INSTALLING


Preparing input parameters through system environment variables

As an alternative to using a JSON file, you can use system environment variables to provide input parameters for one-touch Domino setup.

If you run Domino on Docker, you define the system environment variables for Docker to export in a text file specified by the --env-file parameter. If you run Domino on Windows or UNIX, after you install Domino, you use a batch file or shell script or run individual commands to export the system environment variables needed to set up your server. The syntax for the export command varies but an example using the bash shell on Linux is:

export SERVERSETUP_SERVER_TYPE=additional

The names of the system environment variables are similar to the parameter names specified in a JSON file, with the following exceptions:


The following tables describe supported system environment variables for server setup, ID vault, and one-touch setup preferences.
System environment variables for server setup

Table 1. System environment variables for server setup
VariableFirst serverAdditional serverDefaultDescription
SERVERSETUP_SERVER_TYPEX*X*Server type. Must be either:
  • first for first server in a Domino domain.
  • additional for additional servers in the domain.
SERVERSETUP_SERVER_NAMEX*X*Server common name, for example, Adminserver.
SERVERSETUP_SERVER_DOMAINNAMEX*X*Domino domain name
SERVERSETUP_SERVER_TITLEXXNoneServer title
SERVERSETUP_SERVER_PASSWORDXNoneServer ID password
SERVERSETUP_SERVER_MINPASSWORDLENGTHXX5Minimum password length for all passwords. (Integer)
SERVERSETUP_SERVER_USEEXISTINGSERVERIDXfalseValue of true uses the existing server ID specified by IDFilePath. Default is to create a new server ID that defaults to server.id in the Domino data directory
SERVERSETUP_SERVER_IDFILEPATHXX*Path of server ID file. On Docker, the ID must be relative to the container.
SERVERSETUP_SERVER_SERVERTASKSXX"Replica,Router,Update,AMgr,Adminp,Sched,CalConn,RnRMgr"A comma-separated list of server tasks that run on the server.
SERVERSETUP_SERVER_ADDITIONALSERVERTASKSXXA comma-separated list of additional tasks to run on the server. Use this to add to the default list of server tasks.
SERVERSETUP_NETWORK_HOSTNAMEX*X*DNS host name
SERVERSETUP_NETWORK_ENABLEPORTENCRYPTIONXXtrueValue of true enables port encryption. (Boolean)
SERVERSETUP_NETWORK_ENABLEPORTCOMPRESSIONXXtrueValue of true enables port compression. (Boolean)
SERVERSETUP_ORG_COUNTRYCODEXXNoneOrganization country code
SERVERSETUP_ORG_ORGNAMEX*X*Organization name
SERVERSETUP_ORG_CERTIFIERPASSWORDX*Organization certifier password
SERVERSETUP_ORG_ORGUNITNAMEXXNoneOrganization unit name
SERVERSETUP_ORG_ORGUNITPASSWORDXXNoneOrganization unit password
SERVERSETUP_ORG_USEEXISTINGCERTIFIERIDXfalseValue of true uses the existing certifier ID specified by certifierIDFilePath. Default is to create a new certifier ID that defaults to cert.id in the Domino data directory. On Docker, the ID must be relative to the container.
SERVERSETUP_ORG_CERTIFIERIDFILEPATHXNonePath of certifier ID used when useExistingCertifierID is true. On Docker, the ID must be relative to the container.
SERVERSETUP_ORG_USEEXISTINGORGUNITIDXfalseValue of true uses the existing organization unit certifier ID specified by orgUnitIDFilePath. Default when an orgUnitName is specified is to create a new organization unit certifier ID that defaults to oucert.id in the Domino data directory. On Docker, the ID must be relative to the container.
SERVERSETUP_ORG_ORGUNITIDFILEPATHXnonePath of organization unit certifier ID used when useExistingOrgUnitID is true. On Docker, the ID must be relative to the container.
SERVERSETUP_ADMIN_FIRSTNAMEXNoneAdministrator first name
SERVERSETUP_ADMIN_MIDDLENAMEXNoneAdministrator middle name or initial
SERVERSETUP_ADMIN_LASTNAMEX*Administrator last name
SERVERSETUP_ADMIN_PASSWORDX*Administrator ID password
SERVERSETUP_ADMIN_IDFILEPATHX*Administrator ID file path. On Docker, the ID must be relative to the container.
SERVERSETUP_ADMIN_CNX*Administrator common name.
SERVERSETUP_SECURITY_ACL_PROHIBITANONYMOUSACCESSXXtrueValue of true gives Anonymous users No Access in the ACL of all new databases. (Boolean)
SERVERSETUP_SECURITY_ACL_ADDLOCALDOMAINADMINSXXtrueValue of true gives the LocalDomainAdmins group entry Manager access in the ACL of all new databases. (Boolean)
SERVERSETUP_SECURITY_TLSSETUP_METHODX*Method for creating TLS artifacts certstore.nsf database. Must be one of:
  • "dominoMicroCA" to create a Domino Micro Certificate Authority and use it to create a TLS certificate. Valid parameters are CADisplayName, CAOrgName, CAKeyType, CAExpirationDays, orgName, TLSKeyType, certExpirationDays.
