6.6 Silently Installing Identity Governance and its Components

A silent (non-interactive) installation does not display a user interface or ask any questions. Instead, the system uses information from the identity-governance-install-silent.properties file to complete the installation. The installation files that you download from the Customer Center contain the identity-governance-install-silent.properties file. You must edit the file and add the correct values for your environment in the properties. Ensure that you have met the prerequisites before starting the silent installation. For more information, see Section 6.3, Prerequisites for Identity Governance.

You can use the identity-governance-install-silent.properties to install the different combinations of Identity Governance, Identity Reporting, and Workflow Engine. Identity Reporting or Workflow Engine does not have a separate silent properties file. The different configurations of Identity Governance with its components are:

  • Identity Governance only

  • Identity Governance and Identity Reporting

  • Identity Reporting only

  • Workflow Engine only

  • Identity Reporting and Workflow Engine

  • Identity Governance and Workflow Engine

  • Identity Governance, Identity Reporting, and Workflow Engine

Use the following information to populate the identity-governance-install-silent.properties file with values from your environment and how to use the identity-governance-install-silent.properties file to silently install your selected features from Identity Governance, Identity Reporting, and Workflow Engine.

6.6.1 Understanding the Passwords that Identity Governance Reads from Environment Variables During the Installation Process

Identity Governance reads in the following passwords from environment variables during the silent and guided installation processes. Identity Governance must have access to these passwords to be properly configured and installed. These passwords are for Identity Governance, Identity Reporting, and Workflow Engine.

  • install_authserver_client_secret: It is the password for the SSO clients used with OSP. This password is also gathered for Access Manager, but is ignored after the Access Manager configuration succeeds.

  • install_bootstrap_secret: It is the password for the bootstrap administrator. When using Access Manager, the user must exist in an LDAP server connected to the Access Manager IDP.

  • install_db_admin_secret: It is the password for the database administrator.

  • install_db_secret: It is the password for igops, igarc, igdcs, igwf, and igara users.

  • install_db_rpt_secret: It is the password for igrptuser.

  • install_db_reporting_secret: It is the password for idm_rpt_cfg (used only in Identity Reporting installations).

  • install_truststore_secret: It is the password for the application trust store.

  • install_smtp_secret_auth_user: It is the password for the SMTP authentication user (used only in Identity Reporting installations).

  • install_nam_admin_secret: It is the password for the Access Manager console administrator.

  • install_db_workflow_secret: It is the password for the Workflow Engine database.

  • install_enc_keystore_secret: It is the password for the encryption key keystore.

For the silent installation to succeed, you must either set these passwords in the silent properties file or set them as environment variables. If you do not want to set the passwords in a file because of security concerns, it is best to set the passwords as environment variables. For example:

export install_db_reporting_secret=myPassWord

The silent installation process reads the passwords from the environment, rather than from the silent properties file.

6.6.2 Creating a Silent Properties File for Identity Governance and its Components

The silent properties file for Identity Governance allows you to perform an installation without any interaction. The identity-governance-install-silent.properties file is in the ZIP file that you download from the Customer Center. This file does not contain many values, and you must edit the file to add some values for your environment. The different parameters in the file relate to the questions that you answer during a guided installation or console installation.

You would use the silent installation if you want to install several instances of Identity Governance. We recommend that you install the first instance of Identity Governance using the guided installation or the console installation with the -r parameter and a path where the installer creates a response file for you.

A response file contains the values that you must add to the identity-governance-install-silent.properties file for your environment. You can open the response file and copy the parameters from the response file to identity-governance-install-silent.properties file to simplify the process of creating the identity-governance-install-silent.properties file.

You can also use the Identity Governance Installation Worksheet to add the proper values to the identity-governance-install-silent.properties file. You open the identity-governance-install-silent.properties file in a text editor and then use the information you gathered in the Identity Governance Installation Worksheet to add the correct values for your environment. For more information, see Table 6-1, Identity Governance Installation Worksheet.

To create the identity-governance-install-silent.properties file using the response file:

  1. Download and extract the Identity Governance installation files. For more information, see Section 2.2, Obtaining Identity Governance, Identity Reporting, Workflow Engine, and OSP.

  2. Ensure that you have completed the Identity Governance Installation Worksheet to have the information required to complete the installation. For more information, see Table 6-1, Identity Governance Installation Worksheet.

