l4i
Installation Guide
Initial Configuration
7min
the base l4i installation will come pre configured with the core system and a test filesystem connector additional connectors and connections will need to be configured the main task to complete for initial setup is the configuration of certificates for these connectors the l4i connectors and core components communicate through https/tls encrypted connections to enable these secure connections, x 509 certificates must be supplied l4i provides mechanisms to generate these certificates options when generating certificates include configuration of which connector certificates to create configuration of the server ip address/dns entry when remote connectors are required creation of passwords for certificates generated settings are configured in the file \<install location>\conifg\trex certmgr application json the trex certmgr application json file contains the following sections "defaults" "defaults" this section allows settings that will be used for all certificates generated this can be overridden in the specifics of each individual certificate section "master" "master" this is the section for the master keystore for all configured connectors on the system the default settings will be sufficient for a one box installation for each connector, the value for "disabled" should be set to 'false' to have a certificate generated if distributing a connector on a remote server, the "san" section can be used to define the remote server name and/or ip address an example snippet for the file system connector is shown below, including a "san" section { "disabled" false, 	"alias" "trex cnn trex fs server", 	 "dn" { 	 "commonname" "gimmal trex file system connector" 	 }, "san" { "dns" \["fully qualified name"], "ip" \["127 0 0 1"] } } "keystores" "keystores" the keystores section is where l4i configuration for the p12 keystore certificates is done each connector must have an alias entry in the section "keystore" "trex cnn keystore p12" the "storepass" entry is where a password for the keystore can be configured the section that will need configuration is the trex cnn keystore p12 this contains references to each of the connectors being used an example of this section is shown below, with 5 connectors being setup { 	 "keystore" "trex cnn keystore p12", 	 "storepass" "\<password>", 	 "aliases" \[ 	 "trex cnn trex fs server", 	 "trex cnn cm8 server", 	 "trex cnn elst server", 	 "trex cnn trex util server", 	 "trex cnn ibm p8ce server" 	 ] 	} "truststores" "truststores" the truststores section is where l4i configuration for the p12 truststore certificates is done these trusts allow the connectors and core trex components to exchange their certificates the "storepass" entry allows for configuration of the password for the truststore there are two sections that will need configuration trex ngin truststore p12 (allows connections to the core trex transformation engine) trex cfgmgr truststore p12 (allows connections to the trex configuration ui engine) both of these sections contain references to each of the connectors being used note this should match the list from the keystore section an example of this section is shown below, with 5 connectors being setup "truststores" \[ 	 { 	 "keystore" "trex dao truststore p12", 	 "storepass" "\<password>", 	 "aliases" \[ "trex cfgmgr server", "trex ngin server" ] 	 }, 	 { 	 "keystore" "trex ngin truststore p12", 	 "storepass" "\<password>", 	 "aliases" \[ 	 "trex dao server", 	 "trex cfgmgr server", 	 "trex cnn trex fs server", 	 "trex cnn cm8 server", 	 "trex cnn elst server", 	 "trex cnn trex util server", 	 "trex cnn ibm p8ce server" 	 ] 	 }, 	 { 	 "keystore" "trex cfgmgr truststore p12", 	 "storepass" "\<password>", 	 "aliases" \[ 	 "trex cfgmgr client", 	 "trex dao server", 	 "trex ngin server", 	 "trex cnn trex fs server", 	 "trex cnn cm8 server", 	 "trex cnn elst server", 	 "trex cnn trex util server", 	 "trex cnn ibm p8ce server" 	 ] 	 }, 	 { 	 "keystore" "trex cnn truststore p12", 	 "storepass" "\<password>", 	 "aliases" \[ "trex cfgmgr server","trex ngin server" ] 	 } 	], "exports" "exports" the exports section configures the exported certificates for the system of note is the "privatekeys" section this will generte a p12 certificate that can be imported into a web browser to allow connectivity to the d4i configuration service set a storepass that will be used note here you can configurate a separate certificate/password for different environments (dev vs prod etc) start cert mgr ps1 once configuration is complete, the powershell script '\<install location>\start cert mgr ps1 ' should be run this script will start a java application that will generate (or re generate) the application certificates