To run an unattended Policy Server install, complete the following procedures:
Note: (UNIX) Be sure that the UNIX user has the appropriate permissions to install from this directory.
You modify the Policy Server installer properties file to define installation variables. The default parameters, passwords, and paths in this file reflect the information you entered during the initial Policy Server installation.
Important! The properties template includes a variable that specifies the Policy Server's FIPS mode of operation: CA_SM_PS_FIPS140. If you are reinstalling the Policy Server, do not modify the value of the variable. If required, change the FIPS mode of operation after reinstalling the Policy Server. More information on changing the Policy Server's FIPS mode of operation exists in the Upgrade Guide.
The General Information section allows you to set the following:
Specifies the location of the Policy Server installation.
Specifies the location of the CA SiteMinder® program icon.
Example: C:\\Documents and Settings\\All Users\\Start or /CA SiteMinder®
Note: The icon feature only works on Windows.
Specifies the JRE installation location.
(UNIX only) Specifies the installation location of the browser.
Example: /usr/dt/appconfig/netscape/netscape
(UNIX only) Specifies if smprofile.ksh should be added to the .profile file. Specify true for yes; specify false for no.
Allows you to enter a cleartext encryption key, which secures data sent between the Policy Server and the policy store.
Note: If you comment out the ENCRYPTED_ENCRYPTKEY parameter and uncomment DEFAULT_ENCRYPTKEY, then the unattended installer uses the cleartext encrypt key value from DEFAULT_ENCRYPTKEY. The DEFAULT_ENCRYPTKEY parameter is commented out by default after the initial Policy Server installation.
Shows the encrypted encryption key, which secures data sent between the Policy Server and the policy store. You entered this key during the initial Policy Server installation and cannot change it.
Important! Do not modify this encrypted value since any change will break the communication between the Policy Server and policy store when you run an unattended installation.
If you comment out the DEFAULT_ENCRYPTKEY parameter and uncomment ENCRYPTED_ENCRYPTKEY, then the unattended installer uses the encrypted encryption key value from ENCRYPTED_ENCRYPTKEY.
Specifies the Policy Server's FIPS mode of operation.
Values: COMPAT, MIGRATE, or ONLY
Important! Do not modify the value if you are reinstalling the Policy Server.
The Feature Selection section lets you set the following parameters:
Determines if the Policy Server installer configures the OneView Monitor GUI on the selected web server.
Valid values: true and false.
The installer configures the OneView Monitor GUI.
Setting this value to true requires you to configure additional settings under OneView Monitor GUI and Web Servers.
The installer does not configure the OneView Monitor GUI.
Determines if the Policy Server installer configures the Federation Security Services UI with a specified web server.
Valid values: true and false.
The installer configures the component with the specified web server.
Setting this value to true requires you to configure additional settings under Web Servers.
The installer does not configure the component with a web server.
Determines if the Policy Server installer configures CA SiteMinder® SNMP support with the Policy Server.
Valid values: true and false.
The installer configures CA SiteMinder® SNMP support.
Setting this value to true requires you to configure additional settings under SNMP.
The installer does not configure CA SiteMinder® SNMP support.
Determines if the Policy Server installer configures a policy store automatically.
Valid values: true and false.
The installer configures a policy store.
Setting this value to true requires you to configure additional settings under Policy Store.
The installer does not configure a policy store.
If you set the DEFAULT_OVMGUI_CHOICE parameter to true, then set the following:
Specifies the JDK installation location.
(UNIX only) Specifies the name of the ServletExec instance.
Example: se-testmachine-60psGUI
Specifies the ServletExec installation location.
Example: C:\\Program Files\\New Atlanta\\ServletExec ISAPI or /export/NewAtlanta/ServletExecAS
(UNIX only) Specifies the port number of the ServletExec instance.
Example: 7676
If you want to modify the SNMP password, do the following:
Allows you to enter a cleartext SNMP password for the UNIX system’s root user. If you comment out the ENCRYPTED_ROOT_PW parameter and uncomment DEFAULT_ROOT_PW, then the unattended installer uses the cleartext SNMP password from DEFAULT_ROOT_PW.
Default: The DEFAULT_ROOT_PW parameter is commented out after the initial Policy Server installation.
