Perform the initial setup for a server instance.
This tool features both interactive and non-interactive modes for accepting the product license terms and initially configuring a server instance.
setup --licenseKeyFile /path/to/PingAuthorize.lic
setup --licenseKeyFile /path/to/PingAuthorize.lic --no-prompt --acceptLicense \
--location Austin --instanceName "Austin Authorize Server 1" \
--ldapPort 389 --httpsPort 443 --rootUserPasswordFile root-password-file \
--encryptDataWithPassphraseFromFile encryption-key-password-file \
--useJavaKeystore /path/to/keystore \
--keyStorePasswordFile /path/to/keystore.pin \
--useJavaTruststore /path/to/truststore \
--trustStorePasswordFile /path/to/truststore.pin
-V
--version
| Description | Display PingAuthorize Server version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-n
--no-prompt
| Description | Perform an installation in non-interactive mode. When this mode is used, this tool will require additional options. See the examples below |
--acceptLicense
| Description | Indicate that you accept the terms of the product license defined in |
--licenseKeyFile {file}
| Description | The PingAuthorize license key file authorizing use of this product. The license file may be specified by this argument or copied to /home/centos/workspace/Core-Release-Pipeline/build/package/PingAuthorize/PingAuthorize.lic in which case it will be imported automatically |
| Default Value | PingAuthorize.lic |
| Required | No |
| Multi-Valued | No |
-Q
--quiet
| Description | Run setup in quiet mode. Quiet mode will not output progress information to standard output |
-v
--verbose
| Description | Use verbose mode |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
--populateToolPropertiesFile {connect|bind-dn|bind-password}
| Description | Populate the config/tools.properties file with information provided during setup. If provided, the value for this argument must be one of 'connect', 'bind-dn', or 'bind-password'. If the argument is provided with a value of 'connect', then the properties file will be populated with the values that can be used to establish a connection to the local instance, but without a default bind DN or password. If the argument is provided with a value of 'bind-dn', then the properties file will be populated with values needed to connect to the local instance, and the initial root user DN will be set as the default bind DN (but without setting a bind password). If the argument is provided with a value of 'bind-password', then the properties file will be populated with the values needed to connect to the local instance, and the DN and password for the initial root user will be used as the default bind DN and password. If the argument is not provided, then the properties file will not be populated with default values for any properties |
| Required | No |
| Multi-Valued | No |
--script-friendly
| Description | Use script-friendly mode |
-h {host}
--localHostName {host}
| Description | Fully qualified host name or IP address of the local host |
| Required | No |
| Multi-Valued | No |
--listenAddress {host}
| Description | Address of a network interface on which the PingAuthorize Server will listen. If not specified the server listens on all available interfaces |
| Default Value | 0.0.0.0 |
| Required | No |
| Multi-Valued | Yes |
-p {port}
--ldapPort {port}
| Description | Port on which the PingAuthorize Server should listen for LDAP communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
-x {jmxPort}
--jmxPort {jmxPort}
| Description | Port on which the PingAuthorize Server should listen for JMX communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 1689 |
| Required | No |
| Multi-Valued | No |
-S
--skipPortCheck
| Description | Skip the check to determine whether the specified ports are usable |
--skipHostnameCheck
| Description | Skip the check to determine whether the specified hostname is usable |
-D {rootUserDN}
--rootUserDN {rootUserDN}
| Description | DN for the initial root user for the PingAuthorize Server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {rootUserPassword}
--rootUserPassword {rootUserPassword}
| Description | Password for the initial root user for the PingAuthorize Server |
| Required | No |
| Multi-Valued | No |
-j {rootUserPasswordFile}
--rootUserPasswordFile {rootUserPasswordFile}
| Description | Path to a file containing the password for the initial root user for the PingAuthorize Server |
| Required | No |
| Multi-Valued | No |
--allowWeakRootUserPassword
| Description | Skip validation for the root user password, which will allow a weak password to be chosen |
--entryBalancing
| Description | Specify that this Directory Proxy Server will be configured for entry balancing. Specifying this options allow you to include the --maxHeapSize option |
--existingDSTopologyHostName {host}
| Description | Host name of a PingDirectory server instance in the topology to join |
| Default Value | ci-centos7-build-117-231.local |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyPort {port}
| Description | Port of a PingDirectory server instance in the topology to join |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindDN {bindDN}
| Description | DN used to bind to a PingDirectory server instance in the topology to join |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindPassword {bindPassword}
| Description | Password used to bind to a PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindPasswordFile {bindPasswordFile}
| Description | Path to a file containing the password used to bind to a PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyUseStartTLS
| Description | Use StartTLS when communicating with the PingDirectory server |
--existingDSTopologyUseSSL
| Description | Use SSL when communicating with the PingDirectory server |
--existingDSTopologyUseNoSecurity
| Description | Do not secure communication with the PingDirectory server |
--existingDSTopologyTrustAll
| Description | Automatically trust the PingDirectory server and other known server certificates without prompting |
--existingDSTopologyUseJavaTruststore {truststorePath}
| Description | Path to a Java keystore to use for establishing trust when communicating with the PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyUsePkcs12Truststore {truststorePath}
| Description | Path to a PKCS12 keystore to use for establishing trust when communicating with the PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyTrustStorePassword {truststorePassword}
| Description | Truststore password |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyTrustStorePasswordFile {path}
| Description | Truststore password file |
| Required | No |
| Multi-Valued | No |
--jvmTuningParameter {parameter}
| Description | JVM tuning parameters to use for configuring the JVM for this server. Must be one of NONE, AGGRESSIVE, SEMI_AGGRESSIVE. See bin/dsjavaproperties --help for information about these parameters |
| Required | No |
| Multi-Valued | Yes |
--maxHeapSize {memory}
