PrivX - Installation

-
PrivX - An Access Management Solution, Lean on-demand Privileged Access Management for multi-cloud for SSH & RDP , fastest access provisioning software on the planet.


Installing PrivX on RHEL 7.4
##################

 1st method
_____________

using RPM
##########

 Download rpm package
#####################

 You can directly download rpm package from website 
https://info.ssh.com/get-a-demo-now-of-any-ssh.com-product-or-service

Installing PrivX through rpm
##########################
[root@localhost PrivX-5.0-119]# rpm -ivh PrivX-5.0-119_33661b873.x86_64.rpm 
error: Failed dependencies:
krb5-devel is needed by PrivX-5.0-119_33661b873.x86_64
krb5-pkinit is needed by PrivX-5.0-119_33661b873.x86_64
libossp-uuid.so.16()(64bit) is needed by PrivX-5.0-119_33661b873.x86_64
libpcsclite.so.1()(64bit) is needed by PrivX-5.0-119_33661b873.x86_64
nginx >= 1.12 is needed by PrivX-5.0-119_33661b873.x86_64
ntp is needed by PrivX-5.0-119_33661b873.x86_64
pcsc-lite-libs is needed by PrivX-5.0-119_33661b873.x86_64
redis >= 3.2 is needed by PrivX-5.0-119_33661b873.x86_64
uuid is needed by PrivX-5.0-119_33661b873.x86_64

 If you find something like this means PrivX requires dependencies to install and you need to install all the above dependencies.

