Starting Services
Services must be started and stopped in the right order.
- Master Directory and any Directory Shadows
- Informix Database
- CA (Security Manager)
- Roaming Server all instances
This is Shawn's preferred method.
Primary Directory
| Code Block |
|---|
|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start |
Start the management tool,
Upon startup of odsmgmt, if there were any errors during shut down you would see them.
Start the service by hitting s,
| Code Block |
|---|
|
------------------------------
CP Directory Server Management
------------------------------
Enter the letter for the management operation required:
(s) Start the directory
(w) Display directories running
(l) Display odssched.log
(e) Report any errors or warnings that occurred
(c) Clears any errors or warnings that have occurred
(q) Quit
>s
odssched 10393 started |
Verify that the service is working,
| Code Block |
|---|
|
>v
pid inst action fails state name options
10394 M default 0 ok odsmdsa -d"/var/cpshadow"
10395 0 restart this 0 ok odssdsa
10396 1 restart this 0 ok odssdsa
10397 0 restart this 0 ok odscomms
10398 0 restart this 0 ok odscommsi
10399 0 default 0 ok odsshadi
10400 0 restart this 0 ok odsldap3 -ldap:389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
|
Shadow Directory
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
| Code Block |
|---|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsmgmt
|
Start Directory via Command Line
Primary Directory
Log into CA1.
Start the Critical Path Directory Server as the diradmin user,
| Code Block |
|---|
|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart |
Verify that the service is running properly,
| Code Block |
|---|
|
odsmgmt -v
pid inst action fails state name options
6933 M default 0 ok odsmdsa -d"/var/cpmaster"
6934 0 restart this 0 ok odssdsa
6935 1 restart this 0 ok odssdsa
6936 0 restart this 0 ok odscomms
6937 0 restart this 0 ok odscommsi
6938 0 default 0 ok odsshadi
6939 0 restart this 0 ok odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
|
You can also see the processes,
| Code Block |
|---|
|
ps -ef | grep ods
diradmin 6932 1191 0 14:11:41 ? 0:00 odssched
diradmin 6934 6932 0 14:11:41 ? 0:00 odssdsa -I0
diradmin 6936 6932 0 14:11:41 ? 0:00 odscomms -P0 -I0
diradmin 6935 6932 0 14:11:41 ? 0:00 odssdsa -I1
diradmin 6933 6932 0 14:11:41 ? 0:00 odsmdsa -d"/var/cpmaster" -I0
diradmin 6937 6932 0 14:11:41 ? 0:00 odscommsi -P0 -I0
diradmin 6938 6932 0 14:11:41 ? 0:00 odsshadi -I0
root 6939 6932 0 14:11:41 ? 0:09 odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 -instanceNum
diradmin 8235 5612 0 14:30:29 pts/2 0:00 grep ods
|
The primary Critical Path Directory Services is now running.
Shadow Directory
Log into RS1.
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
| Code Block |
|---|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart
odsmgmt -v |
| Note |
|---|
Should put instructions here on verifying shadow agreement works. 2 ways, view new Directory entries and see if it replicates or use DAC (Directory Access Centre) fat client program. |
| Note |
|---|
Alternatively, there is another command startstop.sh That will start both the Informix Database and the CA. |
Please note that you must import environment settings before running the scripts. . ./env_settings.sh
Log into CA1,
| Code Block |
|---|
|
su -
su - master
oninit -v # Start Informix |
You see various output as Informix starts,
| Code Block |
|---|
|
Checking group membership to determine server run modesucceeded
Reading configuration file '/opt/informix/etc/onconfig'...succeeded
Creating /INFORMIXTMP/.infxdirs ... succeeded
Creating infos file "/opt/informix/etc/.infos.entrust_unx_shm" ... "/opt/informix/etc/.conf.entrust_unx_shm" ... succeeded
Writing to infos file ... succeeded
Checking config parameters...succeeded
Allocating and attaching to shared memory...succeeded
Creating resident pool 2300 kbytes...succeeded
Creating buffer pool 10002 kbytes...succeeded
Initializing rhead structure...succeeded
Initializing ASF ...succeeded
Initializing Dictionary Cache and SPL Routine Cache...succeeded
Bringing up ADM VP...succeeded
Creating VP classes...succeeded
Onlining 0 additional cpu vps...succeeded
Onlining 2 IO vps...succeeded
Initialization of Encryption...succeeded
Forking main_loop thread...succeeded
Initializing DR structures...succeeded
Forking 1 'ipcstr' listener threads...succeeded
Starting tracing...succeeded
Initializing 2 flushers...succeeded
Initializing log/checkpoint information...succeeded
Opening primary chunks...succeeded
Opening mirror chunks...succeeded
Initializing dbspaces...succeeded
Validating chunks...succeeded
Initialize Async Log Flusher...succeeded
Forking btree cleaner...succeeded
Initializing DBSPACETEMP list
Checking database partition index...succeeded
Checking location of physical log...succeeded
Initializing dataskip structure...succeeded
Checking for temporary tables to drop
Forking onmode_mon thread...succeeded
Verbose output complete: mode = 5
|
Do a final check to verify Informix is running,
| Code Block |
|---|
|
onstat -
IBM Informix Dynamic Server Version 9.40.UC9 -- On-Line -- Up 00:01:56 -- 33792 Kbytes |
CA (Security Manager)
Log into CA1.
