Workers
A-Ops uses workers that are installed locally by customers so that execution and secrets remains within the customers environment. This is also required as often the worker needs to interact directly with customers infrastructure, applications or networks and doing this from a non-customer managed worker would be difficult.
All workers are single tenanted and in a multi worker environment must have the same level of access and rights as flows could be executed on any worker at any time.
By request SecureAck can arrange for a worker to be deployed into our cloud environment but does come with additional complexity.
Docker Deployment
Coming soon!
Manual Deployment
System -> Worker Status
From this page click "Download Worker Package"
We recommend using Ubuntu but any operating system that supports Python will work.
Prerequisites
- python3
- python3-pip
apt-get install python3 python3-pip
Installing
- Transfer and unzip worker_package.zip that was downloaded from the Worker Status page
- Run start.sh
Service Installation
nano /etc/systemd/system/a-ops-worker.service
[Unit]
Description=a-ops-worker
[Service]
Type=simple
WorkingDirectory=<PATH TO EXTRACTED FILES>
ExecStart=/usr/bin/python3 <PATH TO EXTRACTED FILES>/A-Ops.py worker <LINE FROM start.sh>
[Install]
WantedBy=multi-user.target
"LINE FROM start.sh" - This would be a copy from the --tenant to the end of the line shown within the start.sh file that came within the worker_package.zip.
It is recommended to use a dedicated service account to run the a-ops worker to do this you can follow these steps:
> useradd a-ops
> mkdir /home/a-ops
> chown a-ops:a-ops /home/a-ops
> nano /etc/systemd/system/a-ops-worker.service
[Unit]
Description=a-ops-worker
[Service]
Type=simple
User=a-ops
Group=a-ops
WorkingDirectory=<PATH TO EXTRACTED FILES>
ExecStart=/usr/bin/python3 <PATH TO EXTRACTED FILES>/A-Ops.py worker <LINE FROM start.sh>
[Install]
WantedBy=multi-user.target
> systemctl daemon-reload
Network Requirements
For A-Ops SaaS to communicate workers require certain outbound network access.
At a miniumum you MUST open domains within A-Ops SaaS section below.
A-Ops SaaS
Outbound HTTPS ( TCP 443 )
- prod-eu-west-1.a-ops.cloud
S3 Storage Provider
Referer to supplier documentation i.e. AWS
Python Respositorties
Outbound HTTPS ( TCP 443 )
- pypi.org
- pypi.python.org
- files.pythonhosted.org
Provides capability to install required packages, if this access is not granted then customers will need to manually install requirements for the worker to operate. Please note additional requirements will be needed for each integration that is deployed.
Python Requirements
- markdown
- boto3
- pymongo
- croniter
- requests
- pycryptodome
- pyjwt
- pyreadline
- cryptography
- onetimepass
- cherrypy
- psutil
- ldap3
- flask
- json2html
Default configuration requirements are automatically installed.