 Installing dependencies
#####################
[root@localhost PrivX-5.0-119]# yum install krb5-devel krb5-pkinit libossp-uuid.so.16* libpcsclite.so.1* nginx ntp redis pcsc uuid -y Resolving Dependencies --> Running transaction check ---> Package krb5-devel.x86_64 0:1.15.1-8.el7 will be installed --> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.15.1-8.el7.x86_64 --> Processing Dependency: libcom_err-devel for package: krb5-devel-1.15.1-8.el7.x86_64 --> Processing Dependency: libselinux-devel for package: krb5-devel-1.15.1-8.el7.x86_64 --> Processing Dependency: libverto-devel for package: krb5-devel-1.15.1-8.el7.x86_64 ---> Package krb5-pkinit.x86_64 0:1.15.1-8.el7 will be installed ---> Package nginx.x86_64 1:1.12.2-2.el7 will be installed --> Processing Dependency: nginx-filesystem = 1:1.12.2-2.el7 for package: 1:nginx-1.12.2-2.el7.x86_64 --> Processing Dependency: nginx-all-modules = 1:1.12.2-2.el7 for package: 1:nginx-1.12.2-2.el7.x86_64 --> Processing Dependency: nginx-filesystem for package: 1:nginx-1.12.2-2.el7.x86_64 ---> Package ntp.x86_64 0:4.2.6p5-25.el7_3.2 will be installed ---> Package pcsc-lite-libs.x86_64 0:1.8.8-6.el7 will be installed ---> Package redis.x86_64 0:3.2.12-2.el7 will be installed --> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2.el7.x86_64 ---> Package uuid.x86_64 0:1.6.2-26.el7 will be installed --> Running transaction check ---> Package jemalloc.x86_64 0:3.6.0-1.el7 will be installed ---> Package keyutils-libs-devel.x86_64 0:1.5.8-3.el7 will be installed ---> Package libcom_err-devel.x86_64 0:1.42.9-10.el7 will be installed ---> Package libselinux-devel.x86_64 0:2.5-11.el7 will be installed --> Processing Dependency: libsepol-devel(x86-64) >= 2.5-6 for package: libselinux-devel-2.5-11.el7.x86_64 --> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.5-11.el7.x86_64 ---> Package libverto-devel.x86_64 0:0.2.5-4.el7 will be installed ---> Package nginx-all-modules.noarch 1:1.12.2-2.el7 will be installed --> Processing Dependency: nginx-mod-stream = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch --> Processing Dependency: nginx-mod-mail = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch --> Processing Dependency: nginx-mod-http-xslt-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch --> Processing Dependency: nginx-mod-http-perl = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch --> Processing Dependency: nginx-mod-http-image-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch --> Processing Dependency: nginx-mod-http-geoip = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch ---> Package nginx-filesystem.noarch 1:1.12.2-2.el7 will be installed --> Running transaction check ---> Package libsepol-devel.x86_64 0:2.5-6.el7 will be installed ---> Package nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 will be installed ---> Package nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 will be installed ---> Package nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 will be installed ---> Package nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 will be installed ---> Package nginx-mod-mail.x86_64 1:1.12.2-2.el7 will be installed ---> Package nginx-mod-stream.x86_64 1:1.12.2-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================== Package Arch Version Repository Size ========================================================================================================================== Installing: krb5-devel x86_64 1.15.1-8.el7 rhel7 267 k krb5-pkinit x86_64 1.15.1-8.el7 rhel7 160 k nginx x86_64 1:1.12.2-2.el7 epel 530 k ntp x86_64 4.2.6p5-25.el7_3.2 rhel7 547 k pcsc-lite-libs x86_64 1.8.8-6.el7 rhel7 34 k redis x86_64 3.2.12-2.el7 epel 544 k uuid x86_64 1.6.2-26.el7 rhel7 55 k Installing for dependencies: jemalloc x86_64 3.6.0-1.el7 epel 105 k keyutils-libs-devel x86_64 1.5.8-3.el7 rhel7 37 k libcom_err-devel x86_64 1.42.9-10.el7 rhel7 31 k libselinux-devel x86_64 2.5-11.el7 rhel7 186 k libsepol-devel x86_64 2.5-6.el7 rhel7 74 k libverto-devel x86_64 0.2.5-4.el7 rhel7 12 k nginx-all-modules noarch 1:1.12.2-2.el7 epel 16 k nginx-filesystem noarch 1:1.12.2-2.el7 epel 17 k nginx-mod-http-geoip x86_64 1:1.12.2-2.el7 epel 23 k nginx-mod-http-image-filter x86_64 1:1.12.2-2.el7 epel 26 k nginx-mod-http-perl x86_64 1:1.12.2-2.el7 epel 36 k nginx-mod-http-xslt-filter x86_64 1:1.12.2-2.el7 epel 26 k nginx-mod-mail x86_64 1:1.12.2-2.el7 epel 54 k nginx-mod-stream x86_64 1:1.12.2-2.el7 epel 76 k Transaction Summary ========================================================================================================================== Install 7 Packages (+14 Dependent packages) Total download size: 2.8 M Installed size: 6.3 M Downloading packages: (1/11): jemalloc-3.6.0-1.el7.x86_64.rpm | 105 kB 00:00:04 (2/11): nginx-mod-http-image-filter-1.12.2-2.el7.x86_64.rpm | 26 kB 00:00:00 (3/11): nginx-mod-http-perl-1.12.2-2.el7.x86_64.rpm | 36 kB 00:00:00 (4/11): nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64.rpm | 26 kB 00:00:00 (5/11): nginx-filesystem-1.12.2-2.el7.noarch.rpm | 17 kB 00:00:04 (6/11): nginx-mod-mail-1.12.2-2.el7.x86_64.rpm | 54 kB 00:00:00 (7/11): nginx-mod-stream-1.12.2-2.el7.x86_64.rpm | 76 kB 00:00:00 (8/11): redis-3.2.12-2.el7.x86_64.rpm | 544 kB 00:00:00 (9/11): nginx-1.12.2-2.el7.x86_64.rpm | 530 kB 00:00:06 (10/11): nginx-all-modules-1.12.2-2.el7.noarch.rpm | 16 kB 00:00:06 (11/11): nginx-mod-http-geoip-1.12.2-2.el7.x86_64.rpm | 23 kB 00:00:07 -------------------------------------------------------------------------------------------------------------------------- Total 377 kB/s | 2.8 MB 00:00:07 Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : keyutils-libs-devel-1.5.8-3.el7.x86_64 1/21 Installing : libsepol-devel-2.5-6.el7.x86_64 2/21 Installing : libselinux-devel-2.5-11.el7.x86_64 3/21 Installing : libcom_err-devel-1.42.9-10.el7.x86_64 4/21 Installing : libverto-devel-0.2.5-4.el7.x86_64 5/21 Installing : 1:nginx-filesystem-1.12.2-2.el7.noarch 6/21 Installing : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 7/21 Installing : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 8/21 Installing : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 9/21 Installing : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 10/21 Installing : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 11/21 Installing : 1:nginx-all-modules-1.12.2-2.el7.noarch 12/21 Installing : 1:nginx-1.12.2-2.el7.x86_64 13/21 Installing : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 14/21 Installing : jemalloc-3.6.0-1.el7.x86_64 15/21 Installing : redis-3.2.12-2.el7.x86_64 16/21 Installing : krb5-devel-1.15.1-8.el7.x86_64 17/21 Installing : ntp-4.2.6p5-25.el7_3.2.x86_64 18/21 Installing : pcsc-lite-libs-1.8.8-6.el7.x86_64 19/21 Installing : uuid-1.6.2-26.el7.x86_64 20/21 Installing : krb5-pkinit-1.15.1-8.el7.x86_64 21/21 Verifying : jemalloc-3.6.0-1.el7.x86_64 1/21 Verifying : 1:nginx-filesystem-1.12.2-2.el7.noarch 2/21 Verifying : krb5-pkinit-1.15.1-8.el7.x86_64 3/21 Verifying : libverto-devel-0.2.5-4.el7.x86_64 4/21 Verifying : libselinux-devel-2.5-11.el7.x86_64 5/21 Verifying : krb5-devel-1.15.1-8.el7.x86_64 6/21 Verifying : redis-3.2.12-2.el7.x86_64 7/21 Verifying : libcom_err-devel-1.42.9-10.el7.x86_64 8/21 Verifying : uuid-1.6.2-26.el7.x86_64 9/21 Verifying : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 10/21 Verifying : 1:nginx-1.12.2-2.el7.x86_64 11/21 Verifying : libsepol-devel-2.5-6.el7.x86_64 12/21 Verifying : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 13/21 Verifying : 1:nginx-all-modules-1.12.2-2.el7.noarch 14/21 Verifying : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 15/21 Verifying : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 16/21 Verifying : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 17/21 Verifying : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 18/21 Verifying : pcsc-lite-libs-1.8.8-6.el7.x86_64 19/21 Verifying : ntp-4.2.6p5-25.el7_3.2.x86_64 20/21 Verifying : keyutils-libs-devel-1.5.8-3.el7.x86_64 21/21 Installed: krb5-devel.x86_64 0:1.15.1-8.el7 krb5-pkinit.x86_64 0:1.15.1-8.el7 nginx.x86_64 1:1.12.2-2.el7 ntp.x86_64 0:4.2.6p5-25.el7_3.2 pcsc-lite-libs.x86_64 0:1.8.8-6.el7 redis.x86_64 0:3.2.12-2.el7 uuid.x86_64 0:1.6.2-26.el7 Dependency Installed: jemalloc.x86_64 0:3.6.0-1.el7 keyutils-libs-devel.x86_64 0:1.5.8-3.el7 libcom_err-devel.x86_64 0:1.42.9-10.el7 libselinux-devel.x86_64 0:2.5-11.el7 libsepol-devel.x86_64 0:2.5-6.el7 libverto-devel.x86_64 0:0.2.5-4.el7 nginx-all-modules.noarch 1:1.12.2-2.el7 nginx-filesystem.noarch 1:1.12.2-2.el7 nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 nginx-mod-mail.x86_64 1:1.12.2-2.el7 nginx-mod-stream.x86_64 1:1.12.2-2.el7 Complete!

