The Sysdig Monitor on-premises container monitoring solution can be setup as either a single-server (“all-in-one”) solution for small or demonstration environments, or as a multi-server distributed enterprise solution. In single-server environments, the server houses the complete component suite, including the API server, metrics collector, several databases, and the metrics aggregation worker in addition to the application management component; for multi-server distributed environments, the components can be distributed across multiple servers as desired.
This guide covers the installation and setup process for the management server, as well as the additional steps required to configure a multi-server distributed enterprise environment, using the Replicated infrastructure manager.
Note: For information regarding installing Sysdig Monitor in a Kubernetes infrastructure, refer to the Sysdig Cloud on Kubernetes documentation.
A 64-bit Linux distribution with a minimum kernel version of 3.10, and support of docker-engine 1.7.1 or later, is required for each server instance. The installation process includes Docker install steps - if Docker is not already installed.
For the Docker installation, running devicemapper in 'loopback mode' is not supported. It has known performance problems and a different storage driver should be used. Please see this note from our Replicated infrastructure partner: devicemapper-installation-warning
Installing the latest version of Docker is recommended.
The following tables outline the recommended minimum resources for each server/node in the environment:
Note: The application node is automatically named
local; the Linux server name can be different.
|Component Name||Resources Required|
Note: Sysdig recommends using SSD.
Important: While a server can host multiple functions, Sysdig recommends using separate servers for each component role in a multi-server environment for ease of scalability as the infrastructure grows.
Component names and tags will be assigned in the Multi-Server Configuration process below.
|Component Name||Resources Required|
Note: Sysdig recommends using SSD.
Note: Hardware resource requirements are lower for a multi-server installation, as applications components are distributed over several instances.
The following firewall/security configurations are required for inbound traffic:
|6443||Open||Agent Communication (TLS/encrypted)|
|443||Open||Sysdig Monitor user-interface access|
|8800||Open||Administration console access|
|6666||Open (optional)||Agent communication (unencrypted)|
Warning: Port 6666 should only be opened if agents will be communicating with the collectors without encryption.
Additional ports may need to be configured for the Replicated infrastructure manager. Refer to the Replicated port requirements documentation for more information.
To enable AWS Cloudwatch integration, port 443 must be open from the worker nodes to the relevant Cloudwatch endpoints. For endpoint hostnames, and more information on AWS Cloudwatch, refer to the AWS Regions and Endpoints documentation.
All hosts require outbound HTTP/S internet access for:
- License validation
- Pulling Sysdig/Agent containers from the Docker hub repository
- Release update checks
Note: Sysdig does not support HTTP/S proxies for Sysdig platform components. Refer to the Air Gapped Installation section of this document if no internet access will be available for the hosts.
Multiple components of Sysdig Monitor require the system clocks to be closely synchronized between hosts. When provisioning hosts for installation, ensure the system clocks are synchronized.
Sysdig recommends installing NTP to ensure all host clocks stay synchronized.
Replicated Infrastructure Installation
- Log into the server instance with SSH.
- Run the following command to install the Replicated Infrastructure and Docker:
sudo curl -sSL https://install.sysdigcloud.com/docker | sudo bash
Note: If Docker is already installed on the server instance, or if the Linux distribution is not supported, add
-s --no-dockerto the command:
sudo curl -sSL https://install.sysdigcloud.com/docker | sudo bash -s -- no-docker
Note: If installing the Replicated Infrastructure behind a proxy, modify the installation command as shown below:
sudo curl -sSL -x http://<proxy>:<port> -o /tmp/sdc-onpremises-installer.sh https://install.sysdigcloud.com/docker && bash /tmp/sdc-onpremises-installer.sh http-proxy=http://<proxy>:<port>
Management Server Installation
- Open a browser, and navigate to the Sysdig Monitor admin window:
- Input the server hostname.
- Accept the self-signed certificate, or upload a custom SSL certificate and private key.
Note: If a self-signed certificate is uploaded, it must include the end user, all intermediate, and the root certificates, as the certificate will be used for the load balancers handling the Collector and API components, in addition to the admin console.
- Click the
Choose Licensebutton, and upload the license file.
- Once the license validation is complete, secure the admin console using a local password, LDAP user account, or anonymous access (insecure).
Note: Sysdig recommends securing the console with either a local password or LDAP user account.
- Configure the settings panel as appropriate for the server instance, and click
Note: For more information regarding the fields and required values, refer to Appendix One of this document.
Start Nowto start the server instance.
The single-server installation is now complete. To continue with the distributed installation setup process, skip to the Distributed Installation Wrap-Up section below.
Single-Server Installation Summary
The dashboard will remain in Starting mode for approximately 4-5 minutes, depending on the internet connection bandwidth, while Sysdig application software is downloaded and installed. Once the installation is complete, the dashboard will move to Started mode.
- Click the Open link to navigate to the Sysdig Monitor login panel.
- Input the Default User login credentials defined in the Management Server Installation section above.
