Proxy Configuration
You can configure a proxy in the YML file. The following snippet shows a sample proxy configuration.
The following parameters are optional while configuring the proxy.
Parameter | Description |
---|---|
proxy | IPv4 address or FQDN of the proxy server |
value | <proxy FQDN or IP address>:<port#> |
ProxyCertFile | Proxy certificate file path. ProxyCertFile is applicable only if the proxy has valid certificate file. If this option is not provided, then Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS in Red Hat OpenShift would try to connect to the server with the given HTTPS proxy settings only. If only ProxyCertFile is provided without proxy then Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS in Red Hat OpenShift would simply ignore the ProxyCertFile , and it would try to connect to the server without any https proxy settings. |
Proxy Certificate File Configuration
You can configure the proxy configuration file using yml with the following methods:
- using secret
- using configMap
Configure Proxy Certificate File using Secrets
Steps to create a secret:
- Create a secret, use the following command
oc create secret generic qualys-cert --from-file=qualys-cert.crt=/root/qualys-cert.crt -n qualys-agent
- View the secret using the following command:
oc describe secret qualys-cert
- Edit the
lxa-openshift-crio-ds.yml
and uncomment the following entries:
- from volumeMounts section
# - name: cert-secret-volume
# mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
# subPath: qualys-cert.crt
- from volumes section
# - name: cert-secret-volume
# secret:
# secretName: qualys-cert - Apply the yml file using the following command:
oc apply -f lxa-openshift-crio-ds.yml
Configure Proxy Certificate File using ConfigMap
Steps to create a configMap:
- Create a configMap, use the following command:
oc create configmap qualys-configmap --from-file=qualys-cert.crt -n qualys-agent
- View the configMap using the following command:
oc describe configmap qualys-configmap -n qualys-agent
- Edit the
lxa-openshift-crio-ds.yml
and uncomment the following entries:
- from volumeMounts section
# - name: cert-configmap-volume
# mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
# subPath: qualys-cert.crt
- from volumes section
# - name: cert-configmap-volume
# configmap:
# name: qualys-configmap - Apply the yml file using the following command:
oc apply -f lxa-openshift-crio-ds.yml
Deploy Cloud Agent in OpenShift Cluster
The following are the steps to deploy Cloud Agent in OpenShift Cluster:
- Login to Bastion (jump) host or master command to deploy linux-cloud-agent on OpenShift Cluster:
OC login required to apply
lxa-openshift-crio-ds.yml
- Once you have modified the
lxa-openshift-crio-ds.yml
file, run the following command on OpenShift cluster to create a DaemonSet:
oc apply -f lxa-openshift-crio-ds.yml
- Verify the container running under qualys namespace using the following command:
$ oc get pods -n qualys-agent
NAME READY STATUS RESTARTS AGE
qualys-cloud-agent-9rl54 1/1 Running 0 3h27m
qualys-cloud-agent-c9dml 1/1 Running 0 3h27m
qualys-cloud-agent-gb7b5 1/1 Running 0 3h27m
qualys-cloud-agent-gttl7 1/1 Running 0 3h27m
qualys-cloud-agent-hfb5m 1/1 Running 0 3h27m
qualys-cloud-agent-pbrjg 1/1 Running 0 3h27m
When the instance is started, it will activate the Qualys Cloud Agent which will provision itself and continue to function as expected.