2nd method
_____________

 using YUM
##########

 Import Repo
###########
[root@localhost PrivX-5.0-119]# rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc [root@localhost PrivX-5.0-119]# curl https://product-repository.ssh.com/ssh-products.repo \ > -o /etc/yum.repos.d/ssh-products.repo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 199 100 199 0 0 173 0 0:00:01 0:00:01 --:--:-- 173
Installing with Yum
##################
[root@localhost PrivX-5.0-119]# yum install PrivX Loaded plugins: langpacks ssh-products | 2.9 kB 00:00:00 ssh-products/x86_64/primary_db | 18 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package PrivX.x86_64 0:5.0-119_33661b873 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================== Package Arch Version Repository Size ========================================================================================================================== Installing: PrivX x86_64 5.0-119_33661b873 ssh-products 61 M Transaction Summary ========================================================================================================================== Install 1 Package Total download size: 61 M Installed size: 226 M Is this ok [y/d/N]: y Downloading packages: PrivX-5.0-119_33661b873.x86_64.rpm | 61 MB 00:00:20 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : PrivX-5.0-119_33661b873.x86_64 1/1 Verifying : PrivX-5.0-119_33661b873.x86_64 1/1 Installed: PrivX.x86_64 0:5.0-119_33661b873


Check the directory which consists of all utility scripts
###############################################
[root@localhost ~]# cd /opt/privx/scripts/ [root@localhost scripts]# ls authorizer.sh init_db.sh postinstall.sh rolestore.sh watchdog.sh auth.sh initial_install.sh principals_command.sh rotate_privx_ca.sh workflowengine.sh backup.sh init_nginx.sh privx.sh sshproxy.sh connectionmanager.sh keyvault.sh px-issuer troubleshoot.sh hoststore.sh monitorservice.sh rdpproxy.sh upgrade.sh import_certificates.sh postinstall_env restore.sh userstore.sh 

