Workload Policy Manager
Installation Answer File Options
| Key | Sample Value | Description |
|---|---|---|
| KBS_BASE_URL | https://\<IP address or hostname of the KBS>:9443/kbs/v1/ | Required. Defines the baseurl for the Key Broker Service. The WPM uses this URL to request new encryption keys when encrypting images. |
| CMS_TLS_CERT_SHA384 | Required. SHA384 hash of the CMS TLS certificate | |
| CMS_BASE_URL | https://\<IP address or hostname for CMS>:8445/cms/v1/ | Required. Defines the base URL for the CMS owned by the image owner. Note that this CMS may be different from the CMS used for other components. |
| AAS_API_URL | https://\<IP address or hostname for AAS>:8444/aas/v1 | Required. Defines the baseurl for the AAS owned by the image owner. Note that this AAS may be different from the AAS used for other components. |
| BEARER_TOKEN | Required; token from CMS with permissions used for installation. | |
| WPM_LOG_LEVEL | INFO (default), DEBUG | Optional; defines the log level for the WPM. Defaults to INFO. |
| WPM_SERVICE_PASSWORD | Defines the credentials for the WPM to use to access the KBS | |
| WPM_SERVICE_USERNAME | Defines the credentials for the WPM to use to access the KBS |
Configuration Options
Command-Line Options
The Workload Policy Manager supports several command-line commands that can be executed only as the Root user:
Syntax:
wpm
create-image-flavor
Creates a new image flavor and encrypts a source image. Output is the image flavor in JSON format and the encrypted image.
usage: wpm create-image-flavor [-l label] [-i in] [-o out] [-e encout] [-k key]
-l, --label image flavor label
-i, --in input image file path
-o, --out (optional) output image flavor file path
if not specified, will print to the console
-e, --encout (optional) output encrypted image file path
if not specified, encryption is skipped
-k, --key (optional) existing key ID
if not specified, a new key is generated
create-software-flavor
Not currently supported; intended for future functionality.
Uninstall
Removes the WPM.
--help
Displays help text
--version
Displays the WPM version
Setup
usage : wpm setup [
wpm setup
wpm setup CreateEnvelopeKey
wpm setup RegisterEnvelopeKey
wpm setup download_ca_cert [--force]
- Download CMS root CA certificate
- Option [--force] overwrites any existing files, and always downloads new root CA cert
- Environment variable CMS_BASE_URL=
wpm setup download_cert Flavor-Signing [--force]
- Generates Key pair and CSR, gets it signed from CMS
- Option [--force] overwrites any existing files, and always downloads newly signed Flavor Signing cert
- Environment variable CMS_BASE_URL=
- Environment variable BEARER_TOKEN=
- Environment variable KEY_PATH=
- Environment variable CERT_PATH=
- Environment variable WPM_FLAVOR_SIGN_CERT_CN=
- Environment variable WPM_CERT_ORG=
- Environment variable WPM_CERT_COUNTRY=
- Environment variable WPM_CERT_LOCALITY=
- Environment variable WPM_CERT_PROVINCE=