Advanced Mode

CDT Advanced Mode completes a Deployment Plan on each remote Security Gateway.

The Deployment Plan can run a number of actions one after the other. For the full list of actions, see Deployment Plan.

Workflow

Step

Description

1

Connect to the command line on your Management Server you use for package distribution.

2

Log in to the Expert mode.

3

Make sure there is no active GUI client that locks the management database, such as SmartDashboard or SmartConsole.

4

Install the CDT RPM package (if it is not already installed on your system) from sk111158.

5

Edit the CentralDeploymentTool.xml file to change the settings:

Configure the <CPUSE> element to specify the absolute path to the CPUSE RPM package.

Important - Make sure the elements <PackageToInstall> and <PreInstallationScript> do not exist in the CentralDeploymentTool.xml file. Otherwise, CDT executes in the Basic Mode.

6

Edit the Deployment Plan XML file with the actions sequence as described in the Deployment Plan section.

To save deployment time, you can create a Deployment Plan without installation actions, and run it in advance.

7

Generate the Installation Candidates List (see below) to get a full list of the Security Gateways and Cluster Members connected to your Management Server.

You can edit the Candidates List file, or create a filter file to make sure specified Security Gateways are not included.

8

Run the Deployment Plan.

Generating an Installation Candidates List

To generate an Installation Candidates List (see The Candidates List), run:

Management Server

Instructions

Security Management Server

# ./CentralDeploymentTool -generate -candidates=<Name of Candidates List file>.csv -deploymentplan=<Name of Deployment Plan file>.xml

Multi-Domain Server

# mdsenv <IP Address or Name of Domain Management Server>

# ./CentralDeploymentTool -generate -candidates=<Name of Candidates List file>.csv -deploymentplan=<Name of Deployment Plan file>.xml -server=<IP Address or Name of Domain Management Server>

Note - The CDT generates a Candidates List filtered only according to the first package mentioned in the deployment plan.

Execution of a Deployment Plan

  1. To execute a Deployment Plan on Security Gateways in the in the Candidates List file (see The Candidates List), run:

    Management Server

    Instructions

    Security Management Server

    # ./CentralDeploymentTool -execute -candidates=<Name of Candidates List file>.csv -deploymentplan=<Name of Deployment Plan file>.xml

    Multi-Domain Server

    # mdsenv <IP Address or Name of Domain Management Server>

    # ./CentralDeploymentTool -execute -candidates=<Name of Candidates List file>.csv -deploymentplan=<Name of Deployment Plan file>.xml -server=<IP Address or Name of Domain Management Server>

  2. Installation starts.

    The CDT shows the installation progress on the screen.

    CDT writes the progress details at 5 seconds intervals to these files in the directory of the CentralDeploymentTool binary file:

    File

    Description

    CDT_status.txt

    Full description of the last completed stage and current stage of all Security Gateways and Cluster Members statuses.

    CDT_status_brief.txt

    Brief description (current stage only) of all Security Gateways and Cluster Members statuses currently in execution. Useful if your screen area is limited.

    We recommend to run the watch command to read the file continuously.

    Example:
    # watch -d cat CDT_status.txt

  3. All failures in the installation cause an error.

    • If this error is not blocking, the installation continues, and the CDT logs and status file show a successful installation.

      Note - The error is not blocking, if you defined the action in the deployment plan with the parameter "iscritical=false".

    • If this error is blocking, the Security Gateway upgrade does not continue. The CDT sends an error report to the configured email address.

      Note - The error is blocking, if you defined the action in the deployment plan with the parameter "iscritical=true".

Limiting the Execution of a Deployment Plan

You can use one of these ways to limit the execution of a Deployment Plan to specified Security Gateways:

  • Recommended - Use a filter file. You can specify a list of Security Gateways and clusters (not Cluster Members), for which to generate the Candidates List file (see The Candidates List):

  • Use the Candidates List (see The Candidates List).

Retry Operation

If the installation failed on some of the Security Gateways, but continues on the remaining Security Gateways:

  1. Manually resolve the issue on the failed Security Gateways.

  2. Run a different instance of the CDT in Retry Mode for the failed Security Gateways.

CDT tries to continue execution on failed Security Gateways and Cluster Members, starting from the last failed stage. Retry is only possible when the CDT runs.

Resume Operation

If the installation failed on some of the Security Gateways, and later you want the CDT to continue from the action that failed:

  1. Manually resolve the issue on the failed Security Gateways.

  2. Run the CDT in Resume Mode for the failed Security Gateways.

CDT detects on which Security Gateways the deployment failed and resumes the execution from the last failed action.

 

 

Central Deployment Tool (CDT) v1.7 Administration Guide