# Install Axolet

Axolet is the agent software for Axoflow. Its primary purpose is to discover the log collector services that are running on the host (for example, AxoSyslog or SC4S), and report their operating statistics (counters) to Axoflow.

It is simple to install Axolet on individual hosts, or collectively via orchestration tools such as chef or puppet.

## What the install script does

When you deploy Axolet, you run a command that installs the required software packages, configures them and sets up the connection with Axoflow.

The installer script installs the `axolet` packages, then executes the `configure-axolet` command with the right parameters. (If the packages are already installed, the installer will update them unless the `none` _package format_ is selected when generating the provisioning command.)

The install script is designed to be run as root (sudo), but you can [configure Axolet to run as a non-root user](../../../docs/axoflow/provisioning/axolet/install/index.md#non-root).

The installer script performs the following main steps:

  * Executes [prerequisite](../../../docs/axoflow/provisioning/axolet/install/index.md#prerequisites) checks: 
    * Tests the network connection with the console endpoints.
    * Checks if the operating system is supported. 


  * Downloads and installs the `axolet` RPM or DEB package. 
    * The package contains the `axolet` and `configure-axolet` commands, and the `axolet.service` systemd unit file.
  * The `configure-axolet` command is executed with a configuration snippet on its standard input which contains a token required for registering into the management platform. The command: 
    * Writes the initial `/etc/axolet/config.json` configuration file.

Note: if the file already exists it will only be overwritten if the _Overwrite config_ option is enabled when generating the provisioning command.

    * Enables and starts the `axolet` service.




`axolet` performs the following main steps on its first execution:

  * Generates and persists a unique identifier (GUID).
  * Initiates a cryptographic handshake process to AxoConsole.
  * AxoConsole issues a client certificate to Axolet, which will be stored in the above mentioned `config.json` file.
  * The service waits for an approval on AxoConsole. Once you approve the host registration request, axolet starts to send telemetry data to AxoConsole. It keeps doing so as long as the agent is registered.



![Axolet communication flow](/docs/axoflow/img/onboard-hosts/axolet/axolet-communication.png)

## Prerequisites

Axolet should work on most Red Hat and Debian compatible Linux distributions. For production environments, we recommend using Red Hat Enterprise Linux 9.

### Network access

The hosts must be able to access the following domains related to the AxoConsole:

  * When using AxoConsole SaaS:

    * `<your-tenant-id>.cloud.axoflow.io`: HTTPS traffic on TCP port 443, needed to download the binaries for Axoflow software (like Axolet and AxoRouter).
    * `kcp.<your-tenant-id>.cloud.axoflow.io`: HTTPS (mutual TLS) traffic on TCP port 443 for management traffic.
    * `telemetry.<your-tenant-id>.cloud.axoflow.io`: HTTPS (mutual TLS) traffic on TCP port 443, where Axolet sends the metrics of the host.
    * `us-docker.pkg.dev`: HTTPS traffic on TCP port 443, for pulling container images (AxoRouter only).
  * When using an on-premise AxoConsole:

    * The following domains should point to AxoConsole IP address to access Axoflow from your desktop and AxoRouter hosts:

      * `your-host.your-domain`: The main domain of your AxoConsole deployment.
      * `authenticate.your-host.your-domain`: A subdomain used for authentication.
      * `idp.your-host.your-domain`: A subdomain for the identity provider.
    * The AxoConsole host must have the following **Open Ports** :

      * Port 80 (HTTP)
      * Port 443 (HTTPS)
  * When installing Axoflow agent for Windows or Linux:

    * `github.com`: HTTPS traffic on TCP port 443, for downloading installer packages.



## Install Axolet

To install Axolet on a host and onboard it to Axoflow, complete the following steps. If you need to reinstall Axolet for some reason, see [Reinstall Axolet](../../../docs/axoflow/provisioning/axolet/reinstall-axolet/index.md).

  1. Open the AxoConsole at `https://<your-tenant-id>.cloud.axoflow.io/`.

  2. Select **Provisioning > Select type and platform**.

![Axoflow Host Deployment](/docs/axoflow/provisioning/axolet/install/provisioning-deployments.png)

  3. Select **Edge > Linux**.

![Axoflow agent type and platform selection](/docs/axoflow/provisioning/axolet/install/provisioning-select-platform.png)

The `curl` command can be run manually or inserted into a template in any common software deployment package. When run, a script is downloaded that sets up the `Axolet` process to run automatically at boot time via `systemd`. For advanced installation options, see [Advanced installation options](../../../docs/axoflow/provisioning/axolet/advanced-options/index.md).

