Deploying an Insight Point using the install script

Veza maintains a script you can use to quickly install and run an Insight Point with Docker. Follow these steps to set up your environment, run the latest install script, and manage the deployment.

Prerequisites

• Systemd

• Docker (or Podman with Docker compatibility)

Install Docker

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker

sudo apt-get update
sudo apt-get install -y docker.io

sudo dnf install -y podman-docker

Install

Generate an Insight Point key from the Veza Administration > Insight Point page. Store it as an environment variable before downloading and executing the script:

INSIGHT_POINT_KEY="<key>" bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

or

export INSIGHT_POINT_KEY="<key>"
bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

Remove

Uninstall

Uninstall will remove all components of the Insight Point but will not remove the configuration in /etc/veza-insight-point.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- uninstall

Remove

Remove will remove all components of the Insight Point and the configuration in /etc/veza-insight-point. The Insight Point Key will be lost (if not backed up).

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- remove

Tips & Tricks

Pull from a different registry

The image must be pulled through a pull-through cache or from a private registry (where the image is mirrored to). To override the image repository set the IMAGE_REPOSITORY config setting.

Edit configuration in /etc/veza-insight-point/service.env to set the IMAGE_REPOSITORY configuration:

IMAGE_REPOSITORY="registry.example.com/veza/insight-point"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Using a proxy server

If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY lines to the Insight Point service configuration.

Edit configuration in /etc/veza-insight-point/config.env to include the proxy server details:

HTTP_PROXY=http://proxy.local:8080
HTTPS_PROXY=http://proxy.local:8080
NO_PROXY="*.domain.local,*.domain2.local"

To configure custom certificates, see the Using custom certificates section.

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Using custom certificates

Edit configuration in /etc/veza-insight-point/service.env to mount the custom certificates to the Insight Point container:

CONTAINER_FLAGS="-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Troubleshooting

Status

Retrieve the status of the Insight Point systemd service:

systemctl status veza-insight-point.service

Logs

Retrieve last 500 log lines for the Insight Point service:

journalctl -n 500 -u veza-insight-point.service

Follow logs for the Insight Point service:

journalctl -u veza-insight-point.service -f

Reinstall

Reinstall will remove the currently installed Insight Point service and install it again. All configuration in /etc/veza-insight-point will be preserved.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- reinstall