Adding Features and Controlling eDirectory Automated Installations
Novell Cool Solutions: AppNote
By Selva Muthu Kumaran T
Digg This -
Posted: 3 Jan 2006
Using Response Files
Sections and Keys
Adding Features to the Automated Installation
eDirectory Server Details
Adding NMAS Methods
Controlling Automated Installation
Stopping SNMP Services
Primary / Secondary Server Installation
Pre-Configured Unattended Installation
Silent Installation Parameters
Status and Image Display
Standalone Unattended Installation of eDirectory
In large corporate or academic establishments, manually managing IT and network resources is impractical. Particularly, administrators who personally track servers for updates, installations, and periodic tasks find it very tedious and tiresome.
Almost all products today come with the option to automate the product installations. By automation we mean an installation that does not prompt the user for input. This helps administrators automate product deployment, without manual interactions. The user inputs required to install the product are configured into the Installation components before the Installation is started. In simple terms, the installer reads the input from a text file, rather than from input by the user. After this text file is created with the needed values, the installer runs unattended.
eDirectory is an infrastructure component being used in many of the Novell products. Because most products provide support for unattended installations, it is essential that eDirectory should be able to install unattended, so the embedding products can leverage this feature. eDirectory supports automated Installations by the use of predefined text files that facilitate an unattended installation. With a minimal pre-installation effort of editing the text file, you can silently install and/or upgrade eDirectory.
With the advent of eDirectory 8.8 SP1, Novell includes options to automate eDirectory installation and upgrade. This feature is available for eDirectory installations on NetWare and Windows platforms. The unattended Installation of eDirectory on NetWare is discussed in the eDirectory 8.8 Installation Guide, under the section "Unattended Upgrade to eDirectory 8.8 SP1 on NetWare", in the Novell documentation.
There is also a very useful AppNote on how to leverage the unattended installation feature of eDirectory and ZENworks 7 Server Management, to install or upgrade eDirectory remotely on multiple servers without human intervention. Using this methodology with ZENworks 7 Server Management with Policy and Distribution Services, you can use Novell templates for sending patches out, tailor them to suit a particular environment, or even write and compile your own patches to Install and upgrade eDirectory remotely. The AppNote available on Cool Solutions as Automating the Installation or Upgrade of eDirectory 8.8 SP1.
The unattended Installation of of eDirectory in NetWare and Windows can be performed standalone or by using ZENworks to leverage the feature for distributed environments. There is a section below that discusses simple methods to perform standalone unattended Installation in NetWare and Windows. This AppNote discusses various features that could be added to the unattended Installation, such as additional NMAS methods, stopping and starting SNMP services, etc. There are also various ways to control the installation sequence, such as Install location, no display of splash screens, port configurations, etc.
The attached sample response file contains all the configuration parameters, with appropriate descriptions and default values configured for most of them. These can be used to perform unattended Installation of eDirectory in your environment.
Installing/Upgrading to eDirectory 8.8 SP1 on Windows Operating System can be made unattended and more flexible when you use a response file. Using a response file provides these advantages:
- Complete unattended Installation with all required user inputs
- Default configuration of components
- Bypassing all sections of the installation prompts
A response file is a text file containing sections and keys (similar to a Windows .INI file). You can create/edit a response file using any ASCII editor. If you use a response file, the eDirectory upgrade reads the installation parameters directly from the response file, replacing the default installation values with response file. The installation program accepts the values from the response file as they appear and continues through the following installation screens without prompts.
Using a response file for Installation eDirectory 8.8 SP1 can be very useful for customers and vendors.
For the eDirectory 8.8 SP1 installation scenario, you need to change sections that specifically require information about the new tree, including tree name, admin context, admin credentials, installation locations, etc., for eDirectory. For a full list of response file sections and keys, please refer the sample response.ni in the Windows Installation.
Please use the provided response.ni available in the Windows Installation; there are other parameters that are essential and set by default in this file, and they are not explained in this document.
When editing the response.ni file, please make sure there are no blank spaces between the key and the values along with the equals sign ("=") in each key-value pair.
