ezb_pki is a Public Key infrastructure microservice. It will used by ezBastion nodes to interact together.
The PKI (Public Key Infrastructure) is the first node to be installed. It will be in charge to create and deploy the ECDSA pair key, used by all ezBastion's node to communicate. The certificates are used to sign JWT too.
1. Download ezb_pki from GitHub
{
"listen": ":5010",
"servicename": "ezb_pki",
"servicefullname": "ezBastion PKI",
"logger": {
"loglevel": "warning",
"maxsize": 5,
"maxbackups": 10,
"maxage": 180
}
}
- servicename: This is the name used as Windows service and as certificates root name.
- servicefullname: The Windows service description.
- listen: The TCP/IP port used by ezb_pki to respond at nodes request. This port MUST BE reachable by all ezBastion's node.
- loglevel: Choose log level in debug,info,warning,error,critical.
- maxsize: is the maximum size in megabytes of the log file before it gets rotated. It defaults to 100 megabytes.
- maxbackups: MaxBackups is the maximum number of old log files to retain.
- maxage: MaxAge is the maximum number of days to retain old log files based on the timestamp encoded in their filename.
ezb_pki install
ezb_pki start
- ezb_pki is an auto-enrolment system, if you do not add nodes, stop the service or don't install it and use debug mode instead.
- Protect cert folder.
- Backup the private/public key.
Copyright (C) 2018 Renaud DEVERS info@ezbastion.com
Used library:
Name | Copyright | version | url |
---|---|---|---|
gin | MIT | 1.2 | github.com/gin-gonic/gin |
cli | MIT | 1.20.0 | github.com/urfave/cli |
gorm | MIT | 1.9.2 | github.com/jinzhu/gorm |
logrus | MIT | 1.0.4 | github.com/sirupsen/logrus |
go-fqdn | Apache v2 | 0 | github.com/ShowMax/go-fqdn |
jwt-go | MIT | 3.2.0 | github.com/dgrijalva/jwt-go |
gopsutil | BSD | 2.15.01 | github.com/shirou/gopsutil |
lumberjack | MIT | 2.1 | github.com/natefinch/lumberjack |