Shows the encrypted SNMP password for the UNIX system’s root user. You entered this password during the initial UNIX Policy Server installation and cannot change it.
Important! Do not modify this encrypted password since any change will break the communication between the Policy Server and the SNMP Agent. If you comment out the DEFAULT_ROOT_PW parameter and uncomment ENCRYPTED_ROOT_PW, then the unattended installer uses the encrypted password from ENCRYPTED_ROOT_PW.
If you set the DEFAULT_POLICYSTORE_CHOICE parameter to true, then set the following parameters:
Specifies the type of store that is to function as the policy store.
Valid values: LDAP and RDB.
Specifies an LDAP policy store.
Specifies an ODBC policy store.
(LDAP) Specifies the IP address or name of the LDAP directory server host system.
Example: 172.16.0.0
(LDAP) Specifies the port on which the LDAP directory server is listening.
Example: 1356.
(LDAP) Specifies the LDAP user name of an administrator who has permission to:
Example: cn=Directory Manager.
(LDAP) Lets you enter a cleartext password for the administrator of the LDAP directory server.
If you comment ENCRYPTED_POLICYSTORE_ADMINPW and uncomment DEFAULT_POLICYSTORE_ADMINPW, then the unattended installer uses the cleartext password from DEFAULT_POLICYSTORE_ADMINPW.
Default: The DEFAULT_POLICYSTORE_ADMINPW parameter is commented out after the initial Policy Server installation.
(LDAP) Represents the encrypted password for the administrator of the LDAP directory server. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to provide the LDAP administrator password for the new policy store. This password cannot be changed.
Important! Do not modify this password. The password is encrypted. If you comment out the DEFAULT_POLICYSTORE_ADMINPW and uncomment ENCRYPTED_POLICYSTORE_ADMINPW, then the installer uses the encrypted password from ENCRYPTED_POLICYSTORE_ADMINPW.
(LDAP) Specifies the root DN of the LDAP directory server.
Example: o=example.com.
(LDAP) The DEFAULT_POLICYSTORE_ADMINDN parameter requires an LDAP administrator user name that has permission to create the schema. By default, the Policy Server uses this account to manage the policy store. An alternate LDAP user account can manage CA SiteMinder® data in the policy store after the policy store is configured. The alternate account must have permission to create, read, modify, and delete objects.
Valid values: true and false.
Specifies that an alternate LDAP user account is to manage the policy store after the policy store is configured.
false
Specifies that the LDAP administrator user account, which the DEFAULT_POLICYSTORE_ADMINDN parameter specifies, is to manage the policy store after the policy store is configured.
(LDAP) Specifies the DN of the alternate LDAP user account.
Example:
uid=SMAdmin,ou=people,o=security.com.
(LDAP) Lets you enter a cleartext password for the alternate LDAP user. If you comment ENCRYPTED_POLICYSTORE_USERPW and uncomment DEFAULT_POLICYSTORE_USERPW, then the unattended installer uses the cleartext password from DEFAULT_POLICYSTORE_USERPW.
Default: The DEFAULT_POLICYSTORE_USERPW parameter is commented out after the initial Policy Server installation.
(LDAP) Represents the encrypted password for the alternate LDAP user. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to set the alternate administrator password for the new policy store. This password cannot be changed.
Important! Do not modify this password. This password is encrypted.
If you comment DEFAULT_POLICYSTORE_USERPW and uncomment ENCRYPTED_POLICYSTORE_USERPW, then the installer uses the encrypted password from ENCRYPTED_POLICYSTORE_USERPW.
(LDAP/RDB) Specifies if the Policy Server installer must initialize the policy store.
Valid values: true and false.
The installer initializes the policy store.
The installer does not initialize the policy store.
(LDAP/RDB) Lets you enter a cleartext password for the CA SiteMinder® superuser account.
If you comment ENCRYPTED_SM_ADMINPW and uncomment DEFAULT_SM_ADMINPW, then the installer uses the cleartext password from DEFAULT_SM_ADMINPW.
Default: The DEFAULT_SM_ADMINPW parameter is commented out after the initial Policy Server installation.
