Sealights Collector - Setup
Downloading and Installing the Collector
Following are the pre-requisites for Https Collector:
TLS settings should be enabled.
The server should be accessible by Fully Qualified Domain Name (FQDN).
TLS certificate for FQDN of the server where the collector is installed must be provided in
config.yaml
(See below)
Download the Sealights Collector Image
The Sealights Collector can be found at the following DockerHub link: https://hub.docker.com/r/sealights/on-prem-collector
docker pull sealights/on-prem-collector
Create your own Collector Image
Download the Collector Binaries and Unzip :
wget -nv https://agents.sealights.co/collector/0.42.0/collector.zip unzip -oq collector.zip #curl tool can also be used #curl -L "https://agents.sealights.co/collector/0.42.0/collector.zip" --output collector.zip
If you have a limitation accessing the endpoint agents.sealights.co and are limited to your specific server DNS, then you can also get the agent from https://{company}.sealights.co/collector/{version}/collector.zip
Replace {company}
with your company DNS prefix and {version}
with the specific version you want to use.
Create a Dockerfile:
FROM alpine:latest WORKDIR /collector COPY collector collector CMD ["./collector","serve"]
Build the Image :
docker build -t sealights/on-prem-collector .
Setting up the HTTPS Collector
The following is a sample configuration that can be used to run the HTTPS Collector using Docker:
Create a file called
config.yaml
with the following content
tls:
enabled: true
certFile: "/collector/<certFileName>"
keyFile: "/collector/<certKeyFileName>"
collectors:
- name: collector
type: http
properties:
port: 16500
serverUrl: https://<customerId>.sealights.co
proxyUrl: <httpsProxyUrl>
logLevel: debug
insecureSkipVerify: true
target:
name: http
type: http
properties:
token: <sealightsAgentToken>
serverUrl: https://<customerId>.sealights.co/api
proxyUrl: <httpsProxyUrl>
logLevel: debug
insecureSkipVerify: true
Run the Collector using Docker:
docker run -it --rm -v $(pwd)/config.yaml:/collector/config.yaml -v $(pwd)/<certFileName>:/collector/<certFileName> -v $(pwd)/<certKeyFileName>:/collector/<certKeyFileName> -p 80:80 -p 8080:8080 -p 16500:16500 sealights/on-prem-collector:latest
Open
https://<ServerFQDN>:16500
in your browser and if everything worked as expected you should be redirected to your Sealights Dashboard.You should see the
Collector
entry in the Cockpit > Live Agents Monitor
Enabling Proxy functionality (Optional)
When the collector needs to serve other agents' functionalities like config
and scan
commands (besides coverage collection), you must enable its proxy
service according to the additional settings below.
Please notice the port must be different from the collector service. For example below, port 16501 for proxy versus port 16500 for collector.
tls:
[...]
collectors:
[...]
proxy:
port: 16501
logLevel: info
Configuration File Reference
# Collector Configuration
collector:
# Required Configurations
# 1. serverUrl: The URL of Sealights Backend. (e.g. https://your-name.sealights.co)
# Environment Variables: SL_SERVER
serverUrl: <Server Host>
# 2. token: The Sealights Authentication token.
# Environment Variables: SL_TOKEN
token: <Token>
# Optional Configurations
# 3. host: The host name of the collector. Default is 0.0.0.0
# Environment Variables: SL_HOST
host: "0.0.0.0"
# 4. port: The port number of the collector. Default is 16500
# Environment Variables: SL_PORT
port: 16500
# 5. proxyUrl: The URL of the proxy server (for both http and https). Default is empty
# Environment Variables: SL_PROXY
proxyUrl: ""
# 6. prefix: The prefix of the collector path. Default is empty
# Environment Variables: SL_PREFIX
prefix: ""
# 7. logLevel: The log level of the collector. Default is info,
# Available options: debug, info, warn, error
# Environment Variables: SL_LOG_LEVEL
logLevel: info
# 8. InsecureSkipVerify: Skip SSL certificate verification. Default is false
# Environment Variables: SL_INSECURE
insecureSkipVerify: true
# 9. enableNYCCollector: Enable the NYC collector. Default is false
# Environment Variables: SL_NYC_COLLECTOR
enableNYCCollector: false
# 10. nycCollectorUploadInterval: The interval in seconds to upload the NYC data. Default is 60
# Environment Variables: SL_NYC_COLLECTOR_UPLOAD_INTERVAL
nycCollectorUploadInterval: 5
# 11. disableTokenValidation: Disable the auth token validation. Default is false
# Environment Variables: SL_DISABLE_TOKEN_VALIDATION
disableTokenValidation: false
# TLS Configuration
tls:
# 1. enable: Enable the TLS configuration. Default is false
# Environment Variables: SL_TLS_ENABLE
enabled: false
# Note: If the TLS is enabled, the following configurations are required.
# 2. cert: the cert data. Default is empty
# Environment Variables: SL_TLS_CERT
cert: ""
# 3. or, certFile: the cert file path. Default is empty
# Environment Variables: SL_TLS_CERT_FILE
certFile: ""
# 4. key: the key data. Default is empty
# Environment Variables: SL_TLS_KEY
key: ""
# 5. or, keyFile: the key file path. Default is empty
# Environment Variables: SL_TLS_KEY_FILE
keyFile: ""
# 6. ca: the ca data. Default is empty
# Environment Variables: SL_TLS_CA_CERT
caCert: ""
# 7. or, caCertFile: the ca file path. Default is empty
# Environment Variables: SL_TLS_CA_CERT_FILE
caCertFile: ""
# 8. p12File: the p12 file. Default is empty
# Environment Variables: SL_TLS_P12_FILE
p12File: ""
# 9. p12Password: the p12 password. Default is empty
# Environment Variables: SL_TLS_P12_PASSWORD
p12Password: ""
# Web Interface Configuration
web:
# 1. disable: Disable the web interface. Default is false
disable: false
# 2. maxCalls: The maximum number of calls to store in the memory. Default is 1000
maxCalls: 0
# 3. maxCallSize: The maximum size of the call to store in the memory. Default is 200000
maxCallSize: -1
#4. web prefix: The prefix of the web interface. Default is empty
prefix: ""
# Proxy Configuration (Optional)
proxy:
# 1. host: The host name of the proxy server. Default is empty
# Environment Variables: SL_PROXY_HOST
host: ""
# 2. port: The port number of the proxy server. Default is 8080
# Environment Variables: SL_PROXY_PORT
port: 16501
# 3. logLevel: The log level of the proxy server. Default is info
# Available options: debug, info, warn, error
# Environment Variables: SL_PROXY_LOG_LEVEL
logLevel: info
# 4. prefix: The prefix of the proxy server path. Default is empty
# Environment Variables: SL_PROXY_PREFIX
prefix: ""