Table of Contents

Search

  1. Preface
  2. Command Line Programs and Utilities
  3. Installing and Configuring Command Line Utilities
  4. Using the Command Line Programs
  5. Environment Variables for Command Line Programs
  6. Using infacmd
  7. infacmd as Command Reference
  8. infacmd aud Command Reference
  9. infacmd autotune Command Reference
  10. Infacmd bg Command Reference
  11. infacmd ccps Command Reference
  12. infacmd cluster Command Reference
  13. infacmd cms Command Reference
  14. infacmd dis Command Reference
  15. Infacmd dis Queries
  16. infacmd dp Command Reference
  17. infacmd idp Command Reference
  18. infacmd edp Command Reference
  19. Infacmd es Command Reference
  20. infacmd ics Command Reference
  21. infacmd ipc Command Reference
  22. infacmd isp Command Reference
  23. infacmd ldm Command Reference
  24. infacmd mas Command Reference
  25. infacmd mi Command Reference
  26. infacmd mrs Command Reference
  27. infacmd ms Command Reference
  28. infacmd oie Command Reference
  29. infacmd ps Command Reference
  30. infacmd pwx Command Reference
  31. infacmd roh Command Reference
  32. infacmd rms Command Reference
  33. infacmd rtm Command Reference
  34. infacmd sch Command Reference
  35. infacmd search Command Reference
  36. infacmd sql Command Reference
  37. infacmd tdm Command Reference
  38. infacmd tools Command Reference
  39. infacmd wfs Command Reference
  40. infacmd ws Command Reference
  41. infacmd xrf Command Reference
  42. infacmd Control Files
  43. infasetup Command Reference
  44. pmcmd Command Reference
  45. pmrep Command Reference
  46. Working with filemanager
  47. Working with pmrep Files

DefineDomain

DefineDomain

Creates a domain on the current machine. If you define a domain on a machine that hosts a domain, you must first stop the Informatica services on the machine. infasetup removes the existing domain and node settings. After you define the new domain, restart Informatica services.
To create a domain on a Windows machine, you must first open the host port or disable the firewall.
Do not include any characters after the option (-f) in the DefineDomain command. If you include extra characters, the command might fail with an unexpected error.
The DefineDomain command uses the following syntax:
DefineDomain <<-DatabaseAddress|-da> database_hostname:database_port|<-DatabaseConnectionString|-cs> database_connection_string> [<-DatabaseUserName|-du> database_user_name] [<-DatabasePassword|-dp> database_password] <-DatabaseType|-dt> database_type ORACLE|DB2|MSSQLSERVER|SYBASE|POSTGRESQL [<-DatabaseServiceName|-ds> database_service_name] [<-Tablespace|-ts> tablespace_name] [<-SchemaName|-sc> schema_name (used for MSSQLServer and PostgreSQL only)] [<-DatabaseTlsEnabled|-dbtls> database_tls_enabled] [<-DatabaseTruststorePassword|-dbtp> database_truststore_password] <-DomainName|-dn> domain_name [<-DomainDescription|-de> domain_description] <-AdministratorName|-ad> administrator_name [<-Password|-pd> password] [<-LicenseName|-ln> license_name] [<-LicenseKeyFile|-lf> license_key_file] <-LogServiceDirectory|-ld> log_service_directory [<-SystemLogDirectory|-sld> system_log_directory] <-NodeName|-nn> node_name <-NodeAddress|-na> node_host:port [<-ServiceManagerPort|-sp> service_manager_port] [<-EnableTLS|-tls> enable_tls] [<-NodeKeystore|-nk> node_keystore_directory] [<-NodeKeystorePass|-nkp> node_keystore_password] [<-NodeTruststore|-nt> node_truststore_directory] [<-NodeTruststorePass|-ntp> node_truststore_password] [<-CipherWhiteList|-cwl> comma_separated_white_list_jsse_cipher_names] [<-CipherBlackList|-cbl> comma_separated_black_list_jsse_cipher_names] [<-CipherWhiteListFile|-cwlf> absolute_filename_containing_comma_separated_white_list_jsse_cipher_names] [<-CipherBlackListFile|-cblf> absolute_filename_containing_comma_separated_black_list_jsse_cipher_names] [<-EnableKerberos|-krb> enable_kerberos] [<-ServiceRealmName|-srn> realm_name_of_node_spn] [<-UserRealmName|-urn> realm_name_of_user_spn] [<-KeysDirectory|-kd> Infa_keys_directory_location] [<-SPNShareLevel|-spnSL> SPNShareLevel PROCESS|NODE] [<-EnableSaml|-saml> enable_saml] [<-IdpUrl|-iu> idp_url] [<-ServiceProviderId|-spid> service_provider_id] [<-ClockSkewTolerance|-cst> clock_skew_tolerance_in_seconds] [<-SamlAssertionSigned|-sas> saml_assertion_signed] [<-AssertionSigningCertificateAlias|-asca> idp_assertion_signing_certificate_alias] [<-SamlTrustStoreDir|-std> saml_truststore_directory] [<-SamlTrustStorePassword|-stp> saml_truststore_password] [<-SamlKeyStoreDir|-skd> saml_keystore_directory] [<-SamlKeyStorePassword|-skp> saml_keystore_password] [<-AuthnContextComparsion|-acc> saml_requested_authn_context_comparsion_type] [<-AuthnContextClassRef|-accr> saml_requested_authn_context_class_reference] [<-SignSamlRequest|-ssr> sign_saml_request] [<-RequestSigningPrivateKeyAlias|-rspa> saml_request_signing_private_key_alias] [<-RequestSigningPrivateKeyPassword|-rspp> saml_request_signing_private_key_password] [<-RequestSigningAlgorithm|-rsa> saml_request_signing_algorithm] [<-SamlResponseSigned|-srs> saml_response_signed] [<-ResponseSigningCertificateAlias|-rsca> idp_response_signing_certificate_alias] [<-SamlAssertionEncrypted|-sae> saml_assertion_encrypted] [<-EncryptedAssertionPrivateKeyAlias|-eapa> saml_encrypted_assertion_private_key_alias] [<-EncryptedAssertionPrivateKeyPassword|-eapp> saml_encrypted_assertion_private_key_password] [<-EnablePasswordComplexity|-pc> enable_password_complexity] [<-AdminconsolePort|-ap> admin_tool_port] [<-HttpsPort|-hs> admin_tool_https_port] [<-KeystoreFile|-kf> admin_tool_file_location] [<-KeystorePass|-kp> admin_tool_keystore_password] <-MinProcessPort|-mi> minimum_port <-MaxProcessPort|-ma> maximum_port [<-ServerPort|-sv> server_shutdown_port] [<-AdminconsoleShutdownPort|-asp> admin_tool_shutdown_port] [<-BackupDirectory|-bd> backup_directory] [<-ServiceResilienceTimeout|-sr> timeout_period_in_seconds] [<-ErrorLogLevel|-el> FATAL_ERROR_WARNING_INFO_TRACE_DEBUG] <-ResourceFile|-rf> resource_file [<-Timezone|-tz> log_service_timezone_GMT+00:00] [<-Force|-f>] [<-TrustedConnection|-tc> trusted_connection (used for MSSQLServer only)] [<-DatabaseTruststoreLocation|-dbtl> database_truststore_location] [<-EnableHsts|-hsts> enable_http_strict_transport_security]
The following table describes the infasetup DefineDomain options and arguments:
Option
Description
-DatabaseAddress
-da
Required if you do not use -DatabaseConnectionString (-cs) option. Name and port number of the machine hosting the domain configuration database.
-DatabaseConnectionString
-cs
Required if you do not use -DatabaseAddress (-da) and -DatabaseServiceName (-ds) options. Connection string used to connect to the domain configuration database. Specify the database host, database port, and the database service name as part of the connection string. Enclose the connection string in quotes.
-DatabaseUserName
-du
Required if you do not use -TrustedConnection (-tc) option. Account for the database containing the domain configuration information.
-DatabasePassword
-dp
Domain configuration database password corresponding to the database user. If you omit this option,
infasetup
uses the password specified in the INFA_DEFAULT_DATABASE_PASSWORD environment variable. If you do not see a value specified in the environment variable, you must enter a password using this option.
-DatabaseType
-dt
Required. Type of database that stores the domain configuration metadata. Database types include:
  • db2
  • oracle
  • mssqlserver
  • sybase
  • postgresql
-DatabaseServiceName
-ds
Required if you do not use -DatabaseConnectionString (-cs) option. The database service name. Required for Oracle, IBM DB2, and Microsoft SQL Server databases. Enter the SID for Oracle, the service name for IBM DB2, or the database name for Microsoft SQL Server.
-Tablespace
-ts
Required for an IBM DB2 database. Name of the tablespace where the domain configuration database tables reside.