Most details for configuring the eDirectory Installer are initialized to default internally in the manual Installation. But during unattended installation, each configuration parameter must be explicitly configured. This section discusses the basic settings essential to be configured, irrespective of any sequence of installation or additional features.
Regardless of whether it is an upgrade or a primary/secondary server Installation, the details of the server being installed/upgraded must be provided to the Installer. Most of this information is configured in two tags: [NWI:NDS] and [Initialization].
- Upgrade Mode: This key applies only to a server upgrade. Though not essential, set this parameter to 'false' for fresh installations. For upgrade, you can either set it to 'true' or 'copy'.
- Tree Name: For primary server Installation, this is the name of the Tree that needs to installed; for secondary server installation, this is the Tree to which this server has to be added.
- Server Name: This is the name of the server that is being installed.
- Server Container: Any server added to a tree will have a server object containing all the configuration details specific to the server. This parameter is the container object in the tree to which the server object will be added. For primary server installations, this container will be created with the server object.
- Server Context: This is the complete DN of the server object (server name), along with the container object. For example, if the server being installed is 'EDIR-TEST-SERVER', the value for this parameter will be "EDIR-TEST-SERVER.Novell" if the Server container is 'Novell'.
- Admin Login Name: This is the name (RDN) of the Administrator object in the tree that has full rights at least to the context to which this server is added. All operations in the tree will be performed as this user.
- Admin Context: Any user added to a tree will have a user object that contains all the user-specific details. This parameter is the container object in the tree to which the Administrator object will be added. For primary server installations, this container will be created with the server object.
- Admin password: This is the password for the Administrator object created in the previous parameters. This password will be configured to the Administrator object during primary server Installations. For secondary server Installations, this needs to be the password of the Administrator object in the primary server that has rights to the context to which the new server is added.
- NDS Location: This is the eDirectory Install location in the local system where the libraries and binaries are copied. By default, eDirectory is installed into C:\Novell\NDS unless it is changed in the response file.
- DataDir: Until eDirectory version 8.8, the DIB was installed strictly inside the NDS location as a subfolder. Later, the Administrators were given the option to provide a different DIB location, since the data stored in the DIB might be large and unable to fit into the NDS location. Currently, by default the DIB is installed in the 'DIBFiles' sub folder inside the NDS Location. But Administrators can change this parameter, providing the modified location.
Here is a sample of text in the response file for all the basic parameters described above:
[NWI:NDS] Upgrade Mode=copy Tree Name=SLP-TEST Server Name=NDS-LDAP-P2-NDS Server Container=Novell Server Context=NDS-LDAP-P2-NDS.Novell Admin Context=Novell Admin Login Name=Admin Admin Password=novell NDS Location=E:\Novell\NDS DataDir=E:\Novell\NDS\DIBFiles
- Installation Location: This is the same as the NDS Location configured in the previous section. This key is referred by the Installer while copying files to the Install location, while the former is used by the components to refer to the base eDirectory Installation while they are configured. The default value is C:\Novell\NDS, if not specified in the response file.
- System Location: The eDirectory Installer requires access to the system folder for copying .DLLs and to access system-specific files during installation. This parameter must be configured with the path to the system folder of the machine where the server is installed.
eDirectory supports installation of multiple NMAS methods, both during install and upgrade. During manual installations, you can list the NMAS methods to install via chexboxes. Selecting the required NMAS methods will install and configure the appropriate methods. This can also be achieved in automated Installations.
The NMAS-related configuration settings are provided inside the [NWI:NMAS] tag. The tag has two keys to be configured: both are mandatory.
- Choices: This key informs the eDirectory Installation component on the number of NMAS methods that are needed to be installed.