Run the post installation scripts of configure server
#############################################
[root@localhost scripts]# /opt/privx/scripts/postinstall.sh No keyvault detected, running initial installation Installing firewalld ... Package firewalld-0.4.4.4-6.el7.noarch already installed and latest version Note: Forwarding request to 'systemctl enable firewalld.service'. done. Configuring firewalld ... success success success done. Note: Forwarding request to 'systemctl enable nginx.service'. Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. Note: Forwarding request to 'systemctl enable redis.service'. Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service. Note: Forwarding request to 'systemctl enable guacd.service'. Note: Forwarding request to 'systemctl enable privx.service'. Generating instance secrets ...done. 2018/12/19 14:03:59 PrivX Migration tool version 5.0 2018/12/19 14:03:59 Running non-interactive migration 2018/12/19 14:03:59 *** Merging configuration file shared-config with new/shared-config *** 2018/12/19 14:03:59 Cannot open old config file shared-config.toml, assuming clean installation. 2018/12/19 14:03:59 * Old value not found, using new: shared.syslog_protocol 2018/12/19 14:03:59 * Old value not found, using new: shared.cloudwatch_max_sending_delay 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.type 2018/12/19 14:03:59 * Old value not found, using new: db.driver 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.enable_ldap_system_roots_cert_pool 2018/12/19 14:03:59 * Old value not found, using new: audit.trail_expiry 2018/12/19 14:03:59 * Old value not found, using new: shared.ssh_proxy_address 2018/12/19 14:03:59 * Old value not found, using new: shared.connectionmanager_address 2018/12/19 14:03:59 * Old value not found, using new: shared.azure_event_timeout 2018/12/19 14:03:59 * Old value not found, using new: audit.timeout_when_no_connmgr 2018/12/19 14:03:59 * Old value not found, using new: shared.cloudwatch_events 2018/12/19 14:03:59 * Old value not found, using new: shared.auth_ui_address 2018/12/19 14:03:59 * Old value not found, using new: shared.keyvault_address 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.ldap_retry_attempts 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.ldap_root_ca_pem 2018/12/19 14:03:59 * Old value not found, using new: tls.insecure 2018/12/19 14:03:59 * Old value not found, using new: smtp.insecure 2018/12/19 14:03:59 * Old value not found, using new: shared.auth_address 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.password 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.ldap_connection_timeout 2018/12/19 14:03:59 * Old value not found, using new: shared.cloudwatch_max_batch_size 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.insecure_skip_verify_tls 2018/12/19 14:03:59 * Old value not found, using new: smtp.ssl_port 2018/12/19 14:03:59 * Old value not found, using new: shared.privx_public_fqdn_address 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.ttl 2018/12/19 14:03:59 * Old value not found, using new: db.additional_params 2018/12/19 14:03:59 * Old value not found, using new: db.port 2018/12/19 14:03:59 * Old value not found, using new: shared.local_user_store_address 2018/12/19 14:03:59 * Old value not found, using new: shared.send_audit_events_to_syslog 2018/12/19 14:03:59 * Old value not found, using new: shared.azure_max_batch_size 2018/12/19 14:03:59 * Old value not found, using new: ldapconnections.enable_ldap_custom_root_certificates 2018/12/19 14:03:59 * Old value not found, using new: smtp.plain_port 2018/12/19 14:03:59 * Old value not found, using new: shared.syslog_address 2018/12/19 14:03:59 * Old value not found, using new: shared.ssh_product_versions_address 2018/12/19 14:03:59 * Old value not found, using new: shared.workflow_engine_address 2018/12/19 14:03:59 * Old value not found, using new: shared.authorizer_crl_address 2018/12/19 14:03:59 * Old value not found, using new: shared.azure_max_sending_delay 2018/12/19 14:03:59 * Old value not found, using new: shared.send_regular_events_to_stdout 2018/12/19 14:03:59 * Old value not found, using new: shared.local_user_store_default 2018/12/19 14:03:59 * Old value not found, using new: shared.ssh_product_versions_check_interval 2018/12/19 14:03:59 * Old value not found, using new: smtp.username 2018/12/19 14:03:59 * Old value not found, using new: shared.frontend_address 2018/12/19 14:03:59 * Old value not found, using new: shared.monitor_address 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.dbnumber 2018/12/19 14:03:59 * Old value not found, using new: db.sslmode 2018/12/19 14:03:59 * Old value not found, using new: tls.trust_anchors_file 2018/12/19 14:03:59 * Old value not found, using new: smtp.starttls_port 2018/12/19 14:03:59 * Old value not found, using new: shared.host_store_address 2018/12/19 14:03:59 * Old value not found, using new: shared.rdp_proxy_address 2018/12/19 14:03:59 * Old value not found, using new: shared.rolestore_address 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.enable 2018/12/19 14:03:59 * Old value not found, using new: audit.data_folder 2018/12/19 14:03:59 * Old value not found, using new: shared.privx_instance_name 2018/12/19 14:03:59 * Old value not found, using new: shared.connectionmanager_ws_address 2018/12/19 14:03:59 * Old value not found, using new: notificationcache.endpoint 2018/12/19 14:03:59 * Old value not found, using new: db.host 2018/12/19 14:03:59 * Old value not found, using new: shared.authorizer_address 2018/12/19 14:03:59 * Old value not found, using new: shared.azure_events 2018/12/19 14:03:59 * Old value not found, using new: shared.privx_public_ip_address 2018/12/19 14:03:59 * Old value not found, using new: shared.send_regular_events_to_syslog 2018/12/19 14:03:59 Created directory /opt/privx/etc/old 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/shared-config.toml -> /opt/privx/etc/old/shared-config.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/shared-config.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/shared-config.toml 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/shared-config.toml 2018/12/19 14:03:59 Verifying config file shared-config 2018/12/19 14:03:59 shared-config done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 0 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file oauth-shared-config with new/oauth-shared-config *** 2018/12/19 14:03:59 Cannot open old config file oauth-shared-config.toml, assuming clean installation. 2018/12/19 14:03:59 * Old value not found, using new: privx-service.id 2018/12/19 14:03:59 * Old value not found, using new: privx-external.id 2018/12/19 14:03:59 * Old value not found, using new: ssh-crypto-auditor.id 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.audience 2018/12/19 14:03:59 * Old value not found, using new: privx-service.signing_method 2018/12/19 14:03:59 * Old value not found, using new: privx-service.access_token_expiration_margin 2018/12/19 14:03:59 * Old value not found, using new: privx-service.audience 2018/12/19 14:03:59 * Old value not found, using new: privx-external.access_token_valid 2018/12/19 14:03:59 * Old value not found, using new: client_ids 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.refresh_token_valid 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.id 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.access_token_valid 2018/12/19 14:03:59 * Old value not found, using new: privx-service.access_token_valid 2018/12/19 14:03:59 * Old value not found, using new: privx-external.signing_method 2018/12/19 14:03:59 * Old value not found, using new: ssh-crypto-auditor.signing_method 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.signing_method 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.client_type 2018/12/19 14:03:59 * Old value not found, using new: privx-ui.authorize_token_valid 2018/12/19 14:03:59 * Old value not found, using new: ssh-crypto-auditor.access_token_valid 2018/12/19 14:03:59 * Old value not found, using new: ssh-crypto-auditor.audience 2018/12/19 14:03:59 * Old value not found, using new: privx-external.audience 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/oauth-shared-config.toml -> /opt/privx/etc/old/oauth-shared-config.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/oauth-shared-config.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/oauth-shared-config.toml 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/oauth-shared-config.toml 2018/12/19 14:03:59 Verifying config file oauth-shared-config 2018/12/19 14:03:59 oauth-shared-config done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 0 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file keyvault-config with new/keyvault-config *** 2018/12/19 14:03:59 * Keep old value: keyvault.clients 2018/12/19 14:03:59 * Keep old value: fsvault.file_user 2018/12/19 14:03:59 * Keep old value: fsvault.file_group 2018/12/19 14:03:59 * Keep old value: keyvault.core_backend 2018/12/19 14:03:59 * Keep old value: fsvault.secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/keyvault-config.toml -> /opt/privx/etc/old/keyvault-config.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/keyvault-config.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/keyvault-config.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/keyvault-config.toml 2018/12/19 14:03:59 Verifying config file keyvault-config 2018/12/19 14:03:59 keyvault-config done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 5 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file authorizer with new/authorizer *** 2018/12/19 14:03:59 * Keep old value: authorizer.keyvault_id 2018/12/19 14:03:59 * Keep old value: authorizer.keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/authorizer.toml -> /opt/privx/etc/old/authorizer.