General Configuration and Usage
Installation
Package install/uninstall
Installing the package
-
RPM
-
Windows
-
Binary
Installing from the Evertrust repository
Create a /etc/yum.repos.d/horizon-cli.repo file containing the EverTrust repository info:
[horizon-cli]
enabled=1
name=Horizon Client Repository
baseurl=https://repo.evertrust.io/repository/horizon-cli-rpm/
gpgcheck=1
gpgkey=https://evertrust.io/.well-known/rpm/gpg.pub
username=<username>
password=<password>Replace <username> and <password> with the credentials you were provided.
Make sure the Evertrust GPG key is trusted:
# rpm --import https://evertrust.io/.well-known/rpm/gpg.pubYou can then run the following to install the latest Horizon Client version:
# yum install horizon-cliTo prevent unattended upgrades when running yum update, you should pin the Horizon Client version by adding
exclude=horizon-cliat the end of the /etc/yum.repos.d/horizon-cli.repo file after installing Horizon Client.
Installing from the package file
Download the latest RPM for Horizon Client on the Official EVERTRUST repository.
Upload the file 'horizon-cli-<latest>.x86_64.rpm' to the server;
Access the server with an account with administrative privileges;
Install the Horizon Client package with the following command:
# yum localinstall /root/horizon-cli-<latest>.x86_64.rpmIf you wish to verify the signature of the RPM package, the EVERTRUST key can be added to your trusted keys using the following command:
# rpm --import https://evertrust.io/.well-known/rpm/gpg.pubThe signature can then be verified using the following command:
# rpm -K /root/horizon-cli-<latest>.x86_64.rpmTo install the package, double click on the MSI file and follow the instructions.
The linux binary file is usable on any linux distribution, to install it follow the steps below :
-
Add the binary file to the
PATH, in order to easily launch it on your shell. -
Apply the executable permission on the binary file
# chmod +x horizon-cli.bin
Command line installation & initialization
Use the command below to install the client and generate interactively your configuration file:
$ horizon-cli installThe configuration file can also be created using command line parameters:
$ horizon-cli install --endpoint https://horizon-test.comUse the help to get the full list of available parameters.
| If you did not use an installer, this command should always be run first to ensure everything is set up correctly. |
Configuration Location
General parameters of Horizon Client are configured through a file placed in one of the following locations:
Global configuration :
-
/opt/horizon/etc/horizon-cli.conf -
[C|D]:\ProgramData\EverTrust\Horizon\horizon-cli.conf
Per-user configuration :
-
~/.horizon-cli/etc/horizon-cli.conf -
[C|D]:\Users\<username>\AppData\Local\horizon-cli\horizon-cli.conf
|
In case the user running the Horizon Client is an administrator and the global configuration file is present and accessible by the user, the global configuration file will be used. Otherwise, the per-user configuration file will be used. If the per-user configuration file is not present and the global configuration file is not accessible, the client will throw an error. |
Configuration Content
| Since version 1.10, the configuration was migrated from JSON to YAML, if you are upgrading from an earlier version, the configuration migration will be done automatically and should be seamless. |
The configuration file is in YAML format and contains the following:
api_id: API-ID
api_key: API-Key
endpoint: endpoint url. e.g. https://horizon-test.evertrust.fr
debug: false
timeout: 2
proxy: proxy. e.g. http://myproxy.corp.local:3128
root_ca: Root CA PEM Certificate(s).
log_file: The log file of Horizon.
external_proxy: proxy. e.g. http://myproxy.corp.local:3128
sudo_commands:
- command_one
- another_commandThese parameters may be instead specified or overridden using environment variables, as detailed in the table below.
| Parameter | Environment variable | Description |
|---|---|---|
|
|
The API ID: the identifier of a local account user defined in Horizon. Used for discovery, import modes and for the revocation in the EST module |
|
|
The API Key. Used together with API ID |
|
|
The URL of the Horizon instance, starting with |
|
|
Set to true to enable debug mode of the Horizon Client, defaults to false if unspecified. |
|
Connection timeout in seconds, defaults to 2 seconds if unspecified. |
|
|
|
HTTPS proxy used to reach Horizon (if any), in URL form which can contain login and password if needed. |
|
PEM chain of CA certificates that issued the TLS certificate exposed by Horizon. This parameter is optional, as preferred way is to put these CA certificates in the machine trust store. |
|
|
|
Log file of horizon. This parameter is optional, but a default value is set as the Horizon Client displays useful messages on STDOUT and logs should always be kept. |
|
|
HTTPS proxy used to reach Third Parties (if any), in URL form which can contain login and password if needed. |
|
|
Array of commands that should be executed using sudo. |
Configuration customization
Changing the configuration file location
In case you want to change the configuration file location, the HRZ_CONFIG environment variable can contain an absolute path to the configuration file and will try to read it before defaulting to the standard configuration as detailed above.
Changing all horizon-client files location
Additional files are used by the client (automation state, log files, etc). In case you want to change the path to these configurations, the HRZ_LOCAL_DATA environment variable can contain an absolute path to a folder, and will create all necessary files starting from this folder.
In order to keep backward compatibility, legacy environment variables are still available and are the same as the one above without the HRZ_ prefix. These should not be used and should be migrated to HRZ-prefixed one.
|
|
You can use the “--help” parameter to get command line help on any command or sub-command. |