7.3. Deployment automation support

The product supports fully automated deployment. It means that it can be installed and configured with no human interaction.

The automated deployment can be split to three steps on a high level:

  1. Installation,

  2. Initialization,

  3. Configuration.

images/inline/bfcbb0d7f6f5c692fcd51703c2767baa326631a5.png

Installation

To automate the installation, install the product from the command line and provide the installation-time options as parameters to the installer. For further details see 2.2.1. Installing Metadefender Core using command line.

After the installation is complete, the product starts up and waits in a pre-initialized status. The product may be initialized in two ways:

  1. Manually using the 1.1.1. Configuration wizard, or

  2. Automatically using an ignition file (see below).

    If the automated initialization fails for some reason (e.g. the ignition file is not in place) then the automated initialization may be retried fixing the problem (e.g. placing the ignition file to its lookup location) and restarting the OPSWAT Metadefender Core service.

    Until the product is in pre-initialized status, it will try the automated initialization every time after a service (re)start.

images/inline/e0bd4f5d36835ae574d1f214860f24f42aaec65a.png

Initialization

Initialization is the process of bringing the product to an operable status.

Basically the initialization consists of the following steps:

  1. Accept the End User License Agreement (EULA),

  2. Import product configuration and

  3. Create the first administrator user account.

images/inline/9a17fa3cccdd7ea6bdfaa4da7144bf07f0605951.png

Ignition file

The initialization process can be configured in a file called the ignition file.

The ignition file must be in ini format and its naming convention is <product ID>.conf that is in case of Core ometascan.conf.

Sample ignition file

eula=true
[user]
name=admin
password=admin
email=admin@local
[config]
import=config_export.json

Ignition file fields

The ignition file must have the following fields:

Section

Key

Required

Description

 

eula

Mandatory

Whether to accept the End User License Agreement.

This key must be set to true to accept the EULA. Any other value will cause the initialization to fail.

user

 

Mandatory

Initial administrator user account properties.

The Administrator role is granted to the account.

 

name

User name for the initial administrator user account.

 

password

Password for the initial administrator user account.

WARNING! Clear text password

The password in this configuration file must be stored in its clear-text format and as so it may be visible for unauthorized parties.

 

email

E-mail address for the initial administrator user account.

config

 

Optional

Further configuration options. Currently only import is supported.

 

import

Path to a file in json format that contains a previously exported configuration to be imported.

Ignition file location

The directory of the ignition file is configurable:

Platform

Configuration method

Configuration section

Configuration key

Configuration example

Default directory

Windows

Windows Registry

internal

ignition_file_location

images/download/attachments/32847618/image2018-11-29_15-47-52.png

C:\OPSWAT

The default applies if this configuration entry is not set in the Registry.

Linux

Configuration file

MetaDefender API
[internal]
ignition_file_location=/etc/opswat/ometascan.ini

/etc/opswat

The default applies if this configuration entry is not set in the Registry.

Detailed initialization process

  1. After the product has been started, it looks for the ignition file in the configured (or default) location.

  2. If an ignition file is found, then

    1. It gets validated, and if it is valid, then

      1. Based on the information found in the ignition file:

      2. The EULA is accepted,

      3. The configuration is imported,

      4. The administrator account is created.

      5. If any of the above steps fails, then the error is logged, and the initialization gets terminated.

        In this case the product starts normally: if for example the basic configuration wizard has not been completed yet, then it must be completed first.

    2. If it is not valid, then the error is logged, and the initialization gets terminated.

      In this case the product starts normally: if for example the basic configuration wizard has not been completed yet, then it must be completed first.

  3. If there is no ignition file, then no initialization is performed.

    In this case the product starts normally: if for example the basic configuration wizard has not been completed yet, then it must be completed first.

images/inline/c40a36ae16375722a9baf74f39abd49638efd0f7.png

If the automated initialization fails for some reason (e.g. the ignition file is not in place) then the automated initialization may be retried fixing the problem (e.g. placing the ignition file to its lookup location) and restarting the OPSWAT Metadefender Core service.

Until the product is in pre-initialized status, it will try the automated initialization every time after a service (re)start.

Configuration

After the initialization is complete, the product is ready with the default and the imported configuration.

This configuration can be later changed calling the configuration API functions. For further details about the API see 7.1.9. Configuration related APIs.