  3. Create the response file.

    1. From the directory that contains the installation files, complete one of the following actions:

      • Linux: Enter the following at a command prompt:

        • Guided: ./identity-governance-install-linux.bin -r path-to-response-file

        • Console: ./identity-governance-install-linux.bin -i console -r path-to-response-file

      • Windows: Enter the following at a command prompt:

        • Guided: identity-governance-install-win.exe -r path-to-response-file

        • Console: identity-governance-install-win.exe -i console -r path-to-response-file

      NOTE:To execute the file, you might need to use the chmod +x or sh command for Linux to change the permissions on the installer or log in to your Windows server as an administrator.

      NOTE:The path-to-response-file is either the name of the response file to be created within the same directory as the installation file, or an existing absolute path, and the name of the response file to be created.

    2. Use the Identity Governance Installation Worksheet to complete the first guided or console installation of Identity Governance to create the response file. For more information, see Table 6-1, Identity Governance Installation Worksheet.

    3. Review the Identity_Governance_InstallLog.log file to ensure that no errors occurred.

      • Linux: /opt/netiq/idm/apps/idgov/logs

      • Windows: C:\netiq\idm\apps\idgov\logs

  4. Find and open the response file in a text editor.

  5. Find and open the identity-governance-install-silent.properties in a text editor.

  6. Copy the values from the response file to the identity-governance-install-silent.properties file.

    NOTE:If you are deploying on Windows, ensure that you escape the backslashes '\' or the silent properties file does not work.

  7. Close the response file and save the identity-governance-install-silent.properties file.

  8. (Conditional) To avoid specifying passwords for the installation in the silent properties file for a silent installation, use the export or set command. For example:

    export install_db_reporting_secret=myPassWord

    For more information, see Section 6.6.1, Understanding the Passwords that Identity Governance Reads from Environment Variables During the Installation Process.

  9. (Conditional) When installing on a secondary node in a cluster, you can modify the silent properties file using the steps in Section 6.6.3, Creating a Silent Properties File for Installing an Additional Node to Cluster Identity Governance and its Components.

  10. Proceed to Running a Silent Installation for One SSO Provider to run the silent installation using the osp-install-silent.properties file for the next installation of OSP.

6.6.3 Creating a Silent Properties File for Installing an Additional Node to Cluster Identity Governance and its Components

In a clustered environment, you can use the same silent properties file for each node. However, you might choose to run the guided installation or the console installation on the primary node with the -r parameter to create the response file. You can then silently install on the secondary nodes. You can quickly create a silent properties file from the response file that the guided installation or console installation creates. For more information, see Section 6.6.2, Creating a Silent Properties File for Identity Governance and its Components.

There are additional parameters that you must add to the identity-governance-install-silent.properties file if you are installing secondary nodes in a cluster. Use the following procedure to modify the identity-governance-install-silent.properties file for any secondary nodes in the Identity Governance, Identity Reporting, or Workflow Engine clusters.

  1. Locate the Identity Governance response file.

  2. Locate the sample identity-governance-install-silent.properties file, by default in the same directory as the installation files for Identity Governance.

  3. Open the files in a text editor.

  4. Copy the parameter values from the response file or installation log to their corresponding parameters in the silent properties file.

    The silent properties file should contain all the parameters listed between User Interactions and Summary in the log file. Do not delete INSTALLER_UI=silent or any content after # When to Configure DB?.

  5. Change the values that represent the true/false settings that are appropriate to your environment. In the response file, they are represented as 0 or 1 and in the silent properties file they are represented as false and true:

    Response file

    Silent.properties file

    0

    false

    1

    true

  6. Change the values as specified in the following table:

    Response file

    Silent.properties file

    • install_servlet_protocol_http=1
    • install_servlet_protocol_https=0

    install_servlet_protocol=http

    • install_servlet_protocol_http=0
    • install_servlet_protocol_https=1

    install_servlet_protocol=https

    • install_authserver_protocol_http=1
    • install_authserver_protocol_https=0

    install_authserver_protocol=http

    • install_authserver_protocol_http=0
    • install_authserver_protocol_https=1

    install_authserver_protocol=https

  7. (Conditional) If you are not installing Identity Governance, change the values as specified in the following table:

    Log file

    Silent.properties file

    • install_govern_protocol_http=1
    • install_govern_protocol_https=0

    install_govern_protocol=http

    • install_govern_protocol_http=0
    • install_govern_protocol_https=1

    install_govern_protocol=https

    The default value in the silent properties file uses the values set for the servlet:

