Self Signed Certificates

Scalr Agent

Note

This only applies to self hosted Scalr. The instructions below are for CentOS 7. You might need to customize them for other operating systems.

If you plan on using self signed certificates, you will need to manually build the docker container which runs the Scalr agent.

  1. Uninstall Scalr agent if already installed:

$ yum erase scalr-agent
  1. Add your custom certificates to the operating system trusted certs.

$ cp MyCustomCert.crt MyCustomCA.crt /usr/share/pki/ca-trust-source/anchors
$ update-ca-trust
  1. Install Docker by following the official instructions.

  1. Login to Scalr and generate a new agent pool token. (See Self Hosted Agent Pools for more details)

  2. Create a system unit file for the Scalr agent. Please remember to replace <token> with the token generated in step 4.

$ vim /etc/systemd/system/scalr-agent.service

[Unit]
Description=Scalr Agent
Requires=docker.service

[Service]
ExecStart=/bin/docker run \
       -v /var/run/docker.sock:/var/run/docker.sock \
       -v /var/lib/scalr-agent:/var/lib/scalr-agent \
       -v /etc/ssl/certs/ca-bundle.crt:/usr/local/lib/python3.8/site-packages/certifi/cacert.pem \
       -e SCALR_URL=https://<your_scalr_domain> \
       -e SCALR_TOKEN=<token> \
       -e SCALR_WORK_DIR=/var/lib/scalr-agent \
       --rm --name=scalr-agent scalr/agent:latest run
$ systemctl daemon-reload
  1. Start the Scalr agent

$ systemctl enable scalr-agent.service
$ systemctl start scalr-agent.service

$ journalctl -l -f -u scalr-agent
-- Logs begin at Wed 2022-05-04 19:11:55 UTC. --
May 04 22:12:38 cloud-1034-apool docker[24694]: [2022-05-04 22:12:38,652] INFO: Started: agent id=agent-u1d61c836d2k17o name=5c913eaf2e52, version=0.1.20
May 04 22:12:38 cloud-1034-apool docker[24694]: [2022-05-04 22:12:38,652] INFO: Connecting to the Scalr server: url=https://a6461792.devel.scalr.com
May 04 22:12:39 cloud-1034-apool docker[24694]: [2022-05-04 22:12:39,001] INFO: Agent is ready to receive jobsud

Terraform Containers

Note

This only applies to self hosted Scalr.

The Docker image that Scalr executes all Terraform runs on the Scalr server with is Debian Buster by default. If you are using custom certificates, you will need to add them to that image.

  1. In an empty directory, create a dockerfile for building your custom Terraform image

$ vim dockerfile

ARG TERRAFORM_VERSION
FROM scalr/terraform:${TERRAFORM_VERSION}

ADD MyCustomCert.crt MyCustomCA.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
  1. Make sure to copy your custom certificates to the same directory as the dockerfile

$ tree
.
├── dockerfile
├── MyCustomCert.crt
└── MyCustomCA.crt
  1. Build the Terraform container and specify the Terraform version.

docker build --pull --build-arg TERRAFORM_VERSION=<add_terraform_version> -t scalr/terraform:<add_terraform_version> .

If you want to use other versions of Terraform, please change the version in the command above and run it again.