Basic Mode

In CDT Basic Mode you:

  • Install one Hotfix or upgrade package, and run: user Pre-Installation scripts, user Post-Installation scripts, or the two of types of scripts.

  • Run the CDT in the preparations and extended preparations modes.

Workflow

Step

Description

1

Connect to the command line on your Management Server you use to install software packages.

2

Log in to the Expert mode.

3

Install the CDT RPM package (if it is not already installed on your Management Server) from sk111158.

4

Edit the $CDTDIR/CentralDeploymentTool.xml file to change the settings.

See CDT Primary Configuration File.

  • Add / configure the "<PackageToInstall>" element: You must specify the absolute path (with the file name) to the CPUSE Offline package you wish to install.

    For cluster upgrades, you can add an optional attribute to prevent a Connectivity Upgrade.

  • Add / configure the "<CPUSE>" element to specify the absolute path to the CPUSE RPM package.

  • Optional: Add / configure the "<PreInstallationScript>" and "<PostInstallationScript>" elements to run the Pre-Installation and Post-Installation user scripts.

See Elements of the CDT Primary Configuration File.

5

Generate the Installation Candidates List File (see below) to get a full list of the Security Gateways and Cluster Members connected to your Management Server.

See Generating an Installation Candidates List File.

Note - You can edit the Installation Candidates List File to make sure the specified Security Gateways are not included (see Installation Candidates List File).

6

Optional: Run preparations or extended preparations before the installation itself, to decrease the total time it takes to install the packages during maintenance windows.

See Preparations (Pre-Installations) and Extended Preparations (Extended Pre-Installations).

The CDT runs all the configured Pre-Installation scripts.

7

Install the selected package and run all Pre-Installation and Post-Installation scripts.

See Installation.

Note - If you use preparations, or extended preparations mode, the CDT does not run the Pre-Installation scripts again.

Generating an Installation Candidates List File

To generate an Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

Management Server

Commands

Security Management Server

$CDTDIR/CentralDeploymentTool –generate <Path to and Desired Name of Installation Candidates List File>.csv

Multi-Domain Security Management Server

mdsenv <IP Address or Name of Domain Management Server>

 

$CDTDIR/CentralDeploymentTool -generate <Path to and Desired Name of Installation Candidates List File>.csv <IP Address or Name of Domain Management Server>

Preparations (Pre-Installations)

If you have a narrow maintenance window, use the preparations mode and prepare in advance.

In this scenario, the CDT follows these steps:

  1. Sends the installation package to the Security Gateways (to the /var/log/upload/ directory).

  2. Sends the CPUSE Deployment Agent package to the Security Gateways (to the /var/log/upload/ directory).

  3. Runs the user Pre-Installation scripts.

  4. Does not update the CPUSE Deployment Agent package.

  5. Does not start the actual package installation.

To use simple preparations on all marked candidates in the Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

Management Server

Commands

Security Management Server

$CDTDIR/CentralDeploymentTool -preparations <Path to Installation Candidates List File>.csv

Multi-Domain Security Management Server

mdsenv <IP Address or Name of Domain Management Server>

 

$CDTDIR/CentralDeploymentTool -preparations <Path to Installation Candidates List File>.csv <IP Address or Name of Domain Management Server>

Extended Preparations (Extended Pre-Installations)

You can extend the preparations flow. In this scenario, the CDT follows these steps:

  1. Sends the installation package to the Security Gateways (to the /var/log/upload/ directory).

  2. Sends the CPUSE Deployment Agent package to the Security Gateways (to the /var/log/upload/ directory).

  3. Runs the user Pre-Installation scripts on the Security Gateways.

  4. Updates the CPUSE Agent on the Security Gateways.

    Note - Update of the CPUSE Agent might cause short connectivity loss in rare cases.

  5. Imports and verifies the installation package with CPUSE.

  6. Does not start the actual package installation.

To use extended preparations on all marked candidates in the Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

Management Server

Commands

Security Management Server

$CDTDIR/CentralDeploymentTool -extended_preparations <Path to Installation Candidates List File>.csv

Multi-Domain Security Management Server

mdsenv <IP Address or Name of Domain Management Server>

 

$CDTDIR/CentralDeploymentTool -extended_preparations <Path to Installation Candidates List File>.csv <IP Address or Name of Domain Management Server>

Installation

  1. To start a full installation on all marked candidates in the Installation Candidates List File (see Installation Candidates List File), run in the Expert mode:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -install <Path to Installation Candidates List File>.csv

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -install <Path to Installation Candidates List File>.csv <IP Address or Name of Domain Management Server>

  2. The installation starts.

    The CDT shows the installation progress on the screen.

    Note - CDT writes the progress details at 5 seconds intervals to log files.

    File

    Description

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Management Session without Spaces>.txt

      Example: $CDTDIR/CDT_status_MySession.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status.txt

    Full description of the last completed step and the current step of all Security Gateways and Cluster Members statuses.

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Management Session without Spaces>_brief.txt

      Example: $CDTDIR/CDT_status_MySession_brief.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_brief.txt

    Brief description (current step only) of all Security Gateways and Cluster Members statuses currently in execution.

    Useful if your screen area is small.

    File

    Description

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_<Name of Management Session without Spaces>.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_MySession.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain.txt

    Full description of the last completed step and the current step of all Security Gateways and Cluster Members statuses.

    • If you specified the parameter "-session=<Name of Management Session without Spaces>":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_<Name of Management Session without Spaces>_brief.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_MySession_brief.txt

       

    • If you did not specify the parameter "-session":

      $CDTDIR/CDT_status_<Name of Domain Management Server>_<Name of Domain>_brief.txt

      Example: $CDTDIR/CDT_status_MyDomainServer_MyDomain_brief.txt

    Brief description (current step only) of all Security Gateways and Cluster Members statuses currently in execution.

    Useful if your screen area is small.

    Best Practice - We recommend to run the watch command to read the file continuously.

    Example: watch -d cat $CDTDIR/CDT_status.txt

  3. All failures in the installation cause an error.

    • By default, an error in each action is blocking.

      The installation on a Security Gateway or Cluster does not continue.

      The CDT sends an error report to the configured email address.

      Note - The error is also blocking if you configured the "<PreInstallationScript>" element or "<PostInstallationScript>" element with the attribute IsBlocking="true" (see Elements of the CDT Primary Configuration File).

    • If you configured the applicable action in the Deployment Plan File with the attribute iscritical="false", then an error in an action is not blocking.

      The installation continues, and the CDT logs and status file show a successful installation.

Retry Operation

If the installation failed on some of the Security Gateways or Cluster Members, but continues on the remaining Security Gateways:

  1. Manually resolve the issue on the failed Security Gateways and Cluster Members.

  2. Run one more instance of the CDT in Retry Mode for the failed Security Gateways and Cluster Members.

CDT tries to continue execution on failed Security Gateways and Cluster Members, starting from the last failed step.

Retry is only possible when the CDT runs.

  1. Connect to the command line on the Management Server over SSH.

  2. Log in to the Expert mode.

  3. Run:

    Management Server

    Commands

    Security Management Server

    $CDTDIR/CentralDeploymentTool -retry

    Multi-Domain Security Management Server

    mdsenv <IP Address or Name of Domain Management Server>

     

    $CDTDIR/CentralDeploymentTool -retry <IP Address or Name of Domain Management Server>

  4. CDT detects that a different instance of the CDT runs and notifies that CDT instance to retry the same operation on all the failed Security Gateways.