Sterling Connect:Direct for UNIX silent installation options file and command-line parameters
The options file contains shell script variables. cdinstall_a “source includes” the options file into its execution environment so that the variables are available. However, it will do so only after it runs a security check that UNIX or Linux commands are not specified as values for the parameter variables or as individual commands. This guards against a code injection attack.
This point is important because cdinstall_a is started under the root account. Therefore, the administrator can run arbitrary commands without cdinstall_a. However, other users or applications without root privileges can initiate an automated installation. These users or applications might specify UNIX or Linux commands in the options file, which would be processed under root. This situation creates a security issue.
Variable name | Command-line arguments | Default value | Description |
---|---|---|---|
cdai_installCmd=<install | upgrade | uninstall> | --installCmd | None. Required parameter. | Specifies the type of processing to use. |
cdai_cpioFile=<cpio file name> | --cpioFile | cdunix | The installation cpio name. If it is in a different directory than the package directory, the full path must be specified. |
cdai_installDir=<target installation directory> | --installDir | None. Required parameter. | Where to install Sterling Connect:Direct®. The administrator can choose any accessible location, but the full path must be specified |
cdai_localNodeName=<Sterling Connect:Direct local name> | --localNodeName | Host name (required for installation only). | Name to assign to the local Sterling Connect:Direct. Name is shortened to 16 characters if necessary. Specify uname to ensure that the host name of the system is used. |
cdai_acquireHostnameOrIP=<h | fqn | ip4 | ip6 | string> | --acquireHostnameOrIP | h (required for installation only). | Specify host name, fully qualified domain name,
IP v4 address, or IP v6 address. Any other strings are interpreted
as IP addresses or names.
String can be 0.0.0.0, 0:0:0:0:0:0:0:0, ::, 192.168.0.100, or other valid IP address. |
cdai_serverPort=<port number> | --serverPort | 1364 | Sterling Connect:Direct to Sterling Connect:Direct |
cdai_clientPort=<port number> | --clientPort | 1363 | CLI/API port |
cdai_localCertFile=<certfile> | --localCertFile | None. (required for installation only). | Keycert file for Sterling Connect:Direct local node and client |
cdai_localCertPassphrase=<passphrase> | --localCertPassphrase | None. (required for installation only). | Passphrase for keycert file |
cdai_adminUserid=<user ID> | --adminUserid | None. (required for installation only). | System user ID to use for the Sterling Connect:Direct administrator user ID |
cdai_trace=y|n | --trace | n | Enables display of debugging information |
cdai_spConfig=<file name> | --spConfig | None. | Customized text file to update Sterling Connect:Direct parameter file as necessary.
To create a parameter file, you can enter a list of commands in the spConfig text file, similarly to
this
example:
The silent install script points to this text file. If cdai_spConfig is not specified, then only basic Sterling Connect:Direct configuration is used with the key certificate and trusted root files. |
cdai_ignoreExistingInstallDir=y|n | --ignoreExistingInstallDir | n | y causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. n causes cdinstall_a to fail if the target installation directory exists. Use y with caution when you are engaging in automated deployment across multiple systems. |
cdai_allowUmaskReset=y|n | --allowUmaskReset | y | This variable has no effect if the default umask of the adminUserid is 22 or
less. If the default umask of the adminUserid is greater than 22, y causes
cdinstall_a to reset the umask of the adminUserid to 22. Setting the variable to
n in that case causes cdinstall_a to proceed with the more restrictive than
recommended umask setting. CAUTION: If the installation procedure proceeds with an umask
setting that is more restrictive than the recommended value, some users might not have the necessary
permissions to use Sterling Connect:Direct for UNIX.
|
cdai_verifyUpgrade=y|n | --verifyUpgrade | y | An upgrade command fails if pre-existing configuration files don't pass the configuration check or if the sample.cd process fails to complete successfully. This happens even when the configuration errors or sample.cd operation failure is considered tolerable. This variable allows users to choose whether to verify an upgrade or not. |
cdai_trustedRootCertFile=<trusted root file> | --trustedRootCertFile | None. | This variable allows users to deploy a custom trusted root certificate
file. If cdai_trustedRootCertFile is specified, then the automated installation arbitrarily uses this file as the trusted root certificate file. If cdai_trustedRootCertFile is not specified, then the automated installation procedure customizes and uses the default trusted root certificate file that is included in the Sterling Connect:Direct for UNIX installation file. The default trusted root certificate file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it. Note: This variable applies only
to Sterling Connect:Direct for UNIX
4.1.0.
|
cdai_keystoreFile=<keystore file> | --keystoreFile | None. | If cdai_keystoreFile is specified, then the automated installation uses this
file as the keystore file. If it is not specified, then the automated installation procedure uses
the default keystore file that is created during the installation. In either case, the keystore file
is customized by adding the certificate portion of the deployed keycert file and any other deployed
certificates to it. Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and
later.
|
cdai_keystorePassword=<keystore password> | --keystorePassword | None. (always required for the installation command, but only required for the upgrade command when you are upgrading a version before Sterling Connect:Direct for UNIX 4.2.0). | Password for keystore file. Minimum 3 characters, maximum 80 characters. A
keystore is created or updated with this password during the silent installation. This parameter is
required if cdai_installCmd is install or upgrade. It is not required for an
uninstall.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
|
cdai_localCertLabel=<certificate label name> | --localCertLabel | Client-API | If cdai_localCertLabel is specified, the specification is used to label the
keycert for use in basic Secure+ configurations for secure client connections. If it is not
specified, the default label is used. Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and
later.
|
cdai_asperaLicenseFile=<aspera license file> | --asperaLicenseFile | None. | For an installation that uses FASP, this variable allows deployment of the
required license file. Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0.3 and
later.
|
cdai_trace="y"
cdai_installCmd="install"
cdai_cpioFile="/netshare/cdu/aix/cdunix"
cdai_installDir="/test/cdu/test001"
cdai_spConfig=spcmds.txt
cdai_localNodeName=uname
cdai_localNodeName=prod1.tul.company.com
cdai_acquireHostnameOrIP=ip4
cdai_serverPort=13364
cdai_clientPort=13363
cdai_localCertFile="keycert.txt"
cdai_localCertPassphrase="password"
cdai_adminUserid=kstep1