| Description | Explicitly specify the maximum amount of memory to be configured for this system. If omitted the value will be computed based on the presence of either the AGGRESSIVE or SEMI_AGGRESSIVE parameter specified by the --jvmTuningParameter option. Providing a value that is below a tool's minimum heap size requirement will have no effect, i.e. the tool's minimum required heap size will be used instead. The format for this value is the same as the -Xmx JVM option which is a number followed by a unit m or g |
| Required | No |
| Multi-Valued | No |
-O
--doNotStart
| Description | Do not start the server when the configuration is completed |
-q
--enableStartTLS
| Description | Enable StartTLS to allow secure communication with the server using the LDAP port |
-Z {port}
--ldapsPort {port}
| Description | Port on which the PingAuthorize Server should listen for LDAPS communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
--generateSelfSignedCertificate
| Description | Generate a self-signed certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
--certificateChainPEMFile {path}
| Description | The path to a file containing the PEM-formatted representations of one or more X.509 certificates to use in the server's listener certificate chain. The chain should include the listener certificate itself and (for non-self-signed certificates) all issuer certificates. The entire chain may be provided in one file, or with a separate file per certificate. In either case, the listener certificate should be provided first, and every subsequent certificate should be the issuer for the previous certificate in the chain |
| Required | No |
| Multi-Valued | Yes |
--certificatePrivateKeyPEMFile {path}
| Description | The path to a file containing the unencrypted PEM-formatted representation of the PKCS #8 private key for the server's listener certificate |
| Required | No |
| Multi-Valued | No |
--trustedCertificatePEMFile {path}
| Description | The path to a file containing the PEM-formatted representations of one or more X.509 certificates to be imported into the server's certificate trust store. This argument may be provided multiple times to specify multiple PEM files to process, and each PEM file may contain information about one or more certificates |
| Required | No |
| Multi-Valued | Yes |
--usePkcs11Keystore
| Description | Use a certificate in a PKCS11 token that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
--pkcs11ProviderConfigFile {path}
| Description | The path to a file with the configuration that the JVM should use when interacting with the PKCS #11 token |
| Required | No |
| Multi-Valued | No |
--useJavaKeystore {keystorePath}
| Description | Path of a Java Keystore (JKS) containing a certificate to be used as the server certificate |
| Required | No |
| Multi-Valued | No |
--usePkcs12Keystore {keystorePath}
| Description | Path of a PKCS12 keystore containing the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore password. A password is required when you want to use an existing certificate (JKS, PKCS12 or PKCS11) as server certificate |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore password file. A password is required when you want to use an existing certificate (JKS, PKCS12 or PKCS11) as server certificate |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
| Required | No |
| Multi-Valued | No |
--useJavaTruststore {truststorePath}
| Description | Path to a Java keystore to use for establishing trust |
| Required | No |
| Multi-Valued | No |
--usePkcs12Truststore {truststorePath}
| Description | Path to a PKCS12 keystore to use for establishing trust |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Truststore password file |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Truststore password |
| Required | No |
| Multi-Valued | No |
--httpsPort {port}
| Description | Port on which the PingAuthorize Server should listen for HTTPS communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
--encryptDataWithPassphraseFromFile {path}
| Description | Encrypt server data using a key generated from a passphrase in the specified file. This file only needs to be present during installation; the generated key will be stored in the server's encryption settings database. When installing multiple servers, providing the same passphrase to each server will ensure that they all use the same encryption key |
| Required | No |
| Multi-Valued | No |
--encryptDataWithRandomPassphrase
| Description | Encrypt server data using a randomly generated key. Using this option on multiple servers will result in each server having a different key. When installing multiple servers, it is recommended that you either generate the encryption key with a passphrase and use the same passphrase across all servers, or that you use a random passphrase for the first server and then export the resulting encryption settings so that they can be imported into the remaining instances |
--encryptDataWithSettingsImportedFromFile {path}
| Description | Encrypt server data with encryption settings definitions imported from the specified file, which must have been exported from another server's encryption settings database |
| Required | No |
| Multi-Valued | No |
--encryptionSettingsExportPassphraseFile {path}
| Description | The path to a file containing the passphrase needed to access the contents of the encryption settings database export file. If the --encryptDataWithSettingsImportedFromFile argument is present, then this argument must also be provided; otherwise, it must not be given |
| Required | No |
| Multi-Valued | No |
--rejectInsecureRequests
| Description | Configure the server to reject requests received over connections that are not secured with SSL or StartTLS |
--rejectUnauthenticatedRequests
| Description | Configure the server to reject requests received from unauthenticated clients |
--instanceName {name}
| Description | A name for uniquely identifying this PingAuthorize Server among other instances in the environment |
| Required | No |
| Multi-Valued | No |
--location {location}
| Description | The name of the location for this PingAuthorize Server |
| Required | No |
| Multi-Valued | No |
--optionCacheDirectory {path}
| Description | The directory for the option cache. The option cache stores the result of previously tested options. This allows future installs to be faster when a common option cache directory is used |
| Default Value | /home/centos/workspace/Core-Release-Pipeline/build/package/PingAuthorize/logs/option-cache |
| Required | No |
| Multi-Valued | No |
--clusterName {cluster}
| Description | The name of the cluster to which this PingAuthorize Server belongs. Cluster-wide configuration is automatically mirrored across all servers in the topology with the same cluster name. In a DevOps deployment with immutable servers, configuration mirroring introduces risk. Therefore, cluster names should be unique for each server to avoid configuration mirroring |
| Required | No |
| Multi-Valued | No |