____ __ __ ___ __
/ __ \_________ ____ / /__ / /_ / | ____ ____ ____ / /_
/ / / / ___/ __ \/ __ \/ / _ \/ __/ / /| |/ __ `/ _ \/ __ \/ __/
/ /_/ / / / /_/ / /_/ / / __/ /_ / ___ / /_/ / __/ / / / /_
/_____/_/ \____/ .___/_/\___/\__/ /_/ |_\__, /\___/_/ /_/\__/
/_/ /____/
Droplet Agent is the daemon that runs on DigitalOcean's customer droplets to enable some features such as web console access.
Clone this repository:
> git clone [email protected]:digitalocean/droplet-agent.git
> cd droplet-agentTo build the agent, do the following:
cd ./cmd/agentGOOS=<target OS> go build -o droplet-agent
This will generate the droplet-agent binary.
Upload that binary to your droplet and run:
./droplet-agent -debug
The Droplet Agent should now be running on your droplet.
We now support building deb and rpm packages. You are welcome to submit
PRs for supporting other package management systems.
NOTES:
- As of now, the only supported
<target OS>is Linux, viadebandrpm - The only supported GOARCH is
amd64 systemdis the preferred way for managing the droplet-agent service. Althoughinitctlis also supported, it may not support all features provided by the droplet-agent, and should only be used on older system that does not havesystemdsupport.systemdconfiguration of the agent service is saved atetc/systemd/system/droplet-agent.service, once updated, please remember to apply the changes by runningsystemctl daemon-reload- Configuration for
initctlis saved at/etc/init/droplet-agent.conf. If updated, please runinitctl reload-configurationto apply the updated configuration.
The agent binary takes several command line arguments:
-debug(boolean), if provided, the agent will run in debug mode with verbose logging. This is useful when debugging.-syslog(boolean), specify how the log is handled. By default, all logs will be sent tostdoutandstderr, ifsyslogoption is provided, logs will be sent tosyslogd. When logging tosyslog, the agent will useDropletAgentas the identifier. To retrieve the logs, simply runjournalctl -t DropletAgentcommand.-sshd_port <port>(integer), explicitly indicates which port sshd binds itself to, so that the agent can properly monitor the port knocking messages, as well as enabling the web console proxy to connect to the sshd instance. Without specifying this option, the agent will try parsesshd_configto see if custom port is specified by checking thePortandListenAddressentries, if not, it falls to use the default port (22).-sshd_config <path to sshd_config>(string), explicitly specify the path to thesshd_configfile. In the cases that the sshd is started with a customsshd_configfile other than the default one (/etc/ssh/sshd_config), this parameter must be supplied to let the agent function properly
NOTES:
- Be aware that
sshd_portnumber has higher priority. The agent will skip attempting to parse the port fromsshd_configifsshd_portis supplied. - When parsing the
sshd_config, the agent will take the first occurrence of port number from eitherPortorListenAddressentries. If the sshd is configured to bind to multiple interfaces and/or multiple ports, please sepcify the port number that is exposed externally viasshd_portoption.
First, ensure that Docker is installed and running.
Then, inside the droplet-agent project directory:
> go mod vendor
> make testDroplet Agent currently supports:
- Ubuntu (oldest End Of Standard Support LTS release and later)
- Debian (oldest supported LTS release and later)
- Fedora 41+
- CentOS 9+
- AlmaLinux 8+
- Rocky Linux 8+
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests.
"Droplet Agent" is copyright (c) 2021 DigitalOcean. All rights reserved.