.png){kind=logo}
Azure - Creating a deployment file for use with automation
All of the properties that are selected in the wizard make up a file that is generated as part of the output when its submitted. In the ec2-user home directory is a directory called “confwizard” that exists before the wizard is ran. In there is an example file provided, if desired you can run through the wizard to get a working config file. The file does get backed up to:
/opt/PrimeKey/wildfly_config/wizard.jsonYou can use this file from older systems to edit it and place it in the location the wizard will pick it up. The wizard looks for the original file in
/home/<current_user>/confwizard/params.jsonPlease the desired configuration in the location above, exactly as it appears, and the installer will pick it up and start installing with that configuration.
An example configuration could be:
{"Host_Name":"node.hostname.com","managementcaradio":"createmca","Common_Name":"ManagementCA","ManagementCA_OU":"IT_DEPARTMENT","ManagementCA_O":"Example Company","mcakeyspec-input":"3072","SuperAdmin_Common_Name":"SuperAdmin","SuperAdmin_Password":"password123!","Confirm_SuperAdmin_Password":"password123!","Cert_Common_Name":"SuperAdmin"}Possible values are:
Parameter | Possible Values | Required? | Notes |
|---|---|---|---|
Host_Name | <any valid DNS name> | ☑️ | |
SAN_Name | <any valid DNS name> | ||
dbhostCheckbox |
| Setting on tells the installer to use an external database | |
dbexistingCheckbox |
| Setting on tells the installer to do a cluster join. Database must exist and contain a working EJBCA install. | |
database-type |
| ☑️ (with dbhostCheckbox) | |
DB_Host_Name | ☑️ (with dbhostCheckbox) | ||
DB_Port | ☑️ (with dbhostCheckbox) | Default values are:
| |
DB_User_Name | ☑️ (with dbhostCheckbox) | ||
DB_Password | ☑️ (with dbhostCheckbox) | ||
DB_Name | ☑️ (with dbhostCheckbox) | Database name - This must not exist for new installs. Installer creates it | |
managementcaradio |
| ☑️ | |
Common_Name | ☑️ (with createca) | ManagementCA common name. For example “ManagementCA” | |
ManagementCA_OU | ☑️ (with createca) | ManagementCA Organizational Unit name value for the DN. For example "IT_DEPARTMENT" | |
ManagementCA_O | ☑️ (with createca) | ManagementCA Organization name value for the DN. For example "ACME Corp" | |
mcakeyspec-input |
| ☑️ (with createca) | Management CA signKey keyspec |
SuperAdmin_Common_Name | SuperAdmin | ☑️ (with createca) | This is the Superadmin Cert Common Name. This should be set to SuperAdmin (case sensitive) for scripts to work later. |
SuperAdmin_Password | <Min 5 characters> | ☑️ (with createca) | These two fields need to match. |
Confirm_SuperAdmin_Password | <Min 5 characters> | ☑️ (with createca) | These two fields need to match. |
Cert_Common_Name | ☑️ (with importca) | When using “importmca” this is the name of the ManagementCA pem that is being supplied to the installer. This certificate MUST be added to the following path with the following name: /opt/confwizard/uploads/managementca.ca-mgmt.pem | |
encryptionKeyCheckbox |
| ||
encryptionKey-input | ☑️ (with encryptionKeyCheckbox) | ||
vaultCheckbox |
| ||
Vault_Name | ☑️ (with vaultCheckbox) | ||
Vault_Secret | ☑️ (with vaultCheckbox) | ||
Client_ID | ☑️ (with vaultCheckbox) | ||
Vault_Type |
| ☑️ (with vaultCheckbox) |
Known Issues and Limitations
No white space allowed around JSON colons.
Restricted character set for `SuperAdmin_Password`
Restricted character set for `DB_Password` (RDS limits these characters so install will fail):
Can't contain any of the following symbols:
/ (forward slash)
' (apostrophe)
" (double quote)
@ (at symbol)
When fields are missing or empty the installation will fail. Generally, when the install fails it will never get past either the database deployment or the wildfly starting. Repairing the missing fields and restarting the host will fix most issues. On new installs, it is recommended to drop the database created and the “ejbcadbuser” (if the password changed) and restart the node.
It is recommended to get a known good configuration you want to work with on a healthy node. Once you have this configuration, change the values as desired and use this known good configuration as a base template for future deployments.
Leveraging the wizard.json feature is not traditional infrastructure as code. This is providing a way to bypass the UI of the wizard for organizations that prefer to do things in an automated fashion. Traditional infrastructure as code features, such as being idempotent, are not a part of this feature.
Any artifacts that are uploaded to the wizard (managementCA.pem (for “use existing CA”)) and customerCA.crt file (for CloudHSM) also need to be added to the uploads/confwizard directory before the wizard.json is placed.
A backup of the wizard.json file is made during the installation process on all nodes. This file contains all of the configuration values entered into the configuration wizard once submitted. It will be located at: /opt/PrimeKey/wildfly_config/wizard.json
Please do not move this file since it can be used in cases where custom values are needed by certain scripts of EJBCA Cloud. If needed, you may sanitize it and remove sensitive information (such as passwords), but its best to keep this file in place if possible.