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/authorizer.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/authorizer.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/authorizer.toml 2018/12/19 14:03:59 Verifying config file authorizer 2018/12/19 14:03:59 authorizer done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file keyvault with new/keyvault *** 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/keyvault.toml -> /opt/privx/etc/old/keyvault.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/keyvault.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/keyvault.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/keyvault.toml 2018/12/19 14:03:59 Verifying config file keyvault 2018/12/19 14:03:59 keyvault done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file auth-default-config with new/auth-default-config *** 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/auth-default-config.toml -> /opt/privx/etc/old/auth-default-config.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/auth-default-config.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/auth-default-config.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/auth-default-config.toml 2018/12/19 14:03:59 Verifying config file auth-default-config 2018/12/19 14:03:59 auth-default-config done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file hoststore with new/hoststore *** 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 * Keep old value: authorizer_keyvault_id 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/hoststore.toml -> /opt/privx/etc/old/hoststore.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/hoststore.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/hoststore.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/hoststore.toml 2018/12/19 14:03:59 Verifying config file hoststore 2018/12/19 14:03:59 hoststore done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 3 2018/12/19 14:03:59 Old settings overwritten : 1 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file rolestore with new/rolestore *** 2018/12/19 14:03:59 * New value from version config: ldap.global_ad_user_filter 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/rolestore.toml -> /opt/privx/etc/old/rolestore.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/rolestore.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/rolestore.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/rolestore.toml 2018/12/19 14:03:59 Verifying config file rolestore 2018/12/19 14:03:59 rolestore done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 2 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file user-store with new/user-store *** 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/user-store.toml -> /opt/privx/etc/old/user-store.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/user-store.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/user-store.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/user-store.toml 2018/12/19 14:03:59 Verifying config file user-store 2018/12/19 14:03:59 user-store done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 1 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file workflowengine with new/workflowengine *** 2018/12/19 14:03:59 * Keep old value: keyvault_id 2018/12/19 14:03:59 * Keep old value: keyvault_secret 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/workflowengine.toml -> /opt/privx/etc/old/workflowengine.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/workflowengine.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/workflowengine.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/workflowengine.toml 2018/12/19 14:03:59 Verifying config file workflowengine 2018/12/19 14:03:59 workflowengine done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 1 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file rdp-proxy with new/rdp-proxy *** 2018/12/19 14:03:59 * Keep old value: rdp_proxy.keyvault_id 2018/12/19 14:03:59 * Keep old value: rdp_proxy.keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/rdp-proxy.toml -> /opt/privx/etc/old/rdp-proxy.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/rdp-proxy.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/rdp-proxy.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/rdp-proxy.toml 2018/12/19 14:03:59 Verifying config file rdp-proxy 2018/12/19 14:03:59 rdp-proxy done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file ssh-proxy with new/ssh-proxy *** 2018/12/19 14:03:59 * Keep old value: ssh_proxy.keyvault_id 2018/12/19 14:03:59 * Keep old value: ssh_proxy.keyvault_secret 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/ssh-proxy.toml -> /opt/privx/etc/old/ssh-proxy.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/ssh-proxy.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/ssh-proxy.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/ssh-proxy.toml 2018/12/19 14:03:59 Verifying config file ssh-proxy 2018/12/19 14:03:59 ssh-proxy done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 0 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file connectionmanager with new/connectionmanager *** 2018/12/19 14:03:59 * Keep old value: connectionmanager.keyvault_id 2018/12/19 14:03:59 * Keep old value: connectionmanager.keyvault_secret 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/connectionmanager.toml -> /opt/privx/etc/old/connectionmanager.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/connectionmanager.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/connectionmanager.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/connectionmanager.toml 2018/12/19 14:03:59 Verifying config file connectionmanager 2018/12/19 14:03:59 connectionmanager done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 1 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 *** Merging configuration file monitorservice with new/monitorservice *** 2018/12/19 14:03:59 * Keep old value: monitorservice.keyvault_secret 2018/12/19 14:03:59 * Keep old value: monitorservice.keyvault_id 2018/12/19 14:03:59 * New value from version config: db.data_version 2018/12/19 14:03:59 Renaming config file /opt/privx/etc/monitorservice.toml -> /opt/privx/etc/old/monitorservice.toml 2018/12/19 14:03:59 Applying modifications to /opt/privx/etc/monitorservice.toml 2018/12/19 14:03:59 Reading config file /opt/privx/etc/new/monitorservice.toml_template 2018/12/19 14:03:59 Modifying config file /opt/privx/etc/monitorservice.toml 2018/12/19 14:03:59 Verifying config file monitorservice 2018/12/19 14:03:59 monitorservice done: 2018/12/19 14:03:59 Migrated from version : 2.1 2018/12/19 14:03:59 Migrated to version : 5.0 2018/12/19 14:03:59 New settings added : 0 2018/12/19 14:03:59 Old settings removed : 0 2018/12/19 14:03:59 Old settings preserved : 2 2018/12/19 14:03:59 Old settings overwritten : 1 2018/12/19 14:03:59 Keys renamed : 0 2018/12/19 14:03:59 Migration done. Generating keyvault ...done. Generating keys ...2018/12/19 14:04:06 RSA: created key SHA256:Qc5ZEu3swLacQp3crGsYtdasB3Sx4k4s7rYv9Cdfbn0 ID: 310ec956-c517-44d9-61aa-72b2429b4572 2018/12/19 14:04:08 RSA: created key SHA256:C5rCn+M2h84LOqFDNfxasQfi1L5MTF+0wbH/7RlZPQQ ID: 989c1aeb-9546-4f2e-5998-3a1c6e89686f 2018/12/19 14:04:10 RSA: created key SHA256:/iRfu00Bu0bQq+9Nyd31vIZo8yLN6BcxUEPL0hp7/Ec ID: 17ac4d94-f032-42bf-6a0a-ae29771807d9 ID: c4d692ff-99d4-4b1e-41b7-356b130a4c10 ID: 3a3a7b1d-124e-4b75-5b62-c3cadeb09dd7 done. Configuring rsyslog to accept audit events.. Creating a temporary PrivX Web server TLS key and certificate. Please have your IT provide properly signed certificate for the server. <press enter> Please provide DNS names for the server, one per line, end with an empty line DNS: localhost.localdomain DNS: Please provide IP addresses, one per line, end with an empty line IP: 127.0.0.1 IP: Setting up certificates Fetching PrivX TLS CA key...done. Setting up Internal TLS CA (subject OU=PrivX TLS CA/CN=localhost.localdomain key 989c1aeb-9546-4f2e-5998-3a1c6e89686f) ...done. Requesting Web server certificate from the Internal TLS CA generating PrivX Web Server Key...done. generating certificate (subject OU=PrivX Web Server/CN=localhost.localdomain key c19e9fac-2f31-4228-490b-17604ceba474)...done. populating key files ...done. deleting PrivX Web Server Key...done. Requesting internal Web server certificate from the Internal TLS CA generating PrivX Internal Web Server Key...done. generating certificate (subject OU=PrivX Internal Web Server/CN=localhost.localdomain key 5181985d-3469-409f-4a4d-3ebfa2892382)...done. populating key files ...done. deleting PrivX Internal Web Server Key...done. Job for nginx.service invalid. All is setup for use with temporary certificates Server Certificate: -rwxr-x---. 1 root nginx 1619 Dec 19 14:05 /etc/nginx/ssl/nginx.crt -rwxr-x---. 1 root nginx 1037 Dec 19 14:05 /etc/nginx/ssl/nginx.csr -rwxr-x---. 1 root nginx 1655 Dec 19 14:05 /etc/nginx/ssl/nginx-internal.crt -rwxr-x---. 1 root nginx 1704 Dec 19 14:05 /etc/nginx/ssl/nginx-internal.key -rwxr-x---. 1 root nginx 1704 Dec 19 14:05 /etc/nginx/ssl/nginx.key CA Certificate: -rw-------. 1 root root 2009 Dec 19 14:05 /etc/pki/CA/certs/privx-ca.crt Populating system shared configuration files ...done. A Certificate Signing Request (CSR) for acquiring a permanent Web Server Certificate: '/etc/nginx/ssl/nginx.csr' Having received the certificate, copy it as '/etc/nginx/ssl/nginx.crt'. If you received a CA bundle at the same time, update system trust by running this same script as '/opt/privx/scripts/init_nginx.sh update-trust /path/to/bundle-file'
______________________________________________________________________________
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details. Error Executing script failed on command: systemctl restart nginx on line 301

