FAQ for Agent locally managed mode
- How do I set up multiple integrations?
- How do I set up multiple credentials providers?
- Can I mix local and remote configuration options?
- How do I migrate my SolarWinds Observability Agent currently configured in SolarWinds Observability SaaS (remote configuration)?
- How do I lock the exact version of SolarWinds Observability Agent and plugins from local configuration?
- How do I set up auto updates in locally managed mode?
- Are there other methods of integrating with HasihCorp supported?
- How do I use the shared config and credentials files to globally configure AWS Secret Manager SDK?
- How do I grant access to the file for the SolarWinds Observability Agent (swagent user) running on the Linux machine
- How do I deploy Agent in Kubernetes using the locally managed mode
How do I set up multiple integrations?
Configure all integrations in the same local_config.yaml file. You can mix credential sources for each integration.
Example:
integrations:
otel/elasticsearch:
- name: test-elasticsearch-1
status-url: http://localhost:9200
collection-interval: 5s
password:
value-from:
provider: akeyless
secret-name: your-secret-name-1
otel/elasticsearch:
- name: test-elasticsearch-2
status-url: http://localhost:9201
collection-interval: 5s
password:
value-from:
provider: akeyless
secret-name: your-secret-name-2
otel/nginx:
- name: test-nginx
endpoint: http://localhost:80/status
collection-interval: 5s
otel/hostmetrics:
- name: myhost123
dbo/mysql:
- name: test-mysql
host: localhost
port: 3306
user: root
password:
value-from:
provider: aws-secrets-manager
secret-name: dev/uams/mysql
secret-key: mysql-database-passwordHow do I set up multiple credentials providers?
Configure all credentials providers in the same credentials_config.yaml file. You can mix credential providers.
Example:
credentials:
hashicorp-vault:
address: http://127.0.0.1
auth:
type: token
token:
value-from:
provider: env
key: HASHICORP_VAULT_TOKEN_1
infisical:
auth:
type: universal
client-id: "your-client-id"
client-secret: "your-secret"
project-id: "your-project-id-written"
site-url: "http://192.168.10.20"
cache-expiry: 40
hashicorp-vault/second-vault:
address: http://127.0.0.2
auth:
type: token
token:
value-from:
provider: env
key: HASHICORP_VAULT_TOKEN_2Can I mix local and remote configuration options?
No. If the SolarWinds Observability Agent starts in locally managed mode, you cannot push configurations from SolarWinds Observability SaaS. Users cannot remotely add any DBO or OTel/Telegraf-based integrations.
How do I migrate my SolarWinds Observability Agent currently configured in SolarWinds Observability SaaS (remote configuration)?
Migration is not supported. You must remove the existing SolarWinds Observability Agent and deploy a new one with local configuration.
How do I lock the exact version of SolarWinds Observability Agent and plugins from local configuration?
Use the agent-version and plugin-versions parameters in the local_config.yaml file.
Always specify both parameters.
agent-version: 1.0.0
plugin-versions:
otel: 1.2.3
dbo: 1.0.2
integrations:
otel/elasticsearch:
- name: test-elasticsearch
status-url: http://localhost:9200
collection-interval: 5s
password:
value-from:
provider: akeyless
secret-name: your-secret-name
otel/nginx:
- name: test-nginx
endpoint: http://localhost:80/status
collection-interval: 5s
otel/hostmetrics:
- name: myhost123How do I set up auto updates in locally managed mode?
This works like the remotely managed SolarWinds Observability Agent. However, when agent or plugin version pinning is enabled, auto-updates are blocked, and versions remain locked to those specified in the local_config.yaml file.
Are there other methods of integrating with HasihCorp supported?
The following is a list of all HashiCorp settings supported by the SolarWinds Observability Agent:
| Configuration Field Name | Environmental Variable Name | Description |
|---|---|---|
|
kv-version |
- |
KV version. Default: v2 |
|
kv-mount-path |
- |
KV mount path. Default: secret |
|
address |
VAULT_ADDR |
Address of the Vault server. |
|
agent-address |
VAULT_AGENT_ADDR |
Address of the Vault Agent, if used. |
|
ca-cert |
VAULT_CACERT |
Path to a PEM-encoded CA certificate file on the local disk. Used to verify SSL certificates for the server. |
|
ca-path |
VAULT_CAPATH |
Path to a directory with PEM-encoded CA certificate files on the local disk. Used to verify SSL certificates for the server. |
|
client-cert |
VAULT_CLIENT_CERT |
Path to a PEM-encoded CA certificate file on the local disk. Used for TLS communication with the server. |
|
client-key |
VAULT_CLIENT_KEY |
Path to a PEM-encoded private key that matches the client certificate set with client-cert. |
|
tls-server-name |
VAULT_TLS_SERVER_NAME |
Name of the SNI host for TLS handshake resolution for TLS connections to Vault. |
|
tls-skip-verify |
VAULT_SKIP_VERIFY |
Disable verification for all TLS certificates. Use with caution. Disabling TLS certificate verification decreases the security of data transmissions to and from the Vault server. |
|
client-timeout |
VAULT_CLIENT_TIMEOUT |
Amount of time, in [s |
|
srv-lookup |
VAULT_SRV_LOOKUP |
Use SRV records instead of standard DNS to look up hostnames. Default: false |
|
disable-redirects |
VAULT_DISABLE_REDIRECTS |
Disable the default redirect behavior so it honors the first redirect response from the underlying API instead of following the full HTTP redirect chain. Default: false |
|
max-retries |
VAULT_MAX_RETRIES |
The number of times it should retry a request to the Vault server when it receives 412 or 5xx error code. To disable retrying, set VAULT_MAX_RETRIES to 0. Default: 2 |
|
namespace |
VAULT_NAMESPACE |
Root namespace for the integration. Setting a default namespace allows relative mount paths. |
How do I use the shared config and credentials files to globally configure AWS Secret Manager SDK?
