Proxy Configuration

You can configure a proxy in the YML file. The following snippet shows a sample proxy configuration.

The following parameters are optional while configuring the proxy.

Parameter Description
proxy  IPv4 address or FQDN of the proxy server
value <proxy FQDN or IP address>:<port#>
ProxyCertFile Proxy certificate file path. ProxyCertFile is applicable only if the proxy has valid certificate file. If this option is not provided, then Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS in Red Hat OpenShift would try to connect to the server with the given HTTPS proxy settings only. If only ProxyCertFile is provided without proxy then Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS in Red Hat OpenShift would simply ignore the ProxyCertFile, and it would try to connect to the server without any https proxy settings.

Proxy Certificate File Configuration

You can configure the proxy configuration file using yml with the following methods:

  • using secret
  • using configMap

Configure Proxy Certificate File using Secrets

Steps to create a secret:

  1. Create a secret, use the following command
    oc create secret generic qualys-cert --from-file=qualys-cert.crt=/root/qualys-cert.crt -n qualys-agent
  2. View the secret using the following command:
    oc describe secret qualys-cert 
  3. Edit the lxa-openshift-crio-ds.yml and uncomment the following entries:
     
    • from volumeMounts section
          #              - name:  cert-secret-volume
          #                mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
          #                subPath: qualys-cert.crt

     
    • from volumes section
          #             - name:  cert-secret-volume
          #               secret:
          #                  secretName: qualys-cert
  4. Apply the yml file using the following command:
    oc apply -f lxa-openshift-crio-ds.yml

Configure Proxy Certificate File using ConfigMap

Steps to create a configMap: 

  1. Create a configMap, use the following command:
    oc create configmap qualys-configmap --from-file=qualys-cert.crt -n qualys-agent
  2. View the configMap using the following command:
    oc describe configmap qualys-configmap -n qualys-agent
  3. Edit the lxa-openshift-crio-ds.yml and uncomment the following entries:
     
    • from volumeMounts section
                #                - name:  cert-configmap-volume
                #                  mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
                #                  subPath: qualys-cert.crt
     
    • from volumes section
          #             - name:  cert-configmap-volume
          #               configmap:
          #                  name: qualys-configmap
  4. Apply the yml file using the following command:
    oc apply -f lxa-openshift-crio-ds.yml

Deploy Cloud Agent in OpenShift Cluster

The following are the steps to deploy Cloud Agent in OpenShift Cluster:

  1. Login to Bastion (jump) host or master command to deploy linux-cloud-agent on OpenShift Cluster:

    OC login required to apply lxa-openshift-crio-ds.yml

  2. Once you have modified the lxa-openshift-crio-ds.yml file, run the following command on OpenShift cluster to create a DaemonSet:
    oc apply -f lxa-openshift-crio-ds.yml
  3. Verify the container running under qualys namespace using the following command:

    $ oc get pods -n qualys-agent
    NAME READY STATUS RESTARTS AGE
    qualys-cloud-agent-9rl54 1/1 Running 0 3h27m
    qualys-cloud-agent-c9dml 1/1 Running 0 3h27m
    qualys-cloud-agent-gb7b5 1/1 Running 0 3h27m
    qualys-cloud-agent-gttl7 1/1 Running 0 3h27m
    qualys-cloud-agent-hfb5m 1/1 Running 0 3h27m
    qualys-cloud-agent-pbrjg 1/1 Running 0 3h27m


    When the instance is started, it will activate the Qualys Cloud Agent which will provision itself and continue to function as expected.