Connect:Direct for UNIX silent installation

Edit online

The following installation and configuration files are required for a silent installation of Connect:Direct® for UNIX:

  • cdinstall_a script
  • cdinstall script
  • cpio file (installation archive)
  • key certificate
  • Options file (unless you specify all parameters on the command line)
On the command line, you can specify parameters, such as the parameters in the following list:
  • key certificate passphrase
  • Connect:Direct server port
  • Connect:Direct client port
  • Connect:Direct administrator user ID
Refer to CDUW_CDUNIXOptionsFileCmdLineParams.html for a description of the options file and command-line parameters. The options file and command-line parameters are important when you do not use Control Center for configuration tasks or an enterprise deployment tool.
Attention: Command-line parameters override the settings in the options file.
The cdinstall_a script provides the essential installation and configuration capabilities for deploying Connect:Direct for UNIX. This script uses the cdinstall and cdcust scripts.

The cdinstall_a script reads the options file, command-line arguments, or both for the necessary arguments that are needed for execution. This information includes the deployment command to run: install, upgrade, or uninstall, the installation directory for Connect:Direct, the platform-specific cpio file, and other information.

Refer to CDUW_cdinstall_aScriptOperation.html for a detailed description of how cdinstall_a operates. This information is essential if you do not use Control Center for configuration tasks or an enterprise deployment tool.

Restriction: Different UNIX and Linux operating systems have different command-line length limitations. An effective method for silent installations is to use an options file to specify your parameters instead of the command line.
The following installation and configuration files are optional for a silent installation of Connect:Direct for UNIX:
  • Connect:Direct Secure Plus configuration command file (permits extended configuration of Connect:Direct Secure Plus)
  • initparm.cfg
  • netmap.cfg
  • userfile.cfg
  • Xlate tables (the file extension must be .sxlt)
    Note: The silent install requires the original pre-compiled .sxlt files to import. Re-naming an existing .xlt file to .sxlt does not work because the silent install does the compile process during the install.
  • More key certificate files to use with the Connect:Direct Secure Plus configuration command line (the file extension must be .pem, .cer, or .crt)

Refer to the IBM® Connect:Direct for UNIX Administration Guide for more information about .cfg files and xlate tables.

Refer to the IBM Connect:Direct Secure Plus for UNIX Administration Guide for more information about the Connect:Direct Secure Plus configuration command file and key certificate files.

Sterling Connect:Direct for UNIX silent installation options file and command-line parameters

Edit online

The options file contains shell script variables. cdinstall_a “source includes” the options file into its execution environment so that the variables are available. However, it will do so only after it runs a security check that UNIX or Linux commands are not specified as values for the parameter variables or as individual commands. This guards against a code injection attack.

This point is important because cdinstall_a is started under the root account. Therefore, the administrator can run arbitrary commands without cdinstall_a. However, other users or applications without root privileges can initiate an automated installation. These users or applications might specify UNIX or Linux commands in the options file, which would be processed under root. This situation creates a security issue.

The following tables list and describe these variables. For the variables that refer to a file, if the file name is not fully qualified, the file should reside in the deployment directory where cdinstall_a resides.. For example, the path name for the cpio file defaults to the package directory where cdinstall_a is located if you do not explicitly specify a path.
Table 1. Installation
Variable name Command-line arguments Default value Description
cdai_installCmd=install --installCmd None. Required parameter. Specifies installation of new Connect:Direct node.
cdai_installDir=<target installation directory> --installDir None. Required parameter. Where to install Sterling Connect:Direct. The administrator can choose any accessible location, but the full path must be specified
cdai_localNodeName=<Sterling Connect:Direct local name> --localNodeName None. Required parameter. Name to assign to the local Sterling Connect:Direct. Name is shortened to 16 characters if necessary. Specify uname to ensure that the host name of the system is used.
cdai_acquireHostnameOrIP=<h | fqn | ip4 | ip6 | string> --acquireHostnameOrIP None. Required parameter. Specify host name, fully qualified domain name, IP v4 address, or IP v6 address. Any other strings are interpreted as IP addresses or names.
  • h=host name
  • fqn=fully qualified domain name
  • ip4=IPv4 address
  • ip6=IPv6 address

