dlovitch
commented
6 years ago @s01ipsist We're running it in the UserData of our launch configs. We're actually executing Ansible, but if you're not able to, this page tells you what you need to run: https://threatstack.zendesk.com/hc/en-us/articles/204289149-Steps-for-Deploying-the-Threat-Stack-Agent-via-Amazon-AMI-s
During baking, we:
- Install Threat Stack (with configure agent false)
- Create the config directory and config file similar to the first two steps in https://github.com/threatstack/threatstack-ansible/blob/master/tasks/cloudsight_setup.yml
In UserData, do something like:
sudo cloudsight setup --config=<config file from baking step 2> --agent_type=<agent type>
sudo service cloudsight restart
We use ansible with packer to bake AMIs for use in Auto Scaling Groups.
The
threatstack_configure_agent: falseoption sounds appropriate for our use case as this instance is not live when ansible is run.Can you please elaborate on what would be the expected process to configure the agent at a later stage? We're not able to run Ansible against the instance once it goes live, although we could set config vars as part of the CloudInit process.