Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trento reorg install agents #204

Merged
merged 3 commits into from
Feb 4, 2025
Merged

Trento reorg install agents #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
213bf61
Install agents include
Feb 4, 2025
fe69881
Language review
Feb 4, 2025
1123785
Address feedback
Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
147 changes: 1 addition & 146 deletions trento/xml/article_sap_trento.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,152 +83,7 @@ As agreed on https://confluence.suse.com/x/DAEcN on our Trento doc kick off
<xi:include href="trento-lifecycle.xml"/>
<xi:include href="trento-requirements.xml"/>
<xi:include href="trento-install-server.xml"/>

<section xml:id="sec-trento-installing-trentoagent">
<title>Installing &t.agent;s</title>
<important>
<title>Expect changes in the installation procedure</title>
<para>
The product is under active development. Expect changes in the described
installation procedure.
</para>
</important>

<para>
Before you can install a &t.agent;, retrieve the API key of your &t.server;.
Proceed as follows:
</para>
<procedure>
<step>
<para>
Open the URL of the Trento Web console (<uri>http://<replaceable>TRENTO_SERVER_HOSTNAME</replaceable></uri>).
It prompts you for a user name and password:
</para>
<!-- add login of Trento Server -->
<informalfigure>
<mediaobject>
<imageobject>
<imagedata fileref="trento-web-login.png" width="30%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>Enter the credentials for the <systemitem class="username">admin</systemitem> user
(established when installing &t.server;).</para>
</step>
<step>
<para>Click <guimenu>Login</guimenu>. As this is the first time you access the console,
you will be prompted to accept the license agreement. Click <guimenu>Accept</guimenu> to continue.
Otherwise, you cannot use Trento.</para>
</step>
<step>
<para>Once inside the console, go to Settings:</para>
<!-- Add API key screen -->
<informalfigure>
<mediaobject>
<imageobject>
<imagedata fileref="trento-settings-apikey.png" width="80%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>Click the <guimenu>Copy</guimenu> button to copy the key to your clipboard.</para>
</step>
</procedure>
<para>
To install the &t.agent; on an SAP host and register it
with the &t.server;, repeat the steps in <xref linkend="pro-trento-installing-trentoagent"/>:
</para>
<procedure xml:id="pro-trento-installing-trentoagent">
<title>Installing &t.agent;s</title>
<step>
<para>
Install the package:
</para>
<screen>&prompt.user;sudo zypper ref
&prompt.user;sudo zypper install trento-agent</screen>
</step>
<step>
<para>
Open the configuration file <filename>/etc/trento/agent.yaml</filename>
and uncomment (use <literal>#</literal>) the entries for
<parameter>facts-service-url</parameter>, <parameter>server-url</parameter> and
<parameter>api-key</parameter>. Update the values appropriately:
</para>
<itemizedlist>
<listitem>
<para><parameter>facts-service-url</parameter>: the address of the AMQP RabbitMQ service used
for communication with the checks engine (wanda). The correct value of this parameter depends on
how &t.server; was deployed.</para>
<para> In a Kubernetes deployment, it is <uri>amqp://trento:trento@TRENTO_SERVER_HOSTNAME:5672/</uri>. If the default RabbitMQ username and password (trento) were updated using helm,
the parameter must use the custom value. </para>
<para> In a systemd or containerized deployment, the correct value is <uri>amqp://TRENTO_USER:TRENTO_USER_PASSWORD@TRENTO_SERVER_HOSTNAME:5672/vhost</uri>. If <replaceable>TRENTO_USER</replaceable> and <replaceable>TRENTO_USER_PASSWORD</replaceable> were replaced with custom values, you must use them.
</para>
</listitem>
<listitem>
<para><parameter>server-url</parameter>: URL for the Trento Server (<uri>http://TRENTO_SERVER_HOSTNAME</uri>)
</para>
</listitem>
<listitem>
<para>
<parameter>api-key</parameter>: the API key retrieved from the Web console
</para>
</listitem>
</itemizedlist>
</step>
<step>
<para>
If SSL termination has been enabled on the server side, you can encrypt the
communication from the agent to the server as follows:</para>
<itemizedlist>
<listitem>
<para>Provide an HTTPS URL instead of an HTTP one.</para>
</listitem>
<listitem>
<para>Import the certificate from the CA that has issued your
&t.server; SSL certificate into the &t.agent; host as follows:</para>
<procedure>
<step>
<para>Copy the CA certificate in PEM format to <filename>/etc/pki/trust/anchors/</filename>.
If your CA certificate is in CRT format, convert it to PEM using the <command>openssl</command>
command as follows:
</para>
<screen><command>openssl</command> x509 -in mycert.crt -out mycert.pem -outform PEM</screen>
</step>
<step>
<para>Run the <command>update-ca-certificates</command> command.</para>
</step>
</procedure>
</listitem>
</itemizedlist>
</step>
<step>
<para>
Start the &t.agent;:
</para>
<screen>&prompt.user;sudo systemctl enable --now trento-agent</screen>
</step>
<step>
<para>Check the status of the &t.agent;:</para>
<screen>&prompt.user;sudo systemctl status trento-agent
● trento-agent.service - &t.agent; service
Loaded: loaded (/usr/lib/systemd/system/trento-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-11-24 17:37:46 UTC; 4s ago
Main PID: 22055 (trento)
Tasks: 10
CGroup: /system.slice/trento-agent.service
├─22055 /usr/bin/trento agent start --consul-config-dir=/srv/consul/consul.d
└─22220 /usr/bin/ruby.ruby2.5 /usr/sbin/SUSEConnect -s