(LDAP/RDB) Represents the encrypted password for the CA SiteMinder® superuser account. This password was entered the last time the Policy Server installer configured the policy store. You can use the existing encrypted value to set the CA SiteMinder® superuser password for the new policy store. This password cannot be changed.
Important! Do not modify this password. This password is encrypted.
If you comment DEFAULT_SM_ADMINPW and uncomment ENCRYPTED_SM_ADMINPW, then the installer uses the encrypted password from ENCRYPTED_SM_ADMINPW.
(RDB) Specifies the name of the DSN that the Policy Server installer creates.
(RDB) Specifies the IP address or name of the database host system.
(RDB) Specifies one of the following values:
(RDB) Specifies the port on which the database is listening.
(RDB) Specifies the name of the database administrator account that has permission to:
Specifies the type of database that is to function as the policy store.
Valid values: DB_MSSQL and DB_ORACLE.
Specifies a SQL Server policy store.
Specifies an Oracle policy store.
(RDB) Lets you enter a cleartext password for the database administrator.
Default: This parameter is commented out after the initial Policy Server installation.
If you comment ENCRYPTED_RDB_PASSWORD and uncomment DEFAULT_RDB_PASSWORD, then the installer uses the cleartext password from DEFAULT_RDB_PASSWORD.
(RDB) Represents the encrypted value of the database administrator password that was entered the last time that the installer configured the policy store.
Default: This parameter is uncommented. The installer uses this value, unless you comment this parameter and uncomment DEFAULT_RDB_PASSWORD.
Specifies if the installer must collocate the CA SiteMinder® key store with the policy store.
Valid values: true and false.
The installer collocates the key store with the policy store.
The installer does not configure a key store. You configure a stand–alone key store after configuring the policy store.
Specifies if the default CA certificates must be imported into the certificate data store.
Valid values: true and false.
Import the default CA certificates.
Do not import the default CA certificates.
The following items apply to Enhanced Session Assurance with DeviceDNA™:
Specifies the master encryption key for the advanced authentication server (which runs on the CA SiteMinder® SPS). Stores the master encryption key in plain-text format.
Specifies the master encryption key for the advanced authentication server (which runs on the CA SiteMinder® SPS). Stores the master encryption key in an encrypted format.
Indicates if Enhanced Session Assurance with DeviceDNA™ is enabled. Do not edit this item.
You run an unattended installation to install the Policy Server without user interaction.
You install the Policy Server using the installation media on the Technical Support site.
Note: For a list of installation media names, see the Policy Server Release Notes.
To run an unattended Policy Server install, run the following command from the directory to which you copied the Policy Server installation executable and the properties file:
installation_media -f ca-ps-installer.properties -i silent
Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.
Specifies the Policy Server installation executable.
Note: If the properties file is not in the same directory as the installation media, specify its location. Use double quotes if the argument contains spaces.
Specifies that the installer run silently.
Example:
installation_media -f "C:\Program Files\CA\siteminder\install_config_info\ca-ps-installer.properties" -i silent
The installation begins. The installer uses the parameters that you specified in the properties file to install the Policy Server.
Follow these steps:
./installation_media -f ca-ps-installer.properties -i silent
Specifies the Policy Server installation executable.
Specifies that the installer run silently.
The installation begins. The installer uses the parameters that you specified in the properties file to install the Policy Server.
Use the following files to troubleshoot the Policy Server installation:
The installation log contains a summary section that lists the number of successes, warnings, non–fatal errors, and errors that occurred during the installation. Individual installation actions are listed with the respective status.
Specifies the Policy Server release.
Location: siteminder_home\siteminder\install_config_info
The policy store log details the policy store status.
Location: siteminder_home\siteminder\install_config_info
The smps.log is created when you start the Policy Server. This log contains the following line if the Policy Server installed successfully:
[Info] Journaling thread started, will delete commands older than 60 minutes.
Location: siteminder_home\siteminder\log
Specifies the Policy Server installation path.
You stop an unattended Policy Server installation to prevent the Policy Server from installing on the specified Windows system.
To stop the installation:
Use the Windows Task Manager to stop the following processes:
ca-ps-12.5-win32.exe ps_install.exe
Press Ctrl+C.
Copyright © 2013 CA.
All rights reserved.
|
|