Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Installing ICAgent (Extra-Region Hosts)

Updated on 2025-01-24 GMT+08:00

An extra-region host refers to a host located outside the current Huawei Cloud region or a non-Huawei Cloud host. This category includes hosts in self-built Internet Data Centers (IDCs), those provided by third parties, and those in other Huawei Cloud regions. To collect logs from extra-region hosts to LTS, ensure that the hosts can communicate with LTS located in the current Huawei Cloud region, and then install ICAgent on the hosts. ICAgent is a log collection tool for LTS. It runs on hosts where logs need to be collected.

Extra-region hosts use two types of network channels to report logs to LTS:

  • Public network: An extra-region host connected to the public network can communicate with and report logs to LTS in the current Huawei Cloud region through the public network. However, for security reasons, private lines are usually preferred in actual production environments.
    NOTE:

    If you select Public network when installing ICAgent on an extra-region host, ensure that the region support log reporting via public networks.

  • Private line: Extra-region hosts connect to LTS in the current Huawei Cloud region through a jump server or VPCEP, offering greater security and stability. In this scenario, extra-region hosts cannot communicate with LTS in the current region by default, and ICAgent installed on these hosts cannot directly access the network segment used by the Huawei Cloud management plane to report logs. Therefore, you need to configure a network connection solution to use a jump server or VPCEP to connect to the LTS backend and forward data to LTS.
    • Jump server: functions as a data forwarder and forwards the data collected by ICAgent from extra-region hosts to LTS. This solution is suitable for tests or scenarios with low log traffic. VPCEP is recommended for scenarios with high log traffic.
    • VPCEP: provides convenient and secure channels to connect to LTS in the current region, enabling resources in the VPC to access VPCEP without the need for EIPs. This solution reduces the risks of data transmission on public networks and improves the transmission security and efficiency.

Prerequisites

Before installing ICAgent, ensure that the time and time zone of your local browser are consistent with those of the host. If they are inconsistent, errors may occur during log reporting.

Installation Methods

There are two methods to install ICAgent.

Table 1 Installation methods

Method

Scenario

Initial installation

You can use this method to install ICAgent on a host that has no ICAgent installed.

Inherited installation (supported only for Linux hosts)

When ICAgent has already been installed on one host but needs to be installed on multiple hosts, you can use this method.

Initial Installation (Linux)

  1. Choose Host Management > Hosts in the navigation pane.
  2. Set Host to Extra-region hosts.
  3. Set OS to Linux.
  4. Set Network Connectivity. For extra-region hosts to report logs to LTS in the current region, you are advised to select Private line for higher stability and reliability.

    • If you select Public network, start from 6.
    • If you select Private line, start from 5.

  5. Set LTS Backend Connection. If you select Private line in the previous step, the extra-region host cannot communicate with LTS in the current region by default, and ICAgent installed on the host cannot directly access the network segment used by the Huawei Cloud management plane to report logs. Therefore, you need to configure a network connection solution to use a jump server or VPCEP to connect to the LTS.

    • If you set LTS Backend Connection to VPCEP:
      Configure a VPCEP domain name. With the assistance of Huawei Cloud network engineers, configure DNS domain name resolution rules in other regions to resolve VPCEP domain names to specified IP addresses. Then, copy the command as prompted on the Install ICAgent page.
      ping {VPCEP domain name}

      Run this command on the host you want to collect logs from. If the ping command succeeds, the network configuration is correct. Proceed to 6.

    • If you set LTS Backend Connection to Jump server:
      1. Create a Linux ECS as a jump server.

        Log in to the ECS console and create a Linux ECS. For details, see Purchasing an ECS. If you have an ECS that meets the requirements for use as a jump server, skip this step.

