Install silently using a configuration file

Installing without user interaction enables you to automate software delivery and the management of remote computers. If you want to install files without any user interaction, you can run the install.sh script silently invoking the script with the appropriate command-line arguments. You can also customize the packages installed and other options by creating a custom configuration file for the installer to use.

  • To see the install.sh silent mode and other command line options, enter install.sh ‑h
  • To install Authentication & Privilege default packages and configuration options silently, run:

    install.sh --std-suite
  • To install Authentication & Privilege and Audit & Monitoringdefault packages and configuration options, run:

    install.sh --ent-suite
  • To install a customized set of packages that all have the same version number, run:

    install.sh -n

About the sample configuration files available

You can customize the install.sh execution script. There are two sample configuration files for installing software packages silently. These sample configuration files are located in the same directory as the install.sh script:

  • centrifydc-suite.cfg
  • centrify-install.cfg

If you want to customize the packages installed or other configuration options, you can modify the sample centrifydc-suite.cfg or centrifydc-install.cfg file.

The centrifydc-suite.cfg file is used when you run install.sh with the ‑‑std‑suite or --ent-suite options. If you run install.sh --std-suite or install.sh --ent-suite with a customized version of the centrifydc-suite.cfg file, you can selectively install compatible add-on packages that do not have the same version number as the core Centrify agent.

Alternatively, you can run install.sh -n with a customized version of the centrifydc-install.cfg file to install the agent and add-on packages if they all have the same version number.

If you run the install.sh script silently and it cannot locate the centrifydc-suite.cfg or centrifydc-install.cfg file to use, default values defined directly in the script itself are used.

Setting the parameters in a custom configuration file for the installation script

If you want to specify values for the install.sh script to use, you should edit the sample centrifydc-suite.cfg or centrifydc-install.cfg file in its default location before invoking the install.sh script in silent mode.

Note:   The parameters in the centrifydc-install.cfg or centrifydc-suite.cfg file are the same, except that the centrifydc-suite.cfg file is used when installing a set of services to allow packages with different version numbers to be installed together. Because you should not modify the compatibility defined in the centrifydc-suite.cfg file, those parameters are not included in the table.

To customize the installation using the centrifydc-install.cfg or centrifydc-suite.cfg file, you can set the following parameters:

Set this parameter To do this
ADCHECK

Indicate whether you want to run the adcheck program to check the configuration of a local computer and its connectivity to Active Directory.

Note that the install.sh script calls adcheck twice. After the first call, adcheck performs several required pre‑installation steps to make sure you can install the Centrify agent on the host computer. These steps are mandatory and cannot be skipped. However, the second call to adcheck is used to perform post-installation steps to make sure the agent has been installed successfully. The second set of checks is optional and can skipped.

Set this parameter to Y if you want to run adcheck after installing. For non-interactive installations, the default is N.

ADLICENSE

Indicate whether you want to install licensed features.

Set this parameter to Y if you have purchased and installed license keys. If you downloaded and want to install unlicensed Centrify Express agents, set this parameter to N.

GLOBAL_ZONE_ONLY

Specify whether you want to install the agent in a Solaris 10 global zone and no other zones.

Set this parameter to Y only if you are running the install.sh script on a Solaris 10 computer and want to install the agent in the Solaris 10 global zone and none of your non‑global zones. In most cases, you only set this parameter to Y if you use sparse root zones. The default setting for this parameter is N so that the agent is installed in all Solaris zones. If the script is not running on a Solaris 10 computer, this parameter is ignored.

ADJOIN

Indicate whether you want to attempt to join an Active Directory domain in non-interactive mode.

Set this parameter to Y to attempt to join the domain automatically. Set this parameter to N to manually join the domain after installation.

ADJ_FORCE

Overwrite the information stored in Active Directory for an existing computer account.

Set this parameter to Y to replace the information for a computer previously joined to the domain. If there is already a computer account with the same name stored in Active Directory, you must use this option if you want to replace the stored information. You should only use this option when you know it is safe to force information from the local computer to overwrite existing information.

ADJ_TRUST

Set the Trust for delegation option in Active Directory for the computer account.

Trusting an account for delegation allows the account to perform operations on behalf of other accounts on the network.

DOMAIN

Specify the domain to join, if you set the ADJOIN parameter to Y.

Set this parameter to the name of a valid Active Directory domain.

USERID

Specify the Active Directory user name to use when connecting to Active Directory to join the domain.

Set this parameter to a valid Active Directory user name.

PASSWD

Specify the password for the Active Directory user name you are using to connect to Active Directory.

Set this parameter to the password for the Active Directory user name specified for the USERID parameter.

COMPUTER

Specify the computer name to use for the local host in Active Directory.

Set this parameter to the computer name you want to use in Active Directory if you don’t want to use the default host name for the computer.

CONTAINER

Specify the distinguished name (DN) of the container or Organizational Unit in which you want to place this computer account.

