FARM Service

The Front-end Applications for Remote Management (FARM) Service provides a gateway between front-end CENM service interfaces, and the Auth Service that underpins authentication and authorisation in CENM services.

Once installed and configured, users can connect with the FARM Service via the CENM CLI Tool to manage CENM service tasks. Administrators can use the FARM Service address plus /admin to access the (CENM User Admin Tool)[user-admin] via a web browser.

Install the gateway FARM service

You can install the FARM service by installing the FARM service .jar file:

java -jar farm-application.jar -f config.conf

Configure the FARM service

When you configure the FARM service, you need to:

  1. Specify the endpoint where the Auth service is exposed - this must match the IP or host name of the machine/VM/container and the port that is configured in the Auth Service config file.

  2. Specify the SSL configuration for connecting to the Auth service. You can do this using the PKI tool.

  3. Your authentication credentials, as specified in your Auth Service configuration.

  4. Your Zone Service address.

You can create a configuration file as shown in the sample, and then add this to your CENM services using the command line commands below.

# Configuration dependent on the Auth service install
auth {
    # This is the endpoint where the auth service is exposed, should be the IP or host name of
    # the machine/VM/container and the port that was configured in the auth service conf file
    serverUrl = "https://auth-service:8081/"
    # SSL config for connecting to the auth service
    # Should be the same trust store that is used when configuring the auth service
    # Generally generated by the PKI Tool
    sslConfig = {
        trustStore = "/usr/farm/certificates/corda-ssl-trust-store.jks"
        trustStorePassword = "trustpass"
    }
    # Client credentials that were configured in the auth service conf file like so:
    # clientConfig = {
    #   clients = [
    #       {
    #           clientId = "farm1"
    #           clientSecret = "secret1"
    #           scopes = [
    #               "accounts:admin"
    #           ]
    #           audience = [
    #               "zone",
    #               "network-map",
    #               "identity-manager"
    #           ]
    #       }
    #   ]
    clientCredentials = {
        clientId = "farm1"
        clientSecret = "secret1"
    }
}

# CENM zone-service address
cenm {
    zoneHost: "zone-service"
    # Admin listener port of the zone service
    zonePort: 5063
}

# port to bind to (defaults to 8080)
server {
    port = 8080
}

Manage FARM service configuration

Name of the distribution: farm-application.jar

Command line arguments:

  • -v, --verbose - If set, prints logging to the console as well as to a file.
  • --logging-level= - Enable logging at this level and higher. Defaults to INFO. Possible values: OFF, INFO, WARN, TRACE, DEBUG, ERROR, ALL
  • -f, --config-file= --config-obfuscation-passphrase[=] - The passphrase used in the key derivation function when generating an AES key
  • --config-obfuscation-seed[=] - The seed used in the key derivation function to create a salt
  • -h, --help
  • -V, --version