Cryptographic Security Platform 1.3 - PKI Hub 1.4.0 installation and administration [PDF][Releases]

Executed when: Installing the PKI Hub image.

Installs PKI Hub.

clusterctl install --db-host <db-host> --db-port <db-port> --db-name <db-name> --db-username <db-username> [--db-password <db-password>] [--db-tls-enabled <yes|no>] [--db-ca-certificate <db-ca-certificate>] [--mode <mode>]

This command:

Checks the database connection parameters and throws an error if any do not correspond to an available database.
Validates the Requirements and throws an error if any are not met.
Enables firewalld and creates firewall rules for opening the Required open ports.
Installs PKI Hub.
Generates a self-signed TLS certificate (that you can optionally replace during the product configuration).

See below for a description of each command.

--db-host <db-host>

Connect to the database with the <db-host> domain name or IP address.

Mandatory: Yes.

--db-port <db-port>

Connect to the DBMS using the <db-port> port.

Mandatory: Yes.

--db-name <db-name>

Select the database with the <db-name> name.

Mandatory: Yes.

--db-username <db-username>

Authenticate in the database as the basic auth user with the <username> username.

Mandatory: Yes.

--db-password <db-password>

Authenticate in the database with the <db-password> user password.

Mandatory: No. This value is prompted to the user when omitted. For example:

$ sudo clusterctl install --db-host 10.10.10.10 --db-port 3333 --db-name test --db-username test --db-tls-enabled no
Database password: 
 
Installing  ⠏ ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟ 0 %

--db-tls-enabled <yes|no>

yes to enable TLS security in the connections with the database; no otherwise.

Mandatory: Yes.

--db-ca-certificate <db-ca-certificate>

Validate the TLS certificate of the DBMS using <db-ca-certificate>, where <db-ca-certificate> is the path to a PEM-encoded certificate file.

Mandatory: When enabling TLS.

--mode <mode>

Run the installation in <mode> mode. Where <mode> is either:

demo-mode
prod-mode

See the table below for a description of each mode.

Setting	demo-mode	prod-mode
Deployment type	Proof-of-concept deployments.	Production deployments.
Requirements	Does not need the disk performance requirements described in Machine requirements. Specifically, fsync latency is not an issue in this mode.	All the Requirements.
Supported number of nodes	One	One or more. See Required number of nodes for details.
Supported operations	You cannot perform the operations described in Joining nodes, Backing up, Recovering from disaster, or Restoring.	All
Supported updates	You cannot upgrade to a newer version or migrate to a prod-mode installation.	All

Mandatory: No. This optional value defaults to prod-mode.