Sterling Connect:Direct for UNIX silent installation options file and command-line parameters

The options file contains shell script variables. cdinstall_a “source includes” the options file into its execution environment so that the variables are available. However, it will do so only after it runs a security check that UNIX or Linux commands are not specified as values for the parameter variables or as individual commands. This guards against a code injection attack.

This point is important because cdinstall_a is started under the root account. Therefore, the administrator can run arbitrary commands without cdinstall_a. However, other users or applications without root privileges can initiate an automated installation. These users or applications might specify UNIX or Linux commands in the options file, which would be processed under root. This situation creates a security issue.

The following table lists and describes these variables. If you do not specify the full path of the files in the installation package, then the path defaults to the directory where cdinstall_a was started. For example, the path name for the cpio file defaults to the package directory where cdinstall_a is located if you do not explicitly specify a path.
Variable name Command-line arguments Default value Description
cdai_installCmd=<install | upgrade | uninstall> --installCmd None. Required parameter. Specifies the type of processing to use.
cdai_cpioFile=<cpio file name> --cpioFile cdunix The installation cpio name.

If it is in a different directory than the package directory, the full path must be specified.
cdai_installDir=<target installation directory> --installDir None. Required parameter. Where to install Sterling Connect:Direct®. The administrator can choose any accessible location, but the full path must be specified
cdai_localNodeName=<Sterling Connect:Direct local name> --localNodeName Host name (required for installation only). Name to assign to the local Sterling Connect:Direct. Name is shortened to 16 characters if necessary. Specify uname to ensure that the host name of the system is used.
cdai_acquireHostnameOrIP=<h | fqn | ip4 | ip6 | string> --acquireHostnameOrIP h (required for installation only). Specify host name, fully qualified domain name, IP v4 address, or IP v6 address. Any other strings are interpreted as IP addresses or names.
  • h=host name
  • fqn=fully qualified domain name
  • ip4=IPv4 address
  • ip6=IPv6 address

String can be 0.0.0.0, 0:0:0:0:0:0:0:0, ::, 192.168.0.100, or other valid IP address.
cdai_serverPort=<port number> --serverPort 1364 Sterling Connect:Direct to Sterling Connect:Direct
cdai_clientPort=<port number> --clientPort 1363 CLI/API port
cdai_rpcPort=<port number> --rpcPort 1367 TCP/IP port to listen for a PMGR RPC client request.

Specify this port when you are engaging in silent installation over HP UX Itanium and Sun SPARC-Solaris platforms.
cdai_localCertFile=<certfile> --localCertFile None. (required for installation only). Keycert file for Sterling Connect:Direct local node and client
cdai_localCertPassphrase=<passphrase> --localCertPassphrase None. (required for installation only). Passphrase for keycert file
cdai_adminUserid=<user ID> --adminUserid None. (required for installation only). System user ID to use for the Sterling Connect:Direct administrator user ID

This parameter is no longer required in the case of a new installation of Connect:Direct for UNIX. If sudo or a similar utility has been used to acquire root privileges before executing the silent installation, the parameter cdai_adminUserid need not be set. If it is not set, the Connect:Direct's administrator user id will be the account under which sudo or the similar utility was executed.
cdai_trace=y|n --trace n Enables display of debugging information
cdai_spConfig=<file name> --spConfig None. Customized text file to update Sterling Connect:Direct parameter file as necessary. To create a parameter file, you can enter a list of commands in the spConfig text file, similarly to this example:
sync netmap
        path=/sci/silent_install/netmap.cfg
        name=*
;

  Import KeyCert
        File="/sci/silent_install/keycert.txt"
        Passphrase=password
        Label=myKeyCert
        ImportMode=Add
;

The silent install script points to this text file.

If cdai_spConfig is not specified, then only basic Sterling Connect:Direct configuration is used with the key certificate and trusted root files.
cdai_ignoreExistingInstallDir=y|n --ignoreExistingInstallDir n y causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. n causes cdinstall_a to fail if the target installation directory exists. Use y with caution when you are engaging in automated deployment across multiple systems.
cdai_allowUmaskReset=y|n --allowUmaskReset y This variable has no effect if the default umask of the adminUserid is 22 or less. If the default umask of the adminUserid is greater than 22, y causes cdinstall_a to reset the umask of the adminUserid to 22. Setting the variable to n in that case causes cdinstall_a to proceed with the more restrictive than recommended umask setting.
CAUTION:
If the installation procedure proceeds with an umask setting that is more restrictive than the recommended value, some users might not have the necessary permissions to use Sterling Connect:Direct for UNIX.
cdai_verifyUpgrade=y|n --verifyUpgrade y An upgrade command fails if pre-existing configuration files don't pass the configuration check or if the sample.cd process fails to complete successfully. This happens even when the configuration errors or sample.cd operation failure is considered tolerable. This variable allows users to choose whether to verify an upgrade or not.
cdai_trustedRootCertFile=<trusted root file> --trustedRootCertFile None. This variable allows users to deploy a custom trusted root certificate file.

