Parameter |
Definition |
|
|
Provider-specific credentials and account parameters; to see detailed instructions for obtaining the files and values, click the provider link |
-
Provider-Specific – AWS
Credentials: Path to a file containing the public/private keypair for an AWS account.
-
Provider-Specific – GCP
Credentials: Path to a JSON file containing the service account key for a GCP account.
Project: GCP project ID.
-
Provider-Specific – Azure
SubscriptionId: A unique alphanumeric string that identifies a Microsoft Azure subscription.
TenantId: A unique alphanumeric string that identifies the Azure Active Directory directory in which an application was created.
UseMSI: If true, authenticates using a Managed Service Identity in place of ClientId and ClientSecret; default is false.
ClientId, ClientSecret: Credentials identifying and providing access to an Azure application (if UseMSI is false).
-
Provider-Specific – Tencent
SecretID, SecretKey: Unique alphanumeric strings that identify and provide access to a Tencent Cloud account.
-
Provider-Specific – vSphere
VSphereUser, VSpherePassword: Credentials for vSphere operations.
|
SSHUser |
Nonroot account with sudo access used by ICM for access to provisioned nodes. Root of SSHUser’s home directory can be specified using the Home field. Required value is provider-specific, as follows:
-
AWS — As per AMI (see AMI parameter in AWS Parameters); usually ubuntu for Ubuntu images
-
GCP — At user's discretion
-
Azure — At user's discretion
-
Tencent — As per image (see ImageId parameter in Tencent Parameters)
-
vSphere — As per VM template (see Template parameter in vSphere Parameters)
-
Preexisting — See SSH in the appendix “Deploying on a Preexisting Cluster”
|
SSHPassword |
Initial password for the user specified by SSHUser. Required for marketplace Docker images and deployments of type vSphere, Azure, and PreExisting. This password is used only during provisioning, at the conclusion of which password logins are disabled. |
SSHOnly |
If true, ICM does not attempt SSH password logins during provisioning, for providers vSphere and PreExisting only. Because this prevents ICM from logging in using a password, it requires that you stage your public SSH key (as specified by the SSHPublicKey field, below) on each node. Default: false. |
SSHPublicKey |
Path within the ICM container of the public key of the SSH public/private key pair; required for all deployments. For provider AWS, must be in SSH2 format, for example:---- BEGIN SSH2 PUBLIC KEY ---
AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0
---- BEGIN SSH2 PUBLIC KEY ---For other providers, must be in OpenSSH format, for example:ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0 |
SSHPrivateKey |
Path within the ICM container of the private key of the SSH public private key pair; required for all deployments in RSA format, for example:-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAoa0ex+JKzC2Nka1
-----END RSA PRIVATE KEY----- |
TLSKeyDir |
Directory within the ICM container containing TLS keys used to establish secure connections to Docker, InterSystems Web Gateway, JDBC, and mirrored InterSystems IRIS databases, as follows:
-
ca.pem
-
cert.pem
-
key.pem
-
keycert.pem
-
server-cert.pem
-
server-key.pem
-
keystore.p12
-
truststore.jks
-
SSLConfig.properties
|
SSLConfig |
Path within the ICM container to an TLS configuration file used to establish secure JDBC connections. Default: If this parameter is not provided, ICM looks for a configuration file in /TLSKeyDir/SSLConfig.Properties (see previous entry). |
PrivateSubnet |
If true, ICM deploys on an existing private subnet, or creates and deploys on a new private subnet, for use with a bastion host; see Deploying on a Private Network. |
WeavePassword |
Password used to encrypt traffic over Weave Net; enable encryption by setting to a value other than null in the defaults file. Default: null. |
net_vpc_cidr |
CIDR of the existing private network to deploy on; see Deploy Within an Existing Private Network. |
net_subnet_cidr |
CIDR of an ICM node’s subnet within an existing private network. |