search
Contact Uscybus.io

Installing Agents via Docker Compose

How to install agents using Docker Compose.

This guide explains how to install agents via Docker Compose.

hashtag
Prerequisites

  • Docker and Docker Compose are installed on your system.

  • Connectware license key is available.

circle-exclamation

If multiple agents are running on the same machine, each agent must be assigned its own Docker volume. Otherwise, agents will overwrite each other's persisted data, including credentials.

hashtag
Installation

  1. Log in to the Cybus Docker registry. Enter the following command in your terminal:

docker login registry.cybus.io

When prompted, enter the following credentials:

  • Username: license

  • Password: Your Connectware license key

  1. Create a folder for your agent (e.g., myAgent).

  2. Inside this folder, create a new file named docker-compose.yml.

  3. Add the following configuration to your docker-compose.yml file:

circle-info

Replace ${IMAGE_TAG} with the protocol-mapper agent image version you want to use (e.g., 2.1.0).

  1. In your terminal, run the following command to start the agent:

Result

The agent is now installed and running. To verify, use:

This command lists running containers. You should see protocol-mapper-agent in the output.

hashtag
Configuration

hashtag
Environment Variables

Specify environment variable values in an .env file, placed in the same directory as your docker-compose.yml. For a comprehensive list of available environment variables, see Environment Variables.

hashtag
Required Environment Variables

Environment Variable
Description

CYBUS_AGENT_MODE

Must be set to distributed to run in agent mode.

CYBUS_AGENT_NAME

Unique identifier for this agent instance.

CYBUS_HOSTNAME_INGRESS

IP address or hostname of the Connectware server.

hashtag
Optional Environment Variables

Environment Variable
Default Value
Description

CYBUS_MQTT_USERNAME

<agentName>

Authentication username for Connectware.

CYBUS_DATAPLANE_SCHEME

mqtt

MQTT connection scheme (mqtts or mqtt).

CYBUS_DATAPLANE_PORT

MQTT 1883, MQTTS 8883

Port number for MQTT connection.

hashtag
Persisting Agent Credentials

Agent credentials are automatically persisted using the volume defined in your docker-compose.yml:

The agent stores and retrieves credentials from this volume automatically.

circle-exclamation

If multiple agents are running on the same machine, each agent must have its own volume. Otherwise, agents will overwrite each other's credentials.

hashtag
Alternative: Setting a Password

As an alternative to generating credentials locally, you can set the CYBUS_PROTOCOL_MAPPER_PASSWORD environment variable. This is useful if the agent is managed by the same orchestration tool as your central Connectware instance.

In most cases, we recommend using local credentials stored in a volume and authenticated through the client registration process.

hashtag
Setting the Hostname

The hostname is displayed in the Connectware UI. Set a custom hostname in your docker-compose.yml:

You can use the ${HOSTNAME} environment variable if available on your system.

hashtag
Running with Root Permissions

To run the agent with root privileges (required for certain protocols like USB access or promiscuous network mode), add the user property:

hashtag
Security Configuration

hashtag
Enabling Mutual TLS (mTLS)

To use mutual TLS, add the environment variable to your docker-compose.yml:

For more information, see Environment Variables.

hashtag
Mounting Certificates

Mount your certificates as volumes. By default, the agent looks for certificates in these locations (configurable via environment variables):

Environment Variable
Default Path

AGENT_KEY

/connectware/certs/client/tls.key

AGENT_CERT

/connectware/certs/client/tls.crt

CA

/connectware/certs/ca/ca-chain.pem

Example

hashtag
Network Requirements

Communication from the agent to the Connectware server is unidirectional, simplifying firewall rules and increasing security.

hashtag
Agent Container

The agent container does not require any incoming TCP/IP ports. It initiates all necessary outbound connections to the Connectware server.

hashtag
Outbound Connections

Ensure the following outbound TCP/IP connections are allowed from the agent's network:

  • 443/tcp (HTTPS): For secure web communication

  • One of the following:

    • 1883/tcp (MQTT): If using unencrypted MQTT

    • 8883/tcp (MQTTS): If using encrypted MQTT

  • One of the following:

    • 4222/tcp: If using mTLS authentication

    • 4223/tcp: If using username & password authentication

The choice between MQTT and MQTTS depends on your CYBUS_DATAPLANE_SCHEME setting.

hashtag
Connectware Server

No special inbound firewall rules are required on the Connectware server, as the agent initiates all connections.

PreviousInstalling Agents via DockerNextInstalling Agents via Kubernetes

Last updated

Was this helpful?