Cryptographic Security Platform 1.3 - Installation and administration guide [PDF][Releases]

Installs Cryptographic Security Platform.

clusterctl install --db-host <db-host> --db-port <db-port> --db-name <db-name> --db-username <db-username> [--db-password <db-password>] [--db-tls-enabled <yes|no>] [--db-ca-certificate <db-ca-certificate>] [--mode <mode>]

Omit --db-password to interactively enter the database password. For example:

[sysadmin@edm00 ~]$ sudo clusterctl install --db-host 10.10.10.10 --db-port 3333 --db-name test --db-username test --db-tls-enabled no
Database password: 
 
Installing  ⠏ ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟ 0 %

Specifically, this command:

Checks the database connection parameters and throws an error if any do not correspond to an available database.
Validates the Requirements and throws an error if any are not met.
Enables firewalld and creates firewall rules for opening the Required open ports.
Installs Cryptographic Security Platform.
Generates a self-signed TLS certificate (that you can optionally replace during the product configuration).

See below for a description of each command.

--db-host <db-host>

Select the DBMS with the <host> domain name or IP address.

Mandatory: Yes.

--db-port <db-port>

Connect to the DBMS using the <port> port.

Mandatory: Yes.

--db-name <db-name>

Select the database with the <name> name.

Mandatory: Yes.

--db-username <db-username>

Authenticate in the database as the basic auth user with the <username> username.

Mandatory: Yes.

--db-password <db-password>

Authenticate in the database with the <password> user password.

Mandatory: No. This value is prompted to the user when omitted.

--db-tls-enabled <yes|no>

yes to enable TLS security in the connections with the database; no otherwise.

Mandatory: Yes.

--db-ca-certificate <db-ca-certificate>

Validate the TLS certificate of the DBMS using <ca-certificate>, where <ca-certificate> is the path to a PEM-encoded certificate file.

Mandatory: When enabling TLS.

--mode <mode>

Run the installation in <mode> mode. Where <mode> is either:

demo-mode
prod-mode

See the table below for a description of each mode.

Setting	demo-mode	prod-mode
Deployment type	Proof-of-concept deployments.	Production deployments.
Requirements	Does not need the disk performance requirements described in Machine requirements. Specifically, fsync latency is not an issue in this mode.	All the Requirements.
Supported number of nodes	One	One or more. See Required number of nodes for details.
Supported operations	You cannot perform the operations described in Joining nodes, Backing up the state, Recovering from disaster, or Restoring the state.	All
Supported updates	You cannot upgrade to a newer version or migrate to a prod-mode installation.	All

Mandatory: No. This optional value defaults to prod-mode.