Installing Trento Agents

Before you can install a Trento Agent, you must obtain the API key of your Trento Server. Proceed as follows:

  1. Open the URL of the Trento Web console. It prompts you for a user name and password:

    trento-web-login

  2. Enter the credentials for the admin user (specified during installation of Trento Server).

  3. Click Login.

  4. When you are logged in, go to Settings:

    trento-settings-apikey

  5. Click the Copy button to copy the key to the clipboard.

Install the Trento Agent on an SAP host and register it with the Trento Server as follows:

  1. Install the package:

    > sudo zypper ref
> sudo zypper install trento-agent

  2. Open the configuration file /etc/trento/agent.yaml and uncomment (remove the # character) the entries for facts-service-url, server-url and api-key. Update the values as necessary:

    • facts-service-url: the address of the AMQP RabbitMQ service used for communication with the checks engine (wanda). The correct value of this parameter depends on how Trento Server was deployed.

      In a Kubernetes deployment, it is amqp://trento:trento@TRENTO_SERVER_HOSTNAME:5672/. If the default RabbitMQ username and password (trento:trento) were updated using Helm, the parameter must use a user-defined value.

      In a systemd or containerized deployment, the correct value is amqp://TRENTO_USER:TRENTO_USER_PASSWORD@TRENTO_SERVER_HOSTNAME:5672/vhost. If TRENTO_USER and TRENTO_USER_PASSWORD have been replaced with custom values, you must use them.

    • server-url: URL for the Trento Server (http://TRENTO_SERVER_HOSTNAME)

    • api-key: the API key retrieved from the Web console

  3. If SSL termination has been enabled on the server side, you can encrypt the communication from the agent to the server as follows:

    1. Provide an HTTPS URL instead of an HTTP one.

    2. Import the certificate from the Certificate Authority that has issued your Trento Server SSL certificate into the Trento Agent host as follows:

      1. Copy the CA certificate in the PEM format to /etc/pki/trust/anchors/. If the CA certificate is in the CRT format, convert it to PEM using the following openssl command:

        openssl x509 -in mycert.crt -out mycert.pem -outform PEM

      2. Run the update-ca-certificates command.

  4. Start the Trento Agent:

    > sudo systemctl enable --now trento-agent

  5. Check the status of the Trento Agent:

    > sudo systemctl status trento-agent
● trento-agent.service - Trento Agent service
     Loaded: loaded (/usr/lib/systemd/system/trento-agent.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2021-11-24 17:37:46 UTC; 4s ago
   Main PID: 22055 (trento)
      Tasks: 10
     CGroup: /system.slice/trento-agent.service
             ├─22055 /usr/bin/trento agent start --consul-config-dir=/srv/consul/consul.d
             └─22220 /usr/bin/ruby.ruby2.5 /usr/sbin/SUSEConnect -s

[...]

  6. Repeat this procedure on all SAP hosts that you want to monitor.