Agent Configuration

Complete guide to configuring SysManage agents including server connection, security settings, and data collection options.

Overview

The SysManage agent is configured through a YAML configuration file named sysmanage-agent.yaml. This file controls all aspects of agent behavior including server connectivity, security settings, data collection intervals, and script execution policies.

Configuration File Location

Linux/Unix: /etc/sysmanage-agent/sysmanage-agent.yaml
Current Directory: ./sysmanage-agent.yaml
User Config: ~/.config/sysmanage-agent/sysmanage-agent.yaml

The agent searches for configuration files in the order listed above.

Server Connection Settings

Configure how the agent connects to the SysManage server.

Basic Server Configuration

server:
  # Hostname or IP address of the SysManage server
  hostname: "sysmanage.example.com"

  # Port number for the SysManage server
  port: 8080

  # Use HTTPS for secure communication
  use_https: true

  # Verify SSL certificates (recommended in production)
  verify_ssl: true

Server Options

Option	Type	Default	Description
`hostname`	string	"localhost"	Server hostname or IP address
`port`	integer	8080	Server port number
`use_https`	boolean	false	Enable HTTPS for secure communication
`verify_ssl`	boolean	false	Verify SSL certificates

Client Identification

Configure agent identification and registration behavior.

client:
  # Optional: Override the system hostname detection
  # If not specified, the agent will auto-detect the system hostname
  # hostname_override: "my-custom-hostname"

  # Registration retry settings
  registration_retry_interval: 30  # seconds between registration attempts
  max_registration_retries: 10     # maximum number of retry attempts (-1 for infinite)

  # Update check settings
  update_check_interval: 3600      # seconds between update checks (default: 1 hour)

  # Package collection settings
  package_collection_interval: 86400  # seconds between package collection runs (default: 24 hours)
  package_collection_enabled: true    # enable/disable automatic package collection
  package_collection_at_startup: true # collect packages at agent startup

Client Options

Option	Type	Default	Description
`hostname_override`	string	auto-detected	Override system hostname for identification
`registration_retry_interval`	integer	30	Seconds between registration retry attempts
`max_registration_retries`	integer	10	Maximum registration retries (-1 for infinite)
`update_check_interval`	integer	3600	Seconds between update availability checks
`package_collection_interval`	integer	86400	Seconds between package inventory collection
`package_collection_enabled`	boolean	true	Enable automatic package collection
`package_collection_at_startup`	boolean	true	Collect packages during agent startup

Internationalization

Configure language settings for agent messages and logging.

i18n:
  # Language/locale for agent messages and logging
  # Supported languages: en, es, fr, de, it, pt, nl, ja, zh_CN, ko, ru
  language: "en"

Supported Languages

en - English (default)
es - Spanish
fr - French
de - German
it - Italian
pt - Portuguese
nl - Dutch
ja - Japanese
zh_CN - Chinese (Simplified)
ko - Korean
ru - Russian

Logging Configuration

Control agent logging behavior and output format.

logging:
  # Log levels to include: DEBUG, INFO, WARNING, ERROR, CRITICAL
  # Can combine multiple levels with pipe: "INFO|WARNING|ERROR|CRITICAL"
  # Examples: "DEBUG" (debug only), "INFO|ERROR" (info and errors only)
  level: "INFO|WARNING|ERROR|CRITICAL"

  # Log to file (default is logs/* in service directory)
  # file: "/var/log/sysmanage-agent.log"

  # Log format - customize the log message appearance
  format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"

Log Levels

DEBUG - Detailed diagnostic information
INFO - General operational information
WARNING - Warning messages for unusual conditions
ERROR - Error messages for serious problems
CRITICAL - Critical error messages

WebSocket Configuration

Configure real-time communication settings with the server.

websocket:
  # Auto-reconnect on connection loss
  auto_reconnect: true

  # Reconnection interval in seconds
  reconnect_interval: 5

  # Ping interval to keep connection alive
  ping_interval: 60

WebSocket Options

Option	Type	Default	Description
`auto_reconnect`	boolean	true	Automatically reconnect on connection loss
`reconnect_interval`	integer	5	Seconds to wait before reconnection attempt
`ping_interval`	integer	60	Seconds between ping messages to keep connection alive

Database Configuration

Configure the agent's local SQLite database settings.

database:
  # Path to the agent's SQLite database file
  # If not specified, defaults to "agent.db" in the agent's working directory
  path: "agent.db"

  # Whether to automatically run database migrations on startup
  auto_migrate: true

Message Queue Configuration

Configure message handling and cleanup behavior.

message_queue:
  # Message expiration timeout in minutes (default: 60)
  # Messages older than this will be marked as expired and no longer processed
  expiration_timeout_minutes: 60

  # Cleanup interval in minutes (default: 30)
  # How often to check for and clean up expired messages
  cleanup_interval_minutes: 30

Script Execution Configuration

Configure security settings for remote script execution.

