Skip to content

boltopspro-docs/qualys-cloud-agent

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/qualys-cloud-agent/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at contact@boltops.com or https://www.boltops.com

Qualys Cloud Agent configset

BoltOps Badge

Why?

Configsets are essentially configuration management. Use configsets to configure and update your EC2 instances automatically. Lono allows you to use configsets in a reusable way.

Configsets work with AWS::CloudFormation::Init and cfn-init. Configsets do not magically get applied after being added to the CloudFormation template though. The cfn-init script must be called to apply the configset.

Usually the cfn-init script is called in the UserData script. This ensures configsets are applied when instances are launched.

Additionally, the cfn-hup script can be set up to apply configsets continuously.

This configset configures and runs the cfn-hup daemon. The cfn-auto-reloader.conf is configured to detect changes every 1 minute. When the stack Metatdata AWS::CloudFormation::Init changes, cfn-hup detects this and updates the EC2 instance. This ensures that the EC2 instance will always be up-to-date.

The cfn-hup configset should usually be one of the first things to be setup.

What are lono configsets?

Lono configsets allow CloudFormation cfn-init configsets that are typically embedded in the template to be reusable. More info: Lono Configsets docs.

Usage

Use configset to enable the configset for the blueprint. Example:

configs/demo/configsets/base.rb:

configset("qualys-cloud-agent", resource: "Instance")

This adds the configset to the resource with the logical id Instance in your CloudFormation template. The configset is added to the Resources[].Metadata.AWS::CloudFormation::Init attribute of the Instance resource.

Here's an example adding to a LaunchConfig resource:

configset("qualys-cloud-agent", resource: "LaunchConfig")

Here's an example adding to a LaunchTemplate resource:

configset("qualys-cloud-agent", resource: "LaunchTemplate")

Requirements

  • The agent only runs on x86 64 bit architectures
  • The target EC2 instance must have S3 and SSM read access
  • The following variables need to be set in within your project in #{stackname}/configsets/variables.rb:
@customer_id_ssm_key = "/qualys/cloud-agent/CustomerId" # or your own custom key
@activation_id_ssm_key = "/qualys/cloud-agent/ActivationId" # or your own custom key

These are used to retrieve the corresponding secrets, which are used when starting the agent.

About

Public documentation for boltopspro/qualys-cloud-agent

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published