Admin Scripts

Some CORE Server administration actions are done by the dedicated programs that are wrapped by OS-dependent scripts. The scripts are ln the following folders:

• Linux: /opt/ekm/bin
• Windows: C:\Program Files\Dyadic\ekm\tomcat\bin

These scripts and the related programs are installed during the CORE server software installation.

Introduction

Running CORE Admin Scripts on Linux

• To execute the CORE admin scripts in Linux, you must have sudo privileges.
• To run the procedures in sudo-less installation, see Running CORE Scripts in Sudo-less Installation.

Running CORE Admin Scripts on Windows

The CORE admin scripts (.bat files) are executed by the Windows service user UnboundTech.

The files and folders referred to by these scripts must be accessible by this user. For example, a database backup folder specified to the ekm_backup tool must be writable by user UnboundTech.

Default Parameters

By default, all scripts except the Bootstrapping Scripts assume the following:

• The target IP: localhost. To customize it, use the -s <IP> option.
• The target TCP/IP port: 443. If your server has been bootstrapped with a different port (for example, port 8443), use the -o <Bootstrap-PortTCP/IP port specified in the UKC server's bootstrap procedure. Default: 443.> option.

Note
Before the 1806 release, servers were bootstrapped using port 8443. This port (8443) remains the main server port even on upgraded servers. (Software upgrade does not modify the server's port). Use this port in scripts that address such a server and require its bootstrap port among the parameters.

Inline Password Options

Admin scripts that require --password(-w) parameter allow providing the password interactively or inline using the following options:

• -w <Password>
• -w pass:<Password>
• -w env:<environmental variable that contains the password>

  Note
  If a script is executed using sudo, the variable must be defined among its environmental variables.

• -w file:<absolute path to the file that contains the password>

  Note
  The file must not contain LineFeed (LF) or CarriageReturn (CR) characters unless they indeed belong to the password.
  

Cross-reference

This a quick reference to CORE scripts:

• ekm_add_allowed_server
• ekm_backup
• ekm_boot_additional_server
• ekm_boot_auxiliary
• ekm_boot_ep
• ekm_boot_partner
• ekm_config_kmip_cert
• CASP Vaults Backup Encryption Prerequisites
• ekm_encrypt_pfx_password
• ekm_encrypt_truststore_password
• ekm_gen_integrity_key
• ekm_get_offline_backup_keys
• ekm_obfuscate_pfx
• ekm_recover_quorum
• ekm_recover_root_partition
• ekm_recover_root_so_pwd
• ekm_renew_server_certificate
• ekm_restore
• ekm_boot_ep
• ekm_boot_ep
• ekm_boot_ep
• ekm_set_allowed_server
• ekm_set_backup_params
• ekm_set_offline_backup_keys
• ekm_sync_key
• ekm_test_ldap_connect
• ekm_verify_backup