[Optional] Deploy Specific Version of Secure Connector Client

Procedure

Download a specific version of Secure Connector Client RPM.

In the navigation pane, click Manage > Workloads > Agents.
Click the Installer tab.
Click Manual Install using classic packaged installers, then click Next.

The Secure Connector Client packages have the agent type as Secure Connector.
Find the appropriate version (if multiple are available on the cluster) and click Download.
Copy the RPM package to the Linux host for deployment, and then execute the following command with root privileges: rpm -ivh <rpm_filename>.

Retrieve a new token using the API.

Secure Connector tokens can also be retrieved through OpenAPI ( Get Token endpoint). The following Python and Bash snippets can be used to retrieve a new token. Note that the API key used must have the external_integration capability and must have write access to the specified root scope. See OpenAPI Authentication for information on installing the Secure Workload OpenAPI client for python and creating a new API key.

Python snippet for token retrieval


    from tetpyclient import RestClient
    from urllib import quote

    API_ENDPOINT = "https://<UI_VIP_OR_DNS_FOR_TETRATION_DASHBOARD>"
    ROOT_SCOPE_NAME = r"""<ROOT_SCOPE_NAME>"""
    API_CREDENTIALS_FILE = "<API_CREDENTIALS_JSON_FILE>"
    OUTPUT_TOKEN_FILE = "registration.token"

    if __name__ == "__main__":
      client = RestClient(API_ENDPOINT,
                          credentials_file=API_CREDENTIALS_FILE)  # Add (verify=False) to skip certificate verification
      escaped_root_scope_name = quote(ROOT_SCOPE_NAME, safe='')
      resp = client.get('/secureconnector/name/{}/token'.format(escaped_root_scope_name))
      if resp.status_code != 200:
        print 'Error ({}): {}'.format(resp.status_code, resp.content)
        exit(1)
      else:
        with open(OUTPUT_TOKEN_FILE, 'w') as f:
          f.write(resp.content)

BASH snippet for token retrieval


    #!/bin/bash
    HOST="https://<UI_VIP_OR_DNS_FOR_TETRATION_DASHBOARD>"
    API_KEY="<API_KEY>"
    API_SECRET="<API_SECRET>"
    ROOTSCOPE_NAME="<ROOT_SCOPE_NAME>" # if the name contains spaces or special characters, it should be url-encoded
    TOKEN_FILE="registration.token"
    INSECURE=1 # Set to 0 if you want curl to verify the identity of the cluster

    METHOD="GET"
    URI="/openapi/v1/secureconnector/name/$ROOTSCOPE_NAME/token"
    CHK_SUM=""
    CONTENT_TYPE=""
    TS=$(date -u "+%Y-%m-%dT%H:%M:%S+0000")
    CURL_ARGS="-v"
    if [ $INSECURE -eq 1 ]; then
        CURL_ARGS=$CURL_ARGS" -k"
    fi

    MSG=$(echo -n -e "$METHOD\n$URI\n$CHK_SUM\n$CONTENT_TYPE\n$TS\n")
    SIG=$(echo "$MSG"| openssl dgst -sha256 -hmac $API_SECRET -binary | openssl enc -base64)
    REQ=$(echo -n "curl $CURL_ARGS $HOST$URI -w '%{http_code}' -H 'Timestamp: $TS' -H 'Id: $API_KEY' -H 'Authorization: $SIG' -o $TOKEN_FILE")
    status_code=$(sh -c "$REQ")
    if [ $status_code -ne 200 ]; then
        echo "Failed to get token. Status: " $status_code
    else
        echo "Token retrieved successfully"
    fi

Copy the token and start the client. For detailed instructions, see Copy the Token and start the Client.

Previous topic Copy the Token and Start the Client Next topic Secure Connector Client Status