Sterling Connect:Direct for UNIX silent installation options file and command-line parameters

The options file contains shell script variables. cdinstall_a “source includes” the options file into its execution environment so that the variables are available. However, it will do so only after it runs a security check that UNIX or Linux commands are not specified as values for the parameter variables or as individual commands. This guards against a code injection attack.

This point is important because cdinstall_a is started under the root account. Therefore, the administrator can run arbitrary commands without cdinstall_a. However, other users or applications without root privileges can initiate an automated installation. These users or applications might specify UNIX or Linux commands in the options file, which would be processed under root. This situation creates a security issue.

The following table lists and describes these variables. If you do not specify the full path of the files in the installation package, then the path defaults to the directory where cdinstall_a was started. For example, the path name for the cpio file defaults to the package directory where cdinstall_a is located if you do not explicitly specify a path.
Variable name Command-line arguments Default value Description
cdai_installCmd=<install | upgrade | uninstall> --installCmd None. Required parameter. Specifies the type of processing to use.
cdai_cpioFile=<cpio file name> --cpioFile cdunix The installation cpio name.

If it is in a different directory than the package directory, the full path must be specified.
cdai_installDir=<target installation directory> --installDir None. Required parameter. Where to install Sterling Connect:Direct®. The administrator can choose any accessible location, but the full path must be specified
cdai_localNodeName=<Sterling Connect:Direct local name> --localNodeName Host name (required for installation only). Name to assign to the local Sterling Connect:Direct. Name is shortened to 16 characters if necessary. Specify uname to ensure that the host name of the system is used.
cdai_acquireHostnameOrIP=<h | fqn | ip4 | ip6 | string> --acquireHostnameOrIP h (required for installation only). Specify host name, fully qualified domain name, IP v4 address, or IP v6 address. Any other strings are interpreted as IP addresses or names.
  • h=host name
  • fqn=fully qualified domain name
  • ip4=IPv4 address
  • ip6=IPv6 address

String can be 0.0.0.0, 0:0:0:0:0:0:0:0, ::, 192.168.0.100, or other valid IP address.
cdai_serverPort=<port number> --serverPort 1364 Sterling Connect:Direct to Sterling Connect:Direct
cdai_clientPort=<port number> --clientPort 1363 CLI/API port
cdai_localCertFile=<certfile> --localCertFile None. (required for installation only). Keycert file for Sterling Connect:Direct local node and client
cdai_localCertPassphrase=<passphrase> --localCertPassphrase None. (required for installation only). Passphrase for keycert file
cdai_adminUserid=<user ID> --adminUserid None. (required for installation only). System user ID to use for the Sterling Connect:Direct administrator user ID
cdai_trace=y|n --trace n Enables display of debugging information
cdai_spConfig=<file name> --spConfig None. Customized text file to update Sterling Connect:Direct parameter file as necessary. To create a parameter file, you can enter a list of commands in the spConfig text file, similarly to this example:
sync netmap
        path=/sci/silent_install/netmap.cfg
        name=*
;

  Import KeyCert
        File="/sci/silent_install/keycert.txt"
        Passphrase=password
        Label=myKeyCert
        ImportMode=Add
;

The silent install script points to this text file.

If cdai_spConfig is not specified, then only basic Sterling Connect:Direct configuration is used with the key certificate and trusted root files.
cdai_ignoreExistingInstallDir=y|n --ignoreExistingInstallDir n y causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. n causes cdinstall_a to fail if the target installation directory exists. Use y with caution when you are engaging in automated deployment across multiple systems.
cdai_allowUmaskReset=y|n --allowUmaskReset y This variable has no effect if the default umask of the adminUserid is 22 or less. If the default umask of the adminUserid is greater than 22, y causes cdinstall_a to reset the umask of the adminUserid to 22. Setting the variable to n in that case causes cdinstall_a to proceed with the more restrictive than recommended umask setting.
CAUTION:
If the installation procedure proceeds with an umask setting that is more restrictive than the recommended value, some users might not have the necessary permissions to use Sterling Connect:Direct for UNIX.
cdai_verifyUpgrade=y|n --verifyUpgrade y An upgrade command fails if pre-existing configuration files don't pass the configuration check or if the sample.cd process fails to complete successfully. This happens even when the configuration errors or sample.cd operation failure is considered tolerable. This variable allows users to choose whether to verify an upgrade or not.
cdai_trustedRootCertFile=<trusted root file> --trustedRootCertFile None. This variable allows users to deploy a custom trusted root certificate file.

If cdai_trustedRootCertFile is specified, then the automated installation arbitrarily uses this file as the trusted root certificate file.

If cdai_trustedRootCertFile is not specified, then the automated installation procedure customizes and uses the default trusted root certificate file that is included in the Sterling Connect:Direct for UNIX installation file. The default trusted root certificate file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it.

Note: This variable applies only to Sterling Connect:Direct for UNIX 4.1.0.
cdai_keystoreFile=<keystore file> --keystoreFile None. If cdai_keystoreFile is specified, then the automated installation uses this file as the keystore file. If it is not specified, then the automated installation procedure uses the default keystore file that is created during the installation. In either case, the keystore file is customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_keystorePassword=<keystore password> --keystorePassword None. (always required for the installation command, but only required for the upgrade command when you are upgrading a version before Sterling Connect:Direct for UNIX 4.2.0). Password for keystore file. Minimum 3 characters, maximum 80 characters. A keystore is created or updated with this password during the silent installation. This parameter is required if cdai_installCmd is install or upgrade. It is not required for an uninstall.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_localCertLabel=<certificate label name> --localCertLabel Client-API If cdai_localCertLabel is specified, the specification is used to label the keycert for use in basic Secure+ configurations for secure client connections. If it is not specified, the default label is used.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0 and later.
cdai_asperaLicenseFile=<aspera license file> --asperaLicenseFile None. For an installation that uses FASP, this variable allows deployment of the required license file.
Note: This variable applies only to Sterling Connect:Direct for UNIX 4.2.0.3 and later.
The following options file includes sample values for each variable:
cdai_trace="y"
cdai_installCmd="install"
cdai_cpioFile="/netshare/cdu/aix/cdunix"
cdai_installDir="/test/cdu/test001"
cdai_spConfig=spcmds.txt
cdai_localNodeName=uname
cdai_localNodeName=prod1.tul.company.com
cdai_acquireHostnameOrIP=ip4
cdai_serverPort=13364
cdai_clientPort=13363
cdai_localCertFile="keycert.txt"
cdai_localCertPassphrase="password"
cdai_adminUserid=kstep1