... | ... | @@ -40,12 +40,11 @@ When a new agent is being added to the server then a private key and a CSR certi |
|
|
|
|
|
The procedure looks as follows:
|
|
|
1. Administator logs into agent machine and downloads agent installation script and starts it: `curl https:/stork/agent-install.sh | sudo bash`. Downloaded script contains a URL address of the server.
|
|
|
1. The script prompts admin password for authentication against Stork server.
|
|
|
1. The script downloads proper deb or rpm package for current system and installs it.
|
|
|
1. The script invokes Stork agent in special mode to register local machine in Stork server using ReST API over secure HTTPS and using credentials provided by admin.
|
|
|
1. Stork agent generates a private key and a CSR certificate for the machine and its address. They are stored in `/etc/stork` for further usage. The address is put in `Common Name` and in `Subject Alternative Name` in the certificate. The server recognizes the machine using this address in the certificate.
|
|
|
1. Agent (still in this special mode) sends CSR for signing to Stork server and then fetches identity certificate prepared by the server and stores them in `/etc/stork` for further usage using ReST request and exits.
|
|
|
1. Administrator starts agent service (using systemctl enable and start).
|
|
|
1. The script invokes Stork agent in special mode to register local machine in Stork server using ReST API over secure HTTPS.
|
|
|
1. Agent register function prompts for server token for authentication against Stork server and agent address and port that are used for registration.
|
|
|
1. Stork agent generates a private key and a CSR certificate for the machine and its address. They are stored in `/var/lib/stork-agent` for further usage. The address is put in the certificate, in `IPAddresses` if it is IP address or in `DNSNames` if this is domain address. The server recognizes the machine using this address in the certificate.
|
|
|
1. Agent (still in this special mode) sends CSR for signing to Stork server and then fetches identity certificate prepared by the server and stores them in `/var/lib/stork-agent` for further usage using ReST request and exits.
|
|
|
1. From that moment gRPC connection from the server to the agent can be established. There are used mutual authentication and encryption.
|
|
|
|
|
|
```mermaid
|
... | ... | |