        NOTE:
        • The minimum specifications for the ECS are 1 vCPU and 1 GB of memory. The recommended specifications are 2 vCPUs and 4 GB of memory. You are advised to use an image of CentOS 6.5 64bit or later version.
        • If the jump server communicates with the extra-region host over the public network, an EIP must be enabled. Conversely, when it uses a VPC peering connection, an EIP is not required.
        • The region of the jump server must be the same as the current region of LTS.
      2. Add security group rules for the jump server and enable the corresponding inbound ports to ensure data connectivity between the extra-region hosts and the jump server.
        1. Log in to the ECS console, check the ECS list, and locate the ECS that you created as the jump server.
        2. Click its name to go to the ECS details page. Click the security group name to access the security group details page.
        3. Click the Inbound Rules tab and click Add Rule. Set the ports by referring to Table 2. Set other parameters based on your network requirements. For details, see Adding a Security Group Rule.
          Table 2 Security group rule

          Action

          Protocol

          Port

          Description

          Allow

          TCP

          8149,8102,8923,30200,30201,80

          Ports used by ICAgent to send data to the jump server, ensuring data connectivity between hosts in other regions and the jump server.

      3. Return to the ECS list, locate the ECS created in 5.a, and view its private IP address and EIP (available if an EIP has been enabled).
      4. Go back to the LTS console. On the Install ICAgent page, enter the obtained private IP address of the jump server to generate its SSH tunneling command.
        NOTE:

        The private IP address of the jump server refers to the internal IP address of the VPC where the jump server is located.

      5. On the Install ICAgent page, click Copy Command to copy the SSH tunneling command.
        ssh -f -N -L {Private IP address of the jump server}:8149:{LTS reporting IP address}:8149 -L {Private IP address of the jump server}:8102:{LTS reporting IP address}:8102 -L {Private IP address of the jump server}:8923:{LTS reporting IP address}:8923 -L {Private IP address of the jump server}:30200:{LTS reporting IP address}:30200 -L {Private IP address of the jump server}:30201:{LTS reporting IP address}:30201 -L {Private IP address of the jump server}:80:icagent-{Region}.{OBS domain name}:80 {Private IP address of the jump server}
      6. Log in to the jump server as user root and run the copied SSH tunneling command.
      7. Run the netstat -lnp | grep ssh command to check whether the corresponding TCP ports are being listened to. If the command output similar to Figure 1 is returned, the ports are open.
        Figure 1 Open TCP ports
        NOTE:

        If the jump server powers off and restarts, run the netstat -lnp | grep ssh command again.

      8. On the Install ICAgent page, enter the DC and the connection IP address of the jump server.
        • DC: Specify a name for the data center of the host so it is easier to find the host. Enter up to 64 characters. Use only digits, letters, hyphens (-), and underscores (_).

          Connection IP: If the jump server communicates with the extra-region host via EIP connection, enter the EIP of the jump server. Conversely, when using a VPC peering connection, enter the internal IP address (private IP address) of the VPC where the jump server locates. For the EIP and private IP address, see 5.c.

  6. Obtain an AK/SK. For details, see How Do I Obtain an Access Key (AK/SK)? On the Install ICAgent page, copy the ICAgent installation command and replace the AK/SK in the command with the obtained one.
  7. Log in to the extra-region host as user root (by using a remote login tool such as PuTTY) and run the copied command.

    When message ICAgent install success is displayed, ICAgent has been installed in the /opt/oss/servicemgr/ directory of the host. You can then choose Host Management > Hosts in the navigation pane of the LTS console to check the ICAgent status.

    NOTE:

    If the installation fails, uninstall ICAgent and reinstall it. If the reinstallation fails, contact technical support.

Initial Installation (Windows)

  1. Log in to the LTS console and choose Host Management in the navigation pane.
  2. Choose Host Management > Hosts in the navigation pane.
  3. Set Host to Extra-region hosts.
  4. Set OS to Windows.
  5. Set Network Connectivity. Extra-region hosts report logs to LTS via a public network or a private line. The latter is recommended for higher stability and reliability.

    • If you select Public network, start from 7.
    • If you select Private line, start from 6.