Using entsh is Shawn's preferred method of starting the CA. You must be a master user.
| Code Block |
|---|
su -
su - master
entsh
Entrust Authority (TM) Security Manager Control Command Shell 7.1 SP3 Patch 165634(208)
Copyright 1994-2011 Entrust. All rights reserved. |
This will take you into the ensh command shell. Execute the following commands to login as one of the Master users. Note the capital M on the name of the master.
| Code Block |
|---|
login
Master User Name: Master1
Password:
You are logged in to Security Manager Control
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ |
Start the actually service subsystems,
| Code Block |
|---|
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service start
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service status
sep Entrust SEP enabled up 2 processes
keygen Key Generator enabled up 1 processes
backup Automatic Backup enabled up 1 processes
integ Database Integrity Check enabled up 1 processes
amb CRL and Maintenance enabled up 1 processes
ash Admin Service Handler enabled up 8 processes
cmp PKIX-CMP enabled up 2 processes
xap XML Admin Protocol enabled up 2 processes |
Roaming Server
There may actually be more than one Roaming Server instances. However they have no dependency on each other.
Log into RS1
Start RS1.
| Code Block |
|---|
|
su - root
cd /opt/roamingserver
./entroamsrv.sh start
Starting Entrust roaming server... Done |
| Note |
|---|
What happened to ./entrs.sh -d? It still works but Shawn recommends this new command. |
You can verify the Roaming Server started by looking at the logs,
| Code Block |
|---|
|
tail ./rslog
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Acceptable symmetric algorithms for client-server communication: CAST-128 TripleDES IDEA
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Lockout user after 4 failed login attempts in 1 hours.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Lockout attempt check is enabled.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Disallow logins with non-integrity-protected roaming user information.
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Roaming Service mode is Default (All Service)
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 DEBUG: Started prune thread
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Automatic update of the server's keys has been disabled
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Initializing TCP socket on port 6420
2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Ready to accept requests!
|
Log into RS3
| Note |
|---|
New versions of Roaming Server no longer need to to use root to start services. Shawn fixed RS3 to use svradm. |
There is also an extra RS3 to enable Enforced Roaming ID for Admin Services 7.3. This is temporary until Entrust provides a fix to allow AS itself to enforce Roaming IDs.
| Code Block |
|---|
|
su - svradm
cd /opt/roamingserver_URS
./entroamsrv.sh start
Starting Entrust roaming server... Done |
Stopping Services
...
Diagnostics
Database Integrity Check
If there are alerts around the database log into entsh as a master use,
| Code Block |
|---|
|
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity
Syntax: db integrity validate | query | { config -timer <period> <notbefore> <notafter> }
Description: perform, query or configure automatic integrity check
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity validate
66% complete. Estimated time remaining 00:06:32 @ (852.7/s) \
100% complete. Estimated time remaining 00:00:00 | 374.2/s) \
Database integrity validation completed successfully. |