.

The following describes the setup process:

  1. Open up the "Windows Task Scheduler" and click on "Create Task..."
  2. Enter a "Name".
  3. In the "Security options" change the user or group if necessary. This configured user or group will be used to run the task.
  4. Also select the "Run whether user is logged on or not" option and activate the "Run with highest privileges" checkbox.
  5. On the "Triggers" tab add a new trigger with the "At startup" option in the "Begin the task" dropdown.
  6. On the "Actions" tab add a new action with type "Start a programm" and select the start script (C:\automait\agent\agent.cmd) in the "Settings" area.
  7. On the "Settings" tab deselect the option "Stop task if it runs longer than:".
  8. Restart your system. The agent should be successfully started at Windows startup.

Firewall Configuration

To connect to the agent from automaIT server, the remote systems firewall has to be disabled or configured for remote connections on port 9999.

 Unix-like Systems

IPTables based firewalls can be configured with the following commands:

su -
iptables -I INPUT -p tcp --dport 9999 --syn -j ACCEPT
service iptables save

Using SuSEfirewall2 the configuration has to be done through Yast or by creating the file

/etc/sysconfig/SuSEfirewall2.d/services/automait-agent
## Name: automaIT agent
## Description: Open port 9999 to connect to automaIT agent from automaIT servers

# space separated list of allowed TCP ports
TCP="9999"

# space separated list of allowed UDP ports
UDP=""

# space separated list of allowed RPC ports
RPC=""

# space separated list of allowed IP protocols
IP=""

# space separated list of allowed UDP broadcast ports
BROADCAST=""

and adding automait-agent to the variables FW_CONFIGURATIONS_EXT, FW_CONFIGURATIONS_DMZ and  FW_CONFIGURATIONS_INT in /etc/sysconfig/SuSEfirewall2.

Last but not least the firewall has to be restarted to make the changes productive:

sudo rcSuSEfiewall2 restart

 

Windows

To configure the Windows Firewall for incoming TCP traffic on port 9999 the following command line can be used instead of configuring through the firewall UI.

netsh advfirewall firewall add rule name="automaIT Agent" dir=in action=allow protocol=TCP localport=9999

To delete above rule and therefore close port 9999 use:

netsh advfirewall firewall delete rule name="automaIT Agent"

Automatic Agent Update

If a new automaIT release includes an updated agent version then all hosts will be put into the uninitialized state on the first startup. The next host initialization will then update the agent automatically.

The automatic agent update makes it very easy to update agents: they must not be installed manually on each release update.

How the automated agent update works

The automatic agent update is possible because the server deployment includes the agent software package and uses the update interface of the agent to update the agent and restart it.

Editing agent files

Do not edit files other than config.properties or logback.xml! Otherwise, the agent update might fail.

  • No labels