Post-Installation KDI Root Configuration

Configuring KDI Root is required only for advanced authorization control or cloud connectivity that enables access to Keysight cloud services and management of multiple fabrics. For cloud connectivity, configure the KDI Gateway connection. For advanced fine-grained authorization control, configure an OpenFGA-compatible database. You don't need to change the default configuration of a KDI Root to set up a local KDI Fabric.

You can modify the configuration in any of the following ways:

  • Using Configuration Files
  • Using the KDI Management UI

Configuring using Configuration File

After installation, follow these steps to connect the KDI Root to the KDI Gateway:

Configure kdi.yaml located under the %ProgramData%\Keysight\Distributed Infrastructure folder as follows, then Restart KDI Services:

Copy

kdi.yaml

...
cloud:
  lab_name: "DemoLab"
  global_client_id: democlient
  global_client_secret: democlient
  gateway_connections:
    - gateway_url: ws.demo-kdi-gateway-cloudshare.pwc.qa.cos.pwtestops.com 
...

You can obtain this information from the Keysight Support Team.
It is a container that includes:

  • gateway_url: The URL of the KDIG instance that the KDI Root intends to connect to.
    Example: demo-kdi-gateway-cloudshare.pwc.snd.cos.pwtestops.com
  • client_id: The Client ID, registered with KDIG, confers access rights to the KDIG instance.
    Client ID is an optional text requiring a minimum of 6 characters. It can be pre-approved or not as follows:
    • Pre-Approved Credentials: You can contact the IoT team on Slack at #proj-pathwave-cloud to acquire pre-approved credentials. Alternatively, if you have administrative access to the desired KDIG instance, you can add credentials using the authn_client_add API. It instantly connects the KDI Root to the gateway.
    • Un-Approved Credentials: Alternatively, you can input any client_id and secret of your choice during the configuration process. In such cases, a provisional request gets created using the provided credentials. However, if you do not specify client_id and secret, the request is generated with arbitrary credentials. The KDIG administrator must approve the request to authorize the connection.
  • client_secret: The secret associated with the Client ID registered with KDIG to authorize the KDI Root node.
    The value is based on the presence and status of the Client ID.
    • If the Client ID is pre-approved, the Client Secret must also be pre-approved and not null/blank.
    • If the Client ID is not provided, the Client Secret is not required.
    • If the Client ID is an arbitrary text, the Client Secret can also be an arbitrary text of your choice, but it must meet a minimum length of 6 characters.
  • description: The additional information about the KDIG connection.
Example: [{gateway_url: "demo-kdi-gateway-cloudshare.pwc.snd.cos.pwtestops.com", client_id: "demo_user", client_secret: "demo_secret", description: "KDIG Sandbox cluster connection"}]

Refer to KDI.YAML for more details.

  • YAML, being whitespace-sensitive, can create problems during configuration. Use an online YAML beautifier like  https://codebeautify.org/yaml-beautifier#  to verify the structure.

  • Ensure that the above section is uncommented. If it is commented out, remove"#" from the beginning of the line.

Configuring via KDI Management UI

You have the flexibility to configure KDI settings after installation, either by directly modifying the YAML files or through the Configuration section in the Manage Fabric screen in the KDI Management UI. The choice is yours.

Additionally, you can configure KDI Gateway connections through KDI Management UI.