Sentinelone Ansible Signed Agent Deployment
Recently SentinelOne started to sign the RPM agent package. This is good if you like to use dnf
for package management.
I did small changes to the Ansible script provided by S1, so it can work with dnf
instead of rpm
command.
Ansible is a great way to manage our SentinelOne agents on medium to large deployments.
This Playbook support the following OS:
- Red Hat
- CentOS
- Rocky Linux
- Fedora
- Debian
- Ubuntu
- hosts: s1-endpoints
name: Install SentinelOne Linux agent
vars:
rpm_agent_installer_url: URL_TO_SIGNED_RPM_AGENT_PACKAGE
registration_token: "YOUR_TOKEN"
tasks:
- name: Get dmesg
ansible.builtin.command: dmesg
register: dmesg_output
- name: Assert that host is stable
ansible.builtin.assert:
that:
- "'FUNCTION TRACING IS CORRUPTED' not in dmesg_output.stdout"
fail_msg: 'System Instability Detected'
- name: Check that the sentinelctl exists
ansible.builtin.stat:
path: /opt/sentinelone/bin/sentinelctl
become: true
register: sentinelctl_exists
- name: Create temporary folder to place the installer
file:
path: /tmp/sentinel_installer
state: directory
mode: '0755'
when: sentinelctl_exists.stat.exists == False
- name: Get SentinelAgent RPM package from remote location
get_url:
url: "{{ rpm_agent_installer_url }}"
dest: "/tmp/sentinel_installer/sentinelone_installer.rpm"
mode: '0777'
when: sentinelctl_exists.stat.exists == False and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Rocky") and ansible_facts['distribution_version'] is version( '6.4', '>=')
- name: Install the Linux Agent on Red Hat based distro
dnf:
name: /tmp/sentinel_installer/sentinelone_installer.rpm
state: present
become: true
become_user: root
become_method: sudo
when: sentinelctl_exists.stat.exists == False and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Rocky") and ansible_facts['distribution_version'] is version( '6.4', '>=')
- name: Apply the registration token to the agent
command: /opt/sentinelone/bin/sentinelctl management token set {{ registration_token }}
become_user: root
become_method: sudo
become: true
when: sentinelctl_exists.stat.exists == False
- name: Start the SentinelOne agent
command: /opt/sentinelone/bin/sentinelctl control start
become_user: root
become_method: sudo
become: true
- name: Delete the installer folder
file:
path: /tmp/sentinel_installer
state: absent
become_user: root
become_method: sudo
become: true
And you can easily run the script like:
ansible-playbook -i hosts s1-deployment.yml
Remember to specify the endpoints in the hosts
file within the s1-endpoints
group.
If you need support or licenses in US and Germany you can always contact us support@gonkar.com.