Previous Topic: Unattended InstallationNext Topic: How to Run an Unattended Administrative UI Install


How to Run an Unattended Policy Server Install

To run an unattended Policy Server install, complete the following procedures:

  1. Review the unattended installation guidelines.
  2. Copy the Policy Server properties file from the Policy Server host system.
  3. Complete one of the following steps:

    Note: (UNIX) Be sure that the UNIX user has the appropriate permissions to install from this directory.

  4. Copy the Policy Server installation media to the same location as the properties file.
  5. Modify the Policy Server installer properties file.
  6. Run the Policy Server installer.
  7. Verify the Policy Server installation.

More information:

Unattended Installation Guidelines

Modify the Policy Server Installer Properties Files

You modify the Policy Server installer properties file to define installation variables. The default parameters, passwords, and paths in this file reflect the information you entered during the initial Policy Server installation.

Important! The properties template includes a variable that specifies the Policy Server's FIPS mode of operation: CA_SM_PS_FIPS140. If you are reinstalling the Policy Server, do not modify the value of the variable. If required, change the FIPS mode of operation after reinstalling the Policy Server. More information on changing the Policy Server's FIPS mode of operation exists in the Upgrade Guide.

General Policy Server Information

The General Information section allows you to set the following:

DEFAULT_INSTALL_DIR

Specifies the location of the Policy Server installation.

DEFAULT_SHORTCUTS_DIR

Specifies the location of the CA SiteMinder® program icon.

Example: C:\\Documents and Settings\\All Users\\Start or /CA SiteMinder®

Note: The icon feature only works on Windows.

DEFAULT_JRE_ROOT

Specifies the JRE installation location.

DEFAULT_BROWSER

(UNIX only) Specifies the installation location of the browser.

Example: /usr/dt/appconfig/netscape/netscape

DEFAULT_SMPROFILE_CHOICE

(UNIX only) Specifies if smprofile.ksh should be added to the .profile file. Specify true for yes; specify false for no.

DEFAULT_ENCRYPTKEY

Allows you to enter a cleartext encryption key, which secures data sent between the Policy Server and the policy store.

Note: If you comment out the ENCRYPTED_ENCRYPTKEY parameter and uncomment DEFAULT_ENCRYPTKEY, then the unattended installer uses the cleartext encrypt key value from DEFAULT_ENCRYPTKEY. The DEFAULT_ENCRYPTKEY parameter is commented out by default after the initial Policy Server installation.

ENCRYPTED_ENCRYPTKEY

Shows the encrypted encryption key, which secures data sent between the Policy Server and the policy store. You entered this key during the initial Policy Server installation and cannot change it.

Important! Do not modify this encrypted value since any change will break the communication between the Policy Server and policy store when you run an unattended installation.

If you comment out the DEFAULT_ENCRYPTKEY parameter and uncomment ENCRYPTED_ENCRYPTKEY, then the unattended installer uses the encrypted encryption key value from ENCRYPTED_ENCRYPTKEY.

CA_SM_PS_FIPS140

Specifies the Policy Server's FIPS mode of operation.

Values: COMPAT, MIGRATE, or ONLY

Important! Do not modify the value if you are reinstalling the Policy Server.

Policy Server Features

The Feature Selection section lets you set the following parameters:

DEFAULT_OVMGUI_CHOICE

Determines if the Policy Server installer configures the OneView Monitor GUI on the selected web server.

Valid values: true and false.

true

The installer configures the OneView Monitor GUI.

Setting this value to true requires you to configure additional settings under OneView Monitor GUI and Web Servers.

false

The installer does not configure the OneView Monitor GUI.

DEFAULT_WEBSERVERS_CHOICE

Determines if the Policy Server installer configures the Federation Security Services UI with a specified web server.

Valid values: true and false.

true

The installer configures the component with the specified web server.

Setting this value to true requires you to configure additional settings under Web Servers.

false

The installer does not configure the component with a web server.

DEFAULT_SNMP_CHOICE

Determines if the Policy Server installer configures CA SiteMinder® SNMP support with the Policy Server.

Valid values: true and false.

true

The installer configures CA SiteMinder® SNMP support.

Setting this value to true requires you to configure additional settings under SNMP.

false

The installer does not configure CA SiteMinder® SNMP support.

DEFAULT_POLICYSTORE_CHOICE

Determines if the Policy Server installer configures a policy store automatically.

Valid values: true and false.

true

The installer configures a policy store.

Setting this value to true requires you to configure additional settings under Policy Store.

false

The installer does not configure a policy store.

OneView Monitor GUI

If you set the DEFAULT_OVMGUI_CHOICE parameter to true, then set the following:

DEFAULT_JDK_ROOT

Specifies the JDK installation location.

DEFAULT_SERVLETEXEC_INSTANCE_NAME

(UNIX only) Specifies the name of the ServletExec instance.

Example: se-testmachine-60psGUI

DEFAULT_SERVLETEXEC_ROOT

Specifies the ServletExec installation location.

