Install Upwind on Hosts
Overview
This topic describes how to install an Upwind Sensor on a Linux host (VM), such as an Amazon EC2 instance, Google Cloud InarNXW, Microsoft Azure VM or a on-premise VM.
Step 1: Generate Client Credentials
This step is relevant only if you want to create new client credentials. If you already have client credentials, you can skip this step.
If you start this process after you have connected your cloud account, then you can generate the client credentials as part of the host connection process.
Alternatively, you can generate it in the Client Credentials . After you have generated the client credentials, note down the UPWIND_CLIENT_ID
and UPWIND_CLIENT_SECRET
fields.
Step 2: Verify the Upwind Sensor Installation Script
Before installing the Upwind Sensor, validate the integrity of the sensor.sh
installation script using SHA256 checksum provided by Upwind. This ensures that the script has not been tampered with.
This step is optional, but we recommend doing this to verify the integrity of the installation script and ensure that the downloadable assets have not been altered or corrupted since they were published.
-
Generate the checksum. Read the script and pass it through the
sha256sum
utility to create the SHA256 checksum. Alternatively, you can download the file first and then runsha256sum
on it.- Command
- Example output
Execute the following command to generate the checksum:
curl -fsSL https://get.upwind.io/sensor.sh | sha256sum
The command will output a checksum similar to the following:
9eaea8877f984b2ff085b4936f82402be59c771f6a44b4aae6fee447022ca200 -
-
Compare with the provided checksum. Retrieve the official checksum from the accompanying
.sha256
file and compare it with the generated checksum. If the checksums match, then it is safe to run the installation script. If the checksums do not match, do not run the installation script, and contact Support.- Command
- Example output
Execute the following command to retrieve the official checksum:
curl -fsSL https://get.upwind.io/sensor.sh.sha256
The official checksum will look like this:
9eaea8877f984b2ff085b4936f82402be59c771f6a44b4aae6fee447022ca200
Step 3: Install Upwind Sensor
- Automatic (Recommended)
- Debian
- RPM
- BYOC
Execute the following command on the host to download and install the Upwind Sensor:
curl -fSsl https://get.upwind.io/sensor.sh | \
UPWIND_CLIENT_ID="<redacted>" \
UPWIND_CLIENT_SECRET="<redacted>" \
bash -s
Update UPWIND_CLIENT_ID
and UPWIND_CLIENT_SECRET
with the values you noted down in the previous step.
Download and install the package:
curl -fSsl https://get.upwind.io/scripts/get-package.sh | \
UPWIND_CLIENT_ID="<redacted>" \
UPWIND_CLIENT_SECRET="<redacted>" \
bash -s deb
sudo dpkg -i upwind-agent_${version}_amd64.deb
Edit config and add credentials:
sudo vi /etc/upwind/agent.yaml
# Upwind Agent Configuration
log-level: info
platform: host
auth-client-id: # REQUIRED CLIENT ID HERE #
auth-client-secret: # REQUIRED CLIENT SECRET HERE #
Start and enable services:
sudo systemctl enable upwind-agent.service
sudo systemctl start upwind-agent.service
sudo systemctl enable upwind-agent-scanner.timer
sudo systemctl start upwind-agent-scanner.timer
Download and install the package:
curl -fSsl https://get.upwind.io/scripts/get-package.sh | \
UPWIND_CLIENT_ID="<redacted>" \
UPWIND_CLIENT_SECRET="<redacted>" \
bash -s rpm
sudo rpm -i upwind-agent-${version}-1.x86_64.rpm
Edit config and add credentials:
sudo vi /etc/upwind/agent.yaml
# Upwind Agent Configuration
log-level: info
platform: host
auth-client-id: # REQUIRED CLIENT ID HERE #
auth-client-secret: # REQUIRED CLIENT SECRET HERE #
Start and enable services:
sudo systemctl enable upwind-agent.service
sudo systemctl start upwind-agent.service
sudo systemctl enable upwind-agent-scanner.timer
sudo systemctl start upwind-agent-scanner.timer
Execute the following command on the host to download and install the Upwind Sensor:
curl -s https://get.upwind.io/sensor.sh | \
UPWIND_CLIENT_ID="${CLIENT_ID}" \
UPWIND_CLIENT_SECRET="${CLIENT_SECRET}" \
UPWIND_AGENT_CLOUD_PROVIDER="byoc" \
UPWIND_AGENT_CLOUD_ACCOUNT_ID="byoc-${ACCOUNT_ID}" \
UPWIND_AGENT_ZONE="byoc-${LOCATION}" \
bash -s
This command downloads the installation script and runs it with the specified environment variables, including UPWIND_AGENT_CLOUD_PROVIDER
, UPWIND_AGENT_CLOUD_ACCOUNT_ID
, and UPWIND_AGENT_ZONE
. These values will be specific to the BYOC cloud account that you create or configure when connecting your accounts with Upwind. It's essential to set these environment variables accurately to reflect your specific setup and ensure the sensor's correct operation within your cloud environment.
It is possible to deploy the Upwind Sensor on a host using the cloud deployment tools, such as Azure Run Command, AWS Systems Manager, or Google Cloud Patch Manager. For more information, see the Cloud Deployment Tools page.
Step 4: Validate the Installation
It is recommended to validate that the Upwind Sensor is running correctly on the host.
Run the following command to check the Sensor status:
sudo systemctl status upwind-agent
The output should show that the Upwind Sensor is active and running.
Troubleshooting
Read the Troubleshooting guide for more information on how to troubleshoot the Upwind Sensor installation.