String can be 0.0.0.0, 0:0:0:0:0:0:0:0, ::, 192.168.0.100, or other valid IP address.
cdai_localCertFile=<certfile> --localCertFile None. Required parameter Keycert file for Sterling Connect:Direct local node and client
cdai_localCertPassphrase=<passphrase> --localCertPassphrase None. Required parameter Passphrase for keycert file
cdai_adminUserid=<user ID> --adminUserid None. Required parameter, except for case indicated in description. System user ID to use for the Sterling Connect:Direct administrator user ID

If sudo or a similar utility has been used to acquire root privileges before executing the silent installation, the parameter cdai_adminUserid need not be set. If it is not set, the Connect:Direct's administrator user id will be the account under which sudo or the similar utility was executed.
cdai_cpioFile=<cpio file name> --cpioFile cdunix The installation cpio name.

If it is in a different directory than the package directory, the full path must be specified.
cdai_keystorePassword=<keystore password> --keystorePassword None. Required parameter. Password for keystore file. Minimum 3 characters, maximum 80 characters. A keystore is created or updated with this password during the silent installation. This parameter is required if cdai_installCmd is install or upgrade. It is not required for an uninstall.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_serverPort=<port number> --serverPort 1364 Sterling Connect:Direct to Sterling Connect:Direct
cdai_clientPort=<port number> --clientPort 1363 CLI/API port
cdai_trace=y|n --trace n Enables display of debugging information
cdai_tirpcCreateLink=y|n --tirpcCreateLink n Checks for libtirpc.so.1 in system library and creates link if necessary. See note re libtirpc under ../../cd_unix/cdunix_relnotes/CDU_Requirements.html in the Release Notes for details.
cdai_spConfig=<file name> --spConfig None. Customized text file to update Sterling Connect:Direct parameter file as necessary. To create a parameter file, you can enter a list of commands in the spConfig text file, similarly to this example:
sync netmap
        path=/sci/silent_install/netmap.cfg
        name=*
;

  Import KeyCert
        File="/sci/silent_install/keycert.txt"
        Passphrase=password
        Label=myKeyCert
        ImportMode=Add
;

The silent install script points to this text file.

If cdai_spConfig is not specified, then only basic Sterling Connect:Direct configuration is used with the key certificate and trusted root files.
cdai_ignoreExistingInstallDir=y|n --ignoreExistingInstallDir n y causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. n causes cdinstall_a to fail if the target installation directory exists. Use y with caution when you are engaging in automated deployment across multiple systems.
cdai_allowUmaskReset=y|n --allowUmaskReset y This variable has no effect if the default umask of the adminUserid is 22 or less. If the default umask of the adminUserid is greater than 22, y causes cdinstall_a to reset the umask of the adminUserid to 22. Setting the variable to n in that case causes cdinstall_a to proceed with the more restrictive than recommended umask setting.
CAUTION:
If the installation procedure proceeds with an umask setting that is more restrictive than the recommended value, some users might not have the necessary permissions to use Sterling Connect:Direct for UNIX.
cdai_keystoreFile=<keystore file> --keystoreFile None. If cdai_keystoreFile is specified, then the automated installation uses this file as the keystore file. If it is not specified, then the automated installation procedure uses the default keystore file that is created during the installation. In either case, the keystore file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_localCertLabel=<certificate label name> --localCertLabel Client-API If cdai_localCertLabel is specified, the specification is used to label the keycert for use in basic Secure+ configurations for secure client connections. If it is not specified, the default label is used.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_asperaLicenseFile=<aspera license file> --asperaLicenseFile None. For an installation that uses FASP, this variable allows deployment of the required license file.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0.3 and later.
cdai_agentPort=<port number> --agentPort 1365 TCP/IP port to listen for a Control Center Director request

cdai_agentEnable=y|n

 --agentEnable y

Use to enable/disable the agent during installation

cdai_agentOSAurl=<Control Center Director OSA URL>

 --agentOSAurl None URL used to connect Connect:Direct Agent with Control Center Director.