    • install_govern_protocol=$install_servlet_protocol$

    • install_govern_hostname=$install_servlet_hostname$

    • install_govern_port=$install_servlet_port$

  8. (Optional) Specify any number of certificate files and corresponding aliases to accept into the trust store (/opt/netiq/idm/apps/tomcat/conf/apps-truststore.pkcs12). For example:

    install_cert_1_file=/home/username/Downloads/tomcat_cert
    install_cert_1_alias=ig-tomcat
    install_cert_2_file=/home/username/Downloads/audit_cert
    install_cert_2_alias=ig-audit

    NOTE:You can specify the files in any order, and they must exist on the same machine as the Identity Governance installer. The installer will start trusting with 1 and stop with the first missing consecutive number. So if you list files 1, 2, and 4, the installer only trusts certificates 1 and 2.

  9. (Optional) To prevent the installation process from creating or configuring the database, specify no for install_db_configure and leave install_db_create blank.

    For example:

    # When to Configure DB?
    # Allowable values:
    #   during - Perform configuration during installation
    #   after  - Perform configuration post install, via a generated SQL script
    #   no     - Do not perform DB configuration
    install_db_configure=no
    
    # Create DB?
    # If performing the DB configuration during installation,
    # should the installer also create the database
    # or should it use an existing database.
    #
    # Allowable values:
    #    true  - Create the database.
    #    false - Use an existing database.
    install_db_create=

    The installation process only needs the values for the databases under #Database details.

  10. Save and close the file.

  11. Copy the encrypt-keys.pkcs12 from the primary server to the server that becomes a new node in the cluster.

  12. Copy the updated identity-governance-install-silent.properties file from the primary server to the new node.

  13. Open the identity-governance-install-silent.properties file, then change the encryption keystore related properties to use the same encryption keystore file on the new node. Specifically set:

    install_enc_create_file=false
    install_enc_source_file=PATH 

    where PATH is the location the copied encrypt-keys.pkcs12 file.

  14. Save your changes.

  15. Run the silent installation using this updated file. For more information, see Section 6.6.4, Performing the Silent Installation of Identity Governance and its Components

6.6.4 Performing the Silent Installation of Identity Governance and its Components

After you have populated the identity-governance-install-silent.properties file with the correct values for your environment, you must run the Identity Governance installer in the silent installation mode and pass this file to the installer. These steps are the same whether you are only installing Identity Governance, installing Identity Governance and Identity Reporting, or only installing Identity Reporting or Workflow Engine.

To perform a silent installation:

  1. Ensure that you have created the identity-governance-install-silent.properties file for your environment. For more information, see Section 6.6.2, Creating a Silent Properties File for Identity Governance and its Components.

  2. (Conditional) If this server is an additional node to cluster Identity Governance, ensure that you have properly modified the identity-governance-install-silent.properties file for the additional nodes in a cluster. For more information, see Section 6.6.3, Creating a Silent Properties File for Installing an Additional Node to Cluster Identity Governance and its Components.

  3. Ensure that this server meets the prerequisites for the feature or features you are installing, such as, Identity Governance, Identity Reporting, or Workflow Engine.

  4. Ensure that the Identity Governance installation files are on the server. For more information, see Section 2.2, Obtaining Identity Governance, Identity Reporting, Workflow Engine, and OSP.

  5. Log in as root on the Linux server or an administrator on the Windows server where you want to install Identity Governance.

  6. Stop Apache Tomcat. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.

  7. Copy the populated identity-governance-install-silent.properties file to this server.

  8. To run the silent installation, enter the following at a command prompt:

    • Linux: ./identity-governance-install-linux.bin -i silent -f path_to_silent_properties_file

    • Windows: cmd /c "identity-governance-install-win.exe -i silent -f path_to_silent_properties_file

    NOTE:If the silent properties file is in a different directory from the installation file, you must specify the full path to the file. The script unpacks the necessary files to a temporary directory and then launches the silent installation.

  9. When the console prompt returns, review the log file to ensure that the installation completed successfully. The silent installation does not display any messages on the console.

    The log file is located in the following default directory:

    • Linux: /opt/netiq/idm/apps/idgov/logs/

    • Windows: C:\netiq\idm\apps\idgov\logs\

When the installation completes, there are additional configuration steps to perform before you can use Identity Governance and Identity Reporting. For more information, see Section 9.0, Completing the Installation Process.