How can I setup my own Docker registry for the agent?

This guide details setting up a local container registry and how to use it for agent installations in a Sysdig Monitor air-gapped on-prem environment.

 

Create Your Registry Server  

This assumes the host to be used as a registry server has access to the Internet to pull down the Docker containerized registry application:

docker run -d -p 5000:5000 --restart=always --name registry registry:2

 

Pull Down The Sysdig Monitor Agent Image:

docker pull sysdig/agent && docker tag sysdig/agent localhost:5000/agent

 

Agent Install Attempt #1:

On a host without kernel headers installed nor access to the Internet, attempt to install the agent to find out which pre-compiled kernel module file is needed. The download will fail as expected, in this step we only want to record which module file we need to manually fetch for later:

docker run  --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=831f2718-c3b9-4310-9ffb-a0fbc9d69401 -e TAGS=example_tag:example_value -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro localhost:5000/agent

Output:

See both the kernel module file build & download fail.  This is OK since we are looking to find which kernel module is needed and will copy it over manually later:

* Setting up /usr/src links from host
* Setting access key
* Setting tags
* Mounting memory cgroup fs
* Unloading sysdigcloud-probe, if present
rmmod: ERROR: Module sysdigcloud_probe is not currently loaded
* Running dkms autoinstall
Error! echo
Your kernel headers for kernel 3.16.0-38-generic cannot be found at
/lib/modules/3.16.0-38-generic/build or /lib/modules/3.16.0-38-generic/source.
* Trying to load a system sysdigcloud-probe, if present
* Trying to load a dkms sysdigcloud-probe, if present
* Trying to find precompiled sysdigcloud-probe for 3.16.0-38-generic
Found kernel config at /host/boot/config-3.16.0-38-generic
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdigcloud-probe-0.54.0-x86_64-3.16.0-38-generic-8b39f8b698e266f0420779fa2051aaa9.ko
Download failed, consider compiling your own sysdigcloud-probe and loading it or getting in touch with the sysdig community

 

Now Fetch Needed Kernel .ko File Manually:

Fetch and Copy:

sysdigcloud-probe-0.54.0-x86_64-3.16.0-38-generic-8b39f8b698e266f0420779fa2051aaa9.ko

From:

https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/index.html

To: the root account's .sysdig directory ( /root/.sysdig ) of your air-gapped host where the agent is to be agent installed.  This assumes you are logging in as root to perform the agent installation.

The probe module loader looks in /root/.sysdig for any pre-compiled modules matching the correct version/kernel.

 

Agent Install Attempt 2:

Add the bind mount parameter of the location of the precompiled .ko file (named with hash!).  The container image will be pulled from your new local registry and the precompiled module will be pulled from the .sysdig dirctory on your host:

docker run  --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=123456a -e TAGS=example_tag:example_value -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /root/.sysdig:/root/.sysdig localhost:5000/agent

 

Finish:  

The agent should successfully install.

 

 

Reference:

Where does the installer put our kernel modules?

cd /lib/modules/$(uname -r)/kernel/extra
ls
sysdigcloud-probe.ko  sysdig-probe.ko   -rw-r--r--  1 root root
Have more questions? Submit a request