Interactive mode is a convenient method to get the server up and running, especially when you are just getting started, but the installation process for production deployments is generally scripted. For this process, non-interactive mode is a better choice and setup offers a number of useful arguments.

When creating the initial Directory Proxy Server instance, you can use the following arguments to join an existing Directory Server topology:
  • --existingDSTopologyHostName {address} - The address of a Directory Server instance in the topology to be joined.
  • --existingDSTopologyPort {port} - The port for communication with the Directory Server to retrieve information about the topology.
  • --existingDSTopologyUseSSL - Indicates that the communication with the Directory Server to retrieve information about the topology should be encrypted with SSL.
  • --existingDSTopologyUseStartTLS - Indicates that the communication with the Directory Server to retrieve information about the topology should be encrypted with the StartTLS extended operation.
  • --existingDSTopologyUseNoSecurity - Indicates that the communication with the Directory Server to retrieve information about the topology should be not be encrypted.
  • --existingDSTopologyUseJavaTruststore {path} - The path to a JKS trust store that has the information needed to trust the certificate presented by the Directory Server when using SSL or StartTLS.
  • --existingDSTopologyUsePkcs12Truststore {path} - The path to a PKCS #12 trust store that has the information needed to trust the certificate presented by the Directory Server when using SSL or StartTLS.
  • --existingDSTopologyTrustStorePassword {password} - The password needed to access the contents of the JKS or PKCS #12 trust store. A password is typically required when using a PKCS #12 trust store but is optional when using a JKS trust store.
  • --existingDSTopologyTrustStorePasswordFile {path} - The path to a file containing the password needed to access the contents of the JKS or PKCS #12 trust store.
  • --existingDSTopologyBindDN {path} - The DN of the account to use to authenticate to the Directory Server. This account must have full read and write access to the configuration and to manage the topology.
  • --existingDSTopologyBindPassword {password} - The password for the account to use to authenticate to the Directory Server.
  • --existingDSTopologyBindPasswordFile {path} - The path to a file containing the password to use to authenticate to the Directory Server.
For example, you can use a command similar to the following to set up a PingDirectoryProxy Server instance in the same topology as a Directory Server instance:
$ ./setup --acceptLicense \
     --licenseKeyFile PingDirectory.lic
     --maxHeapSize 2g \
     --localHostName proxy1.example.com \
     --skipHostnameCheck \
     --instanceName proxy1 \
     --location Austin \
     --rootUserDN "cn=Directory Manager" \
     --rootUserPasswordFile directory-manager-password.txt \
     --ldapPort 389 \
     --ldapsPort 636 \
     --httpsPort 443 \
     --enableStartTLS \
     --useJavaKeyStore config/keystore \
     --keyStorePasswordFile config/keystore.pin \
     --certNickname server-cert \
     --useJavaTrustStore config/truststore \
     --trustStorePasswordFile config/truststore.pin \
     --encryptDataWithPassphraseFromFile encryption-passphrase.txt \
     --existingDSTopologyHostName ds1.example.com \
     --existingDSTopologyPort 636 \
     --existingDSTopologyBindDN "cn=Directory Manager" \
     --existingDSTopologyBindPasswordFile directory-manager-password.txt \
     --existingDSTopologyUseSSL \
     --existingDSTopologyUseJavaTrustStore config/truststore \
     --no-prompt
As with interactive mode, it is possible to use non-interactive mode to clone the configuration of an existing PingDirectoryProxy Server instance, including joining the same topology as the existing instance. You can use the following arguments to do this rather than the arguments listed above:
  • --peerHostName {address} - The address of a PingDirectoryProxy Server instance whose configuration should be cloned and whose topology should be joined.
  • --peerPort {port} - The port communication with the PingDirectoryProxy Server to retrieve the configuration and topology information.
  • --peerUseSSL - Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should be encrypted with SSL.
  • --peerUseStartTLS - Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should be encrypted with the StartTLS extended operation.
  • --peerUseNoSecurity - Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should not be encrypted.
Note: When using SSL or StartTLS to encrypt the communication, you also need to use one of the --useJavaTruststore or --usePkcs12Truststore arguments to specify the path to a trust store with the information needed to trust the certificate that is presented by the PingDirectoryProxy Server.
The following is an example of a sample command to set up a new PingDirectoryProxy Server as a clone of an existing PingDirectoryProxy Server instance:
$ ./setup --acceptLicense \
     --licenseKeyFile PingDirectory.lic
     --maxHeapSize 2g \
     --localHostName proxy2.example.com \
     --skipHostnameCheck \
     --instanceName proxy2 \
     --location Austin \
     --rootUserDN "cn=Directory Manager" \
     --rootUserPasswordFile directory-manager-password.txt \
     --ldapPort 389 \
     --ldapsPort 636 \
     --httpsPort 443 \
     --enableStartTLS \
     --useJavaKeyStore config/keystore \
     --keyStorePasswordFile config/keystore.pin \
     --certNickname server-cert \
     --useJavaTrustStore config/truststore \
     --trustStorePasswordFile config/truststore.pin \
     --encryptDataWithPassphraseFromFile encryption-passphrase.txt \
     --peerHostName proxy1.example.com \
     --peerPort 636 \
     --peerUseSSL \
     --no-prompt