 _______________________________________________________________________________

If you find the above issue it means there is something related to Nginx or HTTPD service
If you have already httpd server installed on your system follow the below instructions:

 Check your httpd services & if running stop and disable it as PrivX uses Nginx
####################################################################
[root@localhost scripts]# systemctl stop httpd [root@localhost scripts]# systemctl disable httpd Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
Again start with post install script
##############################
[root@localhost scripts]# /opt/privx/scripts/postinstall.sh Previous installation was aborted, clean up local files and local DB before continuing? [y/N] y psql: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"? Removing /var/lib/pgsql/ No keyvault detected, running initial installation Installing firewalld ... Package firewalld-0.4.4.4-6.el7.noarch already installed and latest version Note: Forwarding request to 'systemctl enable firewalld.service'. done. Configuring firewalld ... Warning: ALREADY_ENABLED: https success Warning: ALREADY_ENABLED: http success success done. Note: Forwarding request to 'systemctl enable nginx.service'. Note: Forwarding request to 'systemctl enable redis.service'. Note: Forwarding request to 'systemctl enable guacd.service'. Note: Forwarding request to 'systemctl enable privx.service'. Generating instance secrets ...done. 2018/12/19 14:07:11 PrivX Migration tool version 5.0 2018/12/19 14:07:11 Running non-interactive migration 2018/12/19 14:07:11 *** Merging configuration file shared-config with new/shared-config *** 2018/12/19 14:07:11 * Keep old value: shared.privx_public_fqdn_address 2018/12/19 14:07:11 * New value from version config: shared.auth_address 2018/12/19 14:07:11 * Keep old value: shared.privx_public_ip_address 2018/12/19 14:07:11 * Keep old value: shared.frontend_address 2018/12/19 14:07:11 * Old value removed: version 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/shared-config.toml -> /opt/privx/etc/old/shared-config.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/shared-config.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/shared-config.toml 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/shared-config.toml 2018/12/19 14:07:11 Verifying config file shared-config 2018/12/19 14:07:11 shared-config done: 2018/12/19 14:07:11 Migrated from version : 5.0 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 1 2018/12/19 14:07:11 Old settings preserved : 3 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file oauth-shared-config with new/oauth-shared-config *** 2018/12/19 14:07:11 * Old value removed: version 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/oauth-shared-config.toml -> /opt/privx/etc/old/oauth-shared-config.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/oauth-shared-config.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/oauth-shared-config.toml 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/oauth-shared-config.toml 2018/12/19 14:07:11 Verifying config file oauth-shared-config 2018/12/19 14:07:11 oauth-shared-config done: 2018/12/19 14:07:11 Migrated from version : 5.0 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 1 2018/12/19 14:07:11 Old settings preserved : 0 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file keyvault-config with new/keyvault-config *** 2018/12/19 14:07:11 * Keep old value: fsvault.file_user 2018/12/19 14:07:11 * Keep old value: fsvault.file_group 2018/12/19 14:07:11 * Keep old value: fsvault.secret 2018/12/19 14:07:11 * Keep old value: keyvault.clients 2018/12/19 14:07:11 * Keep old value: keyvault.core_backend 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/keyvault-config.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/keyvault-config.toml -> /opt/privx/etc/old/keyvault-config.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/keyvault-config.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/keyvault-config.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/keyvault-config.toml 2018/12/19 14:07:11 Verifying config file keyvault-config 2018/12/19 14:07:11 keyvault-config done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 5 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file authorizer with new/authorizer *** 2018/12/19 14:07:11 * Keep old value: authorizer.keyvault_secret 2018/12/19 14:07:11 * Keep old value: authorizer.keyvault_id 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/authorizer.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/authorizer.toml -> /opt/privx/etc/old/authorizer.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/authorizer.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/authorizer.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/authorizer.toml 2018/12/19 14:07:11 Verifying config file authorizer 2018/12/19 14:07:11 authorizer done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file keyvault with new/keyvault *** 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/keyvault.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/keyvault.toml -> /opt/privx/etc/old/keyvault.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/keyvault.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/keyvault.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/keyvault.toml 2018/12/19 14:07:11 Verifying config file keyvault 2018/12/19 14:07:11 keyvault done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file auth-default-config with new/auth-default-config *** 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/auth-default-config.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/auth-default-config.toml -> /opt/privx/etc/old/auth-default-config.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/auth-default-config.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/auth-default-config.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/auth-default-config.toml 2018/12/19 14:07:11 Verifying config file auth-default-config 2018/12/19 14:07:11 auth-default-config done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file hoststore with new/hoststore *** 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 * Keep old value: authorizer_keyvault_id 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/hoststore.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/hoststore.toml -> /opt/privx/etc/old/hoststore.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/hoststore.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/hoststore.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/hoststore.toml 2018/12/19 14:07:11 Verifying config file hoststore 2018/12/19 14:07:11 hoststore done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 3 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file rolestore with new/rolestore *** 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 * New value from version config: ldap.global_ad_user_filter 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/rolestore.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/rolestore.toml -> /opt/privx/etc/old/rolestore.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/rolestore.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/rolestore.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/rolestore.toml 2018/12/19 14:07:11 Verifying config file rolestore 2018/12/19 14:07:11 rolestore done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 2 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file user-store with new/user-store *** 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/user-store.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/user-store.toml -> /opt/privx/etc/old/user-store.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/user-store.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/user-store.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/user-store.toml 2018/12/19 14:07:11 Verifying config file user-store 2018/12/19 14:07:11 user-store done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file workflowengine with new/workflowengine *** 2018/12/19 14:07:11 * Keep old value: keyvault_id 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 * Keep old value: keyvault_secret 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/workflowengine.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/workflowengine.toml -> /opt/privx/etc/old/workflowengine.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/workflowengine.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/workflowengine.