- Methods: This key lists the NMAS method options that are needed to be installed. Currently, there are 12 supported NMAS methods. The method names and their types are as follows:
|Method name||Method type|
|X509 Advanced Certificate||NMAS Advanced X.509 authentication Method|
|CertMutual||Certificate Mutual Login Method|
|Challenge Response||Novell's Challenge Response NMAS Method|
|DIGEST-MD5||Digest MD5 Login Method|
|EnhancedPassword||Enhanced password login NMAS Method|
|Entrust||Entrust Certificate Login Method|
|GSSAPI||SASL GSSAPI mechanism for eDirectory. Authentication to eDirectory through LDAP using a kerberos ticker|
|NDS||NDS Login Method (Default)|
|Change Password||NDS Change password post-login Method|
|Simple Password||Simple password NMAS login Method|
|Universal Smart Card||NMAS universal smart card X.509 Authentication method|
|X509 Certificate||Novell's X.509 Certificate Server certificate|
Table 1: NMAS Methods
1. The Method names should exactly match those listed in the above table, as options to the Methods key. The Installer matches the exact string (with case) for choosing the NMAS methods to install.
2. The NDS NMAS method is mandatory and will be installed automatically if no NMAS methods list is provided. But if you are creating an explicit list, do not remove this method from the list. If the NMAS methods are configured using this methodology in the response file, eDirectory shows the following status while installing, without prompting for user input:
Figure 1 - NMAS Login Method Creation
Here is a sample text in the response file for choosing all the NMAS methods:
[NWI:NMAS] Choices=12 Methods=X509 Advanced Certificate,CertMutual,Challenge Response,DIGEST-MD5,Enhanced Password,Entrust,GSSAPI,NDS,NDS Change Password,Simple Password,Universal Smart Card,X509 Certificate
eDirectory listens on pre-configured HTTP ports for access through the Web. For example, tools like iManager and iMonitor access eDirectory through Web interfaces. They need to specify the corresponding ports as configured, in order to access the appropriate applications. There are two keys that can be set prior to installation, to configure eDirectory on specific ports:
- Clear Text HTTP Port: <port number> Takes the port number for the HTTP operations in clear text
- SSL HTTP Port: <port number> HTTP port number for operations on secure socket layer
Here is some sample text in the response file for configuring HTTP port numbers:
[eDir:HTTP] Clear Text HTTP Port=8028 SSL HTTP Port=8030
- LDAP TLS Port: The port in which eDirectory should listen for LDAP requests in clear text
- LDAP SSL Port: The port in which eDirectory should listen for LDAP requests in SSL. You can also configure whether eDirectory should mandate secure connections when bind requests send the password in clear text using a key.
- Require TLS: Whether eDirectory should mandate TLS when receiving LDAP requests in clear text.
Figure 2 - LDAP Configuration
Here is some sample text in the response file for LDAP configuration:
[NWI:NDS] Require TLS=No LDAP TLS Port=389 LDAP SSL Port=636
eDirectory Installer language settings can be categorized into two sections: one configures the locale, and the other sets the display language during installation.
There are currently three locale options that can be set during installation: English, French and Japanese. Each has a specific key in the [Novell:Languages:1.0.0] tag that can be set to true/false prior to the start of installation.
- LangID4: is for English. Setting this to true configures the English locale during installation.
- LangID6: is for French. Setting this to true configures the French locale during installation.
- LangID9: is for Japanese. Setting this to true configures the Japanese locale during installation.
These options are mutually exclusive, which is easily enforced in manual installation via radio buttons. In unattended installations, you need to make sure only one of them is set to 'true'.
Here is some sample text in the response file for configuring English locale:
[Novell:Languages:1.0.0] LangID4=true LangID6=false LangID9=false
Status messages about the configuration of each component are displayed in message boxes throughout the installation. By default these messages are in English. You can also change the display language during installation by using the DisplayLangauge key in the [Initialization] tag.
- DisplayLanguage: This key is in the [Initialization] section and takes parameters to configure languages.
