Deploying the agent on a Linux host with no public access

After you provision an instance of the IBM Cloud Monitoring service in the IBM Cloud, you can deploy the Monitoring agent on your Linux hosts to collect data and metrics automatically. You can configure which metrics to monitor in each environment.

You can associate one or more tags to each monitoring agent. Tags are comma-separated values that are formatted as TAG_NAME:TAG_VALUE. When you monitor your environment, you can use these tags to identify metrics that are available from an agent. For example, you can include information about the service name and location with all of the metrics that are collected by this agent.

Prereqs

Check the topic Tune Agent

Deploying the agent

Follow these steps if your bare metal or VM is running on the IBM Cloud private network and does not have access to the public sites.

Complete the following steps to configure a monitoring agent on Linux to collect and forward metrics to an instance of the IBM Cloud Monitoring service:

Obtain the access key.
Obtain the private ingestion URL. For more information, see collector endpoints.
Check that you can reach the repo http://mirrors.service.networklayer.com/sysdig/.

Whether you have a Bare metal or a Classic VSI, by default you get access to the repo. However, if you have attached a firewall such as vyatta to your server, you must allow traffic through to the subnets listed for your data center in SSL VPN network (on backend/private network).

Make sure that you allow all ports, both directions for UDP/TCP/ICMP in your data center.
Install the kernel headers.

When you install a monitoring agent, the agent uses kernel header files. Learn more

Choose a distribution and run the following command for that distribution.

For Debian and Ubuntu Linux distributions, run the following command:
```
apt-get -y install linux-headers-$(uname -r)
```
For RHEL, CentOS, and Fedora Linux distributions, run the following command:
```
yum -y install kernel-devel-$(uname -r)
```

Configure the repository.

For Debian and Ubuntu Linux distributions, run the following commands:

curl -s http://mirrors.service.networklayer.com/sysdig/DRAIOS-GPG-KEY.public | apt-key add -

curl -s -o /etc/apt/sources.list.d/draios.list http://mirrors.service.networklayer.com/sysdig/stable/deb/draios.list

apt-get update

For RHEL, CentOS, and Fedora Linux distributions, run the following command:

rpm --import http://mirrors.service.networklayer.com/sysdig/DRAIOS-GPG-KEY.public

curl -s -o /etc/yum.repos.d/draios.repo  http://mirrors.service.networklayer.com/sysdig/stable/rpm/draios.repo

Edit the draios.repo file and change the file contents to the following:

[draios]
name=Draios
baseurl=http://mirrors.service.networklayer.com/sysdig/stable/rpm/$basearch
enabled=1
gpgcheck=1
gpgkey=http://mirrors.service.networklayer.com/sysdig/DRAIOS-GPG-KEY.public
#repo_gpgcheck=1

Configure the EPEL repository for RHEL, CentOS, and Fedora Linux distributions.

Go to the next step if DKMS is available in the distribution.

To verify if DKMS is available, run the following command:

For RHEL, CentOS, and Fedora Linux distributions, run the following command:

yum list dkms

If DKMS is not installed, run the following commands to install DKMS.

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install dkms

To configure the EPEL repository, create a file named /etc/yum.repos.d/epel.repo with the following content:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
#baseurl=http://mirrors.service.softlayer.com/fedora-epel/7Server/$basearch
baseurl=http://mirrors.service.softlayer.com/fedora-epel/7/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Deploy the monitoring agent.

This command must be run from a private endpoint.

For example:

echo collector: ingest.private.jp-tok.monitoring.cloud.ibm.com >> /opt/draios/etc/dragent.yaml

For Debian and Ubuntu Linux distributions, run the following commands:

apt-get -y install draios-agent

echo customerid: MONITORING_ACCESS_KEY >> /opt/draios/etc/dragent.yaml

echo tags: TAG_DATA >> /opt/draios/etc/dragent.yaml

echo feature: >> /opt/draios/etc/dragent.yaml

 echo "  mode: monitor_light" >> /opt/draios/etc/dragent.yaml

service dragent restart

For RHEL, CentOS, and Fedora Linux distributions, run the following commands from a terminal:

yum -y install draios-agent

echo customerid: MONITORING_ACCESS_KEY >> /opt/draios/etc/dragent.yaml

echo tags: TAG_DATA >> /opt/draios/etc/dragent.yaml

echo feature: >> /opt/draios/etc/dragent.yaml

 echo "  mode: monitor_light" >> /opt/draios/etc/dragent.yaml

sudo systemctl enable dragent

sudo systemctl start dragent

Where

MONITORING_ACCESS_KEY is the ingestion key for the instance.
TAG_DATA are comma-separated tags that are formatted as TAG_NAME:TAG_VALUE. You can associate one or more tags to your monitoring agent. For example, role:serviceX,location:us-south.
Set sysdig_capture_enabled to false to disable the capture feature. By default is set to true. For more information, see Working with captures.
Set secure to true to use SSL with the communication.

Check that the monitoring agent is running. Run the following command:
```
ps -ef | grep sysdig
```
To see the latest monitoring agent logs, go to the directory /opt/draios/logs and check the log file draios.log.

To look for errors, you can run the following command:
```
grep error /opt/draios/logs/draios.log
```

Checking the status of an agent by using the CLI

To check the status of an agent, run the following command:

service dragent status