Following example helps you in deploying the remote collector manager.

Procedure

  1. Create a remote_env.properties environment variable file for remote collector manager, using the command:
    REGISTRY_URL=<Registry URL>
    REGISTRY_USERNAME=<Registry UserName>
    REGISTRY_PASSWORD="<Registry PASSWORD>"
    REMOTE_IP=<IP OF THE REMOTE DATACENTER>
    TCSA_IP=<TCSA_IP>
    TCSA_PORT=<TCSA_PORT>
    TCSA_USERNAME=<TCSA_USERNAME>
    TCSA_PASSWORD="<TCSA_PASSWORD>"
    REGISTRY_TYPE=<Registry Type - One of the following harbor , acr , ecr> 
    # Conditional Properties Provide only if Registry Type is ecr
    ROLE_ARN=<AWS ROLE ARN Required If REGISTRY TYPE is ecr>
    AWS_ACCESS_KEY_ID=<AWS ACCESS KEY Required If REGISTRY TYPE is ecr>
    AWS_SECRET_ACCESS_KEY=<AWS SECRET ACCESSKEY Required If REGISTRY TYPE is ecr>
    REGION_NAME=<AWS Region Name>
    # OPTIONAL Properties Use if you want to override Default Values 
    KAFKA_IP=<TCSA EDGE KAFKA IP Usually the ip of TCSA Node where Kafka service is running >
    KAFKA_PORT=<TCSA EDGE KAFKA EXTERNAL PORT e.g. 32092>
    DC_NAME=<NAME of the Datacenter to be registered in TCSA if Not Provided Default Name Assigned will be "remote-REMOTE_IP" e.g. remote-10-12-12-12
    
  2. Login into Docker. Refer step 2 in the Deploying Remote Collector Manager section.
  3. Create the run_remote_collector.sh script file and replace the variable with correct values:
    #!/bin/bash 
    #Variables For Script 
    ENV_PROPERTIES_FILE=</path/to/proepties/file/created/in/step1>
    TLS_CERTIFICATE_PATH=</path/to/tls/certs> keep default to $(pwd)/remote/certs if no certs created remote collector manager will create if not provided 
    CUSTOM_PACKAGE_PATH=$(pwd)/remote/custom_packages
    #please Donot change the Following variables
    NETWORK_NAME=internal-collector-network
    source $ENV_PROPERTIES_FILE 
    echo "Get Remote Collector Manager Image from TCSA"
    TCSA_URL=https://$TCSA_IP:$TCSA_PORT
    access_token=$(curl -k --location --request POST $TCSA_URL/auth/realms/NGINX/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=operation-ui' --data-urlencode 'username='$TCSA_USERNAME --data-urlencode 'password='$TCSA_PASSWORD | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
    image_id=$(curl -k --header "Authorization: Bearer $access_token" $TCSA_URL/dcc/v1/remote/images |grep '"image"' | sed 's/.*: "\(.*\)".*/\1/')
    echo $image_id 
    if [ -z "$image_id" ]
    then
       echo "Remote Collector manager Image is not available please make sure you have Entered correct TCSA_URL, TCSA_USERNAME and TCSA_PASSWORD";
       exit 1
    fi
    echo "Fetched the Remote Collector manager Image Name From TCSA done"
    echo "Create Internal Network if required"
    # Check if the network already exists
    if ! docker network inspect $NETWORK_NAME >/dev/null 2>&1; then
      # If the network doesn't exist, create it
      docker network create $NETWORK_NAME --driver bridge
    fi
    # checking if container already exists
    docker ps -a --filter "name=collector-manager" | grep "collector-manager" > /dev/null
    if [ $? -eq 0 ]; then
      echo  "collector-manager  already exists please stop and remove the conatiner"
      exit 1
    fi
    echo "creating the Remote Collector manager Container with Name : collector-manager"
    docker_id="$(docker run -d -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock --env-file ${ENV_PROPERTIES_FILE} -e TCSA_PASSWORD=${TCSA_PASSWORD} -e REGISTRY_PASSWORD=${REGISTRY_PASSWORD} -v ${TLS_CERTIFICATE_PATH}:/etc/nginx/certs -v ${CUSTOM_PACKAGE_PATH}:/app/custom_packages --network internal-collector-network --restart unless-stopped --name collector-manager $image_id)"
    # check if container is up
    if [ $? -eq 0 ] ; then
       echo "collector-manager started successfully please check the logs using docker logs -f collector-manager"
    else
       echo "collector-manager failed to start please check logs docker logs collector-manager"
    fi
    
  4. Change the permissions of remote_collector.sh file:
    chmod +X run_remote_collector.sh 
  5. Execute the remote_collector.sh script:
    bash run_remote_collector.sh 

Example

#!/bin/bash
 
#Variables For Script 
 
ENV_PROPERTIES_FILE=/home/tco/remote_env.properties
TLS_CERTIFICATE_PATH=$(pwd)/remote/certs
CUSTOM_PACKAGE_PATH=$(pwd)/remote/custom_packages
#please Donot change the Following variables
 
NETWORK_NAME=internal-collector-network
source $ENV_PROPERTIES_FILE
TCSA_URL=https://$TCSA_IP:$TCSA_PORT
echo "Get Remote Collector Manager Image from TCSA"
access_token=$(curl -k --location --request POST $TCSA_URL/auth/realms/NGINX/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=operation-ui' --data-urlencode 'username='$TCSA_USERNAME --data-urlencode 'password='$TCSA_PASSWORD | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
image_id=$(curl -k --header "Authorization: Bearer $access_token" $TCSA_URL/dcc/v1/remote/images |grep '"image"' | sed 's/.*: "\(.*\)".*/\1/')
echo $image_id 
if [ -z "$image_id" ]
then
   echo "Remote Collector manager Image is not available please make sure you have Entered correct TCSA_URL, TCSA_USERNAME and TCSA_PASSWORD";
   exit 1
fi
echo "Fetched the Remote Collector manager Image Name From TCSA done"
echo "Create Internal Network if required"
# Check if the network already exists
if ! docker network inspect $NETWORK_NAME >/dev/null 2>&1; then
  # If the network doesn't exist, create it
  docker network create $NETWORK_NAME --driver bridge
fi
# checking if container already exists
docker ps -a --filter "name=collector-manager" | grep "collector-manager" > /dev/null
if [ $? -eq 0 ]; then
  echo  "collector-manager  already exists please stop and remove the conatiner"
  exit 1
fi
echo "creating the Remote Collector manager Container with Name : collector-manager"
docker_id="$(docker run -d -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock --env-file ${ENV_PROPERTIES_FILE} -e TCSA_PASSWORD=${TCSA_PASSWORD} -e REGISTRY_PASSWORD=${REGISTRY_PASSWORD} -v ${TLS_CERTIFICATE_PATH}:/etc/nginx/certs -v ${CUSTOM_PACKAGE_PATH}:/app/custom_packages --network internal-collector-network --restart unless-stopped --name collector-manager $image_id)"
# check if container is up
if [ $? -eq 0 ] ; then
   echo "collector-manager started successfully please check the logs using docker logs -f collector-manager"
else
   echo "collector-manager failed to start please check logs docker logs collector-manager"
fi