The DN you specify does not need to include the domain suffix. The domain suffix is appended programmatically to provide the complete distinguished name for the object. If you do not specify a container, the computer account is created in the domain’s default Computers container. Note that the container you specify must already exist in Active Directory, and you must have permission to add entries to the specified container.

ZONE

Specify the zone to which you want to add this computer.

SERVER

Specify the name of the domain controller to which you prefer to connect. You can use this option to override the automatic selection of a domain controller based on the Active Directory site information.

DA_ENABLE

Indicate whether you want to automatically enable the auditing service on the local computer. The valid settings are:

  • Y if you want to enable auditing with the default auditing configuration.
  • N if you don’t want to enable auditing.
  • K if you are upgrading and want to keep your current auditing configuration unchanged.
DA_X_ENABLE

Indicate whether you want to automatically enable the Linux desktop auditing service on the local computer. The valid settings are:

  • Y if you want to desktop enable auditing with the default auditing configuration.
  • N if you don’t want to enable desktop auditing.
  • K if you are upgrading and want to keep your current auditing configuration unchanged
DA_INST_NAME

Specify the name of an auditing installation if you set the DA_ENABLE parameter to Y.

REBOOT

Indicate whether you want to automatically restart the local computer after a successful installation.

Set this parameter to Y if you want to automatically restart the local computer or to N if you don’t want the computer restarted automatically.

INSTALL

Specify the operation to perform. The valid settings are:

  • Y to install the Centrify agent and any other Centrify software packages if they are not already installed on the local computer.
  • U to update older versions of the Centrify agent and any other Centrify packages you have installed. The update option only updates software from one major release version to another. It does not update the software if the major release version is same between packages.
  • R to reinstall or repair the Centrify agent and any other Centrify packages you have installed. You can reinstall packages that have the same major release version but different build number or repair packages by installing an older version of the package.
  • E to remove the software currently installed.
  • K to keep current software unchanged.

Set this parameter to Y to install or to U to update the Centrify agent and other packages.

If you want to install or update other packages, select the operation to perform for each package. For example to update the Centrify Kerberos package and keep the current Centrify LDAP proxy service, you might specify the following:

CentrifyDC_krb5=”U”
CentrifyDC_ldapproxy="K"

Note that these additional packages may have dependencies or require a specific version of the Centrify agent to be installed. Before installing or updating additional packages silently, you should review the information in the Upgrade and Compatibility Guide.

UNINSTALL

Specify whether you want to forcibly uninstall all installed packages.

For example, you can edit the centrifydc-install.cfg or centrifydc-suite.cfg file to silently install the Centrify agent, join the domain, and automatically reboot the computer at the completion of the installation process with a file similar to this:

ADCHECK="N"
ADLICENSE="Y"
# Solaris 10 -G option, installation in global zone only
GLOBAL_ZONE_ONLY="N"
ADJOIN="Y"
ADJ_FORCE="N"
ADJ_TRUST="N"
DOMAIN="sample.company.com"
USERID=administrator
PASSWD="securepassword123"
#COMPUTER=my_host_name
#CONTAINER="my_computers"
ZONE="global_zone"
#SERVER=server_name
DA_ENABLE="N"
DA_INST_NAME=""
REBOOT="Y"
# Install the core agent package
INSTALL="Y"

# Skip installation for other packages
CentrifyDC_nis=
CentrifyDC_krb5=
CentrifyDC_ldapproxy=
CentrifyDC_openssh=
CentrifyDC_web=
CentrifyDC_apache=
CentrifyDC_idmap=
CentrifyDA=

This sample configuration file does not install any of the Centrify add-on packages. You can also use the configuration file to silently install or update selected packages. For example, to update the LDAP proxy service and OpenSSH on a computer, you would modify the configuration file to indicate that you want to update those packages:

CentrifyDC_ldapproxy=”U”
CentrifyDC_openssh=”U”

Customizing the return codes for the installation script

Normally, when you run the install.sh script silently, the script returns an exit code of 0 if the operation is successful. If you want the script to return exit codes that indicate whether the operation performed was a successful new installation, a successful upgrade, a successful uninstall, or there were errors preventing installation, you can also use the ‑‑custom_rc option. For example:

install.sh -n --custom_rc

When you specify this option, the following return codes that are defined in the install.sh script are used to provide more detailed information about the result:

This return code Indicates
CODE_SIN=0

Successful installation

CODE_SUP=0

Successful upgrade

CODE_SUN=0

Successful uninstallation

CODE_NIN=24

Did nothing during installation

CODE_NUN=25

Did nothing during uninstallation

CODE_EIN=26

Error during installation

CODE_EUP=27

Error during upgrade

CODE_EUN=28

Error during uninstallation

CODE_ESU=29

Error encountered during setup, for example, the UID is not the root user UID, the operating environment is not supported or not recognized, or the script is executed with invalid arguments