Initialization
To make initial configuration of virtual appliance, you must log into it using default credentials:
- username: czertainly
- password: newgenerationtrustcare
To log in, you can use the console of the virtual machine. Or you can use SSH, which offers higher user comfort like scrolling and easy copy & paste. When you are successfully logged in, you will see the Text-based User Interface (TUI) for managing the virtual appliance.
The following steps needs to be done to initialize the virtual appliance.
Bold items are mandatory even for testing purposes.
- Change hostname and networking parameters
- Update the system
- Install hypervisor tools
- Setup TLS certificate
- Trusted certificate list
- Configure database
- Configure credentials to CZERTAINLY docker repository
- Configure CZERTAINLY
- Install CZERTAINLY
Change hostname and networking parameters
By default, the virtual appliance is configured to use dynamically assigned IP address from a DHCP server.
Default hostname czertainly and domain local may be useful for development and testing purposes. You need add name czertainly.local and VM IP into your hosts
file. In production, you will need to set a hostname that will be configured in DNS. To do so, select Main menu -> Configure hostname.
If your network policy requires using HTTP proxy, you can configure it by selecting Main menu -> Configure HTTP proxy.
Update system and packages
It is always good to have current version of czertainly-appliance-tools and Debian software. To update packages, select from the main menu Advanced options -> Update Operating System.
Install hypervisor tools
Depending on your hypervisor you might want to install its specific tools.
For VMware, it is good to install open-vm-tools. select from the main menu Advanced options -> Enter system shell and type `sudo apt install open-vm-tools.
For Virtualbox, you do not have to install anything virtualbox-guest-module that is already part of the running kernel image.
For other hypervisors, please consult their documentation.
TLS certificate for CZERTAINLY interface
CZERTAINLY is controlled via a web interface. For testing purposes, a self-signed certificate is automatically generated. If you aim to put CZERTAINLY into production, you want to upload a certificate from your internal CA. To do so, select Main menu -> Configure ingress TLS certificates.
Trusted certificates list
Access to the web interface of CZERTAINLY is authenticated by a client certificate by default.
There are various options how to configure access control for the platform. See Access control for more information.
For testing purposes, you can use preconfigured Dummy CA certificate. In production system, you will need to replace this list with your own trusted CA certificates. To do this, select Main menu -> Configure custom trusted certificates.
Database
CZERTAINLY persists all its data in Postgres database. The server will be installed for you, but you might want to set your own password for the database. To do so choose Configure database from the Main menu.
Credentials for CZERTAINLY docker repository
Some parts of CZERTAINLY are private and can't be provided publicly. Those parts are hosted in private Docker repository harbor.3key.company.
Ask support for credentials to access private repository.
To enter obtained credentials, use option Main Menu -> Configure Docker repository access credentials.
Configure CZERTAINLY
Option Configure CZERTAINLY of the main menu opens dialog where you can choose version of CZERTAINLY and it's components you want to install.
If you are not planning to use email notifications, disable email Provider. It is by default enabled and when not configured properly, installation will hang.
Install CZERTAINLY
When you select Install CZERTAINLY from the main menu. The installation will begin after confirmation.
Complete installation takes about 10 minutes on a decent system with good internet access. The most time consuming part is downloading of docker images that are deployed in the cluster.
After successful installation, administrator web interface is available on address:
https://[hostname]/administrator/
where hostname is the value configured in the previous step.
The Dummy administrator certificate is available for quick testing purposes with password 00000000.