-SchemaName
-sc
Optional. Name of the Microsoft SQL Server or PostgreSQL schema. Enter a schema name if you are not using the default schema.
-DatabaseTlsEnabled
-dbtls
Optional. Indicates whether the Informatica domain database is secure with TLS or SSL. Set this option to True for the secure database. Default is false. If you specify the ‑dbtls option without a value, the Informatica domain uses secure communication to the Informatica domain database.
-DatabaseTruststorePassword
-dbtp
Optional. Password for the database truststore file for the secure database.
-DomainName
-dn
Required. Name of the domain. Domain names must be between 1 and 79 characters and cannot contain spaces or the following characters: / * ? < > " |
-DomainDescription
-de
Optional. Description of the domain.
-AdministratorName
-ad
Required. Domain administrator user name.
If the domain uses a single Kerberos realm to authenticate users, specify the samAccount name.
If the domain uses Kerberos cross realm authentication, specify the fully qualified user principal name, including the realm name. For example:
sysadmin@COMPANY.COM
-Password
-pd
Optional for Kerberos domain. Domain administrator password. You can set a password with the -pd option or the environment variable INFA_DEFAULT_DOMAIN_PASSWORD. If you set a password with both methods, the password set with the -pd option takes precedence.
For a native user account, if you enable password complexity, use the following guidelines when you create or change a password:
  • The length of the password must be at least eight characters.
  • It must be a combination of an alphabet character, a numeric character and a non-alphanumeric character, such as:
    ! \ " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~
When you use special characters in a password, the shell sometimes interprets them differently. For example, $ is interpreted as a variable. In this case, use an escape character to escape the special character.
-LicenseName
-ln
Optional. Name of the license. The name is not case sensitive and must be unique within the domain. The name cannot exceed 79 characters, have leading or trailing spaces, or contain carriage returns, tabs, or the following characters:
/ * ? < > " |
-LicenseKeyFile
-lf
Optional. Path to the license key file.
-LogServiceDirectory
-ld
Required. Shared directory path used by the Log Manager to store log event files. Verify that -ld does not match or contain the specified -sld value.
-SystemLogDirectory
-sld
Optional. Directory path to store system log files. Verify that -ld does not match or contain the specified -sld value. Default is <INFA_home>/logs.
-NodeName
-nn
Required. Name of the node. Node names must be between 1 and 79 characters and cannot contain spaces or the following characters: \ / * ? < > " |
-NodeAddress
-na
Required. Host name and port number for the machine hosting the node. Choose an available port number.
-ServiceManagerPort
-sp
Optional. Port number used by the Service Manager to listen for incoming connection requests.
-EnableTLS
-tls
Optional. Configures secure communication among the services in the Informatica domain.
If you use the default SSL certificates provided by Informatica, you do not need to specify the keystore and truststore options. If you do not use the default SSL certificate, you must specify the keystore and truststore options. Valid values are true or false. Default is false. If you specify the -tls option without a value, the Informatica domain uses secure communication among the services.
To enable secure communication for the associated services or web applications, such as Administrator tool, Analyst tool, or Web Services Hub, configure the secure communication separately within the applications.
-NodeKeystore-
-nk
Optional if you use the default SSL certificates from Informatica. Required if you use your SSL certificates. Directory that contains the keystore files. The Informatica domain requires the SSL certificates in PEM format and in Java Keystore (JKS) files. The directory must contain keystore files in PEM and JKS formats.
The keystore files must be named infa_keystore.jks and infa_keystore.pem. If the keystore file that you receive from the certificate authority (CA) has a different name, you must rename it to infa_keystore.jks and infa_keystore.pem.
You must use the same keystore file for all the nodes in the domain.
-NodeKeystorePass
-nkp
Optional if you use the default SSL certificates from Informatica. Required if you use your SSL certificates. Password for the keystore infa_keystore.jks file.
-NodeTruststore
-nt
Optional if you use the default SSL certificates from Informatica. Directory that contains the truststore files. The Informatica domain requires the SSL certificates in PEM format and in Java Keystore (JKS) files. The directory must contain truststore files in PEM and JKS formats.
The truststore files must be named infa_truststore.jks and infa_truststore.pem. If the truststore file that you receive from the certificate authority (CA) has a different name, you must rename it to infa_truststore.jks and infa_truststore.pem.
-NodeTruststorePass
-ntp
Optional if you use the default SSL certificates from Informatica. Required if you use your SSL certificates. Password for the infa_truststore.jks file.
