Linux Agent

To install the ACSC agent on Linux (and other Unix-like operating systems), make sure you first set up the host in the ACSC management UI, and have downloaded its per-host configuration files. Then download the agent installer. After you have downloaded the installer tarball, copy it to the host, extract it, and run the installer script.

Set Up Host

Copy the host-specific acsc.conf and acsc-setup.conf files you downloaded from the ACSC management UI to the host. Place them in the host’s /etc/wireguard/ directory (or an alternate directory):

$ sudo mkdir /etc/wireguard/
$ sudo mv acsc.conf /etc/wireguard/.
$ sudo mv acsc-setup.conf /etc/wireguard/.

Extract the Tarball

Copy the agent tarball to the host and extract it. Run the following command in a terminal on the host:

$ tar xf acsc-agent-latest.tar.gz

This will extract the latest version of the agent to a directory called acsc-agent-1.0.0 (or whatever the actual latest version number is instead of 1.0.0).

Run the Installer

The installer must be run as root. After extracting the tarball, run the following commands in the terminal on the host to run the installer:

$ cd acsc-agent-*/
$ sudo ./install.sh --install
running as root
install 1.0.0
agent configuration found at /etc/wireguard/acsc.conf
agent setup found at /etc/wireguard/acsc-setup.conf
/etc/wireguard/acsc.conf mode ok (-rw-rw-r--)
WARNING /etc/wireguard/acsc.conf owner should be root
fix owner? ([y]es, [n]o): y
OK will fix owner
fixed owner
...
...
...
WARNING daemon dead
start daemon? ([y]es, [q]uit): y
OK will start daemon
Created symlink /etc/systemd/system/default.target.wants/acsc-agent.service → /etc/systemd/system/acsc-agent.service.
started daemon
install SUCCESS

Once the agent is installed, it will automatically start running as a service.

Next Steps

  1. Check the host’s main page in the app. The Agent panel should show the results of the agent’s latest ping.
  2. If the Agent panel simply reads Set Up Agent, or if the Interfaces panel doesn’t list the WireGuard interfaces you already have running on the host, check the Agent Troubleshooting page.

Logging

In addition to writing output to stdout, the installer also writes similar output to a log file on the host, located here:

/var/log/acsc-install.log

You can refer to this log file to help determine what, where, and when the installer installed something on your host. Our support staff may also ask you to send us this log when we’re helping you troubleshoot installation issues.

Other Options

Run the installer with the --help flag to see the other installer options:

$ ./install.sh --help
Anti-Cloud Secure Connect Agent installer.

Installs the Anti-Cloud Secure Connect Agent as a daemon in a python virtualenv.

Usage:
  install.sh --help
  install.sh --dryrun [--install | --remove]
  install.sh --install [--force]
  install.sh --remove [--force]
  install.sh --version

Options:
  -h --help     Show this help
  -d --dryrun   Run all installer checks without installing/removing anything
  -f --force    Automatically answer yes to all prompts
  -i --install  Install the agent
  -r --remove   Remove the agent
  -v --version  Show version number

Environment variables:
  INSTALL_LOG       Path to installer log ('/var/log/acsc-install.log')
  INSTALL_PYTHON    Path to python executable ('python3')
  INSTALL_SRC       Path to agent source code ('/root/acsc-agent-1.0.0')
  INSTALL_VENV      Path to agent virtualenv ('/opt/venvs/acsc-agent')

Dryrun

Running the installer with the --dryrun flag will run through the installer steps without actually doing anything to your host. It will output lines beginning with ERROR, WARNING, or OK to indicate what it will or will not do:

You don’t have to run the installer as root for a dry run; however, the output may not be fully accurate unless you do.

Force

Running the installer with the --force flag will automatically select yes for all prompts. This is how you’d want to run the installer as part of an automated deploy script.

Requirements

The agent requires WireGuard, Python 3.8 or newer, and libsodium. The installer can install these requirements for you on most Linux platforms via package manager.

WireGuard

If the installer can’t install WireGuard for you, follow the WireGuard Installation instructions from the WireGuard site to install WireGuard on the host manually.

Python

If the installer can’t install Python for you, follow these instructions to install Python on the host manually:

Make sure you install at least Python 3.8 or newer. Once you install Python, use the INSTALL_PYTHON environment variable to point the agent installer to your Python executable:

$ sudo INSTALL_PYTHON=/usr/bin/python3.8 ./install.sh --install

Libsodium

If the installer can’t install libsodium for you, follow the Libsodium Installation instructions from the libsodium documentation to build and install libsodium on the host manually.

If you installed libsodium into /usr/local/lib on Linux, make sure /usr/local/lib is in your shared library path. Run ldconfig -p | grep libsodium to check. If not, add /usr/local/lib to your /etc/ld.so.conf file, and then run the ldconfig command (as root).

Troubleshooting

Any WARNING output the installer generates are issues the installer will automatically fix for you (if you answer yes to its prompts). But if you see any ERROR output, here’s what to do:

Must run as root

If the installer outputs ERROR must run as root, make sure you are running the installer as the root user. Try running the installer with the sudo command, like sudo ./install.sh --install.

Agent configuration not found

If the installer outputs ERROR agent configuration not found, make sure you’ve downloaded the acsc.conf file and moved it to /etc/wireguard/acsc.conf on the host. See the Set Up Host instructions for details.

Agent credentials not found

If the installer outputs ERROR agent credentials not found, make sure you’ve downloaded the acsc-setup.conf file and moved it to /etc/wireguard/acsc-setup.conf on the host. See the Set Up Host instructions for details.

Unable to install libsodium

If the installer outputs ERROR unable to install libsodium, follow the Libsodium installation instructions to install libsodium manually, and then re-run the installer.

Unable to install python

If the installer outputs ERROR unable to install python, follow the Python installation instructions to install Python manually, and then re-run the installer. When you re-run the installer, make sure you set the INSTALL_PYTHON environment variable to the path to the Python executable you just installed (eg sudo INSTALL_PYTHON=/usr/bin/python3.8 ./install.sh --install).

Python 3.8 required

If the installer outputs ERROR python 3.x.x found at /usr/bin/python3 but at least 3.8 required, follow the Python installation instructions to install Python manually, and then re-run the installer. When you re-run the installer, make sure you set the INSTALL_PYTHON environment variable to the path to the Python executable you just installed (eg sudo INSTALL_PYTHON=/usr/bin/python3.8 ./install.sh --install).

Unable to install missing python packages

If the installer outputs ERROR unable to install missing python packages, follow the Python installation instructions to install Python manually, and then re-run the installer. When you re-run the installer, make sure you set the INSTALL_PYTHON environment variable to the path to the Python executable you just installed (eg sudo INSTALL_PYTHON=/usr/bin/python3.8 ./install.sh --install).

Failed building wheel for pynacl

If the installer outputs ERROR: Failed building wheel for pynacl, or displays similar errors like:

Install your OS’s gcc, make, libffi-dev (or libffi-devel), and python3-dev (or python3-devel) packages, and then re-run the installer.

The following commands will make sure you have the necessary OS packages to build the PyNaCl wheel on most Linux distributions: