'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
Agents, tokens, shell access, and host operations
Loopback’s agent is the on-machine component that connects your servers to the control plane. This page covers tokens, installation, remote shell, and related host actions.
Why agents exist
Agents enable:
- Heartbeat and version reporting (feeds reconciliation).
- Command channel for maintenance and diagnostics (implementation-specific).
- Integration with monitoring sources and update deliveries.
Without an agent, a host may remain unknown or unmanaged beyond raw cloud provisioning.
Agent tokens
Agent tokens are workspace-scoped credentials used when installing the agent. They are not user passwords.
Create a token
You can create tokens with:
- Optional description (ops note).
- long_living_token flag — short vs long validity semantics per product defaults.
Permission: project.workspace.agent_token (create/list/delete split).
Security
- Rotate tokens periodically.
- Revoke immediately if a token leaks (treat like a bearer secret).
- Limit who can mint tokens — anyone who can creates a path for unauthorized machines to join the workspace fleet.
Installing the agent
The platform serves an install script (e.g. v1/agent/install.sh) that:
- Downloads the agent binary for your environment (stable vs unstable update channel depends on deployment).
- Configures systemd (on Linux) with:
- API endpoint (production vs staging URL baked into template).
- Token placeholder you replace or pass via environment.
- Optional verbose flags in non-production.
Typical bootstrap
- Create agent token in Loopback UI/API.
- On the server: run
curl … | bashpattern as root (per script instructions). - Verify agent checks in — host transitions to managed states in UI.
Agent updates
- Separate update endpoints may deliver version waves via update deliveries reconciled in background.
Shell sessions
Loopback can open interactive shell sessions to hosts through the API (permission: project.workspace.host.shell_session).
Risk
- Equivalent to root SSH for many workflows.
- Should be rare, logged, and time-bound.
Use break-glass procedures: require ticket ID in metadata, auto-expire sessions, disable for production roles by default.
Host power and hardware actions
Routes exist for power management (on/off/reset classes) where the provider supports it.
Expect async behavior — the cloud API may take time; refresh host status after a minute.
Load-balancer integration on hosts
Files such as WGLB / LBFW / host firewalls integrate hosts into Loopback’s edge or firewall products. Behavior is deployment-specific; ask your operator for the network diagram that matches your workspace.
Related reading
- Hosts & scaling
- Reconciliation
- Permissions
- Your operator publishes the install script under the deployment’s API base URL (path pattern
v1/agent/install.shin the codebase).