If cdai_trustedRootCertFile is specified, then the automated installation arbitrarily uses this file as the trusted root certificate file.

If cdai_trustedRootCertFile is not specified, then the automated installation procedure customizes and uses the default trusted root certificate file that is included in the Sterling Connect:Direct for UNIX installation file. The default trusted root certificate file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it.

Note: This variable applies only to Sterling Connect:Direct for UNIX 4.1.0.
cdai_keystoreFile=<keystore file> --keystoreFile None. If cdai_keystoreFile is specified, then the automated installation uses this file as the keystore file. If it is not specified, then the automated installation procedure uses the default keystore file that is created during the installation. In either case, the keystore file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_keystorePassword=<keystore password> --keystorePassword None. (always required for the installation command, but only required for the upgrade command when you are upgrading a version before Sterling Connect:Direct for UNIX 4.2.0). Password for keystore file. Minimum 3 characters, maximum 80 characters. A keystore is created or updated with this password during the silent installation. This parameter is required if cdai_installCmd is install or upgrade. It is not required for an uninstall.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_localCertLabel=<certificate label name> --localCertLabel Client-API If cdai_localCertLabel is specified, the specification is used to label the keycert for use in basic Secure+ configurations for secure client connections. If it is not specified, the default label is used.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_asperaLicenseFile=<aspera license file> --asperaLicenseFile None. For an installation that uses FASP, this variable allows deployment of the required license file.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0.3 and later.
cdai_agentPort=<port number> --agentPort 1365 TCP/IP port to listen for a Control Center Director request

cdai_agentEnable=y|n

 --agentEnable y

Use to enable/disable the agent during installation

cdai_agentOSAurl=<Control Center Director OSA URL>

 --agentOSAurl None. URL used to connect Connect:Direct Agent with Control Center Director.

cdai_agentOSADisable=y|n

 --agentOSADisable
  • y (If agentOSAurl value is defined)
  • n (If agentOSAurl value is not defined)
 Allows disabling OSA without deleting osa.rest.url

cdai_agentInstallationId

 --agentInstallationId Informational only, managed by Control Center Director Identifies the Connect:Direct installation package installed by Control Center Director
cdai_cdBackupLocation=<target Connect:Direct backup path> --cdBackupLocation <installation directory>/restore

Set the custom backup path for Connect:Direct, which will be used during an upgrade.
cdai_agentBackupLocation=<target Install Agent backup path> --agentBackupLocation <installation directory>/install/restore Set the custom backup path for Install Agent, which will be used during an upgrade.
cdai_erInstallerLocation=<target installer directory> --erInstallerLocation <installation directory>/ndm/bin Set the custom backup path for installer, which will be used during emergency restore.
cdai_agentInstallerLocation=<target package download path> --agentInstallerLocation <installation directory>/install/downloads Set the location for installer download. This location will be used during an upgrade via Control Center Director.
cdai_appendUserFile=<File Name> --appendUserFile None. Text file customized with Local and Remote User Information Records to be appended to the User Authorization Information File (userfile.cfg) in addition to the default records created during an installation.
Note: The parameter can be used with version 6.1.0.1 or later.
cdai_appendNetmapFile=<File Name> --appendNetmapFile None. Text file customized with Remote Node Connection Records to be appended to the network map file (netmap.cfg) in addition to the default records created during an installation.
Note: The parameter can be used with version 6.1.0.1 or later.
cdai_installFA=y|n --installFA n
  • This variable enables file agent installation. If cdai_installFA is not specified , then file agent installation is ignored.
  • This variable can also be used during an upgrade to install Integrated File Agent as a part of upgrade process if no File Agent is installed inside Connect:Direct for UNIX installation directory.
  • If Standalone File Agent is installed inside the Connect:Direct for UNIX installation directory, this variable can be used to convert it to Integrated File Agent as a part of upgrade process.
cdai_fileAgentEnable=y|n --fileAgentEnable n Use to enable/disable File Agent during installation/upgrade.
cdai_portCheckTrustedAddr=<IPv4/IPv6 address or hostname> --portCheckTrustedAddr None. Valid address or hostname of trusted port check source (comma separated, if more than one).
The following is a sample options file:
cdai_trace="y"
cdai_installCmd="install"
cdai_cpioFile="/netshare/cdu/aix/cdunix"
cdai_installDir="/test/cdu/test001"
cdai_spConfig=spcmds.txt
cdai_localNodeName=uname
cdai_localNodeName=prod1.tul.company.com
cdai_acquireHostnameOrIP=ip4
cdai_serverPort=13364
cdai_clientPort=13363
cdai_localCertFile="keycert.txt"
cdai_localCertPassphrase="password"
cdai_adminUserid=kstep1