Adding a JWT Token To a Configuration File

When running lbcli commands, the jwt token must be provided via the -J variable, like this: lbcli -J $LIGHTOS_JWT get cluster.

There is another way also, which is to configure the system jwt into a configuration file on the Lightbits server. In this way lbcli commands can be run from that server without the -J variable.

Having the system JWT preconfigured introduces security concerns, because any lbcli command can now be run. Therefore it's important to ensure that the server is secured.

After deploying the cluster, grab the system jwt. From the Ansible installation host, the file will be in located in ~/lightos-system-jwt. Show the content of the file with cat:

Bash
    
 
cat ~/lightos-system-jwt
Copy

The output should show the token, as below. Note that the token has been cut for brevity.

Bash
    
 
export LIGHTOS_JWT=eyJhbGciOi<remaining jwt content>BaFEuMsT9gQNQA
Copy

Copy the jwt token portion (everything after "LIGHTOS_JWT="). Note that its long output will span multiple lines of terminal output; however, it should only take up one line in a file.

On a Lightbits server, edit /etc/lbcli/lbcli.yaml and append the jwt to the bottom.

jwt: <jwt>

The full content of /etc/lbcli/lbcli.yaml will be similar to this:

YAML
    
 
output-format: human-readabledial-timeout: 5scommand-timeout: 60sinsecure-transport: falseinsecure-skip-tls-verify: truedebug: falseapi-version: 2logger-max-size-mib: 100logger-max-backups: 5logger-max-age-days: 10endpoint: https://127.0.0.1:443jwt: eyJhbGciOi<remaining jwt content>BaFEuMsT9gQNQA
Copy

Last updated on

Was this page helpful?