Install the Universal Orchestrator on Linux

To install the Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux. on Linux, copy the zip file containing installation files to a temporary working directory on the Linux server and unzip it.

To begin the installation:

  1. On the Linux machine on which you wish to install the orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores., in a command shell change to the temporary directory where you placed the installation files.
  2. Use the chmod command to make the install.sh script file executable. The file ships in a non-executable state to avoid accidental execution. For example:

    sudo chmod +x install.sh
  3. In the command shell, run the install.sh script as root using the following syntax to begin the installation:

    Installation example with expected output using basic authentication:

    vi my_password_file
    
    sudo ./install.sh --url https://keyfactor.keyexample.com/KeyfactorAgents --username svc_kyforch@keyexample.com --password $(cat my_password_file) --orchestrator-name appsrvr16-ssl.keyexample.com --capabilities all --force
    Creating user keyfactor-orchestrator Copying files from /tmp/KeyfactorOrchestrator to /opt/keyfactor/orchestrator Saving app settings Setting file permissions Installing systemd service keyfactor-orchestrator-default Created symlink /etc/systemd/system/multi-user.target.wants/keyfactor-orchestrator-default.service → /etc/systemd/system/keyfactor-orchestrator-default.service. Starting systemd service keyfactor-orchestrator-default

    Installation example with expected output using client certificate authentication:

    vi cert_password_file
    
    sudo ./install.sh --url https://keyfactor.keyexample.com/KeyfactorAgents --client-auth-certificate /opt/certs/kyforch.p12 --client-auth-certificate-password $(cat cert_password_file) --orchestrator-name appsrvr16-ssl.keyexample.com --capabilities all --force
    Creating user keyfactor-orchestrator Copying files from /tmp/KeyfactorOrchestrator to /opt/keyfactor/orchestrator Saving app settings Setting file permissions Installing systemd service keyfactor-orchestrator-default Created symlink /etc/systemd/system/multi-user.target.wants/keyfactor-orchestrator-default.service → /etc/systemd/system/keyfactor-orchestrator-default.service. Starting systemd service keyfactor-orchestrator-default
  4. Review the output from the installation to confirm that no errors have occurred.

The script creates a directory, /opt/keyfactor/orchestrator by default, and places the orchestrator files in this directory. Log files are found in /opt/keyfactor/orchestrator/logs by default, though this is configurable (see Configure Logging for the Universal Orchestrator).

The orchestrator service, by default named keyfactor-orchestrator-default.service, should be automatically started at the conclusion of the install and configured to restart on reboot unless you have selected the no-service parameter.

Tip:  Once the installation of the orchestrator is complete, you need to use the Keyfactor Command Management Portal to approve the orchestrator and configure certificate stores or SSL jobs as per the Keyfactor Command Reference Guide: