A silent (non-interactive) installation does not display a user interface or ask any questions. Instead, the system uses information from the identity-governance-install-silent.properties file to complete the installation. The installation files that you download from the Customer Center contain the identity-governance-install-silent.properties file. You must edit the file and add the correct values for your environment in the properties. Ensure that you have met the prerequisites before starting the silent installation. For more information, see Section 6.3, Prerequisites for Identity Governance.
You use the identity-governance-install-silent.properties to install the different combinations of Identity Governance and Identity Reporting. Identity Reporting does not have a separate silent properties file. The different configurations of Identity Governance and Identity Reporting are:
Identity Governance only
Identity Governance and Identity Reporting
Identity Reporting only
Use the following information to populate the identity-governance-install-silent.properties file with values from your environment and how to use the identity-governance-install-silent.properties file to silently install Identity Governance.
Identity Governance reads in the following passwords from environment variables during the silent and guided installation processes. Identity Governance must have access to these passwords to be properly configured and installed. These passwords are for Identity Governance and Identity Reporting.
install_authserver_client_secret: It is the password for the SSO clients used with OSP. This password is also gathered for Access Manager, but is ignored after the Access Manager configuration succeeds.
install_bootstrap_secret: It is the password for the bootstrap administrator. When using Access Manager, the user must exist in an LDAP server connected to the Access Manager IDP.
install_db_admin_secret: It is the password for the database administrator.
install_db_secret: It is the password for igops, igarc, igdcs, igwf, and igara users.
install_db_rpt_secret: It is the password for igrptuser.
install_db_reporting_secret: It is the password for idm_rpt_cfg (used only in Identity Reporting installations).
install_truststore_secret: It is the password for the application trust store.
install_smtp_secret_auth_user: It is the password for the SMTP authentication user (used only in Identity Reporting installations).
install_nam_admin_secret: It is the password for the Access Manager console administrator.
For the silent installation to not require interaction and to receive these passwords you must either set these passwords in the silent properties file or set them as environment variables. If you do not want to set the passwords in a file because of security concerns, it is best to set the passwords as environment variables. For example:
export install_db_reporting_secret=myPassWord
The silent installation process reads the passwords from the environment, rather than from the silent properties file.
The silent properties file for Identity Governance allows you to perform an installation without any interaction. The identity-governance-install-silent.properties file is in the ZIP file that you download from the Customer Center. This file does not contain many values, and you must edit the file to add some values for your environment. The different parameters in the file relate to the questions that you answer during a guided installation or console installation.
You would use the silent installation if you had several instances of Identity Governance to install. We recommend that you install the first instance of Identity Governance using the guided installation or the console installation with the -r parameter and a path were the installer creates a response file for you.
IMPORTANT:You must create an empty file and have it in the location before starting the installation or the installation does not run.
A response file contains the values that you must add to the identity-governance-install-silent.properties file for your environment. You can open the response file and copy the parameters from the response file to identity-governance-install-silent.properties file to simplify the process of creating the identity-governance-install-silent.properties file.
You can also use the Identity Governance Installation Worksheet to add the proper values to the identity-governance-install-silent.properties file. You open the identity-governance-install-silent.properties file in a text editor and then use the information you gathered in the Identity Governance Installation Worksheet to add the correct values for your environment. For more information, see Table 6-1, Identity Governance Installation Worksheet.
To create the identity-governance-install-silent.properties file using the response file:
Download and extract the Identity Governance installation files. For more information, see Section 2.2, Obtaining Identity Governance, Identity Reporting, and OSP.
Ensure that you have completed the Identity Governance Installation Worksheet to have the information required to complete the installation. For more information, see Table 6-1, Identity Governance Installation Worksheet.
Create the response file.
From the directory that contains the installation files, complete one of the following actions:
Linux: Enter the following at a command prompt:
Guided: ./identity-governance-install-linux.bin -r path-to-response-file
Console: ./identity-governance-install-linux.bin -i console -r path-to-response-file
Windows: Enter the following at a command prompt:
Guided: identity-governance-install-win.exe -r path-to-response-file
Console: identity-governance-install-win.exe -i console -r path-to-response-file
NOTE:To execute the file, you might need to use the chmod +x or sh command for Linux to change the permissions on the installer or log in to your Windows server as an administrator.
NOTE:The path-to-response-file is either the name of the response file to be created within the same directory as the installation file, or an existing absolute path, and the name of the response file to be created.
Use the Identity Governance Installation Worksheet to complete the first guided or console installation of Identity Governance to create the response file. For more information, see Table 6-1, Identity Governance Installation Worksheet.
Review the OSP_Install.log file to ensure that no errors occurred.
Linux: /opt/netiq/idm/apps/idgov/logs
Windows: C:\netiq\idm\apps\idgov\logs
Find and open the response file in a text editor.
Find and open the identity-governance-install-silent.properties in a text editor.
Copy the values from the response file to the identity-governance-install-silent.properties file.
NOTE:If you are deploying on Windows, ensure that you escape the backslashes '\' or the silent properties files does not work.
Close the response file and save the identity-governance-install-silent.properties file.
(Conditional) To avoid specifying passwords for the installation in the silent properties file for a silent installation, use the export or set command. For example:
export install_db_reporting_secret=myPassWord
For more information, see Section 6.6.1, Understanding the Passwords that Identity Governance Reads from Environment Variables During the Installation Process.
(Conditional) When installing on a secondary node in a cluster, you can modify the silent properties file using the steps in Section 6.6.3, Creating a Silent Properties File for Installing an Additional Node to Cluster Identity Governance and Identity Reporting.
