Starting Services
Services must be started and stopped in the right order.
- Master Directory and any Directory Shadows
- Informix Database
- CA (Security Manager)
- Roaming Server all instances
Start Directory via Management Tool
This is Shawn's preferred method.
Primary Directory
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start
Start the management tool,
odsmgmt
Upon startup of odsmgmt, if there were any errors during shut down you would see them.
Start the service by hitting s,
------------------------------ CP Directory Server Management ------------------------------ Enter the letter for the management operation required: (s) Start the directory (w) Display directories running (l) Display odssched.log (e) Report any errors or warnings that occurred (c) Clears any errors or warnings that have occurred (q) Quit >s odssched 10393 started
Verify that the service is working,
>v pid inst action fails state name options 10394 M default 0 ok odsmdsa -d"/var/cpshadow" 10395 0 restart this 0 ok odssdsa 10396 1 restart this 0 ok odssdsa 10397 0 restart this 0 ok odscomms 10398 0 restart this 0 ok odscommsi 10399 0 default 0 ok odsshadi 10400 0 restart this 0 ok odsldap3 -ldap:389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
Shadow Directory
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start odsmgmt
Start Directory via Command Line
Primary Directory
Log into CA1.
Start the Critical Path Directory Server as the diradmin user,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start odsstart
Verify that the service is running properly,
odsmgmt -v pid inst action fails state name options 6933 M default 0 ok odsmdsa -d"/var/cpmaster" 6934 0 restart this 0 ok odssdsa 6935 1 restart this 0 ok odssdsa 6936 0 restart this 0 ok odscomms 6937 0 restart this 0 ok odscommsi 6938 0 default 0 ok odsshadi 6939 0 restart this 0 ok odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
You can also see the processes,
The primary Critical Path Directory Services is now running.
Shadow Directory
Log into RS1.
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start odsstart odsmgmt -v
Should put instructions here on verifying shadow agreement works. 2 ways, view new Directory entries and see if it replicates or use DAC (Directory Access Centre) fat client program.
Informix Database
Alternatively, there is another command startstop.sh That will start both the Informix Database and the CA.
Please note that you must import environment settings before running the scripts. . ./env_settings.sh
Log into CA1,
su - su - master oninit -v # Start Informix
You see various output as Informix starts,
Do a final check to verify Informix is running,
onstat - IBM Informix Dynamic Server Version 9.40.UC9 -- On-Line -- Up 00:01:56 -- 33792 Kbytes
CA (Security Manager)
Log into CA1.
Using entsh is Shawn's preferred method of starting the CA. You must be a master user.
su - su - master entsh Entrust Authority (TM) Security Manager Control Command Shell 7.1 SP3 Patch 165634(208) Copyright 1994-2011 Entrust. All rights reserved.
This will take you into the ensh command shell. Execute the following commands to login as one of the Master users. Note the capital M on the name of the master.
login Master User Name: Master1 Password: You are logged in to Security Manager Control ou=CA200,o=e-Scotia.com,c=CA.Master1 $
Start the actually service subsystems,
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service start ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service status sep Entrust SEP enabled up 2 processes keygen Key Generator enabled up 1 processes backup Automatic Backup enabled up 1 processes integ Database Integrity Check enabled up 1 processes amb CRL and Maintenance enabled up 1 processes ash Admin Service Handler enabled up 8 processes cmp PKIX-CMP enabled up 2 processes xap XML Admin Protocol enabled up 2 processes
Roaming Server
There may actually be more than one Roaming Server instances. However they have no dependency on each other.
Log into RS1
Start RS1.
su - root cd /opt/roamingserver ./entroamsrv.sh start Starting Entrust roaming server... Done
What happened to ./entrs.sh -d?
It still works but Shawn recommends this new command.
You can verify the Roaming Server started by looking at the logs,
Log into RS3
New versions of Roaming Server no longer need to to use root to start services.
Shawn fixed RS3 to use svradm.
There is also an extra RS3 to enable Enforced Roaming ID for Admin Services 7.3. This is temporary until Entrust provides a fix to allow AS itself to enforce Roaming IDs.
su - svradm cd /opt/roamingserver_URS ./entroamsrv.sh start Starting Entrust roaming server... Done
Stopping Services
...
Diagnostics
Database Integrity Check
If there are alerts around the database log into entsh as a master use,
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity Syntax: db integrity validate