⚠️ Security Notice: Script execution is a powerful feature that requires careful configuration. Only enable if you trust the server administrators and understand the security implications.

script_execution:
  # Enable or disable script execution functionality
  # Setting this to false completely disables script execution
  enabled: false

  # Maximum script execution timeout in seconds (default: 300 = 5 minutes)
  # Scripts that run longer than this will be terminated
  timeout: 300

  # Maximum number of concurrent script executions allowed
  # This prevents resource exhaustion from multiple simultaneous scripts
  max_concurrent: 3

  # Allowed shells for script execution
  # Only these shells will be permitted for script execution
  allowed_shells:
    - "bash"        # Default shell on most Linux systems
    - "sh"          # POSIX shell
    - "zsh"         # macOS default shell and popular Linux shell

  # User execution restrictions (only applies when agent runs as root)
  user_restrictions:
    # Allow script execution as different users (requires agent to run as root)
    allow_user_switching: false

    # List of users that scripts are allowed to run as
    # Empty list means any user is allowed (if allow_user_switching is true)
    allowed_users: []

  # Security restrictions
  security:
    # Prevent scripts from accessing sensitive files/directories
    # This is advisory - actual enforcement depends on user permissions
    restricted_paths:
      - "/etc/passwd"
      - "/etc/shadow"
      - "/etc/ssh/"
      - "/home/*/.ssh/"
      - "/root/.ssh/"
      - "*.key"
      - "*.pem"

    # Log all script executions for audit purposes
    audit_logging: true

    # Require explicit approval for each script execution
    # If true, scripts will be queued for manual approval
    require_approval: false

Security Best Practices

Keep script execution disabled unless absolutely necessary
Enable audit logging for compliance and security monitoring
Restrict allowed shells to only those you need
Use user restrictions to limit privilege escalation
Enable approval requirements for sensitive environments
Regularly review script execution logs

Data Collection Configuration

Configure what system information the agent collects and how frequently.

collection:
  # Enable collection of system information
  enabled: true

  # Collection intervals (in seconds)
  intervals:
    system_info: 300      # 5 minutes
    software: 3600        # 1 hour
    hardware: 1800        # 30 minutes
    network: 300          # 5 minutes
    users: 1800           # 30 minutes
    available_packages: 86400  # 24 hours (daily collection of available packages)

  # Types of data to collect
  types:
    software_packages: true
    system_updates: true
    hardware_info: true
    network_interfaces: true
    user_accounts: true
    system_metrics: true
    available_packages: true  # Collect available packages from package managers

Collection Types

Type	Description	Default Interval
`software_packages`	Installed software packages and versions	1 hour
`system_updates`	Available system updates and security patches	1 hour
`hardware_info`	CPU, memory, storage, and other hardware details	30 minutes
`network_interfaces`	Network interface configuration and statistics	5 minutes
`user_accounts`	System user accounts and group memberships	30 minutes
`system_metrics`	CPU usage, memory usage, disk space, load average	5 minutes
`available_packages`	Packages available from configured repositories	24 hours

Configuration Examples

Production Environment

server:
  hostname: "sysmanage.company.com"
  port: 443
  use_https: true
  verify_ssl: true

client:
  registration_retry_interval: 60
  max_registration_retries: 5
  update_check_interval: 7200  # Check every 2 hours

i18n:
  language: "en"

logging:
  level: "WARNING|ERROR|CRITICAL"
  file: "/var/log/sysmanage-agent.log"

script_execution:
  enabled: false  # Disabled for security

collection:
  enabled: true
  intervals:
    system_info: 600      # 10 minutes
    software: 7200        # 2 hours
    hardware: 3600        # 1 hour

Development Environment

server:
  hostname: "localhost"
  port: 8080
  use_https: false
  verify_ssl: false

client:
  registration_retry_interval: 10
  max_registration_retries: -1  # Infinite retries
  update_check_interval: 300    # Check every 5 minutes

logging:
  level: "DEBUG"
  format: "%(asctime)s [%(levelname)s] %(message)s"

script_execution:
  enabled: true
  timeout: 600
  security:
    audit_logging: true
    require_approval: true

collection:
  intervals:
    system_info: 60       # 1 minute for rapid testing
    software: 300         # 5 minutes

Configuration Validation

The agent validates configuration on startup and reports any issues in the logs.

Common Validation Issues

Invalid YAML syntax: Check indentation and structure
Unknown configuration keys: Verify spelling and supported options
Invalid data types: Ensure boolean values are true/false, integers are numeric
Out-of-range values: Check minimum/maximum values for timeouts and intervals
Missing required fields: Some sections require certain keys to be present

Test Configuration

Test your configuration before deploying:

# Test configuration syntax
sysmanage-agent --config-test

# Run agent with verbose logging to check configuration
sysmanage-agent --verbose