www.bonsaiframework.com
Page tree
Skip to end of metadata
Go to start of metadata

Starting Services

Services must be started and stopped in the right order.

  • Master Directory and any Directory Shadows
  • Informix Database
  • CA (Security Manager)
  • Roaming Server all instances

Start Directory via Management Tool

This is Shawn's preferred method.

Primary Directory

su -
su - diradmin
odselog -a       # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start

Start the management tool,

odsmgmt

Upon startup of odsmgmt, if there were any errors during shut down you would see them.

Start the service by hitting s,

------------------------------
CP Directory Server Management
------------------------------

Enter the letter for the management operation required:

    (s) Start the directory
    (w) Display directories running
    (l) Display odssched.log
    (e) Report any errors or warnings that occurred
    (c) Clears any errors or warnings that have occurred
    (q) Quit

>s

odssched 10393 started

Verify that the service is working,

>v
pid     inst    action          fails   state   name    options

10394   M       default         0       ok      odsmdsa -d"/var/cpshadow"
10395   0       restart this    0       ok      odssdsa
10396   1       restart this    0       ok      odssdsa
10397   0       restart this    0       ok      odscomms
10398   0       restart this    0       ok      odscommsi
10399   0       default         0       ok      odsshadi
10400   0       restart this    0       ok      odsldap3        -ldap:389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1

Shadow Directory

Repeat the above steps except the data directory changes from cpmaster to cpshadow,

su -
su - diradmin
odselog -a       # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsmgmt

Start Directory via Command Line

Primary Directory

Log into CA1.

Start the Critical Path Directory Server as the diradmin user,

su -
su - diradmin
odselog -a       # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart

Verify that the service is running properly,

odsmgmt -v
pid     inst    action          fails   state   name    options

6933    M       default         0       ok      odsmdsa -d"/var/cpmaster"
6934    0       restart this    0       ok      odssdsa
6935    1       restart this    0       ok      odssdsa
6936    0       restart this    0       ok      odscomms
6937    0       restart this    0       ok      odscommsi
6938    0       default         0       ok      odsshadi
6939    0       restart this    0       ok      odsldap3        -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1

You can also see the processes,

ps -ef | grep ods
diradmin  6932  1191   0 14:11:41 ?           0:00 odssched
diradmin  6934  6932   0 14:11:41 ?           0:00 odssdsa -I0
diradmin  6936  6932   0 14:11:41 ?           0:00 odscomms -P0 -I0
diradmin  6935  6932   0 14:11:41 ?           0:00 odssdsa -I1
diradmin  6933  6932   0 14:11:41 ?           0:00 odsmdsa -d"/var/cpmaster" -I0
diradmin  6937  6932   0 14:11:41 ?           0:00 odscommsi -P0 -I0
diradmin  6938  6932   0 14:11:41 ?           0:00 odsshadi -I0
    root  6939  6932   0 14:11:41 ?           0:09 odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 -instanceNum
diradmin  8235  5612   0 14:30:29 pts/2       0:00 grep ods

The primary Critical Path Directory Services is now running.

Shadow Directory

Log into RS1.

Repeat the above steps except the data directory changes from cpmaster to cpshadow,

su -
su - diradmin
odselog -a       # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart
odsmgmt -v

Should put instructions here on verifying shadow agreement works. 2 ways, view new Directory entries and see if it replicates or use DAC (Directory Access Centre) fat client program.

Informix Database

Alternatively, there is another command startstop.sh That will start both the Informix Database and the CA.

Please note that you must import environment settings before running the scripts. . ./env_settings.sh