cdai_agentOSADisable=y|n

 --agentOSADisable
  • y (If agentOSAurl value is defined)
  • n (If agentOSAurl value is not defined)
 Allows disabling OSA without deleting osa.rest.url

cdai_agentInstallationId

 --agentInstallationId Informational only, managed by Control Center Director Identifies the Connect:Direct installation package installed by Control Center Director
cdai_cdBackupLocation=<target Connect:Direct backup path> --cdBackupLocation <installation directory>/restore

Set the custom backup path for Connect:Direct, which will be used during a future upgrade.
cdai_agentBackupLocation=<target Install Agent backup path> --agentBackupLocation <installation directory>/install/restore Set the custom backup path for Install Agent, which will be used during a future upgrade.
cdai_erInstallerLocation=<target installer directory> --erInstallerLocation <installation directory>/ndm/bin Set the custom backup path for installer, which will be used during emergency restore.
cdai_agentInstallerLocation=<target package download path> --agentInstallerLocation <installation directory>/install/downloads Set the location for installer download. This location will be used during a future upgrade via Control Center Director.
cdai_appendUserFile=<File Name> --appendUserFile None. Text file customized with Local and Remote User Information Records to be appended to the User Authorization Information File (userfile.cfg) in addition to the default records created during an installation.
Note: The parameter can be used with version 6.1.0.1 or later.
cdai_appendNetmapFile=<File Name> --appendNetmapFile None. Text file customized with Remote Node Connection Records to be appended to the network map file (netmap.cfg) in addition to the default records created during an installation.
Note: The parameter can be used with version 6.1.0.1 or later.
cdai_installFA=y|n --installFA n
  • This variable enables file agent installation. If cdai_installFA is not specified, then file agent installation is ignored.
  • This variable can also be used during an upgrade to install Integrated File Agent as a part of upgrade process if no File Agent is installed inside Connect:Direct for UNIX installation directory.
  • If Standalone File Agent is installed inside the Connect:Direct for UNIX installation directory, this variable can be used to convert it to Integrated File Agent as a part of upgrade process.
cdai_fileAgentEnable=y|n --fileAgentEnable n Use to enable/disable File Agent during installation/upgrade.
cdai_portCheckTrustedAddr=<IPv4/IPv6 address or hostname> --portCheckTrustedAddr None. Valid address or hostname of trusted port check source (comma separated, if more than one).
cdai_enableOum=y|n --enableOum n This parameter is used for installing Connect Direct in Ordinary User mode in container only. It is not valid for a traditional install.
cdai_cdExecId=<user id> --cdExecId Same as Admin User who installed Connect:Direct This parameter is used for specifying the standard Connect Direct user in Ordinary User mode in container only. It is not valid for a traditional install.
Table 2. Upgrade
Variable name Command-line arguments Default value Description
cdai_installCmd=upgrade --installCmd None. Required parameter. Upgrades an existing node.
cdai_installDir=<target installation directory> --installDir None. Required parameter. Path of Sterling Connect:Direct to be upgraded.
cdai_cpioFile=<cpio file name> --cpioFile cdunix The upgrade cpio name.

