Advanced Mode

CDT Advanced Mode completes a Deployment Plan File on each remote Security Gateway.

The Deployment Plan File can run a number of actions one after the other.

For the full list of actions, see Deployment Plan File.

Workflow

Step

Description

1

Connect to the command line on your Management Server you use to install software packages.

2

Log in to the Expert mode.

3

Install the CDT RPM package (if it is not already installed on your Management Server) from sk111158.

4

Edit the $CDTDIR/CentralDeploymentTool.xml file to change the settings.

See CDT Primary Configuration File.

Add / configure the "<CPUSE>" element to specify the absolute path to the CPUSE RPM package.

See Elements of the CDT Primary Configuration File.

Important - Make sure the elements "<PackageToInstall>" and "<PreInstallationScript>" do not exist in the $CDTDIR/CentralDeploymentTool.xml file. Otherwise, CDT runs in the Basic Mode.

5

Edit the Deployment Plan File with the actions sequence as described in the Deployment Plan File section.

See Deployment Plan File.

Best Practice - To decrease the total time it takes to install the packages, create a Deployment Plan File without installation actions, and run it in advance.

6

Generate the Installation Candidates List File to get a full list of the Security Gateways and Cluster Members connected to your Management Server.

See Generating an Installation Candidates List File.

You can do one of these:

  • Edit the Installation Candidates List File.

  • Create a Filter File to exclude the specified Security Gateways and Cluster Members (in CDT v1.9.5 and above).

7

Run the Deployment Plan File.

See Execution of a Deployment Plan File.

Generating an Installation Candidates List File

To generate an Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

Management Server

Commands

Security Management Server

$CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml [–session=<Name of Management Session without Spaces>]

Multi-Domain Security Management Server

mdsenv <IP Address or Name of Domain Management Server>

 

$CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

Notes:

  • The CDT generates an Installation Candidates List File, which is filtered only based on the first package that appears in the Deployment Plan File.

  • The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

Execution of a Deployment Plan File

  1. To run a Deployment Plan File on Security Gateways in the in the Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml [–session=<Name of Management Session without Spaces>]

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

    Note:

    The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

  2. Installation starts.

    The CDT shows the installation progress on the screen.

    Note - CDT writes the progress details at 5 seconds intervals to log files.

    Best Practice - We recommend to run the watch command to read the file continuously.

    Example: watch -d cat $CDTDIR/CDT_status.txt

  3. All failures in the installation cause an error.

    • By default, an error in each action is blocking.

      The installation on a Security Gateway or Cluster does not continue.

      The CDT sends an error report to the configured email address.

    • If you configured the applicable action in the Deployment Plan File with the attribute iscritical="false", then an error in an action is not blocking.

      The installation continues, and the CDT logs and status file show a successful installation.

Limiting the Execution of a Deployment Plan File

You can use one of these ways to limit the execution of a Deployment Plan File to specified Security Gateways:

  • Preferred - Use a Filter File.

    You can specify a list of Security Gateways and clusters (not Cluster Members), for which to generate the Installation Candidates List File (see Installation Candidates List File):

  • Use the Installation Candidates List File (see Installation Candidates List File).

Retry Operation

If the installation failed on some of the Security Gateways or Cluster Members, but continues on the remaining Security Gateways:

  1. Manually resolve the issue on the failed Security Gateways and Cluster Members.

  2. Run a different instance of the CDT in Retry Mode for the failed Security Gateways and Cluster Members.

CDT tries to continue execution on failed Security Gateways and Cluster Members, starting from the last failed step.

Retry is only possible when the CDT runs.

Resume Operation

If the installation failed on some of the Security Gateways or Cluster Members, and later it is necessary to continue from the action that failed:

  1. Manually resolve the issue on the failed Security Gateways and Cluster Members.

  2. Run the CDT in Resume Mode for the failed Security Gateways and Cluster Members.

CDT detects on which Security Gateways and Cluster Members the deployment failed and resumes the execution from the last failed action.