Perform the initial setup for a server instance.
This tool features both interactive and non-interactive modes for accepting the product license terms and initially configuring a server instance.
setup --licenseKeyFile /path/to/PingDataGovernance.lic
setup --licenseKeyFile /path/to/PingDataGovernance.lic --no-prompt \
--acceptLicense --location Austin --instanceName "Austin Governance 1" \
--ldapPort 389 --httpsPort 443 --rootUserPasswordFile root-password-file \
--encryptDataWithPassphraseFromFile encryption-key-password-file \
--useJavaKeystore /path/to/keystore \
--keyStorePasswordFile /path/to/keystore.pin \
--useJavaTruststore /path/to/truststore \
--trustStorePasswordFile /path/to/truststore.pin
-V
--version
| Description | Display Data Governance Server version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-n
--no-prompt
| Description | Perform an installation in non-interactive mode. When this mode is used, this tool will require additional options. See the examples below |
--acceptLicense
| Description | Indicate that you accept the terms of the product license defined in |
--licenseKeyFile {file}
| Description | The PingDataGovernance with Symphonic license key file authorizing use of this product. The license file may be specified by this argument or copied to /home/centos/workspace/Core-Release-Pipeline/build/package/PingDataGovernance/PingDataGovernance.lic in which case it will be imported automatically |
| Default Value | PingDataGovernance.lic |
| Required | No |
| Multi-Valued | No |
-Q
--quiet
| Description | Run setup in quiet mode. Quiet mode will not output progress information to standard output |
-v
--verbose
| Description | Use verbose mode |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
| Description | Use script-friendly mode |
-h {host}
--localHostName {host}
| Description | Fully qualified host name or IP address of the local host |
| Required | No |
| Multi-Valued | No |
--listenAddress {host}
| Description | Address of a network interface on which the Data Governance Server will listen. If not specified the server listens on all available interfaces |
| Default Value | 0.0.0.0 |
| Required | No |
| Multi-Valued | Yes |
-p {port}
--ldapPort {port}
| Description | Port on which the Data Governance Server should listen for LDAP communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
-x {jmxPort}
--jmxPort {jmxPort}
| Description | Port on which the Data Governance Server should listen for JMX communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 1689 |
| Required | No |
| Multi-Valued | No |
-S
--skipPortCheck
| Description | Skip the check to determine whether the specified ports are usable |
--skipHostnameCheck
| Description | Skip the check to determine whether the specified hostname is usable |
-D {rootUserDN}
--rootUserDN {rootUserDN}
| Description | DN for the initial root user for the Data Governance Server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {rootUserPassword}
--rootUserPassword {rootUserPassword}
| Description | Password for the initial root user for the Data Governance Server |
| Required | No |
| Multi-Valued | No |
-j {rootUserPasswordFile}
--rootUserPasswordFile {rootUserPasswordFile}
| Description | Path to a file containing the password for the initial root user for the Data Governance Server |
| Required | No |
| Multi-Valued | No |
--allowWeakRootUserPassword
| Description | Skip validation for the root user password, which will allow a weak password to be chosen |
--entryBalancing
| Description | Specify that this Directory Proxy Server will be configured for entry balancing. Specifying this options allow you to include the --maxHeapSize option |
--existingDSTopologyHostName {host}
| Description | Host name of a PingDirectory server instance in the topology to join |
| Default Value | ci-centos7-build-121-124.local |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyPort {port}
| Description | Port of a PingDirectory server instance in the topology to join |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindDN {bindDN}
| Description | DN used to bind to a PingDirectory server instance in the topology to join |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindPassword {bindPassword}
| Description | Password used to bind to a PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyBindPasswordFile {bindPasswordFile}
| Description | Path to a file containing the password used to bind to a PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyUseStartTLS
| Description | Use StartTLS when communicating with the PingDirectory server |
--existingDSTopologyUseSSL
| Description | Use SSL when communicating with the PingDirectory server |
--existingDSTopologyUseNoSecurity
| Description | Do not secure communication with the PingDirectory server |
--existingDSTopologyTrustAll
| Description | Automatically trust the PingDirectory server and other known server certificates without prompting |
--existingDSTopologyUseJavaTruststore {truststorePath}
| Description | Path to a Java keystore to use for establishing trust when communicating with the PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyUsePkcs12Truststore {truststorePath}
| Description | Path to a PKCS12 keystore to use for establishing trust when communicating with the PingDirectory server instance in the topology to join |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyTrustStorePassword {truststorePassword}
| Description | Truststore password |
