jlengrand/moderne-docs
1
0
Fork 0
mirror of https://github.com/jlengrand/moderne-docs.git synced 2026-03-10 08:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitBook: [#49] No subject

Browse Source
This commit is contained in:
Scott Jungling
2022-02-28 17:30:03 +00:00
committed by gitbook-bot
parent a8c4e0320b
commit d910d06164
1 changed files with 29 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
how-to/on-premise-agent.md
View File

@@ -4,7 +4,7 @@ description: How to run the Moderne on-premise agent
# On-Premise Agent
The Moderne on-premise agent securely connects the Moderne SaaS to customers' environments. It's delivered as an OCI image and can be run using any OCI runtime (e.g., Docker, Podman). 
The Moderne on-premise agent securely connects the Moderne SaaS to customers' environments. It's delivered as an OCI image and can be run using any OCI runtime (e.g., Docker, Podman).
The purpose of the Moderne on-premise agent is to encrypt and ship AST artifacts from artifact repositories (e.g., Artifactory) to the Moderne SaaS, provide the symmetric key to be used for decryption, and forward requests from the Moderne SaaS to your version control system (e.g., Github).
@@ -20,18 +20,16 @@ The Moderne on-premise agent is available as an OCI image or as a spring-boot ex
{% tab title="OCI Container" %}
The agent container requires several environment variables:
* MODERNE\_AGENT\_API\_GATEWAY\_RSOCKET\_URI - URI used to connect to the Moderne API, provided by Moderne
* MODERNE\_AGENT\_TOKEN - Moderne SaaS agent connection token, provided by Moderne
* MODERNE\_AGENT\_CRYPTO\_SYMMETRICKEY - 256 bit AES encryption key, hex encoded
* example openssl command to generate: `openssl enc -aes-256-cbc -k secret -P` (use key from the output)
* MODERNE\_AGENT\_ARTIFACTORY\_URL - Artifactory URL
* MODERNE\_AGENT\_ARTIFACTORY\_USERNAME - username used to connect to Artifactory, requires permission to run AQL queries
* MODERNE\_AGENT\_ARTIFACTORY\_PASSWORD - password used to connect to Artifactory
* MODERNE\_AGENT\_ARTIFACTORY\_ASTSQUERY - AQL query fragment used to select AST artifacts to send to Moderne
* `MODERNE_AGENT_API_GATEWAY_RSOCKET_URI` - URI used to connect to the Moderne API, provided by Moderne
* `MODERNE_AGENT_TOKEN` - Moderne SaaS agent connection token, provided by Moderne
* `MODERNE_AGENT_CRYPTO_SYMMETRICKEY` - 256 bit AES encryption key, hex encoded
* example OpenSSL command to generate: `openssl enc -aes-256-cbc -k secret -P` (use key from the output)
* `MODERNE_AGENT_ARTIFACTORY_URL` - Artifactory URL
* `MODERNE_AGENT_ARTIFACTORY_USERNAME` - username used to connect to Artifactory, requires permission to run AQL queries
* `MODERNE_AGENT_ARTIFACTORY_PASSWORD` - password used to connect to Artifactory
* `MODERNE_AGENT_ARTIFACTORY_ASTSQUERY` - AQL query fragment used to select AST artifacts to send to Moderne
Example using docker (note that agent token and symmetric key are random examples)
Example using Docker (note that agent token and symmetric key are random examples)
```
docker run \
@@ -49,14 +47,14 @@ ${MODERNE_AGENT_IMAGE_NAME}
{% tab title="Executable JAR" %}
The agent application requires several arguments:
* \--moderne.agent.api-gateway-rsocket-uri - URI used to connect to the Moderne API, provided by Moderne
* \--moderne.agent.token - Moderne SaaS agent connection token, provided by Moderne
* \--moderne.agent.crypto.symmetricKey - 256 bit AES encryption key, hex encoded
* `--moderne.agent.api-gateway-rsocket-uri` - URI used to connect to the Moderne API, provided by Moderne
* `--moderne.agent.token` - Moderne SaaS agent connection token, provided by Moderne
* `--moderne.agent.crypto.symmetricKey` - 256 bit AES encryption key, hex encoded
* example openssl command to generate: `openssl enc -aes-256-cbc -k secret -P` (use key from the output)
* \--moderne.agent.artifactory.url - Artifactory URL
* \--moderne.agent.artifactory.username - username used to connect to Artifactory, requires permission to run AQL queries
* \--moderne.agent.artifactory.password - password used to connect to Artifactory
* \--moderne.agent.artifactory.astsQuery - AQL query fragment used to select AST artifacts to send to Moderne
* `--moderne.agent.artifactory.url` - Artifactory URL
* `--moderne.agent.artifactory.username` - username used to connect to Artifactory, requires permission to run AQL queries
* `--moderne.agent.artifactory.password` - password used to connect to Artifactory
* `--moderne.agent.artifactory.astsQuery` - AQL query fragment used to select AST artifacts to send to Moderne
Note: system properties can be used in place of arguments. As an example, use `-Dmoderne.agent.token={token_value}` as an argument instead of `--moderne.agent.token={token_value}` as an argument.
