> For the complete documentation index, see [llms.txt](https://docs.datasentinel.io/manual/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.datasentinel.io/manual/guides/readme/install-on-premises-and-agentless.md).

# Install On-Premises and Configure Agentless Connections

<div data-with-frame="true"><figure><img src="/files/IaUMODRBBSBL8eUaPX09" alt="Install on-premises and configure agentless connections"><figcaption></figcaption></figure></div>

This guide takes you through the **fastest path to a self-hosted Datasentinel**: install the platform on a single Linux server, then register your PostgreSQL instances from the platform itself, with no agent to install on the database hosts.&#x20;

It is the right pattern for **cloud-managed databases** (RDS, Aurora, Cloud SQL, Azure, AlloyDB), **containerized PostgreSQL** (Kubernetes, Docker), and any environment where deploying agents per host is impractical.

## Why on-premises + agentless

<table><thead><tr><th width="200">Benefit</th><th>What it means</th></tr></thead><tbody><tr><td><strong>One machine to install</strong></td><td>The platform bundles InfluxDB, Grafana, an embedded PostgreSQL, the Datasentinel backend, and an <strong>internal pool of agents</strong>.</td></tr><tr><td><strong>Reach managed services</strong></td><td>The platform PULLs metrics directly from RDS, Aurora, Cloud SQL, Azure, AlloyDB and any container-hosted PostgreSQL where you can't install an agent.</td></tr><tr><td><strong>Centralised configuration</strong></td><td>Add, tune, or pause connections from the platform UI or the <a href="/pages/lk2kg8QxwAUbloVoBKDz"><strong>Platform API</strong></a> (no per-host CLI rounds).</td></tr><tr><td><strong>One thing to upgrade</strong></td><td>Internal agents follow the platform automatically: upgrade once and you are done.</td></tr></tbody></table>

***

## Part 1: Install the on-premises platform

{% hint style="info" %}
This part is a guided walkthrough of the most common path.&#x20;

For the full reference (every installer flag, log-file locations, systemd commands, the status API, and component management), see [**Installation › Platform**](/manual/getting-started/installation/platform.md).
{% endhint %}

### Prerequisites

<table><thead><tr><th width="220">Requirement</th><th>Detail</th></tr></thead><tbody><tr><td><strong>Operating system</strong></td><td>RHEL / Rocky / AlmaLinux 8 or 9, SLES 15, or Debian Bullseye. <a href="mailto:support@datasentinel.io"><strong>Contact support</strong></a> for other distributions.</td></tr><tr><td><strong>License key</strong></td><td>Either a <a href="/spaces/lcWi6G1jtNuyGT9C0pkc/pages/ObsjH9F2DIQxioxX2sE1"><strong>60-day trial key</strong></a> or a commercial key from <a href="mailto:support@datasentinel.io"><strong>support</strong></a>.</td></tr><tr><td><strong>Sizing</strong></td><td>Scales with the number of monitored instances. Defaults below assume 14-day retention.</td></tr><tr><td><strong>Privileges</strong></td><td><code>root</code> is required for the one-time install only. Afterwards everything runs as the application user.</td></tr></tbody></table>

Recommended sizing:

<table><thead><tr><th width="160">Instances</th><th width="100">CPUs</th><th width="140">Memory</th><th>Storage</th></tr></thead><tbody><tr><td>1 – 10</td><td>4</td><td>8 GB</td><td>25 GB</td></tr><tr><td>11 – 50</td><td>8</td><td>16 GB</td><td>50 GB</td></tr><tr><td>51 – 100</td><td>8</td><td>32 GB</td><td>75 GB</td></tr><tr><td>101 – 200</td><td>16</td><td>64 GB</td><td>100 GB</td></tr><tr><td>> 200</td><td>24</td><td>96 GB</td><td>150 GB</td></tr></tbody></table>

{% hint style="info" %}
Use a virtual machine you can resize later.&#x20;

Set `vm.swappiness=1` (or disable swap) for stable memory behaviour.
{% endhint %}

### Open the network

Two firewall concerns matter in agentless mode:

1. **Inbound to the platform.** NGINX terminates everything on port **443** by default (UI + API). Open it to your users and to any local agents you might add later.
2. **Outbound from the platform to PostgreSQL.** The platform PULLs metrics directly, so it must reach every monitored instance on its PostgreSQL port (typically 5432, or the cloud-provider equivalent).

