Install Upwind on Hosts

Overview

This topic describes how to install an Upwind Sensor on a Linux host (VM), such as an Amazon EC2 instance, Google Cloud InarNXW, Microsoft Azure VM or a on-premise VM.

Step 1: Generate Client Credentials

note

This step is relevant only if you want to create new client credentials. If you already have client credentials, you can skip this step.

If you start this process after you have connected your cloud account, then you can generate the client credentials as part of the host connection process.

Alternatively, you can generate it in the Client Credentials . After you have generated the client credentials, note down the UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.

Step 2: Verify the Upwind Sensor Installation Script

Before installing the Upwind Sensor, validate the integrity of the ⁠sensor.sh installation script using SHA256 checksum provided by Upwind. This ensures that the script has not been tampered with.

tip

This step is optional, but we recommend doing this to verify the integrity of the installation script and ensure that the downloadable assets have not been altered or corrupted since they were published.

1. Generate the checksum. Read the script and pass it through the ⁠sha256sum utility to create the SHA256 checksum. Alternatively, you can download the file first and then run ⁠sha256sum on it.

   Command

   Execute the following command to generate the checksum:

   curl -fsSL https://get.upwind.io/sensor.sh | sha256sum

   Example output

   The command will output a checksum similar to the following:

   9eaea8877f984b2ff085b4936f82402be59c771f6a44b4aae6fee447022ca200  -

2. Compare with the provided checksum. Retrieve the official checksum from the accompanying ⁠.sha256 file and compare it with the generated checksum. If the checksums match, then it is safe to run the installation script. If the checksums do not match, do not run the installation script, and contact Support.

   Command

   Execute the following command to retrieve the official checksum:

   curl -fsSL https://get.upwind.io/sensor.sh.sha256

   Example output

   The official checksum will look like this:

   9eaea8877f984b2ff085b4936f82402be59c771f6a44b4aae6fee447022ca200

Step 3: Install Upwind Sensor

Automatic (Recommended)

Execute the following command on the host to download and install the Upwind Sensor:

curl -fSsl https://get.upwind.io/sensor.sh | \
  UPWIND_CLIENT_ID="<redacted>" \
  UPWIND_CLIENT_SECRET="<redacted>" \
  bash -s

Update UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET with the values you noted down in the previous step.

Debian

Download and install the package:

curl -fSsl https://get.upwind.io/scripts/get-package.sh | \
  UPWIND_CLIENT_ID="<redacted>" \
  UPWIND_CLIENT_SECRET="<redacted>" \
  bash -s deb
sudo dpkg -i upwind-agent_${version}_amd64.deb

Edit config and add credentials:

sudo vi /etc/upwind/agent.yaml

# Upwind Agent Configuration
log-level: info
platform: host
auth-client-id: # REQUIRED CLIENT ID HERE #
auth-client-secret: # REQUIRED CLIENT SECRET HERE #

Start and enable services:

sudo systemctl enable upwind-agent.service
sudo systemctl start upwind-agent.service
sudo systemctl enable upwind-agent-scanner.timer
sudo systemctl start upwind-agent-scanner.timer

RPM

Download and install the package:

curl -fSsl https://get.upwind.io/scripts/get-package.sh | \
  UPWIND_CLIENT_ID="<redacted>" \
  UPWIND_CLIENT_SECRET="<redacted>" \
  bash -s rpm
sudo rpm -i upwind-agent-${version}-1.x86_64.rpm

Edit config and add credentials:

sudo vi /etc/upwind/agent.yaml

# Upwind Agent Configuration
log-level: info
platform: host
auth-client-id: # REQUIRED CLIENT ID HERE #
auth-client-secret: # REQUIRED CLIENT SECRET HERE #

Start and enable services:

sudo systemctl enable upwind-agent.service
sudo systemctl start upwind-agent.service
sudo systemctl enable upwind-agent-scanner.timer
sudo systemctl start upwind-agent-scanner.timer

BYOC

Execute the following command on the host to download and install the Upwind Sensor:

curl -s https://get.upwind.io/sensor.sh | \
  UPWIND_CLIENT_ID="${CLIENT_ID}" \
  UPWIND_CLIENT_SECRET="${CLIENT_SECRET}" \
  UPWIND_AGENT_CLOUD_PROVIDER="byoc" \
  UPWIND_AGENT_CLOUD_ACCOUNT_ID="byoc-${ACCOUNT_ID}" \
  UPWIND_AGENT_ZONE="byoc-${LOCATION}" \
  bash -s

This command downloads the installation script and runs it with the specified environment variables, including UPWIND_AGENT_CLOUD_PROVIDER, UPWIND_AGENT_CLOUD_ACCOUNT_ID, and UPWIND_AGENT_ZONE. These values will be specific to the BYOC cloud account that you create or configure when connecting your accounts with Upwind. It's essential to set these environment variables accurately to reflect your specific setup and ensure the sensor's correct operation within your cloud environment.

info

It is possible to deploy the Upwind Sensor on a host using the cloud deployment tools, such as Azure Run Command, AWS Systems Manager, or Google Cloud Patch Manager. For more information, see the Cloud Deployment Tools page.

Step 4: Validate the Installation

It is recommended to validate that the Upwind Sensor is running correctly on the host.

Run the following command to check the Sensor status:

sudo systemctl status upwind-agent

The output should show that the Upwind Sensor is active and running.

Troubleshooting

Read the Troubleshooting guide for more information on how to troubleshoot the Upwind Sensor installation.