How to setup Astra Packet Processor for Cloud Mirroring

Last updated: August 14, 2025

Overview

Astra Packet Processor for Cloud Mirroring is deployed to capture mirrored network traffic and export it as OpenTelemetry traces to the Astra Traffic Collector (ATC). This document covers both setup (via Ansible or Docker Compose) and troubleshooting steps.

How Astra Packet Processor works with GCP Packet mirroring and AWS Traffic Mirroring

Illustration to indicate how Astra Packet Processor works with Astra Traffic Collector

Astra Mirroring Setup Using Ansible Playbooks

This section provides step-by-step instructions for setting up and managing Astra Packet Processor using the provided Ansible playbooks.

You can find all the required files in the GitHub repository: Astra Mirroring Playbooks.

1. Prerequisites

Docker and Docker Compose
- Ensure Docker is installed on the target machine.
- Ensure Docker Compose is installed.
- Refer official Docker docs
Ansible
- Install Ansible on your control machine
- Refer official Ansible docs
Access Configuration
- Ensure you can SSH into the target machine as the desired remote user.
- Add the target machine to your Ansible inventory (e.g., /etc/ansible/hosts).
AWS Mirroring Sensor Integration OR GCP Mirroring Sensor Instrumentation created from Astra dashboard. Keep sensorID handy.
📄 How to Create Sensor Integration for API Observability
Astra Traffic Collector is available and reachable.
📄 How to setup Astra Traffic Collector in Linux
📄 How to setup Astra Traffic Collector in Kubernetes

2. Editables and File description

.env (environment variables)
This file contains configuration for the OTEL exporter and retry settings.
Edit the following variables as per your requirements:

ROUTINES: Number of routines to run.
LOG_LEVEL: Logging level (e.g., DEBUG, INFO, WARN, ERROR).
OTEL_*: Adjust OTEL exporter and retry settings as required.

mirror-settings.json
This JSON file defines the mirroring settings.
Edit the following variables:

network-interface: Specify the network interfaces to monitor.
sensor-id: Replace sensorID with the integrationID displayed during creation of integration.
📄 How to Create Sensor Integration for API Observability
otel-collector-endpoint: Specify the endpoint of the OTEL collector.
accept-hosts and deny-content-type: Configure accepted hosts and denied content types.

ip-host-mapping where you can map an ipv4/v6 or range of ipv4/v6 to a host name

Here’s how the sample values might appear:

{
      "sensor-id": "660e8400-e29b-41d4-a716-446655440000",
      "otel-collector-endpoint": "collector.example.com:4317",
      "accept-hosts": ["example.com", "api.example.com"],
      "deny-content-type": ["application/x-msdownload"],
      "ip-host-mapping": {
            "192.168.1.1": "server1.example.com",
            "192.168.0.0/16": "internal.example.com",
            "10.0.0.1-10.0.0.10": "dev-team.example.com",
            "172.16.*.*": "vpn.example.com"
            "2001:db8::1": "ipv6-server.example.com",
            "2001:db8::/64": "ipv6-network.example.com",
            "fe80::*": "link-local.example.com"
         }
}

setup.yaml and upgrade.yaml
These both are playbooks for provisioning the Astra Packet process and also to upgrade it to a latest version Populate the below keys in both playbooks.

remote_user: Ansible user that has been granted permission (eg: docker commands, root path)
hosts: You need to set this field based on the inventory you are using to run the playbook, ensuring that the tasks are executed on the correct target machines.
mirror_settings_path: Path to your local mirror-settings.json
env_file_path: Path to your local .env

Quick Installation of Astra Packet Processor using Ansible

1. Access playbooks and config files

Visit https://github.com/getastra/obs-deployments/tree/main/ansible-playbooks/mirroring-playbooks to access the playbook files and astra packet processor's config files

2. Edit Configuration Files

Modify .env and mirror-settings.json with appropriate values.
Ensure paths to these files are specified in the setup.yaml and upgrade.yaml playbooks.

3. Add Target Hosts to Ansible Inventory

Add the target hosts in your Ansible inventory file, e.g., hosts

Visit the Ansible docs for instructions and strategies to build your inventory file

[instances]
<target-host-ip-1> ansible_user=<remote_user>
<target-host-ip-2> ansible_user=<remote_user>
<target-host-ip-3> ansible_user=<remote_user>

4. Run the Setup Playbook Run the playbook to set up Astra Mirroring:

ansible-playbook -i /path/to/hosts setup.yaml

5. Upgrade Astra Packet Processor

Run the playbook to upgrade the Astra Mirroring container:

ansible-playbook -i /path/to/hosts upgrade.yaml

6. Remove dangling images of getastra/mirroring

Be cautious while using this playbook as it removes docker images of getastra/mirroring using the docker cli and not the Ansible's docker module

ansible-playbook -i /path/to/hosts remove.yaml

Manual Installation of Astra Packet Processor using Docker Compose

1. Access the docker-compose.yaml

Click here to get the docker-compose.yaml

2. Run and Stop the docker-compose.yaml

#to start the astra packet processor
docker-compose up -d

#to stop astra packet processor
docker-compose down

Notes

Ensure the remote_user in the playbooks matches the user configured in the inventory file.
The playbooks assume that the docker and docker-compose commands are available to the remote_user.
The path of mirror-settings.json and .env files are to be set correct