  • "import" to import certificate data from a .pem, .p12, .pfx, or .kyr file. Valid parameters are importFilePath, importFilePassword, retainImportFile, exportPassword.
SERVERSETUP_SECURITY_TLSSETUP_CADISPLAYNAMEXDominoMicroCACertificate Authority display name.
SERVERSETUP_SECURITY_TLSSETUP_CAORGNAMEXCertificate Authority organization name. Defaults to the value of the SERVERSETUP_ORG_ORGNAME system environment variable.
SERVERSETUP_SECURITY_TLSSETUP_CAKEYTYPEXRSACertificate Authority key type. Must be one of:
  • "RSA" - RSA with default key size
  • "ECDSA" - ECDSA with default key size
  • "RSA2048" - RSA with 2048 bit key
  • "RSA4096" - RSA with 4096 bit key
  • "ES256" - ECDSA with 256 bit key "ES384" - ECDSA with 384 bit key.
SERVERSETUP_SECURITY_TLSSETUP_ CAEXPIRATIONDAYSXNumber of days until Certificate Authority certificate expires. If not specified, Domino chooses an appropriate default.
SERVERSETUP_SECURITY_TLSSETUP_ ORGNAMEXTLS certificate organization name. Defaults to value of CAORGNAME.
SERVERSETUP_SECURITY_TLSSETUP_TLSKKEYTYPEXRSASee CAKEYTYPE for valid values.
SERVERSETUP_SECURITY_TLSSETUP_CERTEXPIRATIONDAYSXNumber of days until TLS certificate expires, an integer value between 1 and 398, inclusive. If not specified, Domino will choose an appropriate default.
SERVERSETUP_SECURITY_TLSSETUP_IMPORTFILEPATHXRequired for "method": "import". Path of .pem, .p12, .pfx, or .kyr file to import.
SERVERSETUP_SECURITY_TLSSETUP_IMPORTFILEPASSWORDXPassword to decrypt import file contents. Required if import file is password protected. May use any of the indirect password mechanisms as described in Specifying passwords indirectly.
SERVERSETUP_SECURITY_TLSSETUP_RETAINIMPORTFILEXfalseBy default, the import file is deleted after a successful import. Specify true to retain the file.
SERVERSETUP_SECURITY_TLSSETUP_EXPORTPASSWORDXPassword for storing imported data encrypted, if you wish data to be exportable.
SERVERSETUP_DIRECTORYASSISTANCE_DATABASEPATHXXda.nsfDirectory assistance database path. Creates a directory assistance database.
SERVERSETUP_DIRECTORYASSISTANCE_DOMAINNAMEXXDirectory assistance domain name for an LDAP directory. Defaults to the value of the SERVERSETUP_SERVER_DOMAINNAME.
SERVERSETUP_DIRECTORYASSISTANCE_COMPANYNAMEXXDirectory assistance company name. Defaults to the value of SERVERSETUP_ORG_ORGNAME.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_HOSTNAMEX*X*DNS host name of the LDAP server.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_VENDORXXdominoLDAPDirectory assistance LDAP vendor. Must be one of: "activeDirectory", "openLDAP", "dominoLDAP".
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_USERDNXXDirectory assistance LDAP user distinguished name.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_PASSWORDXXDirectory assistance LDAP user password.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_BASESEARCHDNXXDirectory assistance LDAP base search distinguished name.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_CHANNELENCRYPTIONXXTLSDirectory assistance LDAP channel encryption. Must be "TLS" or "none".
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_PORTXXDirectory assistance LDAP port. Defaults to 636 for SERVERSETUP_DIRECTORYASSISTANCE_LDAP_CHANNELENCRYPTION=TLS and to 389 for SERVERSETUP_DIRECTORYASSISTANCE_LDAP_CHANNELENCRYPTION=none.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_ACCEPTEXPIREDCERTIFICATESXXfalseDirectory assistance LDAP - accept expired certificates.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_VERIFYREMOTESERVERCERTIFICATESXXtrueDirectory assistance LDAP - verify remote server certificates.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_TIMEOUTXX0Directory assistance LDAP timeout, a non-negative integer value. A value of 0 implies no timeout.
SERVERSETUP_DIRECTORYASSISTANCE_LDAP_MAXIMUMENTRIESRETURNEDXX0Directory assistance LDAP maximum entries returned, a non-negative integer value. A value of 0 implies no limit.
SERVERSETUP_AUTOREGISTER_COUNTX0Number of servers to register automatically. (Integer) If you don't use autoregister, you register servers manually.
SERVERSETUP_AUTOREGISTER_IDPATHXNoneSpecifies the directory in which to put generated server ID files if you register servers automatically. The directory must already exist. On Docker, the IDs must be relative to the container.
SERVERSETUP_AUTOREGISTER_PATTERNXNoneSpecifies a pattern for the names of generated server ID files if you register servers automatically. Pattern must contain a single '#' character which will be replaced with the numbers 0, 1, ... up to count-1.

