Skip to content

vsatctl install

vsatctl install [flags]

Install a single node Venafi VSatellite cluster.

Note

This command must be run with root privileges because it installs system wide executables and configuration files in '/etc' and '/usr/local/bin'. It requires root privileges to start the VSatellite systemd service. It connects to the VSatellite cluster using credentials from a file which is only accessible to root users.

Important

When using --install-dir, carefully review related hard disk requirements

Examples

sudo vsatctl install --pairing-code=cf216fbc-f429-41f1-a64b-f06bb9b4e1be

Options

      --accept-license-agreement   Accept the Venafi End User License Agreement. (https://venafi.com/end-user-license-agreement)
      --api-url string             Specify the Venafi Cloud API URL. (Default: https://api.venafi.cloud)
  -h, --help                       Show help for the install command.
      --install-dir string         Specify the directory for all VSatellite installation artifacts.
      --loglevel string            Set the file logging level. Options: "INFO," "ERROR," "WARN," "DEBUG." (Default: "DEBUG")
      --pairing-code string        Provide the pairing code to register with Venafi as a Service.
      --silent                     Perform a silent Kubernetes installation without showing events or progress. (Deprecated)
      --timeout-seconds int        Set the maximum timeout in seconds for each VSatellite service installation. (Default: 180)

HSM-protected DEK options

When installing a VSatellite with HSM-protected DEK, the following options are required unless otherwise noted:

Option Required Description
--partition-label Yes HSM partition label
--partition-serial-number No Required only if multiple partitions share the same label
--hsm-client-path Yes Path to the HSM client installation
--hsm-lib-path Yes Path to the PKCS#11 library
--hsm-config Yes Path to the HSM client configuration file

Note

During installation, you are prompted to enter the PIN for the HSM partition. Ensure that the PIN is available before starting the installation.

For an explanation of each HSM-related parameter and example values, see Using HSM-protected DEK with VSatellites.

Note

HSM connectivity and credentials are not fully validated during installation. In some cases, installation may succeed but the VSatellite enters an Unhealthy state. For details about HSM validation behavior and Unhealthy states, see

Using HSM-protected DEK with VSatellites.

See also