  6. Set LTS Backend Connection. If you select Private line in the previous step, the extra-region host cannot communicate with LTS in the current region by default, and ICAgent installed on the host cannot directly access the network segment used by the Huawei Cloud management plane to report logs. Therefore, you need to configure a network connection solution to use a jump server or VPCEP to connect to the LTS.

    • If you set LTS Backend Connection to VPCEP:
      Configure a VPCEP domain name. With the assistance of Huawei Cloud network engineers, configure DNS domain name resolution rules in other regions to resolve VPCEP domain names to specified IP addresses. Then, copy the command as prompted on the Install ICAgent page.
      ping {VPCEP domain name}

      Run this command on the host you want to collect logs from. If the ping command succeeds, the network configuration is correct. Proceed to 7.

    • If you set LTS Backend Connection to Jump server:
      1. Create a Linux ECS as a jump server.

        Log in to the ECS console and create a Linux ECS. For details, see Purchasing an ECS. If you have an ECS that meets the requirements for use as a jump server, skip this step.

        NOTE:
        • The minimum specifications for the ECS are 1 vCPU and 1 GB of memory. The recommended specifications are 2 vCPUs and 4 GB of memory. You are advised to use an image of CentOS 6.5 64bit or later version.
        • If the jump server communicates with the extra-region host over the public network, an EIP must be enabled. Conversely, when it uses a VPC peering connection, an EIP is not required.
        • The region of the jump server must be the same as the current region of LTS.
      2. Add security group rules for the jump server and enable the corresponding inbound ports to ensure data connectivity between the extra-region hosts and the jump server.
        1. Log in to the ECS console, check the ECS list, and locate the ECS that you created as the jump server.
        2. Click its name to go to the ECS details page. Click the security group name to access the security group details page.
        3. Click the Inbound Rules tab and click Add Rule. Set the ports by referring to Table 3. Set other parameters based on your network requirements. For details, see Adding a Security Group Rule.
          Table 3 Security group rule

          Action

          Protocol

          Port

          Description

          Allow

          TCP

          8149,8102,8923,30200,30201,80

          Ports used by ICAgent to send data to the jump server, ensuring data connectivity between hosts in other regions and the jump server.

      3. Return to the ECS list, locate the ECS created in 6.a, and view its private IP address and EIP (available if an EIP has been enabled).
      4. Go back to the LTS console. On the Install ICAgent page, enter the obtained private IP address of the jump server to generate its SSH tunneling command.
        NOTE:

        The private IP address of the jump server refers to the internal IP address of the VPC where the jump server is located.

      5. On the Install ICAgent page, click Copy Command to copy the SSH tunneling command.
        ssh -f -N -L {Private IP address of the jump server}:8149:{LTS reporting IP address}:8149 -L {Private IP address of the jump server}:8102:{LTS reporting IP address}:8102 -L {Private IP address of the jump server}:8923:{LTS reporting IP address}:8923 -L {Private IP address of the jump server}:30200:{LTS reporting IP address}:30200 -L {Private IP address of the jump server}:30201:{LTS reporting IP address}:30201 -L {Private IP address of the jump server}:80:icagent-{Region}.{OBS domain name}:80 {Private IP address of the jump server}
      6. Log in to the jump server as user root and run the copied SSH tunneling command.
      7. Run the netstat -lnp | grep ssh command to check whether the corresponding TCP ports are being listened to. If the command output similar to Figure 2 is returned, the ports are open.
        Figure 2 Open TCP ports
        NOTE:

        If the jump server powers off and restarts, run the preceding command again.

  7. Click the link on the Install ICAgent page to download the ICAgent installation package.
  8. Save the ICAgent installation package to a directory on the Windows host, for example, C:\ICAgent, and decompress the package.
  9. Obtain an AK/SK and save it to replace the AK/SK in the installation command. For details, see How Do I Obtain an Access Key (AK/SK)?

