ROX-33830: Update VM roxagent installation docs for RHACS 4.11

.gitignore

@@ -16,6 +16,7 @@ bin
 commercial_package
 .vscode
 .vale
+.claude
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

modules/deploy-roxagent-automated.adoc

@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * operating/examine-images-for-vulnerabilities.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="deploy-roxagent-automated_{context}"]
+= Deploying roxagent by using the automated installation script
+
+[role="_abstract"]
+You can deploy `roxagent` by using the automated installation script (`install.sh`), which configures the Podman Quadlet files and systemd services automatically. The script supports three deployment modes: KubeVirt-native installation using `virtctl`, traditional SSH-based remote installation, and local installation.
+
+.Prerequisites
+
+* You have a {op-system-base-full} 8, 9, or 10 virtual machine running on {ocp-virt} with virtual socket (vsock) enabled.
+* You have deployed {product-title-short} with VM scanning enabled by setting `ROX_VIRTUAL_MACHINES=true`.
+* The VM has network access to pull the {product-title-short} main image from your container registry.
+* For KubeVirt deployments, you have the `virtctl` command-line tool installed.
+* For SSH deployments, you have SSH access to the target VM.
+
+.Procedure
+
+. Choose the appropriate installation mode based on your environment by following one of these procedures:
+
+* KubeVirt-native installation: This is the recommended method for OpenShift Virtualization. Use `virtctl` mode to deploy directly to KubeVirt VMs without SSH tunneling by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ ./install.sh --virtctl -n <namespace> <user>@vmi/<vm-name>
+----
++
+where:
+
+<namespace>:: Specifies the namespace where the virtual machine instance is running, for example, `openshift-cnv`.
+<user>:: Specifies the user account on the VM, for example, `cloud-user`.
+<vm-name>:: Specifies the name of the virtual machine instance, for example, `rhel9-vm`.
+
+* SSH-based remote installation: Use the `ssh` mode for traditional SSH access to VMs by running the following command:
++
+[source,terminal]
+----
+$ ./install.sh --ssh <hostname> [--port <port>]
+----
++
+where:
+
+<hostname>:: Specifies the hostname or IP address of the VM.
+<port>:: Optional: Specifies the SSH port number. The default is 22.
+
+* Local installation: Run the script directly on the VM without any flags by entering the following command:
++
+[source,terminal]
+----
+$ ./install.sh
+----
+
+.Verification
+
+* Verify that the timer is active by entering the following command on the VM:
++
+[source,terminal]
+----
+$ sudo systemctl list-timers roxagent.timer
+----
+
+* Optional: Run a scan immediately by entering the following command:
++
+[source,terminal]
+----
+$ sudo systemctl start roxagent.service
+----
+
+* View the scan logs by entering the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u roxagent.service -f
+----
+

modules/deploy-roxagent-quadlet.adoc

@@ -77,7 +77,7 @@ After=roxagent-prep.service
 
 [Container]
 # Replace with your StackRox main image tag
-Image=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:4.10
+Image=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:4.11
 Exec=--host-path /host
 Network=host
 
@@ -105,7 +105,7 @@ TimeoutStartSec=300
 WantedBy=
 ----
 Where:
-<rhacs-version>:: The version of your {product-title-short} deployment, for example, 4.10.0.
+<rhacs-version>:: The version of your {product-title-short} deployment, for example, 4.11.0.
 
 . If SELinux is enabled, restore the SELinux contexts by entering the following commands:
 +

modules/deploy-roxagent-unvalidated.adoc

@@ -16,7 +16,7 @@ To use {product-title} ({product-title-short}) to scan virtual machines (VMs), y
 .Procedure
 
 . Perform one of the following steps to get `roxagent`:
-* Download `roxagent` from `\https://mirror.openshift.com/pub/rhacs/assets/<version>/bin/linux/roxagent`. For `<version>`, use the {product-title-short} version number that you are running, for example, 4.10.0.
+* Download `roxagent` from `\https://mirror.openshift.com/pub/rhacs/assets/<version>/bin/linux/roxagent`. For `<version>`, use the {product-title-short} version number that you are running, for example, 4.11.0.
 * Build the `roxagent` binary manually:
 .. Clone the stackrox repository by entering the following command:
 +

modules/deploy-roxagent.adoc

@@ -6,13 +6,27 @@
 = Deploying roxagent
 
 [role="_abstract"]
-To use {product-title} ({product-title-short}) to scan virtual machines (VMs), you must run `roxagent`, a binary executable. It runs inside VMs, scans for installed packages, and creates index reports. There are several methods to deploy `roxagent`, depending on factors such as if you want to use a validated pipeline or if you want to build it manually. 
+To use {product-title} ({product-title-short}) to scan virtual machines (VMs), you must run `roxagent`, a binary executable. It runs inside VMs, scans for installed packages, and creates index reports. There are several methods to deploy `roxagent`, depending on factors such as if you want to use a validated pipeline or if you want to build it manually.
 
-To deploy `roxagent` from a validated pipeline, you can deploy it as a systemd-managed container service by using Podman Quadlet. This deployment method uses container images from a validated build pipeline, runs `roxagent` periodically by using a systemd timer, and manages the container lifecycle automatically.
+Automated installation from a validated pipeline::
+
+The recommended installation method to install from a validated pipeline is to use the automated installation script to deploy `roxagent` as a systemd-managed container service. The script automates the Podman Quadlet configuration and supports multiple deployment modes:
+
+* *KubeVirt-native mode*: Deploy directly to {ocp-virt} VMs using `virtctl` without SSH tunneling.
+* *SSH mode*: Deploy to VMs using traditional SSH access.
+* *Local mode*: Run the installation script directly on the VM.
+
+This method is recommended for most deployments because it simplifies the installation process and reduces manual configuration errors.
+
+Manual installation from a validated pipeline::
+
+You can deploy `roxagent` manually from a validated pipeline by using Podman Quadlet. This deployment method uses container images from a validated build pipeline, runs `roxagent` periodically by using a systemd timer, and manages the container lifecycle automatically. You must create the Quadlet configuration files manually.
+
+Manual installation from an unvalidated pipeline::
 
 To install `roxagent` from an unvalidated pipeline, you can use one of the following methods to get the binary:
 
-* Download the binary from the Red Hat OpenShift mirror site. 
+* Download the binary from the Red Hat OpenShift mirror site.
 * Download the source file from the GitHub StackRox repository and build it by using git.
 
 After obtaining the binary, you transfer it to the VM and run it there.

operating/examine-images-for-vulnerabilities.adoc

@@ -58,6 +58,7 @@ include::modules/vm-scanning-limitations.adoc[leveloffset=+2]
 include::modules/configuring-vm-scanning.adoc[leveloffset=+2]
 include::modules/advanced-vm-scanning.adoc[leveloffset=+3]
 include::modules/deploy-roxagent.adoc[leveloffset=+2]
+include::modules/deploy-roxagent-automated.adoc[leveloffset=+3]
 include::modules/deploy-roxagent-quadlet.adoc[leveloffset=+3]
 include::modules/deploy-roxagent-unvalidated.adoc[leveloffset=+3]
 include::modules/troubleshooting-vm-scanning.adoc[leveloffset=+2]