-CipherWhiteList
-cwl
Optional. Comma-separated list of JSSE cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackList
-cbl
Optional. Comma-separated list of JSSE cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherWhiteListFile
-cwlf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackListFile
-cblf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-EnableKerberos
-krb
Optional. Configures the Informatica domain to use Kerberos authentication. Valid values are true or false.
If true, the domain uses Kerberos authentication, and you cannot later change the authentication mode. After you enable Kerberos authentication, you cannot disable it. Default is false.
If you specify the -krb option without a value, the Informatica domain uses Kerberos authentication.
-ServiceRealmName
-srn
Optional. Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example, specify the following value to include all realms that include the EAST.COMPANY.COM name:
*EAST.COMPANY.COM
-UserRealmName
-urn
Optional. Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example, specify the following value to include all realms that include the EAST.COMPANY.COM name:
*EAST.COMPANY.COM
-KeysDirectory
-kd
Optional. Directory where all keytab files and the encryption key for the Informatica domain are stored. Default is
<Informatica installation directory>/isp/config/keys
.
-SPNShareLevel
-spnSL
Optional. Indicates the service principal level for the domain. Set the property to one of the following levels:
  • Process. The domain requires a unique service principal name (SPN) and keytab file for each node and each service on a node. The number of SPNs and keytab files required for each node depends on the number of service processes that run on the node. Use the node level option if the domain does not require a high level of security.
  • Node. The domain uses one SPN and keytab file for the node and all services that run on the node. It also requires a separate SPN and keytab file for all HTTP processes on the node.
Default is process.
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set this value to true to enable SAML authentication in the Informatica domain. Default is false.
-idpUrl
-iu
Required if the -saml option is true. Specify the SAML identity provider URL.
-ServiceProviderId
-spid
Optional. The relying party trust name or the service provider identifier for the domain as defined in the identity provider.
If you specified "Informatica" as the relying party trust name in AD FS, you do not need to specify a value.
-ClockSkewTolerance
-cst
Optional. The allowed time difference between the identity provider host system clock and the system clock on the master gateway node.
The lifetime of SAML tokens issued by the identity provider by is set according to the identity provider host system clock. The lifetime of a SAML token issued by the identity provider is valid if the start time or end time set in the token is within the specified number seconds of the system clock on the master gateway node.
Values must be from 0 to 600 seconds. Default is 120 seconds.
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-AssertionSigningCertificateAlias
-asca
Required if SamlAssertionSigned is set to TRUE. The alias name specified when importing the identity provider assertion signing certificate into the truststore file used for SAML authentication.
-SamlTrustStoreDir
-std
Optional. The directory containing the custom truststore file required to use SAML authentication on gateway nodes within the domain. Specify the directory only, not the full path to the file.
The default Informatica truststore is used if no truststore is specified.
-SamlTrustStorePassword
-stp
Required if you use a custom truststore for SAML authentication. The password for the custom truststore file.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore. *
-AuthnContextComparsion
-acc
Specifies the comparison method used to evaluate the requested authorization statement. One of the following:
  • MINIMUM. The authentication context in the authentication statement must be the exact match of at least one of the authentication contexts specified.
  • MAXIMUM. The authentication context in the authentication statement must be at least as strong (as deemed by the responder) as one of the authentication contexts specified.
  • BETTER. The authentication context in the authentication statement must be stronger (as deemed by the responder) than any one of the authentication contexts specified.
  • EXACT. The authentication context in the authentication statement must be as strong as possible (as deemed by the responder) without exceeding the strength of at least one of the authentication contexts specified
Default is Exact.
-AuthnContextClassRef
-accr
The authentication context class. One of the following:
  • PASSWORD
  • PASSWORDPROTECTEDTRANSPORT
-SignSamlRequest
-ssr
Set to true to enable signed request.
Default is False
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key present in the node SAML keystore using which SAML request should be signed
-RequestSigningPrivateKeyPassword
-rspp
Required if you enable signed request. Password to access the private key used for signing the SAML request
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. One of the following:
  • RSA_SHA256
  • DSA_SHA1
  • DSA_SHA256
  • RSA_SHA1
  • RSA_SHA224
  • RSA_SHA384
  • RSA_SHA512
  • ECDSA_SHA1
  • ECDSA_SHA224
  • ECDSA_SHA256
  • ECDSA_SHA384
  • ECDSA_SHA512
  • RIPEMD160
  • RSA_MD5
-SamlResponseSigned
-srs
Set to true to enable signed response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate present in the gateway node SAML truststore using which SAML response signature will be validated.