[...]</screen>
</step>
<step>
<para> Repeat this procedure in all SAP hosts that you want to monitor. </para>
</step>
</procedure>
</section>
<xi:include href="trento-install-agents.xml"/>

<section xml:id="sec-trento-user-management">
<title>User management</title>
Expand Down
183 changes: 183 additions & 0 deletions trento/xml/trento-install-agents.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml-model href="file:/usr/share/xml/geekodoc/rng/geekodoc5-flat.rnc"
type="application/relax-ng-compact-syntax"?>
<!DOCTYPE article
[
<!ENTITY % entities SYSTEM "generic-entities.ent">
%entities;
]>
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="sec-trento-installing-trentoagent">
<title>Installing &t.agent;s</title>
<para>
Before you can install a &t.agent;, you must obtain the API key of your &t.server;.
Proceed as follows:
</para>
<procedure>
<step>
<para>
Open the URL of the Trento Web interface
(<uri>http://<replaceable>TRENTO_SERVER_HOSTNAME</replaceable></uri>).
It prompts you for a user name and password:
</para>
<!-- add login of Trento Server -->
<informalfigure>
<mediaobject>
<imageobject>
<imagedata fileref="trento-web-login.png" width="30%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>
Enter the credentials for the <systemitem
class="username">admin</systemitem> user (specified during installation of
&t.server;).
</para>
</step>
<step>
<para>
Click <guimenu>Login</guimenu>.
</para>
</step>
<step>
<para>
When you are logged in, go to Settings:
</para>
<!-- Add API key screen -->
<informalfigure>
<mediaobject>
<imageobject>
<imagedata fileref="trento-settings-apikey.png" width="80%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>
Click the <guimenu>Copy</guimenu> button to copy the key to the clipboard.
</para>
</step>
</procedure>
<para>
To install the &t.agent; on an SAP host and register it with the &t.server;,
repeat the steps in <xref linkend="pro-trento-installing-trentoagent"/>:
</para>
<procedure xml:id="pro-trento-installing-trentoagent">
<title>Installing &t.agent;s</title>
<step>
<para>
Install the package:
</para>
<screen>&prompt.user;sudo zypper ref
&prompt.user;sudo zypper install trento-agent</screen>
</step>
<step>
<para>
Open the configuration file <filename>/etc/trento/agent.yaml</filename>
and uncomment (remove the
<literal>#</literal> character) the entries for <parameter>facts-service-url</parameter>,
<parameter>server-url</parameter> and <parameter>api-key</parameter>.
Update the values as necessary:
</para>
<itemizedlist>
<listitem>
<para>
<parameter>facts-service-url</parameter>: the address of the AMQP
RabbitMQ service used for communication with the checks engine
(wanda). The correct value of this parameter depends on how
&t.server; was deployed.
</para>
<para>
In a &k8s; deployment, it is
<uri>amqp://trento:trento@TRENTO_SERVER_HOSTNAME:5672/</uri>. If the
default RabbitMQ username and password
(<literal>trento:trento</literal>) were updated using Helm, the
parameter must use a user-defined value.
</para>
<para>
In a systemd or containerized deployment, the correct value is
<uri>amqp://TRENTO_USER:TRENTO_USER_PASSWORD@TRENTO_SERVER_HOSTNAME:5672/vhost</uri>.
If <replaceable>TRENTO_USER</replaceable> and
<replaceable>TRENTO_USER_PASSWORD</replaceable> have been replaced
with custom values, you must use them.
</para>
</listitem>
<listitem>
<para>
<parameter>server-url</parameter>: URL for the Trento Server
(<uri>http://TRENTO_SERVER_HOSTNAME</uri>)
</para>
</listitem>
<listitem>
<para>
<parameter>api-key</parameter>: the API key retrieved from the Web console
</para>
</listitem>
</itemizedlist>
</step>
<step>
<para>
If SSL termination has been enabled on the server side, you can encrypt
the communication from the agent to the server as follows:
</para>
<itemizedlist>
<listitem>
<para>
Provide an HTTPS URL instead of an HTTP one.
</para>
</listitem>
<listitem>
<para>
Import the certificate from the Certificate Authority that has
issued your &t.server; SSL certificate into the &t.agent; host as
follows:
</para>
<procedure>
<step>
<para>
Copy the CA certificate in the PEM format to
<filename>/etc/pki/trust/anchors/</filename>. If the CA
certificate is in the CRT format, convert it to PEM using the
following <command>openssl</command> command:
</para>
<screen><command>openssl</command> x509 -in mycert.crt -out mycert.pem -outform PEM</screen>
</step>
<step>
<para>
Run the <command>update-ca-certificates</command> command.
</para>
</step>
</procedure>
</listitem>
</itemizedlist>
</step>
<step>
<para>
Start the &t.agent;:
</para>
<screen>&prompt.user;sudo systemctl enable --now trento-agent</screen>
</step>
<step>
<para>
Check the status of the &t.agent;:
</para>
<screen>&prompt.user;sudo systemctl status trento-agent
● trento-agent.service - &t.agent; service
Loaded: loaded (/usr/lib/systemd/system/trento-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-11-24 17:37:46 UTC; 4s ago
Main PID: 22055 (trento)
Tasks: 10
CGroup: /system.slice/trento-agent.service
├─22055 /usr/bin/trento agent start --consul-config-dir=/srv/consul/consul.d
└─22220 /usr/bin/ruby.ruby2.5 /usr/sbin/SUSEConnect -s

[...]</screen>
</step>
<step>
<para>
Repeat this procedure on all SAP hosts that you want to monitor.
</para>
</step>
</procedure>
</section>