Joining a topology with non-interactive setup
About this task
Interactive mode is a convenient method to get the server up and running when you’re just getting started, but the installation process for production deployments is generally scripted. For this process, non-interactive mode is a better choice and setup offers several useful arguments.
To join a topology with non-interactive setup:
Steps
-
Run
setup
:Choose from:
-
Use the following arguments to join an existing PingDirectory server topology:
--existingDSTopologyHostName
{address}
-
The address of a PingDirectory server instance in the topology to be joined.
--existingDSTopologyPort
{port}
-
The port for communication with the PingDirectory server to retrieve information about the topology.
--existingDSTopologyUseSSL
-
Indicates that the communication with the PingDirectory server to retrieve information about the topology should be encrypted with SSL.
--existingDSTopologyUseStartTLS
-
Indicates that the communication with the PingDirectory server to retrieve information about the topology should be encrypted with the StartTLS extended operation.
--existingDSTopologyUseNoSecurity
-
Indicates that the communication with the PingDirectory server to retrieve information about the topology should be not be encrypted.
--existingDSTopologyUseJavaTruststore
{path}
-
The path to a JKS trust store that has the information needed to trust the certificate presented by the PingDirectory server when using SSL or StartTLS.
--existingDSTopologyUsePkcs12Truststore
{path}
-
The path to a PKCS #12 trust store that has the information needed to trust the certificate presented by the PingDirectory server when using SSL or StartTLS.
--existingDSTopologyTrustStorePassword
{password}
-
The password needed to access the contents of the JKS or PKCS #12 trust store. A password is typically required when using a PKCS #12 trust store but is optional when using a JKS trust store.
--existingDSTopologyTrustStorePasswordFile
{path}
-
The path to a file containing the password needed to access the contents of the JKS or PKCS #12 trust store.
--existingDSTopologyBindDN
{path}
-
The DN of the account to use to authenticate to the PingDirectory server. This account must have full read and write access to the configuration and to manage the topology.
--existingDSTopologyBindPassword
{password}
-
The password for the account to use to authenticate to the PingDirectory server.
--existingDSTopologyBindPasswordFile
{path}
-
The path to a file containing the password to use to authenticate to the PingDirectory server.
For example, you can use a command similar to the following to set up a PingDirectoryProxy server instance in the same topology as a PingDirectory server instance.
$ ./setup --acceptLicense \ --licenseKeyFile PingDirectory.lic --maxHeapSize 2g \ --localHostName proxy1.example.com \ --skipHostnameCheck \ --instanceName proxy1 \ --location Austin \ --rootUserDN "cn=Directory Manager" \ --rootUserPasswordFile directory-manager-password.txt \ --ldapPort 389 \ --ldapsPort 636 \ --httpsPort 443 \ --enableStartTLS \ --useJavaKeyStore config/keystore \ --keyStorePasswordFile config/keystore.pin \ --certNickname server-cert \ --useJavaTrustStore config/truststore \ --trustStorePasswordFile config/truststore.pin \ --encryptDataWithPassphraseFromFile encryption-passphrase.txt \ --existingDSTopologyHostName ds1.example.com \ --existingDSTopologyPort 636 \ --existingDSTopologyBindDN "cn=Directory Manager" \ --existingDSTopologyBindPasswordFile directory-manager-password.txt \ --existingDSTopologyUseSSL \ --existingDSTopologyUseJavaTrustStore config/truststore \ --no-prompt
-
Use the following arguments to clone the configuration of an existing PingDirectoryProxy server instance, including joining the same topology as the existing instance:
--peerHostName
{address}
-
The address of a PingDirectoryProxy server instance whose configuration should be cloned and whose topology should be joined.
--peerPort
{port}
-
The port communication with the PingDirectoryProxy server to retrieve the configuration and topology information.
--peerUseSSL
-
Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should be encrypted with SSL.
--peerUseStartTLS
-
Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should be encrypted with the StartTLS extended operation.
--peerUseNoSecurity
-
Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should not be encrypted.
When using SSL or StartTLS to encrypt the communication, you also need to use one of the
--useJavaTruststore
or--usePkcs12Truststore
arguments to specify the path to a trust store with the information needed to trust the certificate that is presented by the PingDirectoryProxy server.The following is an example of a sample command to set up a new PingDirectoryProxy server as a clone of an existing PingDirectoryProxy server instance.
$ ./setup --acceptLicense \ --licenseKeyFile PingDirectory.lic --maxHeapSize 2g \ --localHostName proxy2.example.com \ --skipHostnameCheck \ --instanceName proxy2 \ --location Austin \ --rootUserDN "cn=Directory Manager" \ --rootUserPasswordFile directory-manager-password.txt \ --ldapPort 389 \ --ldapsPort 636 \ --httpsPort 443 \ --enableStartTLS \ --useJavaKeyStore config/keystore \ --keyStorePasswordFile config/keystore.pin \ --certNickname server-cert \ --useJavaTrustStore config/truststore \ --trustStorePasswordFile config/truststore.pin \ --encryptDataWithPassphraseFromFile encryption-passphrase.txt \ --peerHostName proxy1.example.com \ --peerPort 636 \ --peerUseSSL \ --no-prompt
-