If it is in a different directory than the package directory, the full path must be specified.
cdai_trace=y|n --trace n Enables display of debugging information
cdai_verifyUpgrade=y|n --verifyUpgrade y An upgrade command fails if pre-existing configuration files don't pass the configuration check or if the sample.cd process fails to complete successfully. This happens even when the configuration errors or sample.cd operation failure is considered tolerable. This variable allows users to choose whether to verify an upgrade or not.
cdai_installFA=y|n --installFA n
  • This variable can be used during an upgrade to install Integrated File Agent as a part of upgrade process if no File Agent is installed inside Connect:Direct for UNIX installation directory.
  • If Standalone File Agent is installed inside the Connect:Direct for UNIX installation directory, this variable can be used to convert it to Integrated File Agent as a part of upgrade process.
cdai_fileAgentEnable=y|n --fileAgentEnable n Use to enable/disable File Agent during installation/upgrade.
cdai_tirpcCreateLink=y|n --tirpcCreateLink n Checks for libtirpc.so.1 in system library and creates link if necessary. See note re libtirpc under ../../cd_unix/cdunix_relnotes/CDU_Requirements.html in the Release Notes for details.
Table 3. Uninstall
Variable name Command-line arguments Default value Description
cdai_installCmd=uninstall --installCmd None. Required parameter. Removes an existing node.
cdai_installDir=<target installation directory> --installDir None. Required parameter. Path of Sterling Sterling Connect:Direct to be removed.
cdai_trace=y|n --trace n Enables display of debugging information

The following is a sample options file:
cdai_trace="y"
cdai_installCmd="install"
cdai_cpioFile="/netshare/cdu/aix/cdunix"
cdai_installDir="/test/cdu/test001"
cdai_spConfig=spcmds.txt
cdai_localNodeName=uname
cdai_localNodeName=prod1.tul.company.com
cdai_acquireHostnameOrIP=ip4
cdai_serverPort=13364
cdai_clientPort=13363
cdai_localCertFile="keycert.txt"
cdai_localCertPassphrase="password"
cdai_adminUserid=kstep1

cdinstall_a script operation

Edit online

cdinstall_a is a script that acts as a “wrapper” script for cdinstall to set up an installation environment. It also starts other installation and customization shell scripts and the following executables: cdinstall, cdcust, ndmxlt, and spcli.sh.

The command-line arguments have the same name as the parameters in the options file except the prefix cdai_ is removed. For example, the command-line argument for cdai_installCmd in the options file is --installCmd and cdai_cpioFile becomes --cpioFile.

If you specify both an options file and command-line arguments, then the command-line arguments override the corresponding values in the options file.

Restriction: Different UNIX and Linux operating systems have different command-line length limitations. The best practice for silent installations is to use an options file to specify your parameters instead of the command line.
To start cdinstall_a with an options file, use the following syntax:
$ cdinstall_a –f <options file>
To start cdinstall_a with command-line arguments, refer the following example:
$ cdinstall_a –-installCmd upgrade –-cpioFile <file name> --installDir <CDU install dir>

Basic installation and configuration

Edit online

A basic installation includes only the basic installation steps with the required deployment and installation files.

Important: Log on as root before you start the cdinstall_a script. If the root password is unavailable, but root authority can be properly acquired per your company's security policies via a utility like sudo, then acquire root authority via the utility and then execute cdinstall_a script.

Installing Connect:Direct for UNIX

Edit online

Complete the following procedure to perform a basic installation of Connect:Direct for UNIX:

Procedure

  1. Create the options file to install Connect:Direct for UNIX.
  2. Log in to the target system as root.
    Note: If the root password is unavailable, but root authority can be properly acquired per your company's security policies via a utility like sudo, then acquire root authority via the utility and then execute cdinstall_a script.
  3. Make a deployment directory on the target system to stage the installation files.
    Note: The deployment directory must be outside the Connect:Direct for UNIX Installation directory structure, i.e. not a sub-directory to the Connect:Direct for UNIX installation directory.
  4. Copy cdinstall_a, cdinstall, the cpio file, keycert file, and the options file to the deployment directory. You can put the cpio file on a network file system instead of the deployment directory.
  5. Run cdinstall_a.
  6. Review the log file in the deployment directory (cdaiLog.txt).