-SamlAssertionEncrypted
-sae
Required if you enable signed response. Set to true to enable encrypted assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Required if you enable encrypted assertion. Alias name of the private key present in the gateway node SAML keystore using which key used for encrypting the assertion will be decrypted.
-EncyptedAssertionPrivateKeyPassword
-espp
Required if you enable encrypted assertion. Password to access the private key used for decrypting the assertion encryption key
-EnablePasswordComplexity
-pc
Optional. Enable password complexity to validate the password strength.
For a native user account, if you enable password complexity, use the following guidelines when you create or change a password:
  • The length of the password must be at least eight characters.
  • It must be a combination of an alphabet character, a numeric character and a non-alphanumeric character, such as:
    ! \ " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~
When you use special characters in a password, the shell sometimes interprets them differently. For example, $ is interpreted as a variable. In this case, use an escape character to escape the special character.
-AdminconsolePort
-ap
Port to access Informatica Administrator.
-HttpsPort
-hs
Optional. Port number to secure the connection to the Administrator tool. Set this port number if you want to configure HTTPS for a node.
-KeystoreFile
-kf
Optional. Keystore file that contains the keys and certificates required if you use the SSL security protocol.
-KeystorePass
-kp
Optional. A plain-text password for the keystore file. You can set a password with the -kp option or the environment variable INFA_PASSWORD. If you set a password with both methods, the password set with the -kp option takes precedence.
-MinProcessPort
-mi
Required. Minimum port number for application service processes that run on the node.
-MaxProcessPort
-ma
Required. Maximum port number for application service processes that run on the node.
-ServerPort
-sv
Optional. TCP/IP port number used by the Service Manager. The Service Manager listens for shutdown commands from domain components on this port. Set this port number if you have multiple nodes on one machine or if the default port number is in use. Default is the node port number plus one.
-AdminconsoleShutdownPort
-asp
Port number that controls shutdown for Informatica Administrator.
-BackupDirectory
-bd
Optional. Directory to store repository backup files. The directory must be accessible by the node.
-ServiceResilienceTimeout
-sr
Optional. Amount of time in seconds that
infasetup
tries to establish or reestablish a connection to the local domain. If you omit this option,
infasetup
uses the timeout value specified in the INFA_CLIENT_RESILIENCE_TIMEOUT environment variable. If you do not see a value specified in the environment variable, the default of 180 seconds is used.
-ErrorLogLevel
-el
Optional. Severity level for log events in the domain log. Default is info.
-ResourceFile
-rf
Required. File that contains the list of available resources for the node. Use the file, nodeoptions.xml, located in the following location:
<Informatica installation directory>/isp/bin
-TimeZone
-tz
Optional. Time zone used by the Log Manager when it generates log event files. Default is GMT+00:00. Configure the time zone in the following format:
GMT(+/-)hh:mm
-Force
-f
Optional. Overwrites the database if a database with the same name already exists. Do not include any characters after this option.
-TrustedConnection
-tc
Optional. Connect to the Microsoft SQL Server database through a trusted connection. Trusted authentication uses the Windows security credentials of the current user to connect to Microsoft SQL Server.
If you use a trusted connection, configure the DatabaseConnectionString option.
-DatabaseTruststoreLocation
-dbtl
Path and file name of the truststore file for the secure domain repository database. Required if you configure a secure domain repository database for the domain.
EnableHsts
-hsts
Optional. Set to TRUE to enable HTTP strict transport security. HTTP strict transport security requires webapps to use HTTPS.
* Note: If you currently run scripts that use this command to enable a custom keystore for SAML authentication, you must update them to include this option.
If you run DefineDomain on a node that currently hosts a domain, reconfigure the following domain properties:
  • Application services.
    Recreate any application service that ran on the domain.
  • Users.
    Recreate users.
  • Gateway nodes.
    Configure the gateway nodes in the domain.
  • General domain properties.
    Configure resilience timeout and maximum restart attempts for the domain.
  • Grids.
    Recreate any grid in the domain.
  • LDAP authentication
    . Configure LDAP authentication for the domain.
  • Log Manager properties.
    Configure the Log Manager shared directory path, purge properties, and time zone.
If you change the gateway node host name or port number, you must also add each node to the domain using the
infacmd
AddDomainNode command.

0 COMMENTS

We’d like to hear from you!