    If you set LTS Backend Connection to Jump Server, you also need to set Connection IP.

    Connection IP: If the jump server communicates with the extra-region host via EIP connection, enter the EIP of the jump server. Conversely, when using a VPC peering connection, enter the internal IP address (private IP address) of the VPC where the jump server locates. For the EIP and private IP address, see 6.c.

  10. On the Install ICAgent page, click Copy Command to copy the ICAgent installation command.
  11. Log in to the Windows host, open the Command Prompt, go to the directory where the ICAgent installation package is decompressed, and run the ICAgent installation command.

    If the message Service icagent installed successfully is displayed, the installation is successful. You can then choose Host Management > Hosts in the navigation pane of the LTS console to check the ICAgent status.

    NOTE:

    If the installation fails, uninstall ICAgent and reinstall it. If the reinstallation fails, contact technical support.

Creating Multiple Jump Servers for Load Balancing Using ELB

A single jump server may encounter a single point of failure (SPOF), potentially leading to O&M instability. To mitigate this, you can create multiple jump servers and use ELB to distribute traffic among them, enhancing access reliability.

  1. Create a Linux ECS as a jump server.

    Log in to the ECS console and create a Linux ECS. For details, see Purchasing an ECS. If you have an ECS that meets the requirements for use as a jump server, skip this step.

    NOTE:
    • The minimum specifications for the ECS are 1 vCPU and 1 GB of memory. The recommended specifications are 2 vCPUs and 4 GB of memory. You are advised to use an image of CentOS 6.5 64bit or later version.
    • If the jump server communicates with the extra-region host over the public network, an EIP must be enabled. Conversely, when it uses a VPC peering connection, an EIP is not required.
    • The region of the jump server must be the same as the current region of LTS.

  2. Add security group rules for the jump server and enable the corresponding inbound ports to ensure data connectivity between the extra-region hosts and the jump server.

    1. Log in to the ECS console, check the ECS list, and locate the ECS that you created as the jump server.
    2. Click its name to go to the ECS details page. Click the security group name to access the security group details page.
    3. Click the Inbound Rules tab and click Add Rule. Set the ports by referring to Table 4. Set other parameters based on your network requirements. For details, see Adding a Security Group Rule.
      Table 4 Security group rule

      Action

      Protocol

      Port

      Description

      Allow

      TCP

      8149,8102,8923,30200,30201,80

      Ports used by ICAgent to send data to the jump server, ensuring data connectivity between hosts in other regions and the jump server.

  3. Return to the ECS list, locate the ECS created in 1, and view its private IP address and EIP (available if an EIP has been enabled).
  4. Log in to the LTS console. In the navigation pane, choose Host Management > Hosts. Click Install ICAgent. On the displayed page, enter the private IP address of the jump server to generate the SSH tunneling command.

    NOTE:

    The private IP address of the jump server refers to the internal IP address of the VPC where the jump server is located.

  5. On the Install ICAgent page, click Copy Command to copy the SSH tunneling command.

    ssh -f -N -L {Private IP address of the jump server}:8149:{LTS reporting IP address}:8149 -L {Private IP address of the jump server}:8102:{LTS reporting IP address}:8102 -L {Private IP address of the jump server}:8923:{LTS reporting IP address}:8923 -L {Private IP address of the jump server}:30200:{LTS reporting IP address}:30200 -L {Private IP address of the jump server}:30201:{LTS reporting IP address}:30201 -L {Private IP address of the jump server}:80:icagent-{Region}.{OBS domain name}:80 {Private IP address of the jump server}

  6. Log in to the jump server as user root and run the copied SSH tunneling command.
  1. Repeat the preceding steps to create multiple jump servers. Add them to the same VPC by selecting the same VPC for Network during their creation.
  2. Log in to the ELB console and create a load balancer. For details, see Creating a Dedicated Load Balancer. When creating the load balancer, you should:

    1. Select the same VPC as that of the jump servers during network configuration.
    2. Create an EIP for connecting to the jump servers.
    3. Apply for the bandwidth based on the service requirements.