Example: C:\\Program Files\\New Atlanta\\ServletExec ISAPI or /export/NewAtlanta/ServletExecAS

DEFAULT_SERVLETEXEC_PORT

(UNIX only) Specifies the port number of the ServletExec instance.

Example: 7676

SNMP

If you want to modify the SNMP password, do the following:

DEFAULT_ROOT_PW

Allows you to enter a cleartext SNMP password for the UNIX system’s root user. If you comment out the ENCRYPTED_ROOT_PW parameter and uncomment DEFAULT_ROOT_PW, then the unattended installer uses the cleartext SNMP password from DEFAULT_ROOT_PW.

Default: The DEFAULT_ROOT_PW parameter is commented out after the initial Policy Server installation.

ENCRYPTED_ROOT_PW

Shows the encrypted SNMP password for the UNIX system’s root user. You entered this password during the initial UNIX Policy Server installation and cannot change it.

Important! Do not modify this encrypted password since any change will break the communication between the Policy Server and the SNMP Agent. If you comment out the DEFAULT_ROOT_PW parameter and uncomment ENCRYPTED_ROOT_PW, then the unattended installer uses the encrypted password from ENCRYPTED_ROOT_PW.

Policy Store

If you set the DEFAULT_POLICYSTORE_CHOICE parameter to true, then set the following parameters:

DEFAULT_POLICYSTORE_TYPE

Specifies the type of store that is to function as the policy store.

Valid values: LDAP and RDB.

LDAP

Specifies an LDAP policy store.

RDB

Specifies an ODBC policy store.

DEFAULT_POLICYSTORE_IP

(LDAP) Specifies the IP address or name of the LDAP directory server host system.

Example: 172.16.0.0

DEFAULT_POLICYSTORE_PORT

(LDAP) Specifies the port on which the LDAP directory server is listening.

Example: 1356.

DEFAULT_POLICYSTORE_ADMINDN

(LDAP) Specifies the LDAP user name of an administrator who has permission to:

Example: cn=Directory Manager.

DEFAULT_POLICYSTORE_ADMINPW

(LDAP) Lets you enter a cleartext password for the administrator of the LDAP directory server.

If you comment ENCRYPTED_POLICYSTORE_ADMINPW and uncomment DEFAULT_POLICYSTORE_ADMINPW, then the unattended installer uses the cleartext password from DEFAULT_POLICYSTORE_ADMINPW.

Default: The DEFAULT_POLICYSTORE_ADMINPW parameter is commented out after the initial Policy Server installation.

ENCRYPTED_POLICYSTORE_ADMINPW

(LDAP) Represents the encrypted password for the administrator of the LDAP directory server. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to provide the LDAP administrator password for the new policy store. This password cannot be changed.

Important! Do not modify this password. The password is encrypted. If you comment out the DEFAULT_POLICYSTORE_ADMINPW and uncomment ENCRYPTED_POLICYSTORE_ADMINPW, then the installer uses the encrypted password from ENCRYPTED_POLICYSTORE_ADMINPW.

DEFAULT_POLICYSTORE_ROOTDN

(LDAP) Specifies the root DN of the LDAP directory server.

Example: o=example.com.

DEFAULT_POLICYSTORE_USER_CHOICE

(LDAP) The DEFAULT_POLICYSTORE_ADMINDN parameter requires an LDAP administrator user name that has permission to create the schema. By default, the Policy Server uses this account to manage the policy store. An alternate LDAP user account can manage CA SiteMinder® data in the policy store after the policy store is configured. The alternate account must have permission to create, read, modify, and delete objects.

Valid values: true and false.

true

Specifies that an alternate LDAP user account is to manage the policy store after the policy store is configured.

false

Specifies that the LDAP administrator user account, which the DEFAULT_POLICYSTORE_ADMINDN parameter specifies, is to manage the policy store after the policy store is configured.

DEFAULT_POLICYSTORE_USERDN

(LDAP) Specifies the DN of the alternate LDAP user account.

Example:

uid=SMAdmin,ou=people,o=security.com.
DEFAULT_POLICYSTORE_USERPW

(LDAP) Lets you enter a cleartext password for the alternate LDAP user. If you comment ENCRYPTED_POLICYSTORE_USERPW and uncomment DEFAULT_POLICYSTORE_USERPW, then the unattended installer uses the cleartext password from DEFAULT_POLICYSTORE_USERPW.

Default: The DEFAULT_POLICYSTORE_USERPW parameter is commented out after the initial Policy Server installation.

ENCRYPTED_POLICYSTORE_USERPW

(LDAP) Represents the encrypted password for the alternate LDAP user. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to set the alternate administrator password for the new policy store. This password cannot be changed.

Important! Do not modify this password. This password is encrypted.

If you comment DEFAULT_POLICYSTORE_USERPW and uncomment ENCRYPTED_POLICYSTORE_USERPW, then the installer uses the encrypted password from ENCRYPTED_POLICYSTORE_USERPW.

DEFAULT_INIT_POLICYSTORE_CHOICE

(LDAP/RDB) Specifies if the Policy Server installer must initialize the policy store.

