Admin Scripts
Some CORE Server administration actions are done by the dedicated programs that are wrapped by OS-dependent scripts. The scripts are ln the following folders:
- Linux:
/opt/ekm/bin
- Windows:
C:\Program Files\Dyadic\ekm\tomcat\bin
These scripts and the related programs are installed during the CORE server software installation.
Introduction
Running CORE Admin Scripts on Linux
- To execute the CORE admin scripts in Linux, you must have
sudo
privileges. - To run the procedures in sudo-less installation, see Running CORE Scripts in Sudo-less Installation.
Running CORE Admin Scripts on Windows
The CORE admin scripts (.bat
files) are executed by the Windows service user UnboundTech
.
The files and folders referred to by these scripts must be accessible by this user. For example, a database backup folder specified to the ekm_backup
tool must be writable by user UnboundTech
.
Default Parameters
By default, all scripts except the Bootstrapping Scripts assume the following:
- The target IP:
localhost
. To customize it, use the-s <IP>
option. - The target TCP/IP port:
443
. If your server has been bootstrapped with a different port (for example, port 8443), use the-o <Bootstrap-Port
option.TCP/IP port specified in the UKC server's bootstrap procedure. Default: 443.>
Note
Before the 1806 release, servers were bootstrapped using port 8443. This port (8443) remains the main server port even on upgraded servers. (Software upgrade does not modify the server's port). Use this port in scripts that address such a server and require its bootstrap port among the parameters.
Inline Password Options
Admin scripts that require --password
(-w)
parameter allow providing the password interactively or inline using the following options:
- -w <Password>
- -w pass:<Password>
- -w env:<environmental variable that contains the password>
Note
If a script is executed using sudo, the variable must be defined among its environmental variables. - -w file:<absolute path to the file that contains the password>
Note
The file must not contain LineFeed (LF) or CarriageReturn (CR) characters unless they indeed belong to the password.
Cross-reference
This a quick reference to CORE scripts:
- ekm_add_allowed_server
- ekm_backup
- ekm_boot_additional_server
- ekm_boot_auxiliary
- ekm_boot_ep
- ekm_boot_partner
- ekm_config_kmip_cert
- CASP Vaults Backup Encryption Prerequisites
- ekm_encrypt_pfx_password
- ekm_encrypt_truststore_password
- ekm_gen_integrity_key
- ekm_get_offline_backup_keys
- ekm_obfuscate_pfx
- ekm_recover_quorum
- ekm_recover_root_partition
- ekm_recover_root_so_pwd
- ekm_renew_server_certificate
- ekm_restore
- ekm_boot_ep
- ekm_boot_ep
- ekm_boot_ep
- ekm_set_allowed_server
- ekm_set_backup_params
- ekm_set_offline_backup_keys
- ekm_sync_key
- ekm_test_ldap_connect
- ekm_verify_backup