Sterling Connect:Direct for UNIX silent installation options file and command-line parameters
The options file contains shell script variables. cdinstall_a “source includes” the options file into its execution environment so that the variables are available. However, it will do so only after it runs a security check that UNIX or Linux commands are not specified as values for the parameter variables or as individual commands. This guards against a code injection attack.
This point is important because cdinstall_a is started under the root account. Therefore, the administrator can run arbitrary commands without cdinstall_a. However, other users or applications without root privileges can initiate an automated installation. These users or applications might specify UNIX or Linux commands in the options file, which would be processed under root. This situation creates a security issue.
The following tables list and describe these variables. For the variables that refer to a file,
if the file name is not fully qualified, the file should reside in the deployment directory
where cdinstall_a resides.. For example, the path name for the
cpio file defaults to the package directory where
cdinstall_a is located if you do not explicitly specify a path.
| Variable name | Command-line arguments | Default value | Description |
|---|---|---|---|
| cdai_installCmd=install | --installCmd | None. Required parameter. | Specifies installation of new Connect:Direct node. |
| cdai_installDir=<target installation directory> | --installDir | None. Required parameter. | Where to install Sterling Connect:Direct®. The administrator can choose any accessible location, but the full path must be specified |
| cdai_localNodeName=<Sterling Connect:Direct local name> | --localNodeName | None. Required parameter. | Name to assign to the local Sterling Connect:Direct. Name is shortened to 16 characters if necessary. Specify uname to ensure that the host name of the system is used. |
| cdai_acquireHostnameOrIP=<h | fqn | ip4 | ip6 | string> | --acquireHostnameOrIP | None. Required parameter. | Specify host name, fully qualified domain name, IP v4 address,
or IP v6 address. Any other strings are interpreted as IP addresses or names.
String can be 0.0.0.0, 0:0:0:0:0:0:0:0, ::, 192.168.0.100, or other valid IP address. |
| cdai_localCertFile=<certfile> | --localCertFile | None. Required parameter | Keycert file for Sterling Connect:Direct local node and client |
| cdai_localCertPassphrase=<passphrase> | --localCertPassphrase | None. Required parameter | Passphrase for keycert file |
| cdai_adminUserid=<user ID> | --adminUserid | None. Required parameter, except for case indicated in description. | System user ID to use for the Sterling Connect:Direct
administrator user ID If sudo or a similar utility has been used to acquire root privileges before executing the silent installation, the parameter cdai_adminUserid need not be set. If it is not set, the Connect:Direct's administrator user id will be the account under which sudo or the similar utility was executed. |
| cdai_cpioFile=<cpio file name> | --cpioFile | cdunix | The installation cpio name. If it is in a different directory than the package directory, the full path must be specified. |
| cdai_keystorePassword=<keystore password> | --keystorePassword | None. Required parameter. | Password for keystore file. Minimum 3 characters, maximum 80
characters. A keystore is created or updated with this password during the silent
installation. This parameter is required if cdai_installCmd is install or
upgrade. It is not required for an uninstall.
Note: This variable applies only to Sterling Connect:Direct for UNIX
4.2.0 and later.
|
| cdai_serverPort=<port number> | --serverPort | 1364 | Sterling Connect:Direct to Sterling Connect:Direct |
| cdai_clientPort=<port number> | --clientPort | 1363 | CLI/API port |
| cdai_trace=y|n | --trace | n | Enables display of debugging information |
| cdai_tirpcCreateLink=y|n | --tirpcCreateLink | n | Checks for libtirpc.so.1 in system library and creates link if necessary. See note re libtirpc under Hardware and Software Requirements in the Release Notes for details. |
| cdai_spConfig=<file name> | --spConfig | None. | Customized text file to update Sterling Connect:Direct parameter
file as necessary. To create a parameter file, you can enter a list of commands in
the spConfig text file, similarly to this example:The silent install script points to this text file. If cdai_spConfig is not specified, then only basic Sterling Connect:Direct configuration is used with the key certificate and trusted root files. |
| cdai_ignoreExistingInstallDir=y|n | --ignoreExistingInstallDir | n | y causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. n causes cdinstall_a to fail if the target installation directory exists. Use y with caution when you are engaging in automated deployment across multiple systems. |
| cdai_allowUmaskReset=y|n | --allowUmaskReset | y | This variable has no effect if the default umask of the
adminUserid is 22 or less. If the default umask of the adminUserid is greater than
22, y causes cdinstall_a to reset the umask of the
adminUserid to 22. Setting the variable to n in that case
causes cdinstall_a to proceed with the more restrictive than recommended umask
setting. CAUTION: If the installation procedure proceeds with an umask
setting that is more restrictive than the recommended value, some users might not
have the necessary permissions to use Sterling Connect:Direct for UNIX.
|
| cdai_keystoreFile=<keystore file> | --keystoreFile | None. | If cdai_keystoreFile is specified, then the automated
installation uses this file as the keystore file. If it is not specified, then the
automated installation procedure uses the default keystore file that is created
during the installation. In either case, the keystore file is customized by adding
the certificate portion of the deployed keycert file and any other deployed
certificates to it. Note: This variable applies only to Sterling Connect:Direct for UNIX
4.2.0 and later.
|
| cdai_localCertLabel=<certificate label name> | --localCertLabel | Client-API | If cdai_localCertLabel is specified, the specification is used
to label the keycert for use in basic Secure+ configurations for secure client
connections. If it is not specified, the default label is used. Note: This variable
applies only to Sterling Connect:Direct for UNIX
4.2.0 and later.
|
| cdai_agentPort=<port number> | --agentPort | 1365 | TCP/IP port to listen for a Control Center Director request |
|
cdai_agentEnable=y|n |
--agentEnable | y |
Use to enable/disable the agent during installation |
|
cdai_agentOSAurl=<Control Center Director OSA URL> |
--agentOSAurl | None | URL used to connect Connect:Direct Agent with Control Center Director. |
|
cdai_agentOSADisable=y|n |
--agentOSADisable |
|
Allows disabling OSA without deleting osa.rest.url |
|
cdai_agentInstallationId |
--agentInstallationId | Informational only, managed by Control Center Director | Identifies the Connect:Direct installation package installed by Control Center Director |
| cdai_cdBackupLocation=<target Connect:Direct backup path> | --cdBackupLocation | <installation directory>/restore |
Set the custom backup path for Connect:Direct, which will be used during a future upgrade. |
| cdai_agentBackupLocation=<target Install Agent backup path> | --agentBackupLocation | <installation directory>/install/restore | Set the custom backup path for Install Agent, which will be used during a future upgrade. |
| cdai_erInstallerLocation=<target installer directory> | --erInstallerLocation | <installation directory>/ndm/bin | Set the custom backup path for installer, which will be used during emergency restore. |
| cdai_agentInstallerLocation=<target package download path> | --agentInstallerLocation | <installation directory>/install/downloads | Set the location for installer download. This location will be used during a future upgrade via Control Center Director. |
| cdai_appendUserFile=<File Name> | --appendUserFile | None. | Text file customized with Local and Remote User Information Records to be
appended to the User Authorization Information File (userfile.cfg) in addition to
the default records created during an installation. Note: The parameter can be used
with version 6.1.0.1 or later.
|
| cdai_appendNetmapFile=<File Name> | --appendNetmapFile | None. | Text file customized with Remote Node Connection Records to be appended to the
network map file (netmap.cfg) in addition to the default records created during an
installation. Note: The parameter can be used with version 6.1.0.1 or
later.
|
| cdai_installFA=y|n | --installFA | n |
|
| cdai_fileAgentEnable=y|n | --fileAgentEnable | n | Use to enable/disable File Agent during installation/upgrade. |
| cdai_portCheckTrustedAddr=<IPv4/IPv6 address or hostname> | --portCheckTrustedAddr | None. | Valid address or hostname of trusted port check source (comma separated, if more than one). |
| cdai_enableOum=y|n | --enableOum | n | This parameter is used for installing Connect Direct in Ordinary User mode in container only. It is not valid for a traditional install. |
| cdai_cdExecId=<user id> | --cdExecId | Same as Admin User who installed Connect:Direct | This parameter is used for specifying the standard Connect Direct user in Ordinary User mode in container only. It is not valid for a traditional install. |
| Variable name | Command-line arguments | Default value | Description |
|---|---|---|---|
| cdai_installCmd=upgrade | --installCmd | None. Required parameter. | Upgrades an existing node. |
| cdai_installDir=<target installation directory> | --installDir | None. Required parameter. | Path of Sterling Connect:Direct to be upgraded. |
| cdai_cpioFile=<cpio file name> | --cpioFile | cdunix | The upgrade cpio name. If it is in a different directory than the package directory, the full path must be specified. |
| cdai_trace=y|n | --trace | n | Enables display of debugging information |
| cdai_verifyUpgrade=y|n | --verifyUpgrade | y | An upgrade command fails if pre-existing configuration files don't pass the configuration check or if the sample.cd process fails to complete successfully. This happens even when the configuration errors or sample.cd operation failure is considered tolerable. This variable allows users to choose whether to verify an upgrade or not. |
| cdai_installFA=y|n | --installFA | n |
|
| cdai_fileAgentEnable=y|n | --fileAgentEnable | n | Use to enable/disable File Agent during installation/upgrade. |
| cdai_tirpcCreateLink=y|n | --tirpcCreateLink | n | Checks for libtirpc.so.1 in system library and creates link if necessary. See note re libtirpc under Hardware and Software Requirements in the Release Notes for details. |
| Variable name | Command-line arguments | Default value | Description |
|---|---|---|---|
| cdai_installCmd=uninstall | --installCmd | None. Required parameter. | Removes an existing node. |
| cdai_installDir=<target installation directory> | --installDir | None. Required parameter. | Path of Sterling Sterling Connect:Direct to be removed. |
| cdai_trace=y|n | --trace | n | Enables display of debugging information |
The following is a sample options
file:
cdai_trace="y"
cdai_installCmd="install"
cdai_cpioFile="/netshare/cdu/aix/cdunix"
cdai_installDir="/test/cdu/test001"
cdai_spConfig=spcmds.txt
cdai_localNodeName=uname
cdai_localNodeName=prod1.tul.company.com
cdai_acquireHostnameOrIP=ip4
cdai_serverPort=13364
cdai_clientPort=13363
cdai_localCertFile="keycert.txt"
cdai_localCertPassphrase="password"
cdai_adminUserid=kstep1