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/workflowengine.toml 2018/12/19 14:07:11 Verifying config file workflowengine 2018/12/19 14:07:11 workflowengine done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file rdp-proxy with new/rdp-proxy *** 2018/12/19 14:07:11 * Keep old value: rdp_proxy.keyvault_id 2018/12/19 14:07:11 * Keep old value: rdp_proxy.keyvault_secret 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/rdp-proxy.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/rdp-proxy.toml -> /opt/privx/etc/old/rdp-proxy.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/rdp-proxy.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/rdp-proxy.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/rdp-proxy.toml 2018/12/19 14:07:11 Verifying config file rdp-proxy 2018/12/19 14:07:11 rdp-proxy done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file ssh-proxy with new/ssh-proxy *** 2018/12/19 14:07:11 * Keep old value: ssh_proxy.keyvault_id 2018/12/19 14:07:11 * Keep old value: ssh_proxy.keyvault_secret 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/ssh-proxy.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/ssh-proxy.toml -> /opt/privx/etc/old/ssh-proxy.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/ssh-proxy.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/ssh-proxy.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/ssh-proxy.toml 2018/12/19 14:07:11 Verifying config file ssh-proxy 2018/12/19 14:07:11 ssh-proxy done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 0 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file connectionmanager with new/connectionmanager *** 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 * Keep old value: connectionmanager.keyvault_id 2018/12/19 14:07:11 * Keep old value: connectionmanager.keyvault_secret 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/connectionmanager.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/connectionmanager.toml -> /opt/privx/etc/old/connectionmanager.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/connectionmanager.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/connectionmanager.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/connectionmanager.toml 2018/12/19 14:07:11 Verifying config file connectionmanager 2018/12/19 14:07:11 connectionmanager done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 *** Merging configuration file monitorservice with new/monitorservice *** 2018/12/19 14:07:11 * Keep old value: monitorservice.keyvault_id 2018/12/19 14:07:11 * Keep old value: monitorservice.keyvault_secret 2018/12/19 14:07:11 * New value from version config: db.data_version 2018/12/19 14:07:11 Removing old file /opt/privx/etc/old/monitorservice.toml 2018/12/19 14:07:11 Renaming config file /opt/privx/etc/monitorservice.toml -> /opt/privx/etc/old/monitorservice.toml 2018/12/19 14:07:11 Applying modifications to /opt/privx/etc/monitorservice.toml 2018/12/19 14:07:11 Reading config file /opt/privx/etc/new/monitorservice.toml_template 2018/12/19 14:07:11 Modifying config file /opt/privx/etc/monitorservice.toml 2018/12/19 14:07:11 Verifying config file monitorservice 2018/12/19 14:07:11 monitorservice done: 2018/12/19 14:07:11 Migrated from version : 2.1 2018/12/19 14:07:11 Migrated to version : 5.0 2018/12/19 14:07:11 New settings added : 0 2018/12/19 14:07:11 Old settings removed : 0 2018/12/19 14:07:11 Old settings preserved : 2 2018/12/19 14:07:11 Old settings overwritten : 1 2018/12/19 14:07:11 Keys renamed : 0 2018/12/19 14:07:11 Migration done. Generating keyvault ...done. Generating keys ...2018/12/19 14:07:16 RSA: created key SHA256:0hNwP/R3JZ9HMdvkjtTnzs5H/kLk50dO1JHQ+Lp1stY ID: 0bfff5f3-af6d-44ec-4166-b7fcd72abc03 2018/12/19 14:07:18 RSA: created key SHA256:VTD2JDs6wCn9Zsm7WML7IrDLWb8cu4ndq6DTMgg4m8w ID: 158be13e-3a5a-40ac-67a6-ded86f536a74 2018/12/19 14:07:20 RSA: created key SHA256:Eg75eJ1st9IWeDTsg8AFmq6A02qMWfRPXIS26IqAGH0 ID: 3ab7387a-5e19-4502-6731-486b847b9952 ID: 2df42bcd-e4b3-44a7-5bb1-9ec4cbeec62e ID: 98efdea8-de66-483b-7136-b1c4b0fbcd5f done. Configuring rsyslog to accept audit events.. Creating a temporary PrivX Web server TLS key and certificate. Please have your IT provide properly signed certificate for the server. <press enter> Please provide DNS names for the server, one per line, end with an empty line DNS: localhost.localdomain DNS: Please provide IP addresses, one per line, end with an empty line IP: 127.0.0.1 IP: Setting up certificates Fetching PrivX TLS CA key...done. Setting up Internal TLS CA (subject OU=PrivX TLS CA/CN=localhost.localdomain key 158be13e-3a5a-40ac-67a6-ded86f536a74) ...done. Requesting Web server certificate from the Internal TLS CA generating PrivX Web Server Key...done. generating certificate (subject OU=PrivX Web Server/CN=localhost.localdomain key a31febbd-758c-4fde-5155-c8454643a41f)...done. populating key files ...done. deleting PrivX Web Server Key...done. Requesting internal Web server certificate from the Internal TLS CA generating PrivX Internal Web Server Key...done. generating certificate (subject OU=PrivX Internal Web Server/CN=localhost.localdomain key daccf651-bb4f-492e-7c87-ea930b0c4f8d)...done. populating key files ...done. deleting PrivX Internal Web Server Key...done. Job for nginx.service invalid. All is setup for use with temporary certificates Server Certificate: -rwxr-x---. 1 root nginx 1619 Dec 19 14:07 /etc/nginx/ssl/nginx.crt -rwxr-x---. 1 root nginx 1037 Dec 19 14:07 /etc/nginx/ssl/nginx.csr -rwxr-x---. 1 root nginx 1655 Dec 19 14:07 /etc/nginx/ssl/nginx-internal.crt -rwxr-x---. 1 root nginx 1704 Dec 19 14:07 /etc/nginx/ssl/nginx-internal.key -rwxr-x---. 1 root nginx 1708 Dec 19 14:07 /etc/nginx/ssl/nginx.key CA Certificate: -rw-------. 1 root root 2009 Dec 19 14:07 /etc/pki/CA/certs/privx-ca.crt Populating system shared configuration files ...done. A Certificate Signing Request (CSR) for acquiring a permanent Web Server Certificate: '/etc/nginx/ssl/nginx.csr' Having received the certificate, copy it as '/etc/nginx/ssl/nginx.crt'. If you received a CA bundle at the same time, update system trust by running this same script as '/opt/privx/scripts/init_nginx.sh update-trust /path/to/bundle-file' DATABASE SETUP NOTE: This script will re-create your database schema, all existing PrivX data in the DB will be overwritten. For single server installations, the service is using a local PostgreSQL database. For multi-server HA installations, you should have your own external PostgreSQL database. Enter L for built-in DB and E for external database. Configure (L)ocal PostgreSQL database or (E)xternal one? (L): L PostgreSQL username for PrivX (privx): shashank Password for the PostgreSQL user 'shashank': <somepassword> Enter the password again: <somepassword> PostgreSQL database name (privx): privx Using database name privx PrivX superuser credentials. This is the admin account of PrivX web user interface. You can change it later, please provide credentials for first time use. Superuser username: Shashank Superuser password: <somepassword> Enter the password again: <somepassword> ==Applying database settings to microservice configurations== ==Configuring PrivX database== Initializing database..Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql.service to /usr/lib/systemd/system/postgresql.service. done [postgresql.service]. Initializing database ... OK Starting database..done. Requesting database server certificate from the Internal TLS CA fetching PrivX TLS CA key...done. generating PrivX DB Server Key...done. generating certificate (subject OU=PrivX PostgreSQL Database Server/CN=localhost.localdomain key 70eef373-eab6-4f30-5aae-242d1530a85c)...done. populating key files ...done. deleting PrivX DB Server Key...done. Restarting DB ...Creating local database privx and database user shashank NOTICE: database "privx" does not exist, skipping NOTICE: role "shashank" does not exist, skipping done. ==Generating keyvault keys== ==Initializing database schema== ==Initializing database contents== NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sources_key_pk" for table "sources" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "roles_key_pk" for table "roles" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "localuser_pkey" for table "localuser" NOTICE: CREATE TABLE / UNIQUE will create implicit index "localuser_username_key" for table "localuser" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "trustedclients_pkey" for table "trustedclients" NOTICE: CREATE TABLE / UNIQUE will create implicit index "trustedclients_name_key" for table "trustedclients" ==Configuring backup/restore scripts== ==Ready== Importing certificates to database... done. Setting system time ...19 Dec 14:09:08 ntpdate[31671]: step time server 139.59.82.60 offset -0.001875 sec done. Starting ntpd ...done. Starting nginx ...done. Starting redis ...done. Starting rsyslog ...done. Starting privx ...done. Enabling PrivX services on startup ...done.

