Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Ansible
Environment: Linux
Summary: Automated Huntress Agent deployment with Ansible using provided Ansible Playbooks.
This article guides you through deploying the Huntress Agent to endpoints using Huntress playbooks for Ansible. For comprehensive details on using Ansible, please consult the official Ansible documentation. We are not able to offer comprehensive support for Ansible.
Installing Huntress with Ansible
Removing Huntress with Ansible
Before You Begin
You will need to have an Ansible inventory prepared for your Linux systems. If you do not have an inventory file already, you can download our provided template as a starting point. Consult the official Ansible Documentation for instructions on how to configure your inventory.
Make sure your Linux systems meet the following requirements:
- Matches our support matrix (link TBD)
- SSH is configured
- Either wget or curl is installed
Getting Started
- Download our installation playbook by accessing the link and clicking "Download raw file". Place the playbook file wherever you store your Ansible playbooks
- We also provide an uninstall playbook as well, which you can download by accessing the link and clicking “Download raw file”. This playbook will remove all Huntress installs from your inventory
Installing Huntress with Ansible
This tutorial assumes that your inventory and playbook files are in the same directory. If this is not the case, adjust your paths for the following commands based on your directory structure.
To install the Huntress Linux agent to your entire fleet, use the following command:
Shell
ansible-playbook -i inventory.yaml install_huntress.yamlIf you prefer to install the Huntress Linux agent on only one subgroup in your inventory, use the -l flag to set a limit.
Shell
ansible-playbook -i inventory.yaml install_huntress.yaml -l organization1Use the --check switch to do a dry run. Ansible will pretend to run the playbook on the machines and show you what would happen without actually installing. This is a good way to test your inventory
Shell
ansible-playbook -i inventory.yaml install_huntress.yaml --check
Removing Huntress With Ansible
Removing the Huntress Linux agent with Ansible works in the same way that installation does, just using the remove_huntress.yaml playbook instead. The above instructions around limits and dry runs apply to this playbook as well.
To remove Huntress from your entire inventory, run the following command:
Shell
ansible-playbook -i inventory.yaml remove_huntress.yaml
Troubleshooting
Failed To Connect Error Message
Make sure SSH is properly configured on the target system. Ansible will provide a more detailed error on why SSH failed to connect
Install Playbook Fails With “REQUIREMENTS ERROR”
The target system is missing a requirement for the Huntress Agent. The error message should let you know what requirement you are missing.
Install Playbook Fails With “CONNECTION ERROR”
The script was unable to connect to one of our required endpoints. The error message will display the name of the domain that it was trying to connect to. Make sure the target system is not blocked by firewalls or proxies.