Joining a topology with non-interactive setup - PingDirectoryProxy - PingDirectory - 9.0

PingDirectory

bundle
pingdirectory-90
ft:publication_title
PingDirectory
Product_Version_ce
PingDirectory 9.0
category
Product
pd-90
pingdirectory
ContentType_ce

Interactive mode is a convenient method to get the server up and running when you're just getting started, but the installation process for production deployments is generally scripted. For this process, non-interactive mode is a better choice and setup offers several useful arguments.

To join a topology with non-interactive setup:

Run setup:
  • Use the following arguments to join an existing Directory Server topology:
    --existingDSTopologyHostName {address}
    The address of a Directory Server instance in the topology to be joined.
    --existingDSTopologyPort {port}
    The port for communication with the Directory Server to retrieve information about the topology.
    --existingDSTopologyUseSSL
    Indicates that the communication with the Directory Server to retrieve information about the topology should be encrypted with SSL.
    --existingDSTopologyUseStartTLS
    Indicates that the communication with the Directory Server to retrieve information about the topology should be encrypted with the StartTLS extended operation.
    --existingDSTopologyUseNoSecurity
    Indicates that the communication with the Directory Server to retrieve information about the topology should be not be encrypted.
    --existingDSTopologyUseJavaTruststore{path}
    The path to a JKS trust store that has the information needed to trust the certificate presented by the Directory Server when using SSL or StartTLS.
    --existingDSTopologyUsePkcs12Truststore{path}
    The path to a PKCS #12 trust store that has the information needed to trust the certificate presented by the Directory Server when using SSL or StartTLS.
    --existingDSTopologyTrustStorePassword{password}
    The password needed to access the contents of the JKS or PKCS #12 trust store. A password is typically required when using a PKCS #12 trust store but is optional when using a JKS trust store.
    --existingDSTopologyTrustStorePasswordFile{path}
    The path to a file containing the password needed to access the contents of the JKS or PKCS #12 trust store.
    --existingDSTopologyBindDN{path}
    The DN of the account to use to authenticate to the Directory Server. This account must have full read and write access to the configuration and to manage the topology.
    --existingDSTopologyBindPassword{password}
    The password for the account to use to authenticate to the Directory Server.
    --existingDSTopologyBindPasswordFile{path}
    The path to a file containing the password to use to authenticate to the Directory Server.

    For example, you can use a command similar to the following to set up a PingDirectoryProxy Server instance in the same topology as a Directory Server instance.

    $ ./setup --acceptLicense \
         --licenseKeyFile PingDirectory.lic
         --maxHeapSize 2g \
         --localHostName proxy1.example.com \
         --skipHostnameCheck \
         --instanceName proxy1 \
         --location Austin \
         --rootUserDN "cn=Directory Manager" \
         --rootUserPasswordFile directory-manager-password.txt \
         --ldapPort 389 \
         --ldapsPort 636 \
         --httpsPort 443 \
         --enableStartTLS \
         --useJavaKeyStore config/keystore \
         --keyStorePasswordFile config/keystore.pin \
         --certNickname server-cert \
         --useJavaTrustStore config/truststore \
         --trustStorePasswordFile config/truststore.pin \
         --encryptDataWithPassphraseFromFile encryption-passphrase.txt \
         --existingDSTopologyHostName ds1.example.com \
         --existingDSTopologyPort 636 \
         --existingDSTopologyBindDN "cn=Directory Manager" \
         --existingDSTopologyBindPasswordFile directory-manager-password.txt \
         --existingDSTopologyUseSSL \
         --existingDSTopologyUseJavaTrustStore config/truststore \
         --no-prompt
  • Use the following arguments to clone the configuration of an existing PingDirectoryProxy Server instance, including joining the same topology as the existing instance:
    --peerHostName{address}
    The address of a PingDirectoryProxy Server instance whose configuration should be cloned and whose topology should be joined.
    --peerPort{port}
    The port communication with the PingDirectoryProxy Server to retrieve the configuration and topology information.
    --peerUseSSL
    Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should be encrypted with SSL.
    --peerUseStartTLS
    Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should be encrypted with the StartTLS extended operation.
    --peerUseNoSecurity
    Indicates that communication with the PingDirectoryProxy Server to retrieve configuration and topology information should not be encrypted.
    Note:

    When using SSL or StartTLS to encrypt the communication, you also need to use one of the --useJavaTruststore or --usePkcs12Truststore arguments to specify the path to a trust store with the information needed to trust the certificate that is presented by the PingDirectoryProxy Server.

    The following is an example of a sample command to set up a new PingDirectoryProxy Server as a clone of an existing PingDirectoryProxy Server instance.

    $ ./setup --acceptLicense \
         --licenseKeyFile PingDirectory.lic
         --maxHeapSize 2g \
         --localHostName proxy2.example.com \
         --skipHostnameCheck \
         --instanceName proxy2 \
         --location Austin \
         --rootUserDN "cn=Directory Manager" \
         --rootUserPasswordFile directory-manager-password.txt \
         --ldapPort 389 \
         --ldapsPort 636 \
         --httpsPort 443 \
         --enableStartTLS \
         --useJavaKeyStore config/keystore \
         --keyStorePasswordFile config/keystore.pin \
         --certNickname server-cert \
         --useJavaTrustStore config/truststore \
         --trustStorePasswordFile config/truststore.pin \
         --encryptDataWithPassphraseFromFile encryption-passphrase.txt \
         --peerHostName proxy1.example.com \
         --peerPort 636 \
         --peerUseSSL \
         --no-prompt