Agent Install: Non-Orchestrated
This section describes how to install the Sysdig agent directly on a Linux host, without using an orchestrator such as Kubernetes or Mesos.
The agent can be installed two ways:
As a standard Docker container
As a non-containerized service
The steps for each flavor differ slightly depending on whether you are using the SaaS or on-premises version of the Sysdig platform.
Note
If you are installing the Sysdig agent in an environment that has Kubernetes, use the Agent Install: Kubernetes instructions instead.
Prerequisites
See Host Requirements for Agent Installation. There you can check the requirements concerning:
Supported Linux distributions
Network connection
Sysdig access key
Cloud service providers (AWS, Google, and Microsoft Azure) and any steps you may need to configure to integrate the Sysdig agent.
Note
On kernel headers: The Sysdig agent requires kernel header files in order to install successfully on a host, and the agent is delivered with precompiled headers. If the hosts in your environment match the kernel versions included with the agent, no special action is needed.
In some cases, the host(s) in your environment may use Unix versions that do not match the provided headers, and the agent may fail to install correctly. In those cases, you must install the kernel headers manually. See About Kernel Headers and the Kernel Module for details.
Run any commands as root or with the
sudocommand.Have your Sysdig access key on hand.
If you launch an agent install from www.sysdig.com, the welcome wizard will present an access key.
Docker Container Agent Installation
The Sysdig agent can be deployed as a Docker container.
Note
The commands below can also be copy/pasted from the Welcome Wizard or the Agent Installation page in the Sysdig UI.
In that case, your access key will already be included in the command automatically.
SaaS
Run the agent image, providing the access key and (optional) user-defined tags:
docker run -d --name sysdig-agent \ --restart always \ --privileged \ --net host \ --pid host\ -e ACCESS_KEY=[ACCESS_KEY] \ -e TAGS=[TAGS] \ -v /var/run/docker.sock:/host/var/run/docker.sock \ -v /dev:/host/dev \ -v /proc:/host/proc:ro \ -v /boot:/host/boot:ro \ -v /lib/modules:/host/lib/modules:ro \ -v /usr:/host/usr:ro --shm-size=512m sysdig/agent
On-Premises
Provide collector and SSL/TLS information in addition to access key and optional tags:
docker run -d --name sysdig-agent \ --restart always \ --privileged \ --net host \ --pid host \ -e ACCESS_KEY=[ACCESS_KEY] \ -e COLLECTOR=[COLLECTOR_ADDRESS] \ -e SECURE=true \ -e CHECK_CERTIFICATE=true \ [-e TAGS=[TAGS]] -v /var/run/docker.sock:/host/var/run/docker.sock \ -v /dev:/host/dev \ -v /proc:/host/proc:ro \ -v /boot:/host/boot:ro \ -v /lib/modules:/host/lib/modules:ro \ -v /usr:/host/usr:ro --shm-size=512m sysdig/agent
Note
CHECK_CERTIFICATE should be set to false if a self-signed certificate or private, CA-signed cert is used.
Service Agent Installation on Linux Host
Use these instructions to install the agent on the host itself, not in a container. Install on each host in the environment.
Note
The command lines below can also be copy/pasted from the Welcome wizard or the Settings>Agent Installation page in the Sysdig Monitor interface.
In that case, your access key will already be included in the command automatically.
SaaS
Run the following command:
curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] [--tags [TAGS]]
Where [ACCESS_KEY] is your unique agent access key string(e.g.1234-your-key-here-1234) and [TAGS] is an optional list of user-defined agent tags (e.g. role:webserver,location:europe).
On-Premises
Run the following command:
curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] --secure true --check_certificate true [--tags [TAGS]]
Note
check_certificate should be set to false if a self-signed certificate or private, CA-signed cert is used. See information about SSL in on-premises here.
Connect to the Sysdig Backend via Static IPs (SaaS only)
Sysdig provides a list of static IP addresses that can be whitelisted in a Sysdig environment, allowing users to establish a network connection to the Sysdig backend without opening complete network connectivity. This is done by setting the Collector IP to collector-static.sysdigcloud.com:
user@host:~$ docker run --name sysdig-agent \ --privileged \ --net host \ --pid host \ -e ACCESS_KEY=[ACCESS_KEY] \ -e TAGS=[TAGS] \ -v /var/run/docker.sock:/host/var/run/docker.sock \ -v /dev:/host/dev \ -v /proc:/host/proc:ro \ -v /boot:/host/boot:ro \ -v /lib/modules:/host/lib/modules:ro \ -v /usr:/host/usr:ro \ -e COLLECTOR=collector-static.sysdigcloud.com \ -e COLLECTOR_PORT=6443 \ -e SECURE=true \ -e CHECK_CERTIFICATE=true \ --shm-size=512m \ sysdig/agent
Note on Manual Agent Installation
In the following cases, it may be preferable to perform a manual installation.
Full control over the deployment process
Integration with configuration management tools
Custom kernel
Unsupported distribution
If desired, see Agent Install: Manual Linux Installation.