{% hint style="danger" %}
**SELinux must be set to Permissive** *or* **Disabled** on the platform host.&#x20;

Enforcing mode blocks internal traffic and stops components from starting.&#x20;

Symptom: a 502 error in the UI even when every service is running. See [**How to configure SELinux**](/manual/implementation/troubleshooting/selinux.md).
{% endhint %}

### Install in under five minutes

{% stepper %}
{% step %}

### Download the bundle

A single tarball ships the platform, InfluxDB, Grafana, the embedded PostgreSQL, and the internal agent pool (around 690 MB).

<table><thead><tr><th width="320">OS</th><th>File</th></tr></thead><tbody><tr><td>RHEL / Rocky / AlmaLinux 8</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rocky8-latest.tar.gz"><strong>install-datasentinel-platform-rocky8-latest.tar.gz</strong></a></td></tr><tr><td>RHEL / Rocky / AlmaLinux 9, SLES 15</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rhel9-latest.tar.gz"><strong>install-datasentinel-platform-rhel9-latest.tar.gz</strong></a></td></tr><tr><td>Debian Bullseye</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-debian-bullseye-latest.tar.gz"><strong>install-datasentinel-platform-debian-bullseye-latest.tar.gz</strong></a></td></tr></tbody></table>

```bash
wget https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rhel9-latest.tar.gz
```

{% endstep %}

{% step %}

### Install NGINX

NGINX is the entry point. Install it before the Datasentinel installer runs.

```bash
dnf install -y nginx     # RHEL / Rocky / AlmaLinux
# apt install nginx      # Debian
```

{% endstep %}

{% step %}

### Run the installer as `root`

Unpack the bundle and launch `init_datasentinel.sh`. It runs in under two minutes.

```bash
tar xvzf install-datasentinel-platform-rhel9-latest.tar.gz
./init_datasentinel.sh
```

The script prompts for the application user (default `datasentinel`) and the listening port (default `443`), creates `/datasentinel/`, deploys all components, registers systemd services, and starts everything.

{% hint style="info" %}
Use `./init_datasentinel.sh -d` for a silent install with default values.
{% endhint %}
{% endstep %}

{% step %}

### Replace the self-signed certificate (optional)

The installer ships a self-signed certificate at `/etc/nginx/certs/`. To use your own:

1. Copy your certificate and key over `cert_datasentinel.pem` and `key_datasentinel.pem`.
2. Reload NGINX:

   ```bash
   /usr/sbin/nginx -s reload
   ```

{% endstep %}

{% step %}

### Sign in and apply your license

* URL: `https://<<server_name>>`
* User: `datasentinel`
* Password: shown at the end of the installer output

Then follow [**Update the license token**](/manual/implementation/platform-usage/configuration/license.md) to activate your key.
{% endstep %}
{% endstepper %}

### Verify the platform is healthy

From the platform host:

```bash
status_datasentinel        # alias available as the datasentinel user
```

Or hit the API:

```bash
curl -k https://localhost/ds-api/
```

You should see `"status": "OK"` and every service reported as `"running": true`.

***

## Part 2: Configure agentless connections

With the platform up, you can register PostgreSQL instances **without installing anything on the database hosts**.&#x20;

The platform uses its internal pool of agents to PULL metrics directly.

{% hint style="info" %}
Each monitored cluster still needs the [**pg\_stat\_statements**](/manual/getting-started/postgresql-clusters/extensions/pg_stat_statements.md) extension and a read-only [**monitoring user**](/manual/getting-started/postgresql-clusters/monitoring-user.md) reachable from the platform.&#x20;

The [**Onboard Your First PostgreSQL Cluster**](/manual/guides/readme/onboard-your-first-cluster.md) guide walks through both.
{% endhint %}

### Register a connection

{% tabs %}
{% tab title="Platform UI" %}

1. Open the **Tools** menu and click **Agentless settings**.
2. Click **Add connection** and fill in host, port, monitoring user, password, and tags.
3. Save. The instance appears on the Home dashboard within a minute.

