Interactive mode is a convenient method to get the server up and running when you're just getting started, but the installation process for production deployments is generally scripted. For this process, non-interactive mode is a better choice and setup offers several useful arguments.
To join a topology with non-interactive setup:
-
Run setup:
- Use the following arguments to join an existing PingDirectory server topology:
- --existingDSTopologyHostName
{address}
- The address of a PingDirectory server instance in the topology to be joined.
- --existingDSTopologyPort
{port}
- The port for communication with the PingDirectory server to retrieve information about the topology.
- --existingDSTopologyUseSSL
- Indicates that the communication with the PingDirectory server to retrieve information about the topology should be encrypted with SSL.
- --existingDSTopologyUseStartTLS
- Indicates that the communication with the PingDirectory server to retrieve information about the topology should be encrypted with the StartTLS extended operation.
- --existingDSTopologyUseNoSecurity
- Indicates that the communication with the PingDirectory server to retrieve information about the topology should be not be encrypted.
- --existingDSTopologyUseJavaTruststore
{path}
- The path to a JKS trust store that has the information needed to trust the certificate presented by the PingDirectory server when using SSL or StartTLS.
- --existingDSTopologyUsePkcs12Truststore
{path}
- The path to a PKCS #12 trust store that has the information needed to trust the certificate presented by the PingDirectory server when using SSL or StartTLS.
- --existingDSTopologyTrustStorePassword
{password}
- The password needed to access the contents of the JKS or PKCS #12 trust store. A password is typically required when using a PKCS #12 trust store but is optional when using a JKS trust store.
- --existingDSTopologyTrustStorePasswordFile
{path}
- The path to a file containing the password needed to access the contents of the JKS or PKCS #12 trust store.
- --existingDSTopologyBindDN
{path}
- The DN of the account to use to authenticate to the PingDirectory server. This account must have full read and write access to the configuration and to manage the topology.
- --existingDSTopologyBindPassword
{password}
- The password for the account to use to authenticate to the PingDirectory server.
- --existingDSTopologyBindPasswordFile
{path}
- The path to a file containing the password to use to authenticate to the PingDirectory server.
For example, you can use a command similar to the following to set up a PingDirectoryProxy server instance in the same topology as a PingDirectory server instance.
$ ./setup --acceptLicense \ --licenseKeyFile PingDirectory.lic --maxHeapSize 2g \ --localHostName proxy1.example.com \ --skipHostnameCheck \ --instanceName proxy1 \ --location Austin \ --rootUserDN "cn=Directory Manager" \ --rootUserPasswordFile directory-manager-password.txt \ --ldapPort 389 \ --ldapsPort 636 \ --httpsPort 443 \ --enableStartTLS \ --useJavaKeyStore config/keystore \ --keyStorePasswordFile config/keystore.pin \ --certNickname server-cert \ --useJavaTrustStore config/truststore \ --trustStorePasswordFile config/truststore.pin \ --encryptDataWithPassphraseFromFile encryption-passphrase.txt \ --existingDSTopologyHostName ds1.example.com \ --existingDSTopologyPort 636 \ --existingDSTopologyBindDN "cn=Directory Manager" \ --existingDSTopologyBindPasswordFile directory-manager-password.txt \ --existingDSTopologyUseSSL \ --existingDSTopologyUseJavaTrustStore config/truststore \ --no-prompt
- --existingDSTopologyHostName
- Use the following arguments to clone the configuration of an existing PingDirectoryProxy server instance, including joining
the same topology as the existing instance:
- --peerHostName
{address}
- The address of a PingDirectoryProxy server instance whose configuration should be cloned and whose topology should be joined.
- --peerPort
{port}
- The port communication with the PingDirectoryProxy server to retrieve the configuration and topology information.
- --peerUseSSL
- Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should be encrypted with SSL.
- --peerUseStartTLS
- Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should be encrypted with the StartTLS extended operation.
- --peerUseNoSecurity
- Indicates that communication with the PingDirectoryProxy server to retrieve configuration and topology information should not be encrypted.
Note:When using SSL or StartTLS to encrypt the communication, you also need to use one of the --useJavaTruststore or --usePkcs12Truststore arguments to specify the path to a trust store with the information needed to trust the certificate that is presented by the PingDirectoryProxy server.
The following is an example of a sample command to set up a new PingDirectoryProxy server as a clone of an existing PingDirectoryProxy server instance.
$ ./setup --acceptLicense \ --licenseKeyFile PingDirectory.lic --maxHeapSize 2g \ --localHostName proxy2.example.com \ --skipHostnameCheck \ --instanceName proxy2 \ --location Austin \ --rootUserDN "cn=Directory Manager" \ --rootUserPasswordFile directory-manager-password.txt \ --ldapPort 389 \ --ldapsPort 636 \ --httpsPort 443 \ --enableStartTLS \ --useJavaKeyStore config/keystore \ --keyStorePasswordFile config/keystore.pin \ --certNickname server-cert \ --useJavaTrustStore config/truststore \ --trustStorePasswordFile config/truststore.pin \ --encryptDataWithPassphraseFromFile encryption-passphrase.txt \ --peerHostName proxy1.example.com \ --peerPort 636 \ --peerUseSSL \ --no-prompt
- --peerHostName
- Use the following arguments to join an existing PingDirectory server topology: