Install with Ansible to Dockerized Host
Follow these steps to deploy the Lacework agent as a container to a Dockerized host using an Ansible playbook.
Prerequisites
The Ansible playbook uses the docker_container
module available with Ansible to manage container control in Docker. Ensure that the host that executes the module (the target host) meets the following prerequisites:
Docker API >= 1.20
Docker SDK for Python >= 1.8.0 (use
docker-py
for Python 2.6)For Python 2.6, use
docker-py
. Otherwise, install the Docker SDK for Python module as this supersedes thedocker-py
Python module.Do not install both modules at the same time. If both modules are installed and one of them is uninstalled, the other may no longer function and a you will have to reinstall the module.
Deployment Process
The following Ansible playbook pulls the latest image of the Lacework agent and starts the container.
Change the templated values for the following options before executing the playbook:
hosts:
This targets the host or group of hosts specified in your/etc/ansible/hosts
file. Change it fromall
to the group name of hosts that you want to deploy the agent to.ACCESS_TOKEN:
Enter the agent access token from the Lacework Console.
Ansible Playbook
- name: Lacework Agent
hosts: "all"
tasks:
- name: pull image and run Lacework agent container
docker_container:
name: datacollector
network_mode: host
pid_mode: host
privileged: yes
volumes:
- /:/laceworkfim:ro
- /var/lib/lacework:/var/lib/lacework
- /var/log:/var/log
- /var/run:/var/run
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
env:
ACCESS_TOKEN: "INSERT_ACCESS_TOKEN_HERE"
image: lacework/datacollector:latest
Deployment Steps
Copy the Ansible playbook above and make the necessary changes to parameters.
Save the playbook as a
.yaml
file.Run the following command on the Ansible control node:
ansible-playbook <your-playbook-file>.yaml
Confirm that the containers are running and the agents appear in the Lacework Console under Resources > Agents after 10 to 15 minutes.