PingAuthorize

Layout of a server profile

When you create a server profile, you can review the typical server profile hierarchy structure.

Use either of the following methods to create a server profile:

  • Extract the template named server-profile-template-paz.zip, which is located in the resource directory.

  • Run the manage-profile generate-profile subcommand. The manage-profile tool references the file system directory structure.

You can add files to each directory as needed.

The following hierarchy represents the file structure of a basic server profile.

-server-profile/
    |-- dsconfig/
    |-- misc-files/
    |-- server-root/
    |   |-- post-setup/
    |   |-- pre-setup/
    |-- server-sdk-extensions/
    |-- setup-arguments.txt
    |-- variables-ignore.txt

setup-arguments.txt

When you create a new profile, you must add arguments to the setup-arguments.txt file.

When manage-profile setup is run, these arguments are passed to the server’s setup tool. To view the arguments that are available in this file, run the server’s setup --help command.

To provide the equivalent, non-interactive CLI arguments after any prompts have been completed, run setup interactively. The setup-arguments.txt file in the profile template contains an example set of arguments that you can change.

setup-arguments.txt is the only required file in the profile.

dsconfig/

You can use dsconfig batch files to apply dsconfig commands to PingAuthorize Server.

You can add dsconfig batch files to the dsconfig directory. These files, each of which must include a .dsconfig extension, contain dsconfig commands to apply to server.

Because the dsconfig batch files are ordered lexicographically, 00-base.dsconfig runs before 01-second.dsconfig, and so on.

To produce a dsconfig batch file that reproduces the current configuration, run bin/config-diff.

server-root/

You can add a variety of server root files to the server-root directory.

Any server root files can be added to the server-root directory, including schema files, email template files, custom password dictionaries, and other files that must be present on the final server root. Add these files to the server-root/pre-setup or server-root/post-setup directory, depending on when they need to be copied to the server root. Most server root files are added to theserver-root/pre-setup directory.

server-sdk-extensions/

Add server SDK extension .zip files to the server-sdk-extensions directory.

Include any configuration that is necessary for the extensions in the profile’s dsconfig batch files.

variables-ignore.txt

You can use the variables-ignore.txt file to indicate the relative paths of any files whose variables you do not want to have substituted.

The variables-ignore.txt file is an optional component of the server profile. It is useful when adding bash scripts to the server root because such files often contain expressions that the manage-profile tool normally interprets as variables.

Add variables-ignore.txt to a profile’s root directory to indicate the relative paths of any files that are not to have their variables substituted.

The following example shows the contents of a typical variables-ignore.txt file.

server-root/pre-setup/script-to-ignore.sh
server-root/post-setup/another-file-to-ignore.txt

server-root/permissions.properties

You can use server-root/permissions.properties to specify permissions you want to apply to files copied to the server root.

The permissions.properties file, located in the server-root directory, is an optional file that specifies the permissions to apply to files that are copied to the server root. These permissions are represented in octal notation. By default, server root files maintain their permissions when copied.

The following example shows the contents of a typical permissions.properties file.

default=700
file-with-special-permissions.txt=600
new-subdirectory/file-with-special-permissions.txt=644
bin/example-script.sh=760

misc-files/

You can find additional miscellaneous documentation and other files in the misc-files directory.

The manage-profile tool does not use the misc-files directory. Use the variable PING_PROFILE_ROOT to refer to files in this directory from other locations, such as setup-arguments.txt.

Use PING_PROFILE_ROOT only with files that are not needed after initial setup, such as password files in setup-arguments.txt. Do not use the PING_PROFILE_ROOT variable for files needed while the server is running. The manage-profile tool creates a temporary copy of the server profile that is deleted after the tool completes, so files are not accessible under PING_PROFILE_ROOT when the server is running. For files you need while the server is running, such as keystore and truststore files, copy the files into the server root using the profile’s server-root/pre-setup directory, and then refer to the files using with the PING_SERVER_ROOT variable.

For example, a password file named password.txt in the misc-files directory could be referenced with ${PING_PROFILE_ROOT}/misc-files/password.txt in setup-arguments.txt. Use a reference like this example to supply the file for the --rootUserPasswordFile argument in setup-arguments.txt.