Cryptographic Security Platform 1.4 - PKI Hub 1.5 installation and administration [PDF][Releases]

Use the following command syntax to install Cryptographic Security Platform with an Entrust database appliance.

clusterctl install --db-appliance-hosts <db-appliance-hosts> --secroot-password <secroot-password> [--mode <mode>] [--yes]

See below for a description of each command.

--db-appliance-hosts <db-appliance-hosts>

Connect to the PKI DB Appliance <db-appliance-hosts>, where <db-appliance-hosts> is a comma-separated list of the nodes in the PKI DB Appliance cluster. For example, if the CSP appliance database is deployed on a single node:

$ sudo clusterctl install --db-appliance-hosts 10.1.141.30

If the CSP appliance database is deployed on a node cluster:

$ sudo clusterctl install --db-appliance-hosts 10.1.141.30,10.1.141.31,10.1.141.32

Mandatory: When the Cryptographic Security Platform database is a PKI DB Appliance.

--mode <mode>

Run the installation in <mode> mode. Where <mode> is either:

demo-mode
prod-mode

See the table below for a description of each mode.

Setting	demo-mode	prod-mode
Deployment type	Proof-of-concept deployments.	Production deployments.
Requirements	Does not need the disk performance requirements described in Machine requirements. Specifically, fsync latency is not an issue in this mode.	All the Requirements.
Supported number of nodes	One	One or more. See Required number of nodes for details.
Supported operations	You cannot perform the operations described in Creating a multi-node cluster, Backing up PKI Hub, Recovering from disaster, or Restoring PKI Hub.	All
Supported updates	You cannot upgrade to a newer version or migrate to a prod-mode installation.	All

Mandatory: No. This optional value defaults to prod-mode.

--secroot-password <secroot-password>

Authenticate in the database as the secroot with the <secroot-password> user password.

Mandatory: No. This value is prompted to the user when omitted.

--yes

Automatically trust the CA certificate chain of the Cryptographic Security Platform Database Appliance TLS certificate.

Mandatory: No. This value is required only when using a Cryptographic Security Platform Database Appliance appliance and is prompted to the user if omitted. For example:

$ sudo clusterctl install --db-appliance-hosts 10.1.141.30,10.1.141.31,10.1.141.32
Enter the Database Appliance 'secroot' user password.
Password:
 
The authenticity of the Database Appliance must be established.
Database Appliance settings:
 - IP address: 10.1.141.30
 - Server Name (SNI/hostname verification): dbappliance
 - Trusted root certificate fingerprint: (sha256:f647eecf7a5e6903030052a8ca4dbb3...)
 - Trusted root subject: CN=CSP Database Manager Certificate Authority,O=Hytrust Inc., C=US
 
Verify out-of-band before trusting.
Do you want to trust this Database Appliance? [Y/n]: Y
 
Installing  done ╢▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌▌╟ 100 %
Solutions deployed successfully:
   Database Appliance Watchdog (db-appliance-watchdog)

Responding "n" to this prompt aborts the installation.