Last updated 2023-03-29
The Signal Sciences agent can be deployed on the Red Hat OpenShift Container Platform.
Installing the Signal Sciences module and agent in an OpenShift container is similar to a typical Red Hat installation. However, the primary difference for an OpenShift container installation is all processes must run under a non root account. To meet this requirement, the only extra step is configuring the module and agent to use a socket file that the non root account has read/write access to.
For more information on running processes as non root, see OpenShift guidance here.
Follow the Red Hat agent installation instructions.
There are three options for configuring the socket file location. Use the option that works best for your container build process. The examples below use a directory that a non root user would have access to. You can specify a different location, but ensure your non root user account has the read/write permissions to that location.
You can set the
SIGSCI_RPC_ADDRESSenvironment variable in your Dockerfile:$ ENV SIGSCI_RPC_ADDRESS unix:/tmp/sigsci.sock
You can export the
SIGSCI_RPC_ADDRESSenvironment variable in a script when your container starts:$ export SIGSCI_RPC_ADDRESS=unix:/tmp/sigsci.sock
You can set the
rpc-addressconfiguration option in your agent configuration file (by default at
Additional agent configuration options are listed on the agent configuration page.
Install and configure your module following one of these sets of instructions.
In your Apache configuration file (
httpd.conf), add the
AgentHost directive after the Signal Sciences module is called:
$ AgentHost "/tmp/sigsci.sock"
sigsci.agenthost directive in the module's configuration file located at
/opt/sigsci/nginx/sigsci.conf. You will need to remove
-- to uncomment the line:
$ sigsci.agenthost = "unix:/tmp/sigsci.sock"
Below is an example section of a Dockerfile that installs the Signal Sciences agent and module (for Apache HTTPD Server) and configures them to use a socket file location accessible to a non root account.
1...23# Add the Signal Sciences package repository4RUN echo "[sigsci_release]" > /etc/yum.repos.d/sigsci.repo && \5 echo "name=sigsci_release" >> /etc/yum.repos.d/sigsci.repo && \6 echo "baseurl=https://yum.signalsciences.net/release/el/7/\$basearch" >> /etc/yum.repos.d/sigsci.repo && \7 echo "repo_gpgcheck=1" >> /etc/yum.repos.d/sigsci.repo && \8 echo "gpgcheck=0" >> /etc/yum.repos.d/sigsci.repo && \9 echo "enabled=1" >> /etc/yum.repos.d/sigsci.repo && \10 echo "gpgkey=https://yum.signalsciences.net/release/gpgkey" >> /etc/yum.repos.d/sigsci.repo && \11 echo "sslverify=1" >> /etc/yum.repos.d/sigsci.repo && \12 echo "sslcacert=/etc/pki/tls/certs/ca-bundle.crt" >> /etc/yum.repos.d/sigsci.repo1314# Install the Signal Sciences agent15RUN yum -y install sigsci-agent1617# Configure the Signal Sciences agent18ENV SIGSCI_RPC_ADDRESS=unix:/tmp/sigsci.sock1920# Install the Signal Sciences module21RUN yum install -y sigsci-module-apache2223# Configure your web server with the Signal Sciences module24# In this example, we enable the module with Apache25RUN echo "LoadModule signalsciences_module /etc/httpd/modules/mod_signalsciences.so" >> /etc/httpd/conf/httpd.conf && \26 echo 'AgentHost "/tmp/sigsci.sock"' >> /etc/httpd/conf/httpd.conf2728...