Automate Setup with the Secure+ CLI
The Java-based Connect:Direct® Command Line Interface (Secure+ CLI) and sample script enable you to create customized script that automate creating an initial installation of IBM Connect:Direct, populating the Secure+ parameters file, and managing node records. You can then distribute these scripts throughout your enterprise to implement the IBM Connect:Direct application. Before you create the scripts for distribution, consider creating an installation of Connect:Direct Secure Plus using the Secure+ Admin Tool and testing it to verify the results.
Model Automation Scripts
The following scripts are provided as models for creating custom scripts to define your Connect:Direct Secure Plus environment and automate the implementation of it. To prevent any loss of data, you cannot run the scripts, but you can save them with a different name and modify them to suit your needs.
Configure Connect:Direct Secure Plus to Use the TLS Protocol
The spcust_sample1 script demonstrates using the Secure+ CLI to configure Connect:Direct Secure Plus to use the TLS protocol with the trusted root file, key certificates, and ciphers.
#! /bin/sh
#
#############################################################################
# Licensed Materials - Property of IBM
#
# Connect:Direct for UNIX
#
# (C) Copyright IBM Corp. 1992, 2014 All Rights Reserved.
#
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.
#############################################################################
#
# spcust_sample1.sh contains an example of configuring
# Secure+ to use SSL or TLS protocols with the Secure+ CLI.
# The example demonstrates the configuration of Secure+
# with the trusted root and key certificates and ciphers
#
#
# Variables
#
# The return code.
# spcli.sh returns the highest return code of the commands
# it executed. Possible return codes and their meanings are
# 0 success
# 4 warning
# 8 error
# 16 fatal error
RC=0
#
#
# Functions
#
#
# Custom initialization logic written by customer.
#
initCustom()
{
# Customer adds custom initialization code here.
echo "Init custom..."
# rm -rf /sci/users/jlyon/cd42/ndm/secure+/nodes
}
#
# Invoke CLI to configure Secure+.
#
invokeCLI()
{
/sci/users/jlyon/cd42/ndm/bin/spcli.sh -e 8 -li y << EOF
;
display info
;
;
; -- Synch with netmap
;
sync netmap
path=/sci/users/jlyon/cd42/ndm/cfg/<node name>/netmap.cfg
name=*
;
;
; -- Import KeyCert
;
Import KeyCert
File=<path to Key Certificate file>
Passphrase=<KeyStore passphrase>
Label=<optional, destination name of key certificate>
ImportMode=<Add | Replace | AddOrReplace>
;
;
; -- Import TrustedCert
;
Import TrustedCert
File=<path to Trusted Certificate file>
ImportMode=<Add | Replace | AddOrReplace>
;
;
; -- Update LocalNode
;
Update LocalNode
Protocol=<Comma delimited list of Protocols, see Display Protocols>
SecurityMode=<One Security Mode, see Display SecurityModes>
Override=<y | n>
AuthTimeout=<nnn seconds>
KeyCertLabel=<label of key certificate | null>
EncryptData=<y | n>
ClientAuth=<y | n>
CipherSuites=<Comma delimited list of Ciphersuites | All | null>
SeaEnable=<y | n>
SeaCertValDef=<external authentication server certificate validation definition | null>
;
;
; -- Display localnode
;
display localnode
;
;
; -- Validate parmfile
;
validate parmfile
;
EOF
return $?
}
#
# Custom termination logic written by customer.
#
terminateCustom()
{
# Customer adds custom termination code here.
# For example, E-mail standard out log for review.
# Send error messages to system monitoring facility.
echo "$RC"
echo "Custom Terminating ... "
}
#
# Main script
#
echo
echo "This script has been prevented from running because it will alter the configuration"
echo "of Secure+. Before removing this warning and its exit call, please modify the script"
echo "so that it carries out only desired modifications to the configuration of Secure+."
echo
exit
initCustom
invokeCLI
RC=$?
terminateCustom
exit $RC
Sample Script
The following script is provided as a model for creating custom scripts to define your IBM Connect:Direct environment and automate the implementation of it. To prevent any loss of data, you cannot run the script, but you can save it with a different name and modify it to suit your needs.
The sample script is available in Automation Script. The script is designed to assist you as follows:
- spcust_sample1.sh
An example of configuring IBM Connect:Direct to use the TLS protocol with the Secure+ CLI. The example demonstrates the configuration of Connect:Direct with the trusted root file, key certificates, and ciphers.