  3. Add listeners for TCP ports 30200, 30201, 8149, 8923, 8102, and 80. For details, see Adding a TCP Listener.
  4. Create a backend server group and add all jump servers in the group. For details, see Adding Backend Servers.
  5. Return to the LTS console. On the Install ICAgent page, enter the EIP of the load balancer in Connection IP, copy the installation command, and run it on the extra-region host.

Inherited Installation (Linux)

Assume that you need to install ICAgent on multiple hosts, and one of the hosts already has ICAgent installed. The ICAgent installation package, ICProbeAgent.tar.gz, is in the /opt/ICAgent/ directory. To install ICAgent on other hosts one by one:

  1. Run the following command on the host where ICAgent has been installed, where x.x.x.x is the IP address of the host you want to install ICAgent on.
    bash /opt/oss/servicemgr/ICAgent/bin/remoteInstall/remote_install.sh -ip x.x.x.x
  2. Enter the password for user root of the host when prompted.
    NOTE:
    • If the Expect tool is installed on the host that has ICAgent installed, the ICAgent installation should be able to complete without prompting you for a password. Otherwise, enter the password as prompted.
    • Ensure that user root can run SSH or SCP commands on the host where ICAgent has been installed to remotely communicate with the remote host to install ICAgent.
    • If the installation fails, uninstall ICAgent and reinstall it. If the reinstallation fails, contact technical support.
  3. When message ICAgent install success is displayed, ICAgent has been installed in the /opt/oss/servicemgr/ directory of the host. You can then choose Host Management > Hosts in the navigation pane of the LTS console to check the ICAgent status.

Batch Inherited Installation (Linux)

Assume that you need to install ICAgent on multiple hosts, and one of the hosts already has ICAgent installed. The ICAgent installation package, ICProbeAgent.tar.gz, is in the /opt/ICAgent/ directory. In this case, you can follow the directions below to install ICAgent on other hosts in batches.

  • The hosts must all belong to the same VPC and be on the same subnet.
  • Python 3.* is required for batch installation. If you are prompted that Python cannot be found during ICAgent installation, install Python of a proper version on the host and try again.

Prerequisites

The IP addresses and root's passwords of all hosts to install ICAgent have been collected, sorted in the iplist.cfg file, and uploaded to the /opt/ICAgent/ directory on the host that has ICAgent installed. An IP address and user root's password in the iplist.cfg file must be separated by a space. Examples:

192.168.0.109 Password (Replace the IP address and password with the actual ones)

192.168.0.39 Password (Replace the IP address and password with the actual ones)

NOTE:
  • The iplist.cfg file contains sensitive information. You are advised to clear it after using it.
  • If all hosts share a password, list only IP addresses in the iplist.cfg file and enter the password manually during execution. If one of the hosts uses a different password, type the password behind its IP address.

Procedure

  1. Run the following command on the host that has ICAgent installed:
    bash /opt/oss/servicemgr/ICAgent/bin/remoteInstall/remote_install.sh -batchModeConfig /opt/ICAgent/iplist.cfg

    Enter the default password for user root of the hosts to install ICAgent. If the passwords of all hosts have been configured in the iplist.cfg file, press Enter to skip this step.

    batch install begin
    Please input default passwd:
    send cmd to 192.168.0.109
    send cmd to 192.168.0.39
    2 tasks running, please wait...
    2 tasks running, please wait...
    2 tasks running, please wait...
    End of install agent: 192.168.0.39
    End of install agent: 192.168.0.109
    All hosts install icagent finish.

    If the message All hosts install icagent finish. is displayed, ICAgent has been installed on all the hosts listed in the configuration file.

  2. After the installation is complete, choose Host Management > Hosts in the navigation pane to view the host status. For details, see Checking the ICAgent Status.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback