Server components installation - serverinst script

The master domain manager, backup domain manager, dynamic domain manager, backup dynamic domain manager, and installation parameters that can be defined for the serverinst script.

This section lists and describes the parameters that are used when running a serverinst script to install the master domain manager and backup domain manager, dynamic domain manager, and backup dynamic domain manager.

Certificates are now required when installing or upgrading IBM® Workload Scheduler. You can no longer install nor upgrade IBM Workload Scheduler without securing your environment with certificates. The required certificates are:
  • ca.crt
  • tls.key
  • tls.crt
For UNIX systems, ensure that all the files have the ownership of the user who installed the master domain manager and the correct permissions (644).

You can specify values in the properties file, type them in the command line, or use both methods. If a parameter is specified both in the properties file and in the command line, the command line value takes precedence.

The log files generated from this command are located in the following path:
On Windows operating systems
TWA_home\logs
On UNIX operating systems
TWA_DATA_DIR/installation/logs

Syntax

On Windows™ operating systems:
Show command usage
cscript serverinst.vbs -? | --usage | --help
Retrieve the command parameters and values from a properties file
cscript serverinst.vbs --propfile|-f  [properties_file]
General information

    cscript serverinst.vbs
    --acceptlicense yes|no
   [--lang lang_id]
   [--inst_dir install_dir]
   [--work_dir working_dir]
   [--skipcheckprereq true|false]
   [--skipcheckemptydir true|false]
   [--skipusercheck true|false]
      
Configuration information for the data source

    --rdbmstype|-r DB2 | ORACLE | MSSQL | POSTGRESQL
    [--dbname db_name]
    [--dbuser db_user]
    --dbpassword db_password
    [--dbport db_port]
     --dbhostname db_hostname
    [--dbdriverpath db_driver_path]
    [--dbsslconnection true | false]
    
Security options

   --sslkeysfolder  keystore_truststore_folder
   --sslpassword ssl_password
   [--enablefips true | false]
User information

    [--wadomain]
    [--wauser wa_user]
    [--wapassword wa_password]
    
Configuration information for the application server

     --wlpdir|-w wlp_directory
    [--httpsport https_port]
    [--bootstrapport bootstrap_port]
    [--bootsecport bootstrap_sec_port]
    [--startserver true | false]
Configuration information for dynamic scheduling

    [--displayname agent_name]
    [--jmport port_number]
Configuration information for the master domain manager

    [--componenttype MDM | DDM]
    
Configuration options when --componenttype is MDM

    [--company company_name]
    [--hostname hostname]
    [--thiscpu workstation]
    
    [--eifport eif_port]
    [--brwksname broker_workstation_name]
    [--brnetmanport broker_netman_port]
    [--netmanport netman_port_number]
    [--netmansslport netman_port_number]
    
Configuration options when --componenttype is DDM

    [--domain domain_name]
     --master mdm-domain_name
     --mdmhttpsport mdm_https_port
     --mdmbrokerhostnamemdm_hostname
    [--eifport eif_port]
    [--brwksname broker_workstation_name]
    [--brnetmanport broker_netman_port]
    [--netmanport netman_port_number]
    [--netmansslport netman_port_number]
    [--isforzos yes|no]
IBM Workload Scheduler encryption options

    [--useencryption true | false]
    [--encryptionpassword default]
On UNIX® operating systems
Show command usage
./serverinst.sh -? | --usage | --help
Retrieve the command parameters and values from a properties file
./serverinst.sh --propfile|-f  [properties_file]
General information

    ./serverinst.sh
    --acceptlicense yes|no
   [--lang lang_id]
   [--inst_dir install_dir]
   [--work_dir working_dir]
   [--data_dir wa_datadir]
   [--skipcheckprereq true|false]
   [--skipcheckemptydir true|false] 
Configuration information for the data source

    --rdbmstype|-r DB2 | ORACLE | MSSQL |  POSTGRESQL
    [--dbname db_name]
    [--dbuser db_user]
     --dbpassword db_password
    [--dbport db_port]
     --dbhostname db_hostname
    [--dbdriverpath db_driver_path]
    [--dbsslconnection true | false]
    
Security options

   --sslkeysfolder  keystore_truststore_folder
   --sslpassword ssl_password
   [--enablefips true | false]
User information

    [--wauser wa_user]
    [--wapassword wa_password]
    
Configuration information for the application server

     --wlpdir|-w wlp_directory
    [--httpsport https_port]
    [--bootstrapport bootstrap_port]
    [--bootsecport bootstrap_sec_port]
    [--startserver true | false]
Configuration information for dynamic scheduling

    [--displayname agent_name]
    [--jmport port_number]
Configuration information for the master domain manager

    [--componenttype MDM | DDM]
    
Configuration options when --componenttype is MDM

    [--company company_name]
    [--hostname hostname]
    [--thiscpu workstation

    [--eifport eif_port]
    [--brwksname broker_workstation_name]
    [--brnetmanport broker_netman_port]
    [--netmanport netman_port_number]
    [--netmansslport netman_port_number]
    
Configuration options when --componenttype is DDM

    [--domain domain_name]
     --master mdm_domain_name
     --mdmhttpsport mdm_https_port
     --mdmbrokerhostname mdm_hostname
     --eifport eif_port]
    [--brwksname broker_workstation_name]
    [--brnetmanport broker_netman_port]
    [--netmanport netman_port_number]
    [--netmansslport netman_port_number]
    [--isforzos yes|no]
IBM Workload Scheduler encryption options

    [--useencryption true | false]
    [--encryptionpassword default]

Arguments

? | --usage | --help
Displays the command usage and exits.
--propfile|-f [properties_file]
Optionally specify a properties file containing custom values for serverinst parameters. The default file is
On Windows systems
image_dir>\TWS95_WIN_X86_64_SERVER\TWS\WINDOWS_X86_64\serverinst.properties
On UNIX systems
image_dir>/TWS/interp>/serverinst.properties
Specifying a properties file is suggested if you have a high number of parameters which require custom values. You can also reuse the file with minimal modification for several installations. If you create a custom properties file, specify its name and path with the -f parameter.

General information

--acceptlicense yes|no
Specify whether to accept the License Agreement.
--lang lang_id
The language in which the messages returned by the command are displayed. If not specified, the system LANG is used. If the related catalog is missing, the default C language catalog is used. If neither --lang nor LANG are used, the default codepage is set to SBCS. For a list of valid values for these variables, see the following table:
Table 1. Valid values for -lang and LANG parameter
Language Value
Brazilian Portuguese pt_BR
Chinese (traditional and simplified) zh_CN, zh_TW
English en
French fr
German de
Italian it
Japanese ja
Korean ko
Russian ru
Spanish es
Note: This is the language in which the installation log is recorded and not the language of the installed component instance. The command installs all languages as default.
--inst_dir installation_dir
The directory of the IBM Workload Scheduler installation. This parameter is optional. The default value is:
On Windows operating systems
C:\Program Files\wa
On UNIX operating systems
/opt/wa
--work_dir working_dir
The temporary directory used by the program to deploy the installation process files. This parameter is optional. The default value is:
On Windows operating systems
C:\TMP
On UNIX operating systems
/tmp/waversion_number
This parameter can also function as a backup directory during product upgrade with path WORKING_DIR/backup.
--data_dir wa_datadir
UNIX operating systems only. Specify the path to a directory where you want to store the logs and configuration files produced by IBM Workload Scheduler. This parameter is optional. If you do not specify this parameter, all data files generated by IBM Workload Scheduler are stored in the TWA_home/TWSDATA directory. This path is called, in the publications, TWA_DATA_DIR.
--skipcheckprereq true|false
If you set this parameter to false, IBM Workload Scheduler does not scan system prerequisites before starting the installation. This parameter is optional. The default value is true. For more information about the prerequisite check, see Scanning system prerequisites for IBM Workload Scheduler.
--skipcheckemptydir true|false
Set this parameter to true to avoid checking whether the installation directory is empty. By default, this parameter is false, because starting from version 9.5 the installation directory must be empty. If you set this parameter to true and the installation directory is not empty, the installation process might fail.
--skipusercheck true|false
If you set this parameter to true, IBM Workload Scheduler, performs no checks on the user. This parameter is optional. The default value is false. By default, the following checks are performed:
local user
The script checks if the specified user is existing, has the correct access rights, and the password specified with the wapassword parameter is correct. If the user does not exist, the script creates it and grants it the correct access rights. If the specified password is incorrect, the script returns an error and the installation process stops.
domain user
The script checks if the specified user is existing, has the correct access rights, and the password specified with the wapassword parameter is correct. If the user does not exist, the script cannot create it and the installation process ends in error. If the user exists but does not have the correct access rights, the script assigns it the required rights. If the specified password is incorrect, the script returns an error and the installation process stops.

Configuration information for the data source

The values for these parameters must match the values defined by the database administrator when creating the database. For more information, see Creating and populating the database and browse to the topic for the database you are using.

--rdbmstype|-r rdbms_type
The database type. Supported databases are:
  • DB2
  • ORACLE This value applies to Oracle and Amazon RDS for Oracle
  • MSSQL This value applies to MSSQL and MSSQL cloud-based databases.
  • POSTGRESQL
This parameter is required and has no default value.
--dbname db_name
The name of the IBM Workload Scheduler database. This parameter is optional. The default value is TWS.
--dbuser db_user
The user that has been granted access to the IBM Workload Scheduler tables on the database server. This parameter is optional. The default value is db2tws.
--dbpassword db_password
The password for the user that has been granted access to the IBM Workload Scheduler or Dynamic Workload Console tables on the database server. This parameter is required. The default value is password. Special characters are not supported. You can optionally encrypt the password. For more information, see Encrypting passwords (optional).
--dbport db_port
The port of the database server. This parameter is optional. The default value is 50000.
--dbhostname db_hostname
The host name or IP address of database server. This parameter is required.
--dbdriverpath db_driver_path
The path where the database drivers are stored. This parameter is optional. By default, the configuration script references the JDBC drivers supplied with the product images. If your database server is not compatible with the supplied drivers, then contact your database administrator for the correct version to use with your database server and specify the driver path using this parameter. Ensure you provide the same path in the configureDb, serverinst, and dwcinst commands.
--dbsslconnection true | false
Enables or disables the SSL connection to the database. The default value is false. This parameter applies only to DB2.
SSL configuration options
--sslkeysfolder keystore_truststore_folder
The name and path of the folder containing certificates in .PEM format. The installation program automatically processes the keystore and truststore files using the password you specify with the --sslpassword parameter. The folder must contain the following files:
  • ca.crt
    The Certificate Authority (CA) public certificate. Note that if certificates being installed are part of a chain consisting of 3 or more certificates (one Root CA, followed by one or more Intermediate CAs, followed by the end user certificate), then this file must contain the Root CA certificate only. Any Intermediate CA certificates must be stored in the additionalCAs subfolder, which therefore becomes a mandatory subfolder. Each Intermediate CA must be stored in the additionalCAs subfolder in its own file.
    Note: From V10.2.3, if certificates being installed are part of a chain, the ca.crt can contain also the intermediate CAs. In this case, it must begin with one or more intermediate CA certificates and end with the Root ca.
  • tls.key
    The private key of the end user certificate for the instance to be installed.
  • tls.crt
    The public part of the previous key, that is the end user certificate.

For UNIX systems, ensure that all the files have the ownership of the user who installed the master domain manager and the correct permissions (644).

You can optionally create a subfolder to contain one or more *.crt files to be added to the server truststore as trusted CA, whose name must be additionalCAs. This can be used for example to add to the list of trusted CAs the certificate of the LDAP server or DB2 server. Additionally, you can store here any intermediate CA certificate to be added to the truststore. The subfolder must be named additionalCAs. Note that if the end user certificate being installed in the instance is part of a chain consisting of 3 or more certificates (one Root CA, followed by one or more Intermediate CAs, followed by the end user certificate), then the Intermediate CAs certificates must be stored in the additionalCAs subfolder, which therefore becomes a mandatory subfolder. Each Intermediate CA must be stored in the additionalCAs subfolder in its own file.

For further information about how to generate custom certificates, see Managing certificates using Certman.

--sslpassword ssl_password

The password for the custom certificates and the path to the folder containing certificates in .PEM format with the sslkeysfolder parameter.

For more information, see sslkeysfolder.

You can optionally encrypt the password using the secure script. For more information, see Optional password encryption - secure script.
--enablefips false
Specify whether you want to enable FIPS. In the current product version, you can only specify false because FIPS is not supported. In a fresh installation, the default is false. In upgrade, there is no default value, so you have to set it explicitly and be aware that FIPS is being disabled when you upgrade. This parameter is optional. If you are upgrading from an environment where FIPS is supported, see Q: My environment is FIPS compliant. What happens if I upgrade to version 10.2.3?.

User information

--wauser user_name
The user for which you are installing IBM Workload Scheduler. This parameter is optional. The default value is the user performing the installation, unless you use a user other than root.
On UNIX operating systems, you can choose to install as the root user or as a user other than root. The following considerations apply:
  • If the installer is the root user, the wauser parameter can be omitted if the username value is meant to be root, or can be set to a username value other than root.
  • If the installer is different from the root user, consider the following points:
    • The wauser parameter can be omitted, but wauser is automatically set to the login name of the installer. If the installer specifies a wauser with a different username value, an error message is returned.
    • As a consequence, you can log in to the master domain manager uniquely with the user name of the installer.
    • The user must be enabled to login to the machine where the master domain manager is going to be installed.
    • Event Management triggers on files work only if the selected files are accessible to the user that was used for the installation.
    • Future upgrades, modifications, and removal of the master domain manager can be made exclusively with the same login used for installation.
    • When running conman and composer commands, it is mandatory to set the environment first, by using the tws_env script as described in Setting the environment variables.
--wapassword wauser_password
The password for the user for which you are installing IBM Workload Scheduler.
On Windows operating systems
Supported characters for the password are alphanumeric, dash (-), underscore (_) characters, and ()|?*~+.@!^
On UNIX operating systems
Supported characters for the password are any alphanumeric, dash (-), underscore (_) characters, and ()|?=*~+.
This parameter is required if you specify the wauser parameter. You can optionally encrypt the password using the secure script. For more information, see Optional password encryption - secure script.

Configuration information for the application server

The values for these parameters must match the values defined when installing WebSphere Application Server Liberty Base. For more information, see Installing WebSphere Application Server Liberty Base.

--wlpdir | w wlp_directory
WebSphere Application Server Liberty Base profile installation directory. This parameter is required.
--httpsport https_port
The HTTPS port. This parameter is optional. The default value is 31116.
--startserver true | false
Specifies whether the WebSphere Application Server Liberty Base server must be started after installation. This parameter is optional. The default value is true.

Configuration information for dynamic scheduling

--displayname agent_name
The name to be assigned to the agent. The name cannot start with a number. If the host name starts with a number, this parameter is required, otherwise it is optional. The default value is the host name of the workstation followed by _1.
--jmport port_number

The JobManager port number on which the dynamic domain manager is contacted by the dynamic agent. This parameter is optional. The default value is 31114. The valid range is from 1 to 65535.

Configuration information for the master domain manager

--componenttype MDM | DDM
The workstation type being installed. Supported workstation types are:
MDM
master domain manager
DDM
dynamic domain manager

To install a backup domain manager, run the serverinst command on the workstation where you plan to install the backup domain manager. The serverinst command connects to the database you specify, discovers that a master domain manager is already installed, and proceeds to install a backup domain manager. The same procedure applies when installing a backup dynamic domain manager.

Configuration options when --componenttype is MDM

--company company_name
The name of the company. The company name cannot contain blank characters. The name is shown in program headers and reports. This parameter is optional. The default name is COMPANY.
--hostname host_name
The fully qualified host name or IP address on which the installation is performed. The default value is calculated at installation time.
--thiscpu workstation
The name of the IBM Workload Scheduler workstation for this installation. The name cannot exceed 16 characters, cannot start with a number, cannot contain spaces. If the host name starts with a number, this parameter is required, otherwise it is optional. This name is registered in the localopts file. The default name is the host name of the workstation.
--eifport eif_port
Specifies the Job Manager Event Integration Facility (EIF) port number. The default value is 31131. The valid range is 1 to 65535.
--brwksname broker_workstation_name
The broker workstation name. This parameter is optional. The default value is the workstation host name followed by _DWB. It cannot start with a number.
--brnetmanport port_number
The TCP/IP port number used by the netman process to listen for communication from the dynamic domain manager. This parameter is optional. The default value is 41114. The valid range is from 1 to 65535. This port number is registered in the localopts file. For each installation you must specify a different number. For more information about the localopts file, see Setting local options
--netmanport netman_port_number
The TCP/IP port number used by the netman process to listen for communication from the master domain manager. This parameter is optional. The default value is 31111. The valid range is from 1 to 65535. You can also set this parameter to disabled. In this case, you must provide a value for the netmansslport parameter, which enables SSL communication. This port number is registered in the localopts file, in the nm port attribute. For each installation you must specify a different number.
--netmansslport SSL_port_number
The TCP/IP port number used by the netman process to listen for communication from the master in SSL mode. The default value is 31113. The valid range is from 1 to 65535. You can also set the netmansslport parameter to disabled to use non-encrypted communication. If you set the netmansslport parameter to disabled, you must provide a value for the netmanport parameter. This port number is registered in the localopts file, in the nm ssl full port attribute. For each installation you must specify a different number.

Configuration options when --componenttype is DDM

--domain domain_name
Windows systems only. The domain name of the IBM Workload Scheduler user. This parameter is optional. The default value is MASTERDM when you install a master domain manager, and DYNAMICDM when you install a dynamic domain manager.
--master mdm_domain_name
The master domain manager name. It cannot start with a number. This parameter is required for the dynamic domain manager only. Do not specify when installing the master domain manager.
--mdmhttpsport mdm_https_port
The port of the master domain manager host used by the broker to contact master domain manager. This parameter is required. This parameter applies to the dynamic domain manager only. Do not specify when installing the master domain manager.
--mdmbrokerhostname mdm_hostname
The fully qualified host name or IP address of the master domain manager contacted by the dynamic domain manager. This parameter is required for the dynamic domain manager only. Do not specify when installing the master domain manager.
--eifport eif_port
Specifies the Job Manager Event Integration Facility (EIF) port number. The default value is 31131. The valid range is 1 to 65535.
--brwksname broker_workstation_name
The broker workstation name. This parameter is optional. The default value is the workstation host name followed by _DWB. It cannot start with a number.
--brnetmanport port_number
The TCP/IP port number used by the netman process to listen for communication from the dynamic domain manager. This parameter is optional. The default value is 41114. The valid range is from 1 to 65535. This port number is registered in the localopts file. For each installation you must specify a different number. For more information about the localopts file, see Setting local options
--netmanport netman_port_number
The TCP/IP port number used by the netman process to listen for communication from the master domain manager. This parameter is optional. The default value is 31111. The valid range is from 1 to 65535. You can also set this parameter to disabled. In this case, you must provide a value for the netmansslport parameter, which enables SSL communication. This port number is registered in the localopts file, in the nm port attribute. For each installation you must specify a different number.
--netmansslport SSL_port_number
The TCP/IP port number used by the netman process to listen for communication from the master in SSL mode. The default value is 31113. The valid range is from 1 to 65535. You can also set the netmansslport parameter to disabled to use non-encrypted communication. If you set the netmansslport parameter to disabled, you must provide a value for the netmanport parameter. This port number is registered in the localopts file, in the nm ssl full port attribute. For each installation you must specify a different number.
--isforzos yes|no

Set to yes if you want to connect the dynamic domain manager to only the Z controller. Set to no if you want to connect the dynamic domain manager to a master domain manager or, to both a master domain manager and a Z controller. This parameter is optional. The default value is no.

IBM Workload Scheduler encryption options

--useencryption true | false
Specifies whether IBM Workload Scheduler files must be encrypted at runtime. If you specify true, or do not set this parameter, files such as the Symphony file and the message queues are encrypted using AES-256 or AES-128 cryptography. By default, a fresh installation is automatically encrypted and the keystore password is default. To change the keystore password, use the encryptionpassword parameter. This parameter is optional.
--encryptionpassword default
The password for the keystore storing the AES-256 or AES-128 keys used to encrypt the files at runtime. This parameter is optional. The default value is default. You can optionally encrypt the password using the secure script. For more information, see Optional password encryption - secure script.

Comments

Note: The values for the following parameters must match the values you provided when creating and populating the database:
  • --rdbmstype
  • --dbhostname
  • --dbport
  • --dbname
  • --dbuser
  • --dbpassword