Here is some sample text in the response file for configuring English as the display language:
This feature is specific to an eDirectory installation on Windows. Most Windows servers have SNMP configured and running. When eDirectory installs, the SNMP services need to be brought down and restarted after the installation. With manual installations, the Installer prompts the user on-screen to stop the SNMP services before continuing the installation. This prompt can be avoided during automation by setting the key in the [NWI:SNMP] tag:
- Stop service: This key takes a value 'yes', which when set stops the SNMP services without prompting. The status of which is displayed on screen as below:
Figure 3 - SNMP Service shutdown
Here is some sample text in the response file for stopping SNMP services:
[NWI:SNMP] Stop service=yes
eDirectory uses SLP services to identify other servers or trees in the subnet. This is used for services discovery during installation or upgrade. If SLP services are already installed on your server, and you want to replace this with the version that ships with the current version of eDirectory (or use your own SLP services), you can set appropriate keys to un-install and/or remove the existing SLP services in the [NWI:SLP] tag.
Here is some sample text in the response file for un-installing and removing SLP services:
[EDIR:SLP] Need to uninstall service=true Need to remove files=true
Partitions are logical divisions of the Novell eDirectory database that form a distinct unit of data in the eDirectory tree for administrators to store and replicate eDirectory information. Each partition consists of a container object, all objects contained in it, and the information about those objects. Partitions do not include any information about the file system or the directories and files contained there.
Instead of storing a copy of the entire eDirectory database on each server, you can make a copy of the eDirectory partition and store it on many servers across the network. Each copy of the partition is known as a replica. You can create any number of replicas for each eDirectory partition and store them on any server.
eDirectory Installer provides options to install a primary or a secondary server, unattended, into a network. There are three keys under two tags - [NWI:NDS] and [Novell:ExistingTree:1.0.0] - that help the Installer decide whether it is a primary or a secondary server Installation.
- New Tree: This key comes in [NWI:NDS] tag and takes a 'yes' or a 'no' which informs the installer that it is a new tree installation or a secondary server Installation respectively. ExistingTreeYes: This key is in the [Novell:ExistingTree:1.0.0] tag and takes true/false. Set this to 'false' for a new tree/primary server Installation and 'true' for adding a secondary server into an existing tree.
- ExistingTreeNo: This key also is in the [Novell:ExistingTree:1.0.0] tag and takes true/false. Though this seems to be redundant to the previous key, the Installer refers to these different keys and hence requires both configured properly. Set this to 'true' for a new tree/primary server Installation and 'false' for adding a secondary server into an existing tree.
So as a rule of thumb, for a New tree/ primary server Installation the key's combination should be:
[NWI:NDS] New Tree=Yes [Novell:ExistingTree:1.0.0] ExistingTreeYes=false ExistingTreeNo=true
and for a secondary server installation into an existing tree:
[NWI:NDS] New Tree=No[Novell:ExistingTree:1.0.0] ExistingTreeYes=true ExistingTreeNo=false
All user-specific configuration details can be edited in the response file. However, there are certain parameters that should not be changed. These are file copy and component information specific to the eDirectory components to be installed. Make sure these parameters in the response file are not modified - they should be unchanged from the eDirectory release.
"Install as Service" Tag
[NWI:NDS] Install as Service=YeseDirectory runs as a service in Windows. It is mandatory that this parameter is always set to 'yes' so make sure eDirectory is installed as a service
"Selected Nodes" Tag[Selected Nodes] This tag lists the components that are installed in eDirectory along with reference to information in profile database which contains more information about the component which include, source location, destination copy location, component version, etc. These details in the profile database are compiled into a .db file which is delivered in the eDirectory release. [Novell:NOVELL_ROOT:1.0.0]
"File Copy" Tag
This tag contains keys for display settings which are handled in the next section and the file copy profile information:
overWriteNewerFile=false overWriteNewerFilePrompt=true copyToRemoteDestination=true
These options specify the response from the eDirectory Installer in scenarios such as file write conflicts, file copying decisions, etc.
All parameters discussed in this AppNote are configuration details for eDirectory to be installed as required. This section describes parameters that need to be set for the Installer to run unattended. The values for these parameters should be configured as defined if an unattended Installation is intended.
The [NWI:NDS] section describes the eDirectory specific configuration details such as tree name, server name, etc. If the Installer should not prompt for values for these parameters, then this parameter should be set to 'false'.
[Selected Nodes] Prompt=false
If the Installer should not prompt for the destination copy location, version details, etc., for all components configured with eDirectory, the above parameter should be set to 'false' in the [Selected Nodes] tag.