| Required | No |
| Multi-Valued | No |
--existingDSTopologyTrustStorePasswordFile {path}
| Description | Truststore password file |
| Required | No |
| Multi-Valued | No |
--jvmTuningParameter {parameter}
| Description | JVM tuning parameters to use for configuring the JVM for this server. Must be one of NONE, AGGRESSIVE, SEMI_AGGRESSIVE. See bin/dsjavaproperties --help for information about these parameters |
| Required | No |
| Multi-Valued | Yes |
--maxHeapSize {memory}
| Description | Explicitly specify the maximum amount of memory to be configured for this system. If omitted the value will be computed based on the presence of either the AGGRESSIVE or SEMI_AGGRESSIVE parameter specified by the --jvmTuningParameter option. Providing a value that is below a tool's minimum heap size requirement will have no effect, i.e. the tool's minimum required heap size will be used instead. The format for this value is the same as the -Xmx JVM option which is a number followed by a unit m or g |
| Required | No |
| Multi-Valued | No |
-O
--doNotStart
| Description | Do not start the server when the configuration is completed |
-q
--enableStartTLS
| Description | Enable StartTLS to allow secure communication with the server using the LDAP port |
-Z {port}
--ldapsPort {port}
| Description | Port on which the Data Governance Server should listen for LDAPS communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
--generateSelfSignedCertificate
| Description | Generate a self-signed certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
--usePkcs11Keystore
| Description | Use a certificate in a PKCS11 token that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
--useJavaKeystore {keystorePath}
| Description | Path of a Java Keystore (JKS) containing a certificate to be used as the server certificate |
| Required | No |
| Multi-Valued | No |
--usePkcs12Keystore {keystorePath}
| Description | Path of a PKCS12 keystore containing the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore password. A password is required when you want to use an existing certificate (JKS, PKCS12 or PKCS11) as server certificate |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore password file. A password is required when you want to use an existing certificate (JKS, PKCS12 or PKCS11) as server certificate |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation |
| Required | No |
| Multi-Valued | No |
--useJavaTruststore {truststorePath}
| Description | Path to a Java keystore to use for establishing trust |
| Required | No |
| Multi-Valued | No |
--usePkcs12Truststore {truststorePath}
| Description | Path to a PKCS12 keystore to use for establishing trust |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Truststore password file |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Truststore password |
| Required | No |
| Multi-Valued | No |
--httpsPort {port}
| Description | Port on which the Data Governance Server should listen for HTTPS communication |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Required | No |
| Multi-Valued | No |
--encryptDataWithPassphraseFromFile {path}
| Description | Encrypt server data using a key generated from a passphrase in the specified file. This file only needs to be present during installation; the generated key will be stored in the server's encryption settings database. When installing multiple servers, providing the same passphrase to each server will ensure that they all use the same encryption key |
| Required | No |
| Multi-Valued | No |
--encryptDataWithRandomPassphrase
| Description | Encrypt server data using a randomly generated key. Using this option on multiple servers will result in each server having a different key. When installing multiple servers, it is recommended that you either generate the encryption key with a passphrase and use the same passphrase across all servers, or that you use a random passphrase for the first server and then export the resulting encryption settings so that they can be imported into the remaining instances |
--encryptDataWithSettingsImportedFromFile {path}
| Description | Encrypt server data with encryption settings definitions imported from the specified file, which must have been exported from another server's encryption settings database |
| Required | No |
| Multi-Valued | No |
--encryptionSettingsExportPassphraseFile {path}
| Description | The path to a file containing the passphrase needed to access the contents of the encryption settings database export file. If the --encryptDataWithSettingsImportedFromFile argument is present, then this argument must also be provided; otherwise, it must not be given |
| Required | No |
| Multi-Valued | No |
--instanceName {name}
| Description | A name for uniquely identifying this Data Governance Server among other instances in the environment |
| Required | No |
| Multi-Valued | No |
--location {location}
| Description | The name of the location for this Data Governance Server |
| Required | No |
| Multi-Valued | No |
--clusterName {cluster}
| Description | The name of the cluster to which this Data Governance Server belongs. Cluster-wide configuration is automatically mirrored across all servers in the topology with the same cluster name. In a DevOps deployment with immutable servers, configuration mirroring introduces risk. Therefore, cluster names should be unique for each server to avoid configuration mirroring |
| Required | No |
| Multi-Valued | No |