@@ -79,14 +77,11 @@ java -jar moderne-agent-{version}.jar \
{% tabs %}
{% tab title="OCI Container" %}
To upgrade your version of the OCI container, just follow the instructions above, but change `${MODERNE_AGENT_IMAGE_NAME}` to the latest release of Agent on [the releases page](../releases/releases.md).
To upgrade your version of the OCI container, just follow the instructions above, but change `${MODERNE_AGENT_IMAGE_NAME}` to the latest release of Agent on [the releases page](../releases/releases.md).
{% endtab %}
{% tab title="Executable JAR" %}
To update your version of the Executable JAR, change the numbered version of {agent} in the instructions above to the latest on [the releases page](../releases/releases.md).
{% endtab %}
{% endtabs %}
@@ -97,26 +92,26 @@ To update your version of the Executable JAR, change the numbered version of {ag
The Moderne agent optionally fetches secret configuration from Vault. It reads from a KV secret engine named "secret", and reads secret keys at path "moderne-agent". To configure the secret key/value pairs, follow the following procedure:
1. In the Vault management web application, go to Secrets. If there's not already a KV engine named "secret", create it.
2. In the "secret" KV secrets engine, create a new secret using "moderne-agent" as the "Path for this secret". 
2. In the "secret" KV secrets engine, create a new secret using "moderne-agent" as the "Path for this secret".
3. Add the following keys to the moderne-agent secret:
* moderne.agent.token - Moderne SaaS agent connection token, provided by Moderne
* moderne.agent.crypto.symmetricKey - 256 bit AES encryption key, hex encoded
* moderne.agent.artifactory.password - Artifactory user password
* `moderne.agent.token` - Moderne SaaS agent connection token, provided by Moderne
* `moderne.agent.crypto.symmetricKey` - 256 bit AES encryption key, hex encoded
* `moderne.agent.artifactory.password` - Artifactory user password
{% tabs %}
{% tab title="OCI Container" %}
To enable vault integration in the agent, omit environment variables that match keys specified in vault, and specify the following additional environment variables for the agent container:
* SPRING\_PROFILES\_ACTIVE - `vault`
* SPRING\_CLOUD\_VAULT\_URI - Vault URI used to retrieve the secret configuration properties below
* SPRING\_CLOUD\_VAULT\_TOKEN - Vault authentication token
* `SPRING_PROFILES_ACTIVE` - `vault`
* `SPRING_CLOUD_VAULT_URI` - Vault URI used to retrieve the secret configuration properties below
* `SPRING_CLOUD_VAULT_TOKEN` - Vault authentication token
{% endtab %}
{% tab title="Executable JAR" %}
To enable vault integration in the agent, omit arguments that match keys specified in vault, and specify the following additional arguments for the agent application:
* spring.profiles.active - vault
* spring.cloud.vault.uri SPRING\_CLOUD\_VAULT\_URI - Vault URI used to retrieve the secret configuration properties below
* SPRING\_CLOUD\_VAULT\_TOKEN - Vault authentication token
* `spring.profiles.active` - vault
* `spring.cloud.vault.uri` `SPRING_CLOUD_VAULT_URI` - Vault URI used to retrieve the secret configuration properties below
* `SPRING_CLOUD_VAULT_TOKEN` - Vault authentication token
{% endtab %}
{% endtabs %}