Upgrading or applying a fix pack to Connect:Direct for UNIX

Edit online

Complete the following procedure to perform a basic upgrade or fix pack application of Connect:Direct for UNIX:

Procedure

  1. Copy and modify the installation options file for the upgrade.
  2. Log in to the target system as root.
  3. Copy cdinstall_a, cdinstall, the cpio file, and the options file to the deployment directory. You can copy the cpio file to a network file system instead of the deployment directory.
  4. Run cdinstall_a.
  5. Review the log file in the deployment directory (cdaiLog.txt).

Uninstalling Connect:Direct for UNIX

Edit online

Complete the following procedure to uninstall Connect:Direct for UNIX:

Procedure

  1. Copy and modify the installation options file and copy cdinstall_a to the deployment directory.
  2. Log in to the target system as root.
  3. Run cdinstall_a.
  4. Review the log file in the deployment directory (cdaiLog.txt).
  5. If cdinstall_a fails:
    1. Stop Connect:Direct with the command-line interface (or issue kill -9 <cdpmgr pid>).
    2. Under the root ID, issue rm -rf <Sterling Connect:Direct install directory>.
  6. Remove the deployment directory and contents.

Complete installation and configuration

Edit online

The complete, script-only installation and configuration include the basic installation steps. Optionally, you can add any combination of more keycerts, Connect:Direct configuration files, the Connect:Direct Secure Plus configuration command file, and Xlate tables.

After installation, you can use Control Center to do more configuration of your Connect:Direct nodes. This configuration includes updating netmaps with other newly installed nodes and applying production keycerts to the deployed nodes.

Installing Connect:Direct for UNIX with optional files

Edit online

Complete the following procedure for a complete, script-only installation of Connect:Direct for UNIX:

Procedure

  1. Create the options file to install Connect:Direct.
  2. Create one of more of the following optional files:
    • More keycert files
    • Connect:Direct initparm.cfg, netmap.cfg, or userfile.cfg files. You can use one or more of these files.
      Note: If the silent installation options file includes port numbers different from the port numbers that are specified in the optional .cfg files, the silent installation overrides the options file parameters and uses the parameters from the optional .cfg files.
    • Connect:Direct Secure Plus configuration command file
    • Xlate tables
  3. Log in to the target server.
  4. Create a deployment directory.
  5. Copy the cdinstall_a, cdinstall, keycert file, cpio file, options file, and other files to the deployment directory. You can put the cpio file on a network file system instead of the deployment directory.
  6. Run cdinstall_a.
  7. Review the log file in the deployment directory (cdaiLog.txt).

Upgrading or applying a fix pack to Connect:Direct for UNIX with optional files

Edit online

Complete the following procedure to perform a complete, script-only upgrade, or fix pack application of Connect:Direct for UNIX:

Procedure

  1. Copy and modify the installation options file.
  2. Log in to the target server as root.
  3. Copy cdinstall_a, cdinstall, the cpio file, and the options file to the deployment directory. You can copy the cpio file to a network file system instead of the deployment directory.
  4. Run cdinstall_a.
  5. Review the log file in the deployment directory (cdaiLog.txt).

Configuring and monitoring Connect:Direct for UNIX with Control Center

Edit online

After you deploy Connect:Direct for UNIX by any of the previous methods, use Control Center to quickly complete more configuration and to monitor the new Connect:Direct nodes. Control Center provides full functionality for configuring, monitoring, and analyzing your Connect:Direct servers.

About this task

Complete the following procedure to configure and monitor Connect:Direct nodes with Control Center.

Procedure

  1. Configure secure connections from Control Center to the new Connect:Direct nodes with unique keycerts for each node. For more information, see the IBM Sterling Control Center System Administration Guide.
  2. Perform post-deployment configuration on these nodes.
    • Add new Connect:Direct nodes to the netmaps of the existing nodes.
    • Add Connect:Direct nodes to the netmaps of new nodes.
    • Update the functional authorities on each node.
    • Update the user proxies on each node.
    For more information, see the IBM Sterling Control Center Configuration Management Guide.