If the Installer should not prompt for yes/no type questions, or for other decisions with parameters in this section, the above parameter should be set to 'false' in the [Selected Nodes] tag.
If the Installer should not prompt for deciding whether is it a new tree installation, or for adding a secondary server to an existing tree, the above parameter should be set to 'false' in the [Selected Nodes] tag.
[Initialization] InstallationMode=silent SummaryPrompt=false prompt=false
These are the most important parameters - the InstallationMode key must always be explicitly set to 'silent' for unattended installations.
During installation there are various images and status information displayed on the screen. Most images will contain information on what version of eDirectory is installed, what components are installed, a welcome screen, license files, customization options, etc. This also includes the status message that displays the component currently being installed, percentage complete, etc. Note that some applications that intend to embed eDirectory might not want eDirectory displaying these images on the screen.
All image and status display details are configured in the [Novell:NOVELL_ROOT:1.0.0] tag, including configuration information for the welcome screen, close screen, summary screen, license agreement screen, language screen, custom choices screen, wizard screen, welcome screen text, etc. There are corresponding on/off switch parameters for each of these configurations. For example:
welcomeScreen parameter is controlled by showWelcomeScreen=true/false summaryScreen parameter is controlled by allowSummary=true/false licenseAgreementScreen parameter is controlled by allowLicenseAgreement=true
Similarly, there are control parameters for the read-me, close screen, etc. If the copy percentage shouldn't be displayed, you can use "allowStatusBar=false". If the final screen reporting successful installation is not required, you can set the following parameter to false:
Most of the details are pre-configured in the response file that ships with eDirectory. If you need modifications, you would change the respective parameters in this tag.
Launching the eDirectory Installer in Windows is very easy. The install.exe delivered in the eDirectory release should be invoked in the command like using a few additional parameters. Assuming the response.ni file is available in C:\, the eDirectory installation is performed by:
C:\eDirectory\nt\I386\NDSonNT\install.exe /silent /template=C:\response.ni
This will perform the unattended installation of the eDirectory in the Windows Server.
The eDirectory installer in NetWare can be invoked through the 'Installer new products' options in NWCONFIG, or directly via NWCONFIG in command prompt.
If you intend to invoke the Installer directly from the system console, use the following command with the additional parameters with appropriate changes to the values:
LOAD NWCONFIG b=SYS:EDIR88\NW\NDS8.IPS s=SYS:EDIR88\NW d=C:\NWSERVER e=SYS:eDIR88\LOG\error.log
Otherwise, follow these steps:
1. Invoke NWCONFIG at the system console.
2. Select Product Options.
3. Choose 'Install a product not listed' in the listed options.
4. Press F3 when prompted to enter the setup location. Type the location where the install files for eDirectory on NetWare should be copied.
5. Point to the 'nw' folder (for example: SYS:eDirInstall\NW).
Please note that unattended installation of eDirectory in NetWare also requires adding a ZFS entry in PRODUCTS.DAT, as well as editing the file to add credential information before starting installation.
- DIB - Directory Information Base. This is the data store of eDirectory.
- NDS - Novell Directory Services. This is the traditional name of eDirectory maintained from NetWare versions. Though this name is replaced with 'eDirectory' now, it is still used to refer eDirectory.
- NMAS Methods - NMAS (Novell Modular Authentication Services) methods bring together additional ways of authenticating to Novell eDirectory to help ensure that the people access the network resources securely.
- Response files - These are text-based key value pairs, organized into sections that provide input to the eDirectory Installer for unattended installation.
- Standalone installation - This is installation of eDirectory directly on the platform without using on depending other third-party enablers for special features.
- ZENworks 7 Server Management - The Server Software Packages that is part of ZENworks 7 Server Management provides a Tiered Electronic Distribution framework for automated installation of software remotely.
Contributors and Reviewers:
Martin Irwin - Senior Software Engineer, ZENworks Engineering Novell, Inc.
Jyotsana Kitchloo - Technical writer, Novell, Inc.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com