Automated Deployment

Deploying LinuxGuard at scale requires automation — scripts or configuration management tools that install and enroll agents without manual intervention on each host. Two cross-cutting concerns apply regardless of which tool you use: idempotency (the deployment is safe to run multiple times without side effects) and secrets management (API keys and tenant IDs are never hardcoded in scripts or version control).

Choosing a Deployment Method

Select the deployment method that fits your existing infrastructure and tooling:

Where to start: Already using a configuration management platform? Start with Ansible, Chef, or Puppet. Deploying new cloud VMs? Use your cloud provider's native script method: AWS, GCP, or Azure.

Enrollment Idempotency

The linuxguard-agent enroll command is safe to call on an already-enrolled server. On startup, the agent checks its own configuration: if /var/lib/linuxguard/config exists and contains a valid server ID, it prints "Server is already enrolled" and exits with code 0. No duplicate enrollment occurs.

/var/lib/linuxguard/config

This file is written on successful enrollment. Its existence is the reliable enrollment indicator used by configuration management tool guards.

Note: Cloud scripts (AWS, GCP, Azure) rely on the agent's built-in guard as the primary protection. CM tools (Ansible, Chef, Puppet) additionally use a file existence check on /var/lib/linuxguard/config as the when/not_if/unless condition — this produces a clean convergence run with no spurious "changed" output when the agent is already enrolled.

Prerequisites

• A LinuxGuard API key and tenant ID (from the LinuxGuard console)

• Network access from target hosts to packages.linuxguard.io for installation

• Tool-specific prerequisites are documented in each individual guide

Related: Installation | Deploy with Ansible | Deploy with AWS EC2 User-Data | Deploy with GCP Startup Script | Deploy with Azure | Deploy with Chef | Deploy with Puppet