- To start, stop, and update the application, or to retrieve support information, use the Management Dashboard:
- To login as a user and see metrics for hosts with the Sysdig Agent installed, use the Application Web Interface:
After the management server is setup and the "Start Now" button is clicked, the management server component will be up and running but an error on the start button will indicate the remaining application components need to be assigned and installed. Continue with the following steps:
8. Assign the ‘local’ (management) server the role of API load-balancer by clicking the blue 'Tags' icon in the row for 'local' and selecting ‘lb_api’ from the list presented. This server will now also act as the load-balancer for API calls.
9. Assign remaining roles and install software onto all cluster servers
Click on the blue 'Add Host' button and select the desired method of installation. You can choose between a Curl script or Docker run command. Enter the public and private IP addresses then choose one or more components to be assigned to the node. At the bottom of the window a command will be built that you can then copy and issue on your node.
Repeat this procedure until all roles are assigned to your servers.
You can click to assign multiple rolls to a single node. The recommended configuration is repeated below, note that the MySQL and Redis roles can be assigned to the same server instance. While you can have multiple 'api', 'collector', 'worker' and database instances, you can only configure one 'lb_api' and 'lb_collector' instance since they are load-balancers.
The 'lb_api' node handles user connection requests to the Sysdig application and the 'lb_collector' handles connections from the agents. When setting up a DNS entry for the cluster, use the address for the 'lb_api' node.
|api||api||Application Programming Interface server|
|cassandradb||cassandra||Cassandra database server|
|elasticsearch||elasticsearch||Elasticsearch server for events storage/search|
|collector||collector||Agent metrics collector|
|lb_collector||lb_collector||Load balancer for collector service|
|local||lb_api||Load balancer for API service|
|mysql_redis||mysql & redis||MySQL & Redis databases server|
|worker||worker||Metrics history processor|
10. Start the Sysdig Monitor Application.
After all roles have been assigned you should see green check marks for each host next to the Provisioned and Connected columns as the software is installed and the node connects successfully to the management server. You can then start the application via the Dashboard > Start Now button.
The Sysdig application cluster configuration is now finished. The dashboard will be in “Starting” mode for several minutes while software is downloaded and installed onto each server component (depending on your internet connection bandwidth). Once the installation is fully completed, the infrastructure admin dashboard will be in “Started” mode and will also show the “Open” link that will bring you to Sysdig Monitor web interface login screen. At the login screen use the credentials configured earlier (Default User) to login and start using the Sysdig Monitor on-premises solution.
To start, stop, and update the application or retrieve support information use the Management Dashboard: https://server_address:8800
To login as a user and see metrics about your Sysdig agent installed hosts, use the Application Web Interface: http://server_address:80
Replicated infrastructure manager supports installation of the Sysdig Monitor containerized application within an "airgapped" environment. An airgapped environment is a network that has no inbound or outbound paths available to internet traffic.
A server instance with Docker version 1.7.1 or later installed is required prior installation.
Note:The replicated airgap installation script does not install
docker-engine. Sysdig recommends using the latest version of Docker available for the server operating system. For more information on installing Docker in an airgapped environment, refer to the Installing Docker in an Airgapped Environment documentation.
- Download the latest Sysdig installation files using the links provided by the Sysdig Sales Engineer:
- The Sysdig Cloud application .airgap package.
- The Sysdig Cloud application license file (.rli).
- Optionally the Sysdig agent Docker image.
- Download the latest Replicated infrastructure manager installation file from:
- Copy all downloaded files to
/var/tmp/sysdigon your airgapped server.
- Open a command shell on the airgapped server and extract the
sudo tar xzvf replicated.tar.gz
- Run the following command to install the Replicated infrastructure manager:
sudo cat ./install.sh | sudo bash -s airgap
- In a browser, navigate to the management console:
server_addresswith the server name/IP address.
- Accept the default self-signed certificate, or provide a custom one, and click Continue.
- On the next screen, once the “preflight” checks have been resolved, select the
Airgappedoption, and click
- Provide a path to the Sysdig application
- Upload the
Note: Once the installation process is completed, follow the directions from step 7 onwards in the Distributed On-Premises Installation instructions above to continue the configuration process.
Upgrading Replicated Agents and Sysdig Cloud Application
Upgrade Replicated Components
The Replicated infrastructure installs its own container based agents that deploy and manage the various Sysdig back-end components. To confirm the currently running version of the Replicated agent, perform
replicated --version at the command line on each host. [Reference Replicated.com]
Be sure to stop the Sysdig Monitor application from the management console before upgrading the Replicated agent.