Now you can login using your IP address or hostname as below
#######################################################













After successful login
###################


Comments

Post a Comment

Popular posts from this blog

DevOps Interview Questions

-
Questions from GIT, Jenkins, Ansible, Dockers & Containers, Kubernetes, OpenShift, AWS, CI/CD, Scripting, Linux (RHEL), Monitoring, Python GIT ########### * What is GIT ? * What is difference between GIT & Github ? * Why we use GIT ? * What is SCM & VCS ? * What are the process of pushing the code to Github Repository ? * Why do we commit ? * What are the commands of GIT to push the code ? * How you can merge a git repository with another ?  * What is branching in git ? * Different types of branching in GIT ? * What is merge conflict in git ? * How you can resolve merge conflict if you are merging same    project and in the same branch ?    Jenkins ########## * What is Jenkins ? * Why we use Jenkins ? * What are the other tools/technologies present in market other than    Jenkins for CI/CD ? * How to move Jenkins from one server to another ?    * How to create Jenkins backup ?  * What are plugins in Jenkins ? * What are
Read more

Calico Certified Operator: AWS Expert Questions & Answers

-
Section 1 Which one of the following is NOT an AWS networking concept? 1 point possible (graded, results hidden) AWS Region Virtual Private Cloud Elastic Network Interface Cloud NAT submitted Which of the following are network configuration options for the Calico CNI in BYOC clusters? 1 point possible (graded, results hidden) Select all that apply: VLAN based segmentation VXLAN encapsulation IP-IP encapsulation CrossSubnet mode submitted Why does AWS-CNI networking make use of source based routing on the nodes? 1 point possible (graded, results hidden) To provide more available IP addresses To allow the utilisation of all ENIs attached to the node To secure the node’s compute resources To ensure all pods use the same ENI submitted Which of the following are true when using the CrossSubnet mode in Calico CNI on BYOC clusters? 1 point possible (graded, results hidden) Select all that apply: It is recommended that for best performanc
Read more

CKAD Certification Exam Preparation Guide and Tips

-
Image
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. The CNCF/Linux Foundation offers this performance-based exam which targets the developer aspect of Kubernetes skills such as deploying apps, configuring apps, rolling out the application, creating persistent volumes, etc. CKAD (Certified Kubernetes Application Developer) is designed for software developers who would like to develop and deploy their containerized applications in Kubernetes. The curriculum includes the following general domains with the associated weights: Core Concepts – 13% Configuration – 18% Multi-Container Pods – 10% Observability – 18% Pod Design – 20% Services & Networking – 13% State Persistence – 8% ------------------------------------------------------------------------- After my successful achievement of CKAD Certification, I would love to share my experience and tips to clear the exam. I have  practiced a lot on kubectl  commands and
Read more