Identity and Access Manager configuration
Example
{
"caCert": "/usr/share/ca-certificates/aos/AosRootCA.crt",
"certStorage": "iam",
"iamProtectedServerUrl": ":8089",
"iamPublicServerUrl": ":8090",
"workingDir": "/var/aos/iam",
"nodeInfo": {
"nodeIdPath": "/etc/machine-id",
"nodeName": "main",
"maxDmips": 10000,
"attrs": {
"MainNode": "",
"AosComponents": "cm,iam,sm"
},
"partitions": [
{
"name": "storages",
"types": [
"storages"
],
"path": "/var/aos/storages"
},
{
"name": "states",
"types": [
"states"
],
"path": "/var/aos/states"
},
{
"name": "workdirs",
"types": [
"services",
"layers",
"generic"
],
"path": "/var/aos/workdirs"
},
{
"name": "var",
"types": [
"generic"
],
"path": "/var"
}
],
"nodeType": "aos-vm-main",
"architecture": "amd64",
"os": "linux"
},
"diskEncryptionCmdArgs": [
"/bin/sh",
"-c",
"/opt/aos/setupdisk.sh create $(cat /proc/cmdline | sed -e 's/^.*opendisk.target=//' -e 's/ .*$//') -m /usr/lib/softhsm/libsofthsm2.so -p $(cat /var/aos/iam/.usrpin) 2>&1 | systemd-cat; systemctl restart nfs-server.service || true"
],
"finishProvisioningCmdArgs": [
"/opt/aos/provfinish.sh"
],
"deprovisionCmdArgs": [
"/opt/aos/deprovision.sh",
"async"
],
"identifier": {
"plugin": "fileidentifier",
"params": {
"systemIDPath": "/etc/machine-id",
"unitModelPath": "/etc/aos/unit_model",
"subjectsPath": "/etc/aos/subjects"
}
},
"certModules": [
{
"id": "online",
"plugin": "pkcs11module",
"algorithm": "ecc",
"maxItems": 2,
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscloud",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
}
},
{
"id": "offline",
"plugin": "pkcs11module",
"algorithm": "rsa",
"maxItems": 5,
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscloud",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
}
},
{
"id": "iam",
"plugin": "pkcs11module",
"algorithm": "ecc",
"maxItems": 2,
"extendedKeyUsage": [
"serverAuth",
"clientAuth"
],
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscore",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
},
"alternativeNames": [
"main"
]
},
{
"id": "sm",
"plugin": "pkcs11module",
"algorithm": "ecc",
"maxItems": 2,
"extendedKeyUsage": [
"serverAuth",
"clientAuth"
],
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscore",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
},
"alternativeNames": [
"main"
]
},
{
"id": "cm",
"plugin": "pkcs11module",
"algorithm": "ecc",
"maxItems": 2,
"extendedKeyUsage": [
"serverAuth",
"clientAuth"
],
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscore",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
},
"alternativeNames": [
"main"
]
},
{
"id": "diskencryption",
"plugin": "pkcs11module",
"algorithm": "rsa",
"maxItems": 1,
"disabled": false,
"selfSigned": true,
"params": {
"library": "/usr/lib/softhsm/libsofthsm2.so",
"tokenLabel": "aoscore",
"userPinPath": "/var/aos/iam/.usrpin",
"modulePathInUrl": true
}
}
],
"migration": {
"migrationPath": "/usr/share/aos/iam/migration",
"mergedMigrationPath": "/var/aos/iam/migration"
}
}