provisionconfig |
This command is for provisioning a DXL Client and performs the following steps:
-
Either generates a certificate signing request and private key, storing
each to a file, (the default) or reads the certificate signing request
from a file (if the "-r" argument is specified).
-
Sends the certificate signing request to a signing endpoint on a
management server. The HTTP response payload for this request should look
like the following:
OK:
"[ca bundle],[signed client cert],[broker config]"
Sections of the response include:
-
A line with the text "OK:" if the request was successful, else
"ERROR <code>:" on failure.
- A JSON-encoded string with a double-quote character at the beginning
and end and with the following parts, comma-delimited:
-
[ca bundle] - a concatenation of one or more PEM-encoded CA
certificates
-
[signed client cert] - a PEM-encoded certificate signed from the
certificate request
- [broker config] - zero or more lines, each delimited by a line feed
character, for each of the brokers known to the management service.
Each line contains a key and value, delimited by an equal sign. The
key contains a broker guid. The value contains other metadata for the
broker, e.g., the broker guid, port, hostname, and ip address. For
example: "[guid1]=[guid1];8883;broker;10.10.1.1\n[guid2]=[guid2]...".
-
Saves the [ca bundle] and [signed client cert] to separate files.
-
Creates a "dxlclient.config" file with the following sections:
-
A "Certs" section with certificate configuration which refers to the
locations of the private key, ca bundle, and certificate files.
-
A "Brokers" section with the content of the [broker config] provided
by the management service.
To invoke this CLI command, the first argument must be provisionconfig. For example:
$> java -jar dxlclient-0.1.0-all.jar provisionconfig ...
The provision DXL Client command requires three CLI arguments:
-
CONFIGDIR - The path to the configuration directory
-
HOSTNAME - The hostname where the management service resides
-
COMMON_OR_CSRFILE_NAME - The Common Name (CN) in the Subject DN for a new csr or the filename for a
pre-existing csr if the -r option is also used as CLI argument
An example usage of this command is the following:
$> java -jar dxlclient-0.1.0-all.jar provisionconfig config myserver dxlclient1
Note: If the command must route through a proxy to reach the management server then use standard Java system
properties to declare the https proxy host, port, user name, and password.
(https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html)
An example usage of this command with Java system properties for the proxy settings is the following:
$> java -Dhttps.proxyHost=proxy.mycompany.com -Dhttps.proxyPort=3128
-Dhttps.proxyUser=proxyUser -Dhttps.proxyPassword=proxyPassword
-jar dxlclient-0.1.0-all.jar provisionconfig config myserver dxlclient1
|
updateconfig |
This command is for updating the DXL client configuration in the dxlclient.config file, specifically the
ca bundle and broker configuration.
This command performs the following steps:
-
Sends a request to a management server endpoint for the latest ca bundle
information. The HTTP response payload for this request should look
like the following:
OK:
"[ca bundle]"
Sections of the response include:
-
A line with the text "OK:" if the request was successful, else
"ERROR [code]:" on failure.
-
A JSON-encoded string with a double-quote character at the beginning
and end. The string contains a concatenation of one or more PEM-encoded
CA certificates.
-
Saves the [ca bundle] to the file at the location specified in the
"BrokerCertChain" setting in the "Certs" section of the dxlclient.config
file.
-
Sends a request to a management server endpoint for the latest broker
configuration. The HTTP response payload for this request should look
like the following:
OK:
"[broker config]"
Sections of the response include:
-
A line with the text "OK:" if the request was successful, else
"ERROR [code]:" on failure.
-
A JSON-encoded string with a double-quote character at the beginning
and end. The string should contain a JSON document which looks similar
to the following:
{
"brokers": [
{
"guid": "{2c5b107c-7f51-11e7-0ebf-0800271cfa58}",
"hostName": "broker1",
"ipAddress": "10.10.100.100",
"port": 8883
},
{
"guid": "{e90335b2-8dc8-11e7-1bc3-0800270989e4}",
"hostName": "broker2",
"ipAddress": "10.10.100.101",
"port": 8883
},
...
],
"brokersWebSockets": [
{
"guid": "{2c5b107c-7f51-11e7-0ebf-0800271cfa58}",
"hostName": "broker1",
"ipAddress": "10.10.100.100",
"port": 443
},
{
"guid": "{e90335b2-8dc8-11e7-1bc3-0800270989e4}",
"hostName": "broker2",
"ipAddress": "10.10.100.101",
"port": 443
},
...
],
"certVersion": 0
}
-
Saves the [broker config] to the "Brokers" and "BrokersWebSockets" sections of the
dxlclient.config file.
Updates to the dxlclient.config file do not attempt to preserve comments in the
file. If a broker listed in the config file on disk is no longer known to the management server, the
broker's config entry and any comments directly above it are removed from
the config file.
An example usage of this command is the following:
$> java -jar dxlclient-0.1.0-all.jar updateconfig config myserver
Note: If the command must route through a proxy to reach the management server then use standard Java system
properties to declare the https proxy host, port, user name, and password.
(https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html)
An example usage of this command with Java system properties for the proxy settings is the following:
$> java -Dhttps.proxyHost=proxy.mycompany.com -Dhttps.proxyPort=3128
-Dhttps.proxyUser=proxyUser -Dhttps.proxyPassword=proxyPassword
-jar dxlclient-0.1.0-all.jar updateconfig config myserver
|