Upgrade Replicated Agent
For installations where the Management server has access to the internet:
- Run the following command on the management host to upgrade the replicated infrastructure:
sudo curl -sSL https://get.replicated.com/docker | sudo bash
- Run the following command on the remaining nodes in the cluster:
sudo curl -sSL https://get.replicated.com/operator | sudo bash
Upgrade Airgapped Replicated Agent
To upgrade Replicated in an airgapped (no Internet) installation:
- Download the latest Replicated agent installation package:
curl https://s3.amazonaws.com/replicated-airgap-work/replicated.tar.gz > replicated.tar.gz
- In a command shell, extract the Replicated installer:
sudo tar xzvf replicated.tar.gz
- Run the 'install.sh' script on the management host:
sudo cat ./install.sh | sudo bash -s airgap
- Run the 'operator_install.sh' script on all remaining nodes:
sudo cat ./operator_install.sh | sudo bash -s airgap
Upgrade Sysdig Application
When upgrading the Replicated infrastructure installation of the Sysdig cluster, the best practice is to install upgrades sequentially, one version at the time. This ensures consistent database migrations and allows for easier troubleshooting should problems occur. For this reason we recommend staying fairly up-to-date on the release cycle and avoid 'stacking up' upgrades.
To upgrade the Sysdig Cloud application, go to the Management Console > Dashboards tab and click View Update. You will see a release history list and "New" for any new releases. Click 'Install' for the desired release.
Upgrade Airgapped Sysdig Application
- Download the new Sysdig application .airgap installer using the link and password supplied for the initial installation.
- Copy the .airgap file to the update directory in the management host. The update path is configured in the Console Settings > Airgapped Settings section accessible by clicking the gear icon in the management console.
- Navigate to the Management Console > Dashboards tab and click View Update.
- Install the update by clicking 'Install' for the desired version.
Agent SSL Configuration
Sysdig X version 3.0.7 and later releases enable SSL by default for encrypted communication between the Sysdig agent and the backend metrics collector. The example command below configures secure communication over port 6443 with the
COLLECTOR_PORT flag; the
CHECK_CERTIFICATE flag is set to false in this example as the certificate is not signed (the certificate is only for encryption):
docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=123456-3936-4c60-9cf4-123456abc -e COLLECTOR=10.1.1.123 -e COLLECTOR_PORT=6443 -e CHECK_CERTIFICATE=false -e TAGS=dept:eng -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/agent
The example command above creates the following
/opt/draios/etc/dragent.yaml agent configuration file:
Disable SSL Encryption
To disable SSL encryption, remove the
CHECK_CERTIFICATE flag, and set the
SECURE flag to
false. An example command is shown below:
docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=123456-3936-4c60-9cf4-123456abc -e COLLECTOR=10.1.1.123 -e SECURE=false -e TAGS=dept:eng -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/agent
The example command above produces the following
/opt/draios/etc/dragent.yaml agent configuration file. The config file disables SSL upon startup, and uses the non-secure default port
customerid: 123456-3936-4c60-9cf4-123456abc tags: dept:eng collector: 10.1.1.123 ssl: false
Note: Redeploying previously installed agents when upgrading the Sysdig Monitor on-premises application from versions older than 307 is unnecessary, as they are backwards compatible, and will continue to connect on non-SSL port 6666. However, if infrastructure security is a concern, remove the older agents, then re-install the latest version.
Troubleshooting Airgapped Upgrades
For troubleshooting steps, refer to: On-Premises Install Troubleshooting Steps.
Appendix One: Server Settings
Hostname By default this field is preconfigured with the current server public IP. If you install Sysdig Monitor behind a private network a firewall or proxy, change it to the server’s private address or routable DNS. Default User The default username/password used to log into the Sysdig Monitor console SMTP Relay Configuration The SNTP Server, port, login, password, and secure connection type used to send notifications Email Header Configuration The content of the From header in the e-notifications and alerts
|Hostname (required)||The server hostname. By default, the value is the management server's public IP. If the Sysdig Monitor instance is installed behind a private network, firewall, or proxy, configure the hostname to the server's private address or routable DNS.|
|Default User (required)||The default username and password used to log into the Sysdig Monitor admin console.|
|SMTP Relay Configuration||The SMTP server, port, login, password, and secure connection type used to send notifications.|
|Email Header Configuration||The From header content in e-notifications and alerts|
Appendix Two: Custom Self-Signed Certificate
Sysdig Monitor/Cloud/etc uses a self-signed SSL security certificate, unless a custom certificate is provided. The example command below creates a custom, unsigned certificate called
MyCert.pem; the certificate has a private key called
MyCert.key, and is valid for five years:
sudo openssl req -new -x509 -sha256 -days 1825 -nodes -out ./MyCert.pem -keyout ./MyCert.key
For more information, refer to the OpenSSL certificate documentation.
Appendix Three: Uninstalling
To uninstall Sysdig Monitor and the Replicated infrastructure manger simply stop the Sysdig Monitor application from the management console and perform the steps shown at the bottom of this Replicated Installation Guide.
Once all containers are stopped and removed, you should rename, archive, or remove any Sysdig Cassandra/Elasicsearch/MySQL databases (default location is /opt) before re-installing a completely new instance of Sysdig Monitor.
To remove all unused containers and images on your host, use
docker system prune -a -f