To set up the AWS credentials from config and credentials files used for authentication to AWS Secrets Manager, define the following auth block.
credentials:
aws-secrets-manager:
auth:
type: files
config-file-path: <path_to_your_config_file>
credentials-file-path: <path_to_your_credentials_file>
profile: <name_of_profile_from_config> # this field is optional, you can define a default profile in the AWS configuration filesHow do I grant access to the file for the SolarWinds Observability Agent (swagent user) running on the Linux machine
SolarWinds Observability Agent requires access to the log folder. Use the following command to grant access:
-
Grant the agent access to log files:
usermod -a -G adm swagent -
Restart the agent:
service uamsclient restart
How do I deploy Agent in Kubernetes using the locally managed mode
- Create a
uamsnamespace:kubectl create namespace uams - Create a configmap.yaml config map file:
apiVersion: v1 kind: ConfigMap metadata: namespace: uams name: swo-agent-local-config data: local_config: | integrations: dbo/mysql: - name: mysql-integration-1 # fill out settings # if you want to use 3rd party credential providers, you can define them here #--- #apiVersion: v1 #kind: ConfigMap #metadata: # namespace: uams # name: swo-agent-credentials-config #data:# credentials_config: | # credentials: # hashicorp-vault: # auth: # type: env-vars # token: HASHICORP_VAULT_TOKEN -
Apply the configuration:
kubectl apply -f configmap.yaml -
Create an access token secret:
kubectl create secret generic access-token -n uams --from-literal=ACCESS_TOKEN="<swo-access-token>" -
If you want to use a third party credential provider as above, create a secret with the HashiCorp Vault token:
kubectl create secret generic hashicorp-vault-token -n uams --from-literal=HASHICORP_VAULT_TOKEN="<hashicorp-vault-token>" - Create the deployment
apiVersion: apps/v1 kind: Deployment metadata: name: uamsclient-deployment namespace: uams labels: k8s-app: uamsclient spec: replicas: 1 selector: matchLabels: app: uamsclient template: metadata: labels: app: uamsclient spec: restartPolicy: Always containers: - name: uamsclient image: solarwinds/swo-agent:latest env: - name: UAMS_CLIENT_ID_OVERRIDE value: <uuid> # fill this out - name: SWO_URL value: <swo-url> # fill this out - name: UAMS_CONTAINER_HOSTNAME value: <hostname> # fill this out - name: UAMS_LOCAL_CONFIGURATION_FILE_PATH value: /etc/local-config/local_config.yaml # if you want to use 3rd party credential providers as above, you have to specify credentials configuration file path #- name: UAMS_CREDENTIALS_CONFIGURATION_FILE_PATH # value: /etc/credentials-config/credentials_config.yaml - name: UAMS_ACCESS_TOKEN valueFrom: secretKeyRef: name: access-token key: ACCESS_TOKEN # if you want to use 3rd party credential providers as above, you can define HASHICORP_VAULT_TOKEN env variable #- name: HASHICORP_VAULT_TOKEN # valueFrom: # secretKeyRef: # name: hashicorp-vault-token # key: HASHICORP_VAULT_TOKEN volumeMounts: - name: config-volume mountPath: "/etc/local-config" readOnly: true # if you want to use 3rd party credential providers as above, you can define the credentials_config volume #- name: credentials-config-volume # mountPath: "/etc/credentials-config" # readOnly: true volumes: - name: config-volume configMap: name: swo-agent-local-config items: - key: local_config path: local_config.yaml # if you want to use 3rd party credential providers as above, you can define the credentials_config volume #- name: credentials-config-volume # configMap: # name: swo-agent-credentials-config # items: # - key: credentials_config # path: credentials_config.yaml -
Apply the deployment.
kubectl apply -f deployment.yaml