Prerequisites

Deploy Quickstart

To get started, follow the instructions from the Anjuna Policy Manager Secure Deployments repo on Github. The repo includes scripts to quickly deploy the Anjuna Policy Manager.

Installing the Anjuna Policy Manager CLI

Once you have a running instance of the Anjuna Policy Manager (APM), you can perform administrative operations using the APM CLI.

Access the Anjuna Resource Center to get the Anjuna Policy Manager  — anjuna-policy-manager.2.0.0003.tar.gz

Extract the APM tarfile:

$ tar -xvzf anjuna-policy-manager.2.0.0003.tar.gz

Optional - Install the APM CLI on your system:

$ sudo mv anjuna-policy-manager /usr/local/bin

Configuring the Anjuna Policy Manager CLI

The APM CLI needs to know how to connect to and verify the APM Server.

In the apm-secure-deployments scripts, these configuration steps are automatically performed by client_env.sh. The following manual steps are only necessary if you deploy the APM in a different way.

First, set the address of the APM Server:

$ export ANJUNA_ADDR="https://<anjuna policy manager server hostname>:8200"

Alternatively, set the --addr command-line parameter when you call the APM CLI.

Second, set the management authentication token of the APM Server:

$ export ANJUNA_TOKEN="<anjuna policy manager token>"

Alternatively, set the --token command-line parameter when you call the APM CLI.

Third, set the CA certificate to verify the APM’s TLS certificate against it:

$ export ANJUNA_CACERT="<path to ca cert file, PEM-encoded>"

Alternatively, set the --ca-cert command-line parameter when you call the APM CLI.

Suppose you are not using an FQDN (fully qualified domain name) for the Anjuna Policy Manager. In that case, you must update your local /etc/hosts file in order to point the APM’s hostname to the right IP address. This operation requires root permissions (sudo).

$ echo "<ip address> <apm hostname, defaults to apm-server.test>" | sudo tee -a /etc/hosts