Following example helps you in deploying the remote collector manager.
Procedure
- Create a
remote_env.properties
environment variable file for remote collector manager, using the command:
REGISTRY_URL=<Registry URL>
REGISTRY_USERNAME=<Registry UserName>
REGISTRY_PASSWORD="<Registry PASSWORD>"
REMOTE_IP=<IP OF THE REMOTE DATACENTER>
TCSA_IP=<TCSA_IP>
TCSA_PORT=<TCSA_PORT>
TCSA_USERNAME=<TCSA_USERNAME>
TCSA_PASSWORD="<TCSA_PASSWORD>"
REGISTRY_TYPE=<Registry Type - One of the following harbor , acr , ecr>
# Conditional Properties Provide only if Registry Type is ecr
ROLE_ARN=<AWS ROLE ARN Required If REGISTRY TYPE is ecr>
AWS_ACCESS_KEY_ID=<AWS ACCESS KEY Required If REGISTRY TYPE is ecr>
AWS_SECRET_ACCESS_KEY=<AWS SECRET ACCESSKEY Required If REGISTRY TYPE is ecr>
REGION_NAME=<AWS Region Name>
# OPTIONAL Properties Use if you want to override Default Values
KAFKA_IP=<TCSA EDGE KAFKA IP Usually the ip of TCSA Node where Kafka service is running >
KAFKA_PORT=<TCSA EDGE KAFKA EXTERNAL PORT e.g. 32092>
DC_NAME=<NAME of the Datacenter to be registered in TCSA if Not Provided Default Name Assigned will be "remote-REMOTE_IP" e.g. remote-10-12-12-12
- Login into Docker. Refer step 2 in the Deploying Remote Collector Manager section.
- Create the
run_remote_collector.sh
script file and replace the variable with correct values:
#!/bin/bash
#Variables For Script
ENV_PROPERTIES_FILE=</path/to/proepties/file/created/in/step1>
TLS_CERTIFICATE_PATH=</path/to/tls/certs> keep default to $(pwd)/remote/certs if no certs created remote collector manager will create if not provided
CUSTOM_PACKAGE_PATH=$(pwd)/remote/custom_packages
#please Donot change the Following variables
NETWORK_NAME=internal-collector-network
source $ENV_PROPERTIES_FILE
echo "Get Remote Collector Manager Image from TCSA"
TCSA_URL=https://$TCSA_IP:$TCSA_PORT
access_token=$(curl -k --location --request POST $TCSA_URL/auth/realms/NGINX/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=operation-ui' --data-urlencode 'username='$TCSA_USERNAME --data-urlencode 'password='$TCSA_PASSWORD | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
image_id=$(curl -k --header "Authorization: Bearer $access_token" $TCSA_URL/dcc/v1/remote/images |grep '"image"' | sed 's/.*: "\(.*\)".*/\1/')
echo $image_id
if [ -z "$image_id" ]
then
echo "Remote Collector manager Image is not available please make sure you have Entered correct TCSA_URL, TCSA_USERNAME and TCSA_PASSWORD";
exit 1
fi
echo "Fetched the Remote Collector manager Image Name From TCSA done"
echo "Create Internal Network if required"
# Check if the network already exists
if ! docker network inspect $NETWORK_NAME >/dev/null 2>&1; then
# If the network doesn't exist, create it
docker network create $NETWORK_NAME --driver bridge
fi
# checking if container already exists
docker ps -a --filter "name=collector-manager" | grep "collector-manager" > /dev/null
if [ $? -eq 0 ]; then
echo "collector-manager already exists please stop and remove the conatiner"
exit 1
fi
echo "creating the Remote Collector manager Container with Name : collector-manager"
docker_id="$(docker run -d -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock --env-file ${ENV_PROPERTIES_FILE} -e TCSA_PASSWORD=${TCSA_PASSWORD} -e REGISTRY_PASSWORD=${REGISTRY_PASSWORD} -v ${TLS_CERTIFICATE_PATH}:/etc/nginx/certs -v ${CUSTOM_PACKAGE_PATH}:/app/custom_packages --network internal-collector-network --restart unless-stopped --name collector-manager $image_id)"
# check if container is up
if [ $? -eq 0 ] ; then
echo "collector-manager started successfully please check the logs using docker logs -f collector-manager"
else
echo "collector-manager failed to start please check logs docker logs collector-manager"
fi
- Change the permissions of
remote_collector.sh
file:
chmod +X run_remote_collector.sh
- Execute the
remote_collector.sh
script:
bash run_remote_collector.sh
Example
#!/bin/bash
#Variables For Script
ENV_PROPERTIES_FILE=/home/tco/remote_env.properties
TLS_CERTIFICATE_PATH=$(pwd)/remote/certs
CUSTOM_PACKAGE_PATH=$(pwd)/remote/custom_packages
#please Donot change the Following variables
NETWORK_NAME=internal-collector-network
source $ENV_PROPERTIES_FILE
TCSA_URL=https://$TCSA_IP:$TCSA_PORT
echo "Get Remote Collector Manager Image from TCSA"
access_token=$(curl -k --location --request POST $TCSA_URL/auth/realms/NGINX/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=operation-ui' --data-urlencode 'username='$TCSA_USERNAME --data-urlencode 'password='$TCSA_PASSWORD | sed "s/{.*\"access_token\":\"\([^\"]*\).*}/\1/g")
image_id=$(curl -k --header "Authorization: Bearer $access_token" $TCSA_URL/dcc/v1/remote/images |grep '"image"' | sed 's/.*: "\(.*\)".*/\1/')
echo $image_id
if [ -z "$image_id" ]
then
echo "Remote Collector manager Image is not available please make sure you have Entered correct TCSA_URL, TCSA_USERNAME and TCSA_PASSWORD";
exit 1
fi
echo "Fetched the Remote Collector manager Image Name From TCSA done"
echo "Create Internal Network if required"
# Check if the network already exists
if ! docker network inspect $NETWORK_NAME >/dev/null 2>&1; then
# If the network doesn't exist, create it
docker network create $NETWORK_NAME --driver bridge
fi
# checking if container already exists
docker ps -a --filter "name=collector-manager" | grep "collector-manager" > /dev/null
if [ $? -eq 0 ]; then
echo "collector-manager already exists please stop and remove the conatiner"
exit 1
fi
echo "creating the Remote Collector manager Container with Name : collector-manager"
docker_id="$(docker run -d -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock --env-file ${ENV_PROPERTIES_FILE} -e TCSA_PASSWORD=${TCSA_PASSWORD} -e REGISTRY_PASSWORD=${REGISTRY_PASSWORD} -v ${TLS_CERTIFICATE_PATH}:/etc/nginx/certs -v ${CUSTOM_PACKAGE_PATH}:/app/custom_packages --network internal-collector-network --restart unless-stopped --name collector-manager $image_id)"
# check if container is up
if [ $? -eq 0 ] ; then
echo "collector-manager started successfully please check the logs using docker logs -f collector-manager"
else
echo "collector-manager failed to start please check logs docker logs collector-manager"
fi