Verification Service
Available Setup Tasks
all Runs all setup tasks
database Setup hvs database
create-default-flavorgroup Create default flavor groups in database
create-default-flavor-template Create default flavor templates in database
create-dek Create data encryption key for HVS
download-ca-cert Download CMS root CA certificate
download-cert-tls Download CA certificate from CMS for tls
download-cert-saml Download CA certificate from CMS for saml
download-cert-flavor-signing Download CA certificate from CMS for flavor signing
create-endorsement-ca Generate self-signed endorsement certificate
create-privacy-ca Generate self-signed privacy certificate
create-tag-ca Generate self-signed tag certificate
update-service-config Sets or Updates the Service configuration
Variables for Setup Tasks
Below are the variables that can be used to configure the setup tasks:
Database
DB_SSL_CERT Database SSL certificate, or use HVS_DB_SSLCERT alternatively
DB_SSL_CERT_SOURCE Database SSL certificate to be copied from, or use HVS_DB_SSLCERTSRC alternatively
DB_CONN_RETRY_TIME Database connection retry time
DB_HOST Database host name, or use HVS_DB_HOSTNAME alternatively
DB_PORT Database port, or use HVS_DB_PORT alternatively
DB_USERNAME Database username, or use HVS_DB_USERNAME alternatively
DB_SSL_MODE Database SSL mode, or use HVS_DB_SSL_MODE alternatively
DB_VENDOR Vendor of database, or use HVS_DB_VENDOR alternatively
DB_NAME Database name, or use HVS_DB_NAME alternatively
DB_PASSWORD Database password, or use HVS_DB_PASSWORD alternatively
DB_CONN_RETRY_ATTEMPTS Database connection retry attempts
Update-service-config
HRRS_REFRESH_PERIOD Host report refresh service period
HOST_TRUST_CACHE_THRESHOLD Maximum number of entries to be cached in the Trust/Flavor caches
NAT_SERVERS List of NATs servers to establish connection with outbound TAs
SERVICE_PASSWORD The service password as configured in AAS
AAS_BASE_URL AAS Base URL
FVS_NUMBER_OF_DATA_FETCHERS Number of Flavor verification data fetcher threads
FVS_SKIP_FLAVOR_SIGNATURE_VERIFICATION Skips flavor signature verification when set to true
SERVER_PORT The Port on which Server listens to
SERVER_READ_HEADER_TIMEOUT Request Read Header Timeout Duration in Seconds
SERVER_WRITE_TIMEOUT Request Write Timeout Duration in Seconds
LOG_ENABLE_STDOUT Enable console log
FVS_NUMBER_OF_VERIFIERS Number of Flavor verification verifier threads
SERVER_READ_TIMEOUT Request Read Timeout Duration in Seconds
SERVER_IDLE_TIMEOUT Request Idle Timeout in Seconds
SERVICE_USERNAME The service username as configured in AAS
LOG_MAX_LENGTH Max length of log statement
SERVER_MAX_HEADER_BYTES Max Length of Request Header in Bytes
ENABLE_EKCERT_REVOKE_CHECK If enabled, revocation checks will be performed for EK certs at the time of AIK provisioning
LOG_LEVEL Log level
VCSS_REFRESH_PERIOD VCenter refresh service period
Download-cert-flavor-signing
Mandatory:
CMS_BASE_URL CMS base URL in the format https://{{cms}}:{{cms_port}}/cms/v1/
BEARER_TOKEN Bearer token for accessing CMS api
FLAVOR_SIGNING_CERT_FILE The file to which certificate is saved
FLAVOR_SIGNING_KEY_FILE The file to which private key is saved
FLAVOR_SIGNING_COMMON_NAME The common name of signed certificate
Create-privacy-ca
PRIVACY_CA_KEY_FILE The file to which private key is saved
PRIVACY_CA_COMMON_NAME The common name of signed certificate
PRIVACY_CA_ISSUER The issuer of signed certificate
PRIVACY_CA_VALIDITY_YEARS The validity time in years of signed certificate
PRIVACY_CA_CERT_FILE The file to which certificate is saved
Create-endorsement-ca
ENDORSEMENT_CA_KEY_FILE The file to which private key is saved
ENDORSEMENT_CA_COMMON_NAME The common name of signed certificate
ENDORSEMENT_CA_ISSUER The issuer of signed certificate
ENDORSEMENT_CA_VALIDITY_YEARS The validity time in years of signed certificate
ENDORSEMENT_CA_CERT_FILE The file to which certificate is saved
Create-tag-ca
TAG_CA_CERT_FILE The file to which certificate is saved
TAG_CA_KEY_FILE The file to which private key is saved
TAG_CA_COMMON_NAME The common name of signed certificate
TAG_CA_ISSUER The issuer of signed certificate
TAG_CA_VALIDITY_YEARS The validity time in years of signed certificate
Database
DB_VENDOR Vendor of database, or use HVS_DB_VENDOR alternatively
DB_NAME Database name, or use HVS_DB_NAME alternatively
DB_PASSWORD Database password, or use HVS_DB_PASSWORD alternatively
DB_CONN_RETRY_ATTEMPTS Database connection retry attempts
DB_CONN_RETRY_TIME Database connection retry time
DB_HOST Database host name, or use HVS_DB_HOSTNAME alternatively
DB_PORT Database port, or use HVS_DB_PORT alternatively
DB_USERNAME Database username, or use HVS_DB_USERNAME alternatively
DB_SSL_MODE Database SSL mode, or use HVS_DB_SSL_MODE alternatively
DB_SSL_CERT Database SSL certificate, or use HVS_DB_SSLCERT alternatively
DB_SSL_CERT_SOURCE Database SSL certificate to be copied from, or use HVS_DB_SSLCERTSRC alternatively
Download-ca-cert
CMS_BASE_URL CMS base URL in the format https://{{cms}}:{{cms_port}}/cms/v1/
CMS_TLS_CERT_SHA384 SHA384 hash value of CMS TLS certificate
Download-cert-tls
Mandatory:
CMS_BASE_URL CMS base URL in the format https://{{cms}}:{{cms_port}}/cms/v1/
BEARER_TOKEN Bearer token for accessing CMS api
Optional:
TLS_CERT_FILE The file to which certificate is saved
TLS_KEY_FILE The file to which private key is saved
TLS_COMMON_NAME The common name of signed certificate
TLS_SAN_LIST Comma separated list of hostnames to add to Certificate, including IP addresses and DNS names
Download-cert-saml
Mandatory:
CMS_BASE_URL CMS base URL in the format https://{{cms}}:{{cms_port}}/cms/v1/
BEARER_TOKEN Bearer token for accessing CMS api
Optional:
SAML_CERT_FILE The file to which certificate is saved
SAML_KEY_FILE The file to which private key is saved
SAML_COMMON_NAME The common name of signed certificate
SAML_ISSUER The issuer of signed certificate
SAML_VALIDITY_SECONDS The validity time in seconds of signed certificate
Hvs-credentials
HVS_ADMIN_USERNAME
HVS_ADMIN_PASSWORD
Hvsdb-credentials
HVS_DB_USERNAME
HVS_DB_PASSWORD