Agent Auto-Config

Follow

Introduction

If you want to maintain centralized control over the configuration of your Sysdig Monitor Agents, one of the following approaches is typically ideal:

  1. Via an orchestration system, such as using Kubernetes DaemonSets
  2. Using a configuration management system, such as Chef or Ansible

However, if these approaches are not viable for your environment, or to further augment your Agent configurations via central control, Sysdig Monitor provides an Auto-Config option for Agents. The feature allows you to upload fragments of YAML configuration to Sysdig Monitor that will be automatically pushed and applied to some/all of your Agents based on your requirements.

Enabling Agent Auto-Config

Independent of the Auto-Config feature, typical Agent configuration lives in /opt/draios/etc and is derived from a combination of base config in the dragent.default.yaml file and any overrides that may be present in dragent.yaml. Agent Auto-Config adds a middle layer of possible overrides in an additional file dragent.auto.yaml. When present, the the order of config application from highest precedence to lowest now becomes:

  1. dragent.yaml
  2. dragent.auto.yaml
  3. dragent.default.yaml

While all Agents are by default prepared to receive and make use of Auto-Config data, the file dragent.auto.yaml will not be present on an Agent until you've pushed central Auto-Config data to be applied to that Agent.

Auto-Config settings are performed via Sysdig Monitor's REST API. Simplified examples are available that use the Python client library to get or set current Auto-Config settings. Detailed examples using the REST API are shown below.

The REST endpoint for Auto-Config is /api/agents/config. Use the GET method to review the current configuration. The following example shows the initial empty settings that result in no dragent.auto.yaml files being present on your Agents.

curl -X GET \
       --header "Authorization: Bearer xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" \
       https://app.sysdigcloud.com/api/agents/config
 
 
Output:
{
    "files": []
}

Use the PUT method to centrally push YAML that will be distributed and applied to your Agents as dragent.auto.yaml files. The content parameter must contain syntactically-correct YAML. The filter option is used to specify if the config should be sent to one agent or all of them, such as in this example to globally enable Debug logging on all Agents:

curl -X PUT \
       --header "Content-Type: application/json" \
       --header "Authorization: Bearer xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" \
       https://app.sysdigcloud.com/api/agents/config -d '
{
  "files": [
    {
      "filter": "*",
      "content": "log:\n  console_priority: debug"
    }
  ]
}'

Alternatively, the filter can specify a hardware MAC address for a single Agent that should receive a certain YAML config. All MAC-specific configs should appear at the top of the JSON object and are not additive to any global Auto-Config specified with "filter": "*" at the bottom. For example, when the following config is applied, the one Agent that has the MySQL Application Check configured would not have Debug logging enabled, but all others would.

curl -X PUT \
       --header "Content-Type: application/json" \
       --header "Authorization: Bearer xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" \
       https://app.sysdigcloud.com/api/agents/config -d '
{
  "files": [
    {
      "filter": "host.mac = \"08:00:27:de:5b:b9\"",
      "content": "app_checks:\n  - name: mysql\n    pattern:\n      comm: mysqld\n    conf:\n      server: 127.0.0.1\n      user: sysdig-cloud\n      pass: sysdig-cloud-password"
    },
    {
      "filter": "*",
      "content": "log:\n  console_priority: debug"
    }
  ]
}'

To update the active central Auto-Config settings, simply PUT a complete replacement JSON object.

All connected Agents will receive centrally-pushed Auto-Config updates that apply to them based on the filter settings. Any Agent whose Auto-Config is enabled/disabled/changed based on the centrally-pushed settings will immediately restart, putting the new configuration into effect. Any central Auto-Config settings that would result in a particular Agent's Auto-Config remaining the same will not trigger a restart.

Disabling Agent Auto-Config

To clear all Agent Auto-Configs, use the PUT method to upload the original blank config setting of  '{ "files": [] }'.

It is also possible to override active Auto-Config on an individual Agent. To do so, follow these steps for your Agent:

  1. Add the following config directly to the dragent.yaml file:
    auto_config: false
  2. Delete the file /opt/draios/etc/dragent.auto.yaml
  3. Restart the Agent

For such an Agent to opt-in to Auto-Config again, remove auto_config: false from the dragent.yaml and restart the Agent.

Restrictions

To prevent the possibility of pushing Auto-Config that would damage an Agent's ability to connect, the following keys will not be accepted in the centrally-pushed YAML.

  • auto_config
  • customerid
  • collector
  • collector_port
  • ssl
  • ssl_verify_certificate
  • ca_certificate
  • compression

 

Have more questions? Submit a request