Advanced Mode

CDT Advanced Mode completes a Deployment Plan File on each remote Security Gateway.

The Deployment Plan File can run a number of actions one after the other.

For the full list of actions, see Deployment Plan File.

Workflow

Step

Description

1

Connect to the command line on your Management Server you use to install software packages.

2

Log in to the Expert mode.

3

Install the CDT RPM package (if it is not already installed on your Management Server) from sk111158.

4

Edit the $CDTDIR/CentralDeploymentTool.xml file to change the settings.

See CDT Primary Configuration File.

Add / configure the "<CPUSE>" element to specify the absolute path to the CPUSE RPM package.

See Elements of the CDT Primary Configuration File.

Important - Make sure the elements "<PackageToInstall>" and "<PreInstallationScript>" do not exist in the $CDTDIR/CentralDeploymentTool.xml file. Otherwise, CDT runs in the Basic Mode.

5

Edit the Deployment Plan File with the actions sequence as described in the Deployment Plan File section.

See Deployment Plan File.

Best Practice - To decrease the total time it takes to install the packages, create a Deployment Plan File without installation actions, and run it in advance.

6

Generate the Installation Candidates List File to get a full list of the Security Gateways and Cluster Members connected to your Management Server.

See Generating an Installation Candidates List File.

You can do one of these:

  • Edit the Installation Candidates List File.

  • Create a Filter File to exclude the specified Security Gateways and Cluster Members (in CDT v1.9.5 and above).

7

Run the Deployment Plan File.

See Execution of a Deployment Plan File.

Generating an Installation Candidates List File

To generate an Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

Management Server

Commands

Security Management Server

$CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml [–session=<Name of Management Session without Spaces>]

Multi-Domain Security Management Server

mdsenv <IP Address or Name of Domain Management Server>

 

$CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

Notes:

  • The CDT generates an Installation Candidates List File, which is filtered only based on the first package that appears in the Deployment Plan File.

  • The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

Execution of a Deployment Plan File

  1. To run a Deployment Plan File on Security Gateways in the in the Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml [–session=<Name of Management Session without Spaces>]

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

    Note:

    The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

  2. Installation starts.

    The CDT shows the installation progress on the screen.

    Note - CDT writes the progress details at 5 seconds intervals to log files.

    File

    Description

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Management Session without Spaces>.txt

      Example: $CDTDIR/CDT_status_MySession.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status.txt

    Full description of the last completed step and the current step of all Security Gateways and Cluster Members statuses.

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Management Session without Spaces>_brief.txt

      Example: $CDTDIR/CDT_status_MySession_brief.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_brief.txt

    Brief description (current step only) of all Security Gateways and Cluster Members statuses currently in execution.

    Useful if your screen area is small.

    File

    Description

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_<Name of Management Session without Spaces>.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_MySession.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain.txt

    Full description of the last completed step and the current step of all Security Gateways and Cluster Members statuses.

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_<Name of Management Session without Spaces>_brief.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_MySession_brief.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_brief.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_brief.txt

    Brief description (current step only) of all Security Gateways and Cluster Members statuses currently in execution.

    Useful if your screen area is small.

    Best Practice - We recommend to run the watch command to read the file continuously.

    Example: watch -d cat $CDTDIR/CDT_status.txt

  3. All failures in the installation cause an error.

    • By default, an error in each action is blocking.

      The installation on a Security Gateway or Cluster does not continue.

      The CDT sends an error report to the configured email address.

    • If you configured the applicable action in the Deployment Plan File with the attribute iscritical="false", then an error in an action is not blocking.

      The installation continues, and the CDT logs and status file show a successful installation.

Limiting the Execution of a Deployment Plan File

You can use one of these ways to limit the execution of a Deployment Plan File to specified Security Gateways:

  • Preferred - Use a Filter File.

    You can specify a list of Security Gateways and clusters (not Cluster Members), for which to generate the Installation Candidates List File (see Installation Candidates List File):

    1. Prepare a plain-text file with a list of the object names of each applicable Security Gateway and Cluster (not Cluster Members).

      The object names in this file must be as they are configured in SmartConsole or SmartDashboard.

      You must write each object name on a different line in this file.

      Example:

      My_Gateway_1
      My_Cluster
      My_Gateway_3

    2. When you generate the Installation Candidates List File, specify the Filter File:

      Management Server

      Commands

      Security Management Server

      $CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -filter=<Path to Filter File, including File Extension> [–session=<Name of Management Session without Spaces>]

      Multi-Domain Security Management Server

      mdsenv <IP Address or Name of Domain Management Server>

       

      $CDTDIR/CentralDeploymentTool -generate -candidates=<Path to and Desired Name of Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -filter=<Path to Filter File, including File Extension> -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

      Note:

      The "-session" parameter is optional (available from CDT v1.9.8).

      Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

    3. When you run the Deployment Plan File, specify the Filter File:

      Management Server

      Commands

      Security Management Server

      $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -filter=<Path to Filter File, including File Extension> [–session=<Name of Management Session without Spaces>]

      Multi-Domain Security Management Server

      mdsenv <IP Address or Name of Domain Management Server>

       

      $CDTDIR/CentralDeploymentTool -execute -candidates=<Path to Installation Candidates List File>.csv -deploymentplan=<Path to Deployment Plan File>.xml -filter=<Path to Filter File, including File Extension>> -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

      Note:

      The "-session" parameter is optional (available from CDT v1.9.8).

      Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

  • Use the Installation Candidates List File (see Installation Candidates List File).

Retry Operation

If the installation failed on some of the Security Gateways or Cluster Members, but continues on the remaining Security Gateways:

  1. Manually resolve the issue on the failed Security Gateways and Cluster Members.

  2. Run a different instance of the CDT in Retry Mode for the failed Security Gateways and Cluster Members.

CDT tries to continue execution on failed Security Gateways and Cluster Members, starting from the last failed step.

Retry is only possible when the CDT runs.

  1. Connect to the command line on the Management Server over SSH.

  2. Log in to the Expert mode.

  3. Run:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -retry [–session=<Name of Management Session without Spaces>]

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -retry -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

    Note:

    The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).

  4. CDT detects that one more instance of the CDT runs and notifies that CDT instance to retry the same operation on all the failed Security Gateways.

Resume Operation

If the installation failed on some of the Security Gateways or Cluster Members, and later it is necessary to continue from the action that failed:

  1. Manually resolve the issue on the failed Security Gateways and Cluster Members.

  2. Run the CDT in Resume Mode for the failed Security Gateways and Cluster Members.

CDT detects on which Security Gateways and Cluster Members the deployment failed and resumes the execution from the last failed action.

  1. Connect to the command line on the Management Server over SSH.

  2. Log in to the Expert mode.

  3. Run:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -resume -deploymentplan=<Path to Deployment Plan File>.xml [–session=<Name of Management Session without Spaces>]

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -resume -deploymentplan=<Path to Deployment Plan File>.xml -server=<IP Address or Name of Domain Management Server> [–session=<Name of Management Session without Spaces>]

    Note:

    The "-session" parameter is optional (available from CDT v1.9.8).

    Use it to run several different CDT sessions at the same time (enter a desired session name - a text string without spaces).