{% hint style="info" %}
A short animated walkthrough of the same dialog is available on the [**Agentless Monitoring**](/manual/features/other-features/agentless-monitoring.md) reference page.
{% endhint %}
{% endtab %}

{% tab title="Platform API" %}
The same operation as a one-liner, perfect for scripting bulk onboarding from CI/CD.

```bash
cat > /tmp/connection.json <<EOF
{
  "host": "pg-sales-1734",
  "port": 5432,
  "user": "datasentinel",
  "password": "myPassword",
  "tags": "application=sales,environment=production,provider=aws,datacenter=eu-west-1"
}
EOF

curl -sk \
  --header "user-token: $ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  -X POST https://$DATASENTINEL_HOST/ds-api/pool/pg-instances/sales-production \
  -d @/tmp/connection.json
```

```json
{ "status": "Connection created and connected!" }
```

See the full recipe in [**Automate with the API**](/manual/guides/readme/automate-with-the-api.md).
{% endtab %}
{% endtabs %}

{% hint style="info" %}
Apply a **consistent tagging scheme** at creation time: tags drive filtering, [**consolidation**](/manual/features/tips-and-hints/consolidated-view.md), and [**role-based access**](/manual/guides/readme/manage-users-and-role-based-access.md).

See [**Organize Content using Tags**](/manual/guides/readme/organize-content-using-tags.md).
{% endhint %}

### A note on system metrics

In agentless mode, the platform doesn't have shell access to the database host, so CPU / memory / I/O metrics aren't collected by default.&#x20;

Two options:

* Install the [**system\_stats**](/manual/getting-started/postgresql-clusters/extensions/system_stats.md) extension on the cluster. It exposes OS metrics through SQL.
* For managed services where you can't install extensions or reach the OS (RDS, Aurora, Cloud SQL…), rely on the provider's own host metrics and use Datasentinel for PostgreSQL-side observability.

### Tune collection limits (since v2025.11)

Table and query monitoring limits apply centrally to **every agentless instance**:

{% stepper %}
{% step %}

### Edit the config file

```bash
/datasentinel/soft/datasentinel_backend/config/datasentinel.yml
```

{% endstep %}

{% step %}

### Set your limits

```yaml
agent:
  tables-monitoring-limit: 5000
  query-monitoring-limit: 15000
```

{% endstep %}

{% step %}

### Restart the dispatcher

```bash
sudo systemctl stop datasentinel_dispatcher
sudo systemctl start datasentinel_dispatcher
```

{% endstep %}
{% endstepper %}

{% hint style="warning" %}
These limits apply to **all** agentless instances.&#x20;

To tune a single connection independently, use an [**agent-based deployment**](/manual/implementation/agent-usage/collection-level.md) for that instance instead.
{% endhint %}

***

## Where to go next

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><h4><i class="fa-rocket" style="color:$primary;">:rocket:</i></h4></td><td><strong>Onboard Your First PostgreSQL Cluster</strong>: extension, monitoring user, and a tagging scheme that scales.</td><td><a href="/pages/A9sFriZivMT20vNkYp0w">/pages/A9sFriZivMT20vNkYp0w</a></td></tr><tr><td><h4><i class="fa-cloud" style="color:$primary;">:cloud:</i></h4></td><td><strong>Monitor Cloud-Managed Instances</strong>: RDS, Azure, Cloud SQL specifics on top of agentless.</td><td><a href="/pages/aGpRhzYSyd7klXa01uYC">/pages/aGpRhzYSyd7klXa01uYC</a></td></tr><tr><td><h4><i class="fa-users" style="color:$primary;">:users:</i></h4></td><td><strong>Manage Users and Role-Based Access</strong>: turn the tags you set above into per-team access rules.</td><td><a href="/pages/M5MUBWa2Y2eRROXypHwm">/pages/M5MUBWa2Y2eRROXypHwm</a></td></tr><tr><td><h4><i class="fa-code" style="color:$primary;">:code:</i></h4></td><td><strong>Automate with the API</strong>: bulk-register connections and operate the platform as code.</td><td><a href="/pages/lk2kg8QxwAUbloVoBKDz">/pages/lk2kg8QxwAUbloVoBKDz</a></td></tr></tbody></table>

## Conclusion

A single Linux server, one installer, and a handful of HTTPS calls is everything that stands between you and a fully self-hosted Datasentinel monitoring fleet of agentless PostgreSQL instances.

Add hosts agentlessly when you don't control the OS, install local agents when you need OS-level depth, and mix both freely as your estate evolves.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.datasentinel.io/manual/guides/readme/install-on-premises-and-agentless.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.