Proceed to Running a Silent Installation for One SSO Provider to run the silent installation using the osp-install-silent.properties file for the next installation of OSP.
In a clustered environment, you can use the same silent properties file for each node. However, you might choose to run the guided installation or the console installation on the primary node with the -r parameter to create the response file. You can then silently install on the secondary nodes. You can quickly create a silent properties file from the response file that the guided installation or console installation creates. For more information, see Section 6.6.2, Creating a Silent Properties File for Identity Governance and Identity Reporting.
There are additional parameters that you must add to the identity-governance-install-silent.properties file if you are installing secondary nodes in a cluster. Use the following procedure to modify the identity-governance-install-silent.properties file for any secondary nodes in the Identity Governance cluster or the Identity Reporting cluster.
Locate the Identity Governance response file.
Locate the sample identity-governance-install-silent.properties file, by default in the same directory as the installation files for Identity Governance.
Open the files in a text editor.
Copy the parameter values from the response file or installation log to their corresponding parameters in the silent properties file.
The silent properties file should contain all the parameters listed between User Interactions and Summary in the log file. Do not delete INSTALLER_UI=silent or any content after # When to Configure DB?.
Change the values that represent the true/false settings that are appropriate to your environment. In the response file they are represented as 0 or 1 and in the silent properties file they are represented as false and true:
Response file |
Silent.properties file |
---|---|
0 |
false |
1 |
true |
Change the values as specified in the following table:
Response file |
Silent.properties file |
---|---|
|
install_servlet_protocol=http |
|
install_servlet_protocol=https |
|
install_authserver_protocol=http |
|
install_authserver_protocol=https |
(Conditional) If installing only Identity Reporting, change the values as specified in the following table:
Log file |
Silent.properties file |
---|---|
|
install_govern_protocol=http |
|
install_govern_protocol=https |
The default value in the silent properties file uses the values set for the servlet:
install_govern_protocol=$install_servlet_protocol$
install_govern_hostname=$install_servlet_hostname$
install_govern_port=$install_servlet_port$
(Optional) Specify any number of certificate files and corresponding aliases to accept into the trust store (/opt/netiq/idm/apps/tomcat/conf/apps-truststore.pkcs12). For example:
install_cert_1_file=/home/username/Downloads/tomcat_cert install_cert_1_alias=ig-tomcat install_cert_2_file=/home/username/Downloads/audit_cert install_cert_2_alias=ig-audit
NOTE:You can specify the files in any order, and they must exist on the same machine as the Identity Governance installer. The installer will start trusting with 1 and stop with the first missing consecutive number. So if you list files 1, 2, and 4, the installer only trusts certificates 1 and 2.
(Optional) To prevent the installation process from creating or configuring the database, specify no for install_db_configure and leave install_db_create blank.
For example:
# When to Configure DB? # Allowable values: # during - Perform configuration during installation # after - Perform configuration post install, via a generated SQL script # no - Do not perform DB configuration install_db_configure=no # Create DB? # If performing the DB configuration during installation, # should the installer also create the database # or should it use an existing database. # # Allowable values: # true - Create the database. # false - Use an existing database. install_db_create=
The installation process only needs the values for the databases under #Database details.
Save and close the file.
Copy the updated identity-governance-install-silent.properties file to the server that becomes the additional node in the cluster.
Run the silent installation using this updated file. For more information, see Section 6.6.4, Performing the Silent Installation of Identity Governance and Identity Reporting
After you have populated the identity-governance-install-silent.properties file with the correct values for your environment, you must run the Identity Governance installer in the silent installation mode and pass this file to the installer. These steps are the same whether you are only installing Identity Governance, installing Identity Governance and Identity Reporting, or only installing Identity Reporting.
To silently install:
Ensure that you have created the identity-governance-install-silent.properties file for your environment. For more information, see Section 6.6.2, Creating a Silent Properties File for Identity Governance and Identity Reporting.
(Conditional) If this server is an additional node to cluster Identity Governance, ensure that you have properly modified the identity-governance-install-silent.properties file for the additional nodes in a cluster. For more information, see Section 6.6.3, Creating a Silent Properties File for Installing an Additional Node to Cluster Identity Governance and Identity Reporting.
Ensure that this server meets the prerequisites for Identity Governance. For more information, see Section 6.3, Prerequisites for Identity Governance.
Ensure that the Identity Governance installation files are on the server. For more information, see Section 2.2, Obtaining Identity Governance, Identity Reporting, and OSP.
Log in as root on Linux server or an administrator on Windows server where you want to install Identity Governance.
Stop Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
Copy the populated osp-install-silent.properties file to this server.
To run the silent installation, enter the following at a command prompt:
Linux: ./identity-governance-install-linux.bin -i silent -f path_to_silent_properties_file
Windows: cmd /c "identity-governance-install-win.exe -i silent -f path_to_silent_properties_file”
NOTE:If the silent properties file is in a different directory from the installation file, you must specify the full path to the file. The script unpacks the necessary files to a temporary directory and then launches the silent installation.
When the console prompt returns, review the log file to ensure that the installation completed successfully. The silent installation does not display any messages on the console.
The log file is located in the following default directory:
Linux: /opt/netiq/idm/apps/idgov/logs/
Windows: C:\netiq\idm\apps\idgov\logs\
When the installation completes, there are additional configuration steps to perform before you can use Identity Governance and Identity Reporting. For more information, see Section 8.0, Completing the Installation Process.