Optional Installation Step: Configuring a Docker Installation to Use CA Bundle

Configure a Docker Installation to Use CA Bundle

This step applies only for Docker agent installations.

If you want to configure your installation to use CA certificates, follow these steps:

  1. Follow the same process for installing an agent, but stop once you have generated the run command.
    You can implement both a proxy and CA certificates with your installation. You can review the steps for the proxy set up here. You can stop at the point where you add the variables for the proxy before adding the steps for the CA certificate setup.
  2. Create a custom CA bundle for the following sites (i.e. /path/to/custom-ca.crt):
    - a.blazemeter.com
    - data.blazemeter.com
    - storage.blazemeter.com
    - APM URL (if applicable)
  3. Copy the docker run command and add the following environment variables and volume to the docker run command
    The bold portion below is the only part that can change:
    -e REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt 
    -e AWS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
    -v /path/to/custom-ca.crt:/etc/ssl/certs/ca-certificates.crt
  4. The full docker run command will look like the following:
    docker run -d -e REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt -e AWS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt --env HARBOR_ID=<Harbor ID> --env SHIP_ID=<Ship ID> --env AUTH_TOKEN=<Auth Token> --env AUTO_UPDATE=true --env DISTRIBUTION=stable --name=blazemeter-crane --restart=on-failure -v /path/to/custom-ca.crt:/etc/ssl/certs/ca-certificates.crt -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp --net=host blazemeter/crane python agent/agent.py
  5. Once you have added the extra values (if you have a proxy setup as well, you will need to have those variables included as well), copy the edited command and run it on the machine you are installing your Agent on, and follow the final steps of the Agent install to complete the installation.

Configure a Docker Installation to Use CA Bundle for Grid Proxy

You can configure a Docker private location agent to use a CA bundle for Grid Proxy by setting up the necessary Crane agent environment variables and Docker volumes.

Set Up Environment Variables

You set the following Crane agent environment variables to provide the file paths for the SSL public certificate and private key required by the Grid Proxy.

  • TLS_CERT_GRID: Specifies the file path for the SSL public certificate.

    -e TLS_CERT_GRID=/etc/ssl/certs/doduo/public.crt

  • TLS_KEY_GRID: Specifies the file path for the SSL private key.

    -e TLS_KEY_GRID=/etc/ssl/certs/doduo/private.key

You can provide custom file paths for the certificates.

Configuring Docker Volumes

You define Docker volumes to map the actual certificate files to the locations where they will be accessible within the virtual service containers.

Docker Volume Definitions

  • Map the SSL public certificate file:

    -v /path/to/public.crt:/etc/ssl/certs/doduo/public.crt

  • Map the SSL private key file:

    -v /path/to/private.key:/etc/ssl/certs/doduo/private.key

Example: Adding to Crane Agent Docker Command

Below is an example of how to add the environment variables and volume mappings to the Crane Agent Docker command.

By following these steps, you can configure your Docker OPL agent to use a CA bundle for the Grid Proxy, ensuring secure and seamless communication.