Skip to main content

lacework agent gcp-install osl

Use OSLogin to securely connect to GCE instances

Synopsis

This command installs the agent on all GCE instances in a GCP organization using OSLogin.

The username of the GCP user or service account, in the form users/<username>, is a required argument.

This command will attempt to query the GCE metadata server for the current project. If this command is not run on a GCE instance, pass the project ID as:

lacework agent gcp-install osl <gcp_username> --project_id my-project-id

To filter by one or more regions:

lacework agent gcp-install osl <gcp_username> --include_regions us-west1,europe-west2

To filter by instance metadata:

lacework agent gcp-install osl <gcp_username> --metadata MetadataKey,MetadataValue

To filter by instance metadata key:

lacework agent gcp-install osl <gcp_username> --metadata_key MetadataKey

To provide an agent access token of your choice, use the command 'lacework agent token list', select a token and pass it to the '--token' flag. This flag must be selected if the '--noninteractive' flag is set.

lacework agent gcp-install osl <gcp_username> --token <token>

To explicitly specify the server URL that the agent will connect to:

lacework agent gcp-install osl --server_url https://your.server.url.lacework.net

GCP credentials are read using the following environment variables:

  • GOOGLE_APPLICATION_CREDENTIALS

This command will automatically add hosts with successful connections to '~/.ssh/known_hosts' unless specified with '--trust_host_key=false'.

lacework agent gcp-install osl [flags]

Options

  -h, --help                      help for osl
-r, --include_regions strings list of regions to filter on
-n, --max_parallelism int maximum number of workers executing GCP API calls, set if rate limits are lower or higher than normal (default 50)
--metadata strings only install agents on infra with this metadata
--metadata_key string only install agents on infra with this metadata key set
--project_id string ID of the GCP project, set if metadata server does not provide
--server_url https:// server URL that agents will talk to, prefixed with https:// (default "https://api.lacework.net")
--token string agent access token
--trust_host_key automatically add host keys to the ~/.ssh/known_hosts file (default true)

Options inherited from parent commands

  -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--api_token string access token (replaces the use of api_key and api_secret)
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocache turn off caching
--nocolor turn off colors
--noninteractive turn off interactive mode (disable spinners, prompts, etc.)
--organization access organization level data sets (org admins only)
-p, --profile string switch between profiles configured at ~/.lacework.toml
--subaccount string sub-account name inside your organization (org admins only)

SEE ALSO