Log into CA1,

su -
su - master
oninit -v # Start Informix

You see various output as Informix starts,

Checking group membership to determine server run modesucceeded
Reading configuration file '/opt/informix/etc/onconfig'...succeeded
Creating /INFORMIXTMP/.infxdirs ... succeeded
Creating infos file "/opt/informix/etc/.infos.entrust_unx_shm" ... "/opt/informix/etc/.conf.entrust_unx_shm" ... succeeded
Writing to infos file ... succeeded
Checking config parameters...succeeded
Allocating and attaching to shared memory...succeeded
Creating resident pool 2300 kbytes...succeeded
Creating buffer pool 10002 kbytes...succeeded
Initializing rhead structure...succeeded
Initializing ASF ...succeeded
Initializing Dictionary Cache and SPL Routine Cache...succeeded
Bringing up ADM VP...succeeded
Creating VP classes...succeeded
Onlining 0 additional cpu vps...succeeded
Onlining 2 IO vps...succeeded
Initialization of Encryption...succeeded
Forking main_loop thread...succeeded
Initializing DR structures...succeeded
Forking 1 'ipcstr' listener threads...succeeded
Starting tracing...succeeded
Initializing 2 flushers...succeeded
Initializing log/checkpoint information...succeeded
Opening primary chunks...succeeded
Opening mirror chunks...succeeded
Initializing dbspaces...succeeded
Validating chunks...succeeded
Initialize Async Log Flusher...succeeded
Forking btree cleaner...succeeded
Initializing DBSPACETEMP list
Checking database partition index...succeeded
Checking location of physical log...succeeded
Initializing dataskip structure...succeeded
Checking for temporary tables to drop
Forking onmode_mon thread...succeeded
Verbose output complete: mode = 5

Do a final check to verify Informix is running,

onstat -

IBM Informix Dynamic Server Version 9.40.UC9     -- On-Line -- Up 00:01:56 -- 33792 Kbytes

CA (Security Manager)

Log into CA1.

Using entsh is Shawn's preferred method of starting the CA. You must be a master user.

su -
su - master
entsh
Entrust Authority (TM) Security Manager Control Command Shell 7.1 SP3 Patch 165634(208)
Copyright 1994-2011 Entrust. All rights reserved.

This will take you into the ensh command shell. Execute the following commands to login as one of the Master users. Note the capital M on the name of the master.

login
Master User Name: Master1
Password:
You are logged in to Security Manager Control
ou=CA200,o=e-Scotia.com,c=CA.Master1 $

Start the actually service subsystems,

ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service start
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service status
sep     Entrust SEP               enabled  up  2 processes
keygen  Key Generator             enabled  up  1 processes
backup  Automatic Backup          enabled  up  1 processes
integ   Database Integrity Check  enabled  up  1 processes
amb     CRL and Maintenance       enabled  up  1 processes
ash     Admin Service Handler     enabled  up  8 processes
cmp     PKIX-CMP                  enabled  up  2 processes
xap     XML Admin Protocol        enabled  up  2 processes

Roaming Server

There may actually be more than one Roaming Server instances. However they have no dependency on each other.

Log into RS1

Start RS1.

su - root
cd /opt/roamingserver
./entroamsrv.sh start
Starting Entrust roaming server...  Done

What happened to ./entrs.sh -d?

It still works but Shawn recommends this new command.

 You can verify the Roaming Server started by looking at the logs,

tail ./rslog
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Acceptable symmetric algorithms for client-server communication: CAST-128 TripleDES IDEA
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Lockout user after 4 failed login attempts in 1 hours.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Lockout attempt check is enabled.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Disallow logins with non-integrity-protected roaming user information.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Roaming Service mode is Default (All Service)
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     DEBUG: Started prune thread

2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Automatic update of the server's keys has been disabled
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Initializing TCP socket on port 6420
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1     Ready to accept requests!

Log into RS3

New versions of Roaming Server no longer need to to use root to start services.

Shawn fixed RS3 to use svradm.

There is also an extra RS3 to enable Enforced Roaming ID for Admin Services 7.3. This is temporary until Entrust provides a fix to allow AS itself to enforce Roaming IDs.

su - svradm
cd /opt/roamingserver_URS
./entroamsrv.sh start
Starting Entrust roaming server...  Done

Stopping Services

...

Diagnostics

Database Integrity Check

If there are alerts around the database log into entsh as a master use,

ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity
Syntax: db integrity validate | query | { config -timer <period> <notbefore> <notafter> }
Description: perform, query or configure automatic integrity check
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity validate
66% complete. Estimated time remaining 00:06:32 @ (852.7/s) \
100% complete. Estimated time remaining 00:00:00 |   374.2/s) \
Database integrity validation completed successfully.
  • No labels