  4. Copy the deployment one-liner and run it on the host you are onboarding into Axoflow.

Note Running the provisioning command with `sudo` would mask environment variables of the calling shell. Either start the whole procedure from a root shell, or let the install script call sudo when it needs to. In other words: don’t add the `sudo` command to the provisioning command. 

Example output:
```
 Do you want to install Axolet now? [Y]
         y
         % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                         Dload  Upload   Total   Spent    Left  Speed
         100 31.6M  100 31.6M    0     0  2127k      0  0:00:15  0:00:15 --:--:-- 2075k
         Verifying packages...
         Preparing packages...
         axolet-0.40.0-1.aarch64
         Created symlink /etc/systemd/system/multi-user.target.wants/axolet.service → /usr/lib/systemd/system/axolet.service.
         Now continue with onboarding the host on the Axoflow web UI.
         
```

  5. On the AxoConsole, reload the **Provisioning** page. A registration request for the new host should be displayed. Accept it.

  6. Axolet starts sending metrics from the host. Check the **Topology** page to see the new host.

  7. Continue to [onboard the host](../../../docs/axoflow/onboard-hosts/index.md) as described for your specific log collector agent.




## Manage Axolet

This section describes how to start, stop and check the status of the Axolet service on Linux.

### Start Axolet

To start Axolet, execute the following command. For example:

`systemctl start axolet`

If the service starts successfully, no output will be displayed.

The following message indicates that Axolet cannot start (see [Check Axolet status](../../../docs/axoflow/provisioning/axolet/install/index.md#check-status)):
```
 
    Job for axolet.service failed because the control process exited with error code. See `systemctl status axolet.service` and `journalctl -xe` for details.
    
```

### Stop Axolet

To stop Axolet

  1. Execute the following command.

`systemctl stop axolet`

  2. Check the status of the Axolet service (see [Check Axolet status](../../../docs/axoflow/provisioning/axolet/install/index.md#check-status)).




### Restart Axolet

To restart Axolet, execute the following command.

`systemctl restart axolet`

### Reload the configuration without restarting Axolet

To reload the configuration file without restarting Axolet, execute the following command.

`systemctl reload axolet`

### Check the status of Axolet service

To check the status of Axolet service

  1. Execute the following command.

`systemctl --no-pager status axolet`

  2. Check the `Active:` field, which shows the status of the Axolet service. The following statuses are possible:

     * `active (running)` \- `axolet` service is up and running
     * `inactive (dead)` \- `axolet` service is stopped



For AxoRouter hosts, you can check the Axolet logs from the AxoConsole using [Log tapping](../../../docs/axoflow/onboard-hosts/log-tapping/index.md) for **Agent logs**.

## Upgrade Axolet

AxoConsole raises an alert for the host when a new Axolet version is available. To upgrade to the new version, re-run the one-liner installation command you used to install Axolet, or select [**Provisioning > Select type and platform**](../../../docs/axoflow/provisioning/axolet/install/index.md#install) to create a new one.

Note that it can take a few minutes until the version numbers of the different services get updated on AxoConsole.

## Run axolet as non-root

You can run Axolet as non-root user, but operators must have access to the following commands:

  * `/usr/bin/systemctl * axolet.service`: Controls the `axolet.service` systemd unit. Usually `*` is `start`, `stop`, `restart`, `enable`, and `status`. Used by the operators for troubleshooting.

  * `/usr/local/bin/configure-axolet`: Creates initial `axolet` configuration and enables/starts the `axolet` service. Executed by the bootstrap script.

  * Command to install and upgrade the `axolet` package. Executed by the bootstrap script if the packages aren’t already installed.

    * On RPM-based Linux distributions: `/usr/bin/rpm -Uv axo*.rpm`
    * On DEB-based Linux distributions: `/usr/bin/dpkg -i axo*.deb`



You can permit the `syslogng` user to run these commands by running on of the following:

  * Package: 
  * RPM 
  * DEB 


```
 
    sudo tee /etc/sudoers.d/configure-axoflow <<A
    syslogng ALL=(ALL) NOPASSWD: /usr/local/bin/configure-axolet
    syslogng ALL=(ALL) NOPASSWD: /bin/systemctl * axolet.service
    # for rpm installation:
    syslogng ALL=(ALL) NOPASSWD: /usr/bin/rpm -Uv axo*.rpm
    A
    
```
```
 
    sudo tee /etc/sudoers.d/configure-axoflow <<A
    syslogng ALL=(ALL) NOPASSWD: /usr/local/bin/configure-axolet
    syslogng ALL=(ALL) NOPASSWD: /bin/systemctl * axolet.service
    # for deb installation:
    syslogng ALL=(ALL) NOPASSWD: /usr/bin/dpkg -i axo*.deb
    A
    
```