For example, if count is 3 and pattern is mailserver#, the resulting ID files are named mailserver0.id, mailserver1.id, mailserver2.id.

SERVERSETUP_EXISTINGSERVER_CNX*Server common name of an existing server from which to replicate the Domino directory and other databases, for example,Adminserver.
SERVERSETUP_EXISTINGSERVER_HOSTNAMEORIPXNoneServer DNS host name or IP address of the existing server.

System environment variables for ID vault

Note: ID vault setup is optional, but if specified, all variables are required.

Table 2. System environment variables for ID vault
VariableFirst serverAdditional serverDefaultDescription
IDVAULT_NAMEXVault name. Specify as "O=<vaultname>" for example, "O=DemoVault". You must include the "O=" prefix. If you omit it, you can get an 'Entry not found in index' error when the vault creation is attempted.
IDVAULT_DESCRIPTIONXVault description
IDVAULT_IDFILEXVault ID file
IDVAULT_IDPASSWORDXVault ID file password
IDVAULT_PATHVault database path. This is an optional parameter and we recommend you not specify it since it can be derived from the name parameter. If you do specify it, the directory portion of the path must be IBM_ID_VAULT and the filename portion of the path must match the name parameter, without the O= prefix, for example, "IBM_ID_VAULT/DemoVault.nsf"
IDVAULT_PASSWORDRESET_HELPTEXTXHelp text for users who forget their passwords
IDVAULT_SECURITYSETTINGSPOLICY_NAMEXSecurity Settings policy name
IDVAULT_SECURITYSETTINGSPOLICY_DESCRIPTIONXSecurity Settings policy description
IDVAULT_MASTERPOLICY_DESCRIPTIONXMaster policy description

System environment variables for one-touch setup preferences

Table 3. System environment variables for one-touch setup preferences
VariableFirst serverAdditional serverDefaultDescription
AUTOCONFIGPREFERENCES_STARTSERVERAFTERCONFIGURATIONXXtrueIf true, Domino starts after successful setup. If false, setup exits and does not start Domino.
AUTOCONFIGPREFERENCES_CONSOLELOGOUTPUT_SHOWXX"errors"Specifies which one-touch setup output to write to console log. Possible values are "none", "errors", or "all".
AUTOCONFIGPREFERENCES_CONSOLELOGOUTPUT_PAUSEONERRORSECONDSXX15Time to pause (in seconds) before exiting when one-touch setup completes with error. Note that for certain errors that happen early in the setup process, there is no pause. You can always consult IBM_TECHNICAL_SUPPORT/autoconfigure.log for output.


Parent topic: Preparing input parameters for one-touch Domino setup

Related tasks
Specifying passwords indirectly