Help Center/ SecMaster/ User Guide/ Settings/ Log Data Collection/ Adding a Node

Updated on 2025-07-31 GMT+08:00

View PDF

Adding a Node

Scenario

This topic describes how to install the component controller (isap-agent) and how to edit node information.

The recommended installation path is /opt/cloud. This section also uses this path as an example. You can use other installation paths. Make sure change the path when you refer to the example here. For example, if the installation path is /tmp, change the installation path in this section to /tmp.

Preparations

Creating an IAM user with the minimum permission

IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user.

Log in to the SecMaster console.
Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
Create a user group.
1. In the navigation pane on the left, choose User Groups. On the displayed page, click Create User Group in the upper right corner.
2. On the Create User Group page, specify user group name and description.
  - Name: Set this parameter to Tenant collection.
  - Description: Enter a description.
3. Click OK.

Assign permissions to the user group.

In the navigation pane on the left, choose Permissions > Policies/Roles. In the upper right corner of the displayed page, click Create Custom Policy.

Configure a policy.

Policy Name: Set this parameter to Least permission policy for tenant collection.
Policy View: Select JSON.

Policy Content: Copy the following content and paste it in the text box.

             
                  { 
    "Version": "1.1", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "secmaster:workspace:get", 
                "secmaster:node:create", 
                "secmaster:node:monitor", 
                "secmaster:node:taskQueueDetail" ,
                "secmaster:node:updateTaskNodeStatus" 
            ] 
        } 
    ] 
}

Click OK.

Assign permissions to the created user group.
1. In the navigation pane on the left, choose User Groups. On the displayed page, click Tenant collection.
2. On the Permissions tab, click Authorize.
3. On the Select Policy/Role page, search for and select the Least permission policy for tenant collection added in 4, and click Next.
4. Set the minimum authorization scope. Select All resources for Scope. After the setting is complete, click OK.
5. Verify the authorization. The policy will be listed on the page.
Create a user.
During the creation, enable Programmatic access, Access key, and Password.
Add the operation account to the user group.
1. In the navigation pane on the left, choose User Groups.
2. In the Tenant collection user group row, click Manage User in the Operation column.
3. In the displayed Manage User dialog box, select users added in 6.
4. Click OK.

Checking the disk space
Check the disk space in the /opt directory of the ECS where you will install the component controller and make sure the space is not smaller than 100 GB.
1. Remotely log in to the ECS where you want to install the component controller.
2. Run the df -h command to check whether more than 100 GB space is reserved in the /opt directory of the disk. At least 2 vCPUs and 4 GB of memory are required.
  Figure 1 Checking disks
  
  If the memory is insufficient, stop some applications with high memory usage or expand the memory capacity before the installation. For details about capacity expansion, see Modifying ECS Specifications.
  
  To ensure that the /opt directory has more than 100 GB free disk space allocated, you can use the disk partitioning script to allocate the disk. For details, see Partitioning a Disk.

Creating a Node

Check operations in Preparations and log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 2 Workspace management page
In the navigation pane on the left, choose Settings > Components.

Figure 3 Node management page
On the Nodes tab, click Create. The Create Node page is displayed on the right.
On the Create Node page, configure a channel.
1. In the Network Channel Settings area, select the VPC and subnet the target ECS belongs to.
2. In the network channel list, click Config in the Operation column of each channel. In the displayed confirmation dialog box, click Confirm.
Click Next in the lower right corner of the page to go to the Script Installation Verification page.
Select the ECS OS, follow the step, and click to copy the command for installing the component controller.
Install the component controller. You can install the component controller in either of the following ways: ECS agency (recommended) or IAM account and password.

