Skip to content

Integration Hub

Installation Answer File

# Authentication URL and service account credentials
AAS_API_URL=https://isecl-aas:8444/aas/v1
IHUB_SERVICE_USERNAME=<Integration Hub Service User username>
IHUB_SERVICE_PASSWORD=<Integration Hub Service User password>

# CMS URL and CMS webserivce TLS hash for server verification
CMS_BASE_URL=https://isecl-cms:8445/cms/v1
CMS_TLS_CERT_SHA384=<TLS hash>

# TLS Configuration
TLS_SAN_LIST=127.0.0.1,192.168.1.1,hub.server.com #comma-separated list of IP addresses and hostnames for the Hub to be used in the Subject Alternative Names list in the TLS Certificate

# Verification Service URL
HVS_BASE_URL=https://isecl-hvs:8443/hvs/v2
ATTESTATION_TYPE=HVS

#Integration tenant type.  Currently supported values are "KUBENETES" or "OPENSTACK"
TENANT=<KUBERNETES or OPENSTACK>

# OpenStack Integration Credentials - required for OpenStack integration only
OPENSTACK_AUTH_URL=<OpenStack Keystone URL; typically http://openstack-ip:5000/>
OPENSTACK_PLACEMENT_URL=<OpenStack Nova API URL; typically http://openstack-ip:8778/>
OPENSTACK_USERNAME=<OpenStack username>
OPENSTACK_PASSWORD=<OpenStack password>

# Kubernetes Integration Credentials - required for Kubernetes integration only
KUBERNETES_URL=https://kubernetes:6443/
KUBERNETES_CRD=custom-isecl
KUBERNETES_CERT_FILE=/etc/ihub/apiserver.crt
KUBERNETES_TOKEN=eyJhbGciOiJSUzI1NiIsImtpZCI6Ik......

# Installation admin bearer token for CSR approval request to CMS - mandatory
BEARER_TOKEN=eyJhbGciOiJSUzM4NCIsImtpZCI6ImE…

#Optional, configures the polling interval at which the Hub retrieves attestations from the HVS
POLL_INTERVAL_MINUTES=2

#Optional, runs the installer skipping setup
IHUB_NO_SETUP=false

#Optional, configures the TLS certificate common name
TLS_COMMON_NAME=Integration Hub TLS Certificate

#Optional, log configuration
LOG_MAX_LENGTH=1500
LOG_LEVEL=Info
LOG_ENABLE_STDOUT=true

Configuration Options

config-file: /etc/ihub/config
log:
  max-length: 1500
  enable-stdout: true
  level: trace
ihub:
  service-username: admin@hub
  service-password: hubAdminPass
  poll-interval-minutes: 1
aas:
  url: https://<aas_ip>:8444/aas/v1
cms:
  url: https://<cms_ip>:8445/cms/v1/
  tls-cert-digest: 8a035e3cdd...
attestation-service:
  attestation-url: https://<hvs_ip>:8443/hvs/v2
  attestation-type: HVS
end-point:
  type: KUBERNETES or OPENSTACK
  url: https://<kubernetes_ip>:6443/ or OpenStack Nova URL
  crd-name: custom-isecl
  token: eyJhbGciOiJSUzI...
  username: OpenStack Username
  password: OpenStack Password
  auth-url: OpenStack Authentication URL
  cert-file: /etc/ihub/apiserver.crt
tls:
  cert-file: /etc/ihub/tls-cert.pem
  key-file: /etc/ihub/tls-key.pem
  common-name: Integration Hub TLS Certificate
  san-list: 127.0.0.1,localhost

Command-Line Options

Available Commands

Help

ihub -h | --help

Displays the list of available CLI commands.

Start

ihub start

Starts the services.

Stop

ihub stop

Stops the services.

Status

ihub status

Reports whether the service is currently running.

Uninstall

ihub uninstall [--purge]

Uninstalls the service, including the deletion of all files and folders. Database content is not removed. If the --purge option is used, database content will be removed during the uninstallation.

Version

ihub -v | --version

Reports the version of the service.

Setup

ihub setup <task> [--help] [--force] [-f <answer-file>]

Usage of ihub setup: ihub setup [--help] [--force] [-f ] --help show help message for setup task --force existing configuration will e overwritten if this flag is set -f|--file the answer file with required arguments

Available Tasks for setup: all Runs all setup tasks download-ca-cert Download CMS root CA certificate download-cert-tls Download CA certificate from CMS for tls attestation-service-connection Establish Attestation service connection tenant-service-connection Establish Tenant service connection create-signing-key Create signing key for IHUB download-saml-cert Download SAML certificate from Attestation service update-service-config Sets or Updates the Service configuration

Directory Layout

The ihub installs by default to /etc/ihub. This directory contains the config.yaml configuration file, saml certificate, trusted ca, and the webservice TLS certificate.

/etc/ihub/

├── apiserver.crt

├── certs

│ ├── saml

│ │ └── saml-cert.pem

│ └── trustedca

│ └── 58f6bcfcd.pem

├── config.yml

├── ihub_private_key.pem

├── ihub_public_key.pem

├── tls-cert.pem

└── tls-key.pem

Logs

/var/logs/ihub

Back to top