Skip to main content

Install Linux Agent with Ansible

Because Ansible is a flexible and extensible automation tool, you can use multiple strategies to install the Lacework agent. Use the following skeleton Debian and RPM playbooks as building blocks to create more advanced, environment-specific playbooks.

Each playbook consists of two parts:

  1. Installation of the Lacework agent. To ensure the latest package, the playbooks query the Lacework repository. Playbooks can be made to retrieve files locally.

  2. Distribution of a Lacework configuration file - config.json. The config.json file must minimally include an access token or the Lacework agent cannot communicate with the Lacework platform. For more information about the agent access token, see Create Agent Access Token. For Linux agent v6.6 or earlier installed outside the US, you must explicitly configure the agent server URL in the config.json file. For more information, see Agent Server URL.

    In the examples below, config.json is located in the /etc/ansible/lacework/ directory of the Ansible server. You must create this file.

RPM Installation

    - hosts: lacework_servers  
      become: yes  
      tasks:  
        - name: configure the lacework repo  
          yum_repository:  
            name: packages-lacework-prod  
            description: packages-lacework-prod  
            baseurl: https://packages.lacework.net/latest/RPMS/x86_64/  
            gpgkey: https://packages.lacework.net/latest/keys/RPM-GPG-KEY-lacework  
            gpgcheck: yes  
            enabled: yes  
        - name: install lacework datacollector  
          yum:  
            name: lacework  
            state: latest  
        - name: wait until /var/lib/lacework/config/ is created  
          wait_for:  
            path: /var/lib/lacework/config/   
        - name: copy config.json  
          copy:  
            src: /etc/ansible/lacework/config.json  
            dest: /var/lib/lacework/config/config.json  
            owner: root  
            group: root  
            mode: 0644

Debian Installation

    - hosts: lacework_servers
      become: yes
      tasks:
      - name: add apt signing key
        apt_key:
          keyserver: hkp://keyserver.ubuntu.com:80
          id: EE0CC692
          state: present
      - name: add lacework repository into source list
        apt_repository:
          repo: "deb [arch=amd64] https://packages.lacework.net/latest/DEB/{{ ansible_distribution | lower  }} {{ ansible_distribution_release }} main"
          filename: lacework
          state: present
          update_cache: yes
      - name: install lacework datacollector
        apt:
          name: lacework
          state: latest
      - name: wait until /var/lib/lacework/config/ is created
        wait_for:
          path: /var/lib/lacework/config/
      - name: copy config.json
        copy:
          src: /etc/ansible/lacework/config.json
          dest: /var/lib/lacework/config/config.json
          owner: root
          group: root
          mode: 0644

After you install the agent, it takes 10 to 15 minutes for agent data to appear in the Lacework Console under Agents.

Dockerized Host Installation

Follow these steps to deploy the Lacework agent as a container to a Dockerized host using an Ansible playbook.

Prerequisites

The Ansible playbook uses the docker_container module available with Ansible to manage container control in Docker. Ensure that the host that executes the module (the target host) meets the following prerequisites:

  • Docker API >= 1.20

  • Docker SDK for Python >= 1.8.0 (use docker-py for Python 2.6)

    • For Python 2.6, use docker-py. Otherwise, install the Docker SDK for Python module as this supersedes the docker-py Python module.

      Do not install both modules at the same time. If both modules are installed and one of them is uninstalled, the other may no longer function and a you will have to reinstall the module.

Deployment Process

The following Ansible playbook pulls the latest image of the Lacework agent and starts the container.

Change the templated values for the following options before executing the playbook:

  • hosts: This targets the host or group of hosts specified in your /etc/ansible/hosts file. Change it from all to the group name of hosts that you want to deploy the agent to.

  • ACCESS_TOKEN: Enter the agent access token from the Lacework Console.

Ansible Playbook

- name: Lacework Agent
  hosts: "all"
  tasks:
     - name: pull image and run Lacework agent container
       docker_container:
         name: datacollector
         network_mode: host
         pid_mode: host
         privileged: yes
         volumes:
           - /:/laceworkfim:ro
           - /var/lib/lacework:/var/lib/lacework
           - /var/log:/var/log
           - /var/run:/var/run
           - /etc/passwd:/etc/passwd:ro
           - /etc/group:/etc/group:ro
         env:
             ACCESS_TOKEN: "INSERT_ACCESS_TOKEN_HERE"
         image: lacework/datacollector:latest

Deployment Steps

  1. Copy the Ansible playbook above and make the necessary changes to parameters.

  2. Save the playbook as a .yaml file.

  3. Run the following command on the Ansible control node:

    ansible-playbook <your-playbook-file>.yaml

  4. Confirm that the containers are running and the agents appear in the Lacework Console under Agents after 10 to 15 minutes.

Last updated on