Valid values: true and false.

true

The installer initializes the policy store.

false

The installer does not initialize the policy store.

DEFAULT_SM_ADMINPW

(LDAP/RDB) Lets you enter a cleartext password for the CA SiteMinder® superuser account.

If you comment ENCRYPTED_SM_ADMINPW and uncomment DEFAULT_SM_ADMINPW, then the installer uses the cleartext password from DEFAULT_SM_ADMINPW.

Default: The DEFAULT_SM_ADMINPW parameter is commented out after the initial Policy Server installation.

ENCRYPTED_SM_ADMINPW

(LDAP/RDB) Represents the encrypted password for the CA SiteMinder® superuser account. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to set the CA SiteMinder® superuser password for the new policy store. This password cannot be changed.

Important! Do not modify this password. This password is encrypted.

If you comment DEFAULT_SM_ADMINPW and uncomment ENCRYPTED_SM_ADMINPW, then the installer uses the encrypted password from ENCRYPTED_SM_ADMINPW.

DEFAULT_RDB_DSN

(RDB) Specifies the name of the DSN that the Policy Server installer creates.

DEFAULT_RDB_DBSERVER

(RDB) Specifies the IP address or name of the database host system.

DEFAULT_RDB_DBNAME

(RDB) Specifies one of the following values:

DEFAULT_RDB_PORT

(RDB) Specifies the port on which the database is listening.

DEFAULT_RDB_USER_NAME

(RDB) Specifies the name of the database administrator account that has permission to:

DEFAULT_RDB_DBTYPE

Specifies the type of database that is to function as the policy store.

Valid values: DB_MSSQL and DB_ORACLE.

DB_MSSQL

Specifies a SQL Server policy store.

DB_ORACLE

Specifies an Oracle policy store.

DEFAULT_RDB_PASSWORD

(RDB) Lets you enter a cleartext password for the database administrator.

Default: This parameter is commented out after the initial Policy Server installation.

If you comment ENCRYPTED_RDB_PASSWORD and uncomment DEFAULT_RDB_PASSWORD, then the installer uses the cleartext password from DEFAULT_RDB_PASSWORD.

ENCRYPTED_RDB_PASSWORD

(RDB) Represents the encrypted value of the database administrator password that was entered the last time that the installer configured the policy store.

Default: This parameter is uncommented. The installer uses this value, unless you comment this parameter and uncomment DEFAULT_RDB_PASSWORD.

DEFAULT_KEYSTORE_CONFIG

Specifies if the installer must collocate the CA SiteMinder® key store with the policy store.

Valid values: true and false.

true

The installer collocates the key store with the policy store.

false

The installer does not configure a key store. You configure a stand–alone key store after configuring the policy store.

DEFAULT_SMKEYDB_IMPORT_CHOICE

Specifies if the default CA certificates must be imported into the certificate data store.

Valid values: true and false.

true

Import the default CA certificates.

false

Do not import the default CA certificates.

Enhanced Session Assurance with DeviceDNA™ Settings

The following items apply to Enhanced Session Assurance with DeviceDNA™:

MASTER_KEY=

Specifies the master encryption key for the advanced authentication server (which runs on the CA SiteMinder® SPS). Stores the master encryption key in plain-text format.

ENCRYPTED_MASTER_KEY=

Specifies the master encryption key for the advanced authentication server (which runs on the CA SiteMinder® SPS). Stores the master encryption key in an encrypted format.

IS_SA_ENABLED=true

Indicates if Enhanced Session Assurance with DeviceDNA™ is enabled. Do not edit this item.

Run the Policy Server Installer

You run an unattended installation to install the Policy Server without user interaction.

Before You Install

You install the Policy Server using the installation media on the Technical Support site.

Note: For a list of installation media names, see the Policy Server Release Notes.

More information:

Locate the Installation Media

Installation Media Names

Windows

To run an unattended Policy Server install, run the following command from the directory to which you copied the Policy Server installation executable and the properties file:

installation_media -f ca-ps-installer.properties -i silent

Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

installation_media

Specifies the Policy Server installation executable.

Note: If the properties file is not in the same directory as the installation media, specify its location. Use double quotes if the argument contains spaces.

-i silent

Specifies that the installer run silently.

Example:

installation_media -f "C:\Program Files\CA\siteminder\install_config_info\ca-ps-installer.properties" -i silent

The installation begins. The installer uses the parameters that you specified in the properties file to install the Policy Server.

UNIX

Follow these steps:

  1. Open a shell.
  2. Run the following command from the directory to which you copied the Policy Server installation executable and Policy Server installation properties file:
    ./installation_media -f ca-ps-installer.properties -i silent
    
    installation_media

    Specifies the Policy Server installation executable.

    -i silent

    Specifies that the installer run silently.

    The installation begins. The installer uses the parameters that you specified in the properties file to install the Policy Server.

Troubleshoot the Policy Server Installation

Use the following files to troubleshoot the Policy Server installation:

Stop an Unattended Policy Server Installation

You stop an unattended Policy Server installation to prevent the Policy Server from installing on the specified Windows system.

To stop the installation: