Install apoctl
Prerequisites
- The following procedure uses an app credential to authenticate to the Microsegmentation Console. App credentials require a mutual TLS connection to the Microsegmentation Console API. Any TLS-intercepting middleboxes must be configured to exclude your connections to the Microsegmentation Console from interception.
- If you connect through a firewall or endpoint agent, ensure that you can access *.prismacloud.io, *.network.prismacloud.io, and *.aporeto.com.
Installing and configuring apoctl
- Download the executable appropriate to your platform.macOSsudo curl -o /usr/local/bin/apoctl \ https://download.aporeto.com/releases/release-5.0.12/apoctl/darwin/apoctl && \ sudo chmod 755 /usr/local/bin/apoctlLinuxsudo curl -o /usr/local/bin/apoctl \ https://download.aporeto.com/releases/release-5.0.12/apoctl/linux/apoctl && \ sudo chmod 755 /usr/local/bin/apoctlWindowscurl https://download.aporeto.com/releases/release-5.0.12/apoctl/windows/apoctl.msi -o apoctl.msi; ` if ($?) {. .\apoctl.msi /quiet} if ($?) {$env:PATH+="C:\Program Files\Apoctl;"}Open the Microsegmentation Console web interface.Navigate to the top-level namespace that you have access to. In the following example, we have access to the top-level namespace /acme.
Click the lock icon in the bottom left corner, then clickCopy to clipboard, as shown below.
Paste the configuration command into your terminal and press ENTER.An example command follows, using https://api.microsegmentation.acme.com:4443 as the URL of the Microsegmentation Console API and a Microsegmentation account.apoctl configure --api https://api.microsegmentation.acme.com:4443 \ --namespace /acme \ --token $(apoctl auth aporeto --account acme --api https://api.microsegmentation.acme.com:4443)Authenticate at the prompt.It should return the following.apoctl profile 'default' successfully configuredIssue the following commands to extract the URL of your Microsegmentation Console API, set it in a MICROSEG_API environment variable, and ensure that the environment variable persists across sessions.macOS/Linuxexport MICROSEG_API=$(apoctl auth verify | jq -r '.iss') echo "export MICROSEG_API=$MICROSEG_API" | tee -a ~/.bash_profileWindows$env:MICROSEG_API = (apoctl auth verify | jq -r '.iss') $env:MICROSEG_API = [System.Environment]::SetEnvironmentVariable('MICROSEG_API','User')Confirm that you can connect to the Microsegmentation Console API and that you trust its certificate.curlcurl $MICROSEG_APIwgetwget $MICROSEG_APIIssue the following command to confirm that you’re authenticated.apoctl auth verifyIt should return something like the following.{ "data": { "commonName": "app:credential:6022d9eeeb15c100010d9290:acme-apoctl-default-credentials", "organization": "/acme", "realm": "certificate", "serialNumber": "96242056717083374710660459658200369221", "subject": "96242056717083374710660459658200369221" }, "exp": 1612903956, "iat": 1612896755, "iss": "api.microsegmentation.acme.co", "realm": "Certificate", "restrictions": {}, "sub": "96242056717083374710660459658200369221" }Great job! You’ve installed and configured apoctl.Most Popular
