search close

OpenShift Install

access_time Updated Sep 26, 2021

Signal Sciences is Primed for Openshift! The Signal Sciences agent can be easily deployed on the Red Hat OpenShift Container Platform.

Installation

Installing the Signal Sciences module and agent in an OpenShift container is similar to a typical Red Hat install. However, the primary difference for an OpenShift container installation is all processes must run under a non root account. To meet this requirement, the only extra step is configuring the module and agent to use a socket file that the non root account has read/write access to.

For more information on running processes as non root, see OpenShift guidance here.

Configuring the Agent

There are three options for configuring the socket file location. Use the option that works best for your container build process. In the examples below we are using a directory that a non root user would have access to. You may specify a different location, but ensure your non root user account has the read/write permissions to that location.

Note: For agent install instructions see Red Hat Agent Install

Set the SIGSCI_RPC_ADDRESS environment variable in your Dockerfile:

ENV SIGSCI_RPC_ADDRESS unix:/tmp/sigsci.sock

Export the SIGSCI_RPC_ADDRESS environment variable in a script when your container starts:

export SIGSCI_RPC_ADDRESS=unix:/tmp/sigsci.sock

Set the rpc-address configuration option in your agent.conf file:

rpc-address="unix:/tmp/sigsci.sock"

Additional configuration options are listed on the agent configuration page.

Configuring the Module

Apache

Add the AgentHost directive to your httpd.conf file. For module install instructions see Red Hat Module Install.

# This line must be after the Signal Sciences module is loaded
AgentHost "/tmp/sigsci.sock"

Nginx

Update the sigsci.agenthost directive in the module's configuration file, /opt/sigsci/nginx/sigsci.conf. Note, you will need to remove the -- to uncomment the line. For module install instructions see NGINX Module Install.

sigsci.agenthost = "unix:/tmp/sigsci.sock"

Example Dockerfile

Below is an example section of a Dockerfile that installs the Signal Sciences agent and module (for Apache HTTPD Server), and configures them to use a socket file location accessible to a non root account.


...

# Add the Signal Sciences package repository
RUN echo "[sigsci_release]" > /etc/yum.repos.d/sigsci.repo && \
    echo "name=sigsci_release" >> /etc/yum.repos.d/sigsci.repo && \
    echo "baseurl=https://yum.signalsciences.net/release/el/7/\$basearch" >> /etc/yum.repos.d/sigsci.repo && \
    echo "repo_gpgcheck=1" >> /etc/yum.repos.d/sigsci.repo && \
    echo "gpgcheck=0" >> /etc/yum.repos.d/sigsci.repo && \
    echo "enabled=1" >> /etc/yum.repos.d/sigsci.repo && \
    echo "gpgkey=https://yum.signalsciences.net/release/gpgkey" >> /etc/yum.repos.d/sigsci.repo && \
    echo "sslverify=1" >> /etc/yum.repos.d/sigsci.repo && \
    echo "sslcacert=/etc/pki/tls/certs/ca-bundle.crt" >> /etc/yum.repos.d/sigsci.repo

# Install the Signal Sciences agent
RUN yum -y install sigsci-agent

# Configure the Signal Sciences agent
ENV SIGSCI_RPC_ADDRESS=unix:/tmp/sigsci.sock

# Install the Signal Sciences module
RUN yum install -y sigsci-module-apache

# Configure your web server with the Signal Sciences module 
# Here we enable the module with Apache, and configure Signal Sciences
# module by specifying a 
RUN echo "LoadModule signalsciences_module /etc/httpd/modules/mod_signalsciences.so" >> /etc/httpd/conf/httpd.conf && \
    echo 'AgentHost "/tmp/sigsci.sock"' >> /etc/httpd/conf/httpd.conf

...