Method 1: Using an ECS agency to install the component controller
1. Create an isap-agent agency and grant permissions to the agency on IAM.
  1. Log in to the IAM console as an administrator and choose Agencies in the navigation pane on the left.
  2. On the Agencies page, click Create Agency in the upper right corner. On the displayed page, configure the following parameters:
    - Agency Name: Enter isap-agent.
    - Agency Type: Select Cloud service.
    - Cloud Service: Select Elastic Cloud Server (ECS) and Bare Metal Server (BMS) from the drop-down list.
    - Validity Period: Select Unlimited.
    - Description: Provide a description if needed.
  3. Click Done. In the displayed dialog box, click Authorize.
  4. On the displayed page, click Create Policy in the upper right corner. On the displayed page, configure the following parameters:
    - Policy Name: isap-agent-strategy is recommended.
    - Policy View: Select JSON.
    - Policy Content. Copy and paste the following content into the box to replace the existing content:
```
{ 
    "Version": "1.1", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "secmaster:workspace:get", 
                "secmaster:node:create", 
                "secmaster:node:monitor", 
                "secmaster:node:taskQueueDetail" ,
                "secmaster:node:updateTaskNodeStatus" 
            ] 
        } 
    ] 
}
```
    - Description: You are advised to enter a brief description for action authorization for the isap-agent agency.
  5. Click Next in the lower right corner of the page. In the displayed dialog box, click OK.
  6. On the policy list page, select the created policy isap-agent-strategy, click Next, set the minimum authorization scope (All resources), and click OK in the lower right corner of the page.
  7. The Authorization successful message is displayed. Click Finish below. The isap-agent agency has been created and authorized.
2. Configure the ECS agency.
  1. Log in to the ECS console, choose Elastic Cloud Server in the navigation pane on the left, find the ECS used to install the component controller (isap-agent), and click the ECS name to go to the details page.
  2. On the Summary tab of the ECS details page, click next to Agency, select the isap-agent agency created in 10.a, and click . Complete the ECS agency.
3. Remotely log in to the ECS where you want to install the component controller.
  - Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
  - If your server has an EIP bound, you can also use a remote management tool, such as PuTTY, to log in to the server and install the component controller on the server as user root.
4. Run the command copied in 9 as user root to install the controller on the ECS.
5. If you want to use the ECS agency, enter y as prompted.
  Figure 4 Installing the agent using an ecs agency
6. If install isap-agent successfully is displayed, the component controller has been installed.
  Figure 5 Installed
  
  If the installation fails, rectify the fault by referring to Troubleshooting the Component Controller Installation Failure. If the system displays a message indicating that the memory is insufficient, rectify the fault by referring to Partitioning a Disk.
Method 2: Using an IAM account and password to install the component controller
1. Remotely log in to the ECS where you want to install the component controller.
  - Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
  - If your server has an EIP bound, you can also use a remote management tool, such as PuTTY, to log in to the server and install the component controller on the server as user root.
2. Run the command copied in 9 as user root to install the controller on the ECS.
3. Enter the IAM username and password created in Preparations as prompted.
4. If install isap-agent successfully is displayed, the component controller is installed.
  Figure 6 Installed
If the installation fails, rectify the fault by referring to Troubleshooting the Component Controller Installation Failure. If the system displays a message indicating that the memory is insufficient, rectify the fault by referring to Partitioning a Disk.
After confirming that installation has been completed, return to the page for adding nodes and click Confirm in the lower right corner of the page.

You can view new nodes on the Nodes tab.

Figure 7 New node added

Editing a Node

After a node is added, you can only modify the supplementary information about the node.

Log in to the SecMaster console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 8 Workspace management page
In the navigation pane on the left, choose Settings > Components.

Figure 9 Node management page
On the Nodes tab, locate the row that contains the target node and click Edit in the Operation column.

On the Edit Node panel, edit the node information.

**Table 1** Parameters of node information
Parameter	Description
Data Center	User-defined data center name
Network Plane	Select the network plane of the node.
Tag	Set the tag for the node.
Description	Description of a user-defined node.
Maintained By	Select a node owner.

Click Confirm.

Related Operations

You can also view node information or deregister a node. For details, see Managing Nodes and Components.

FAQs

Parent topic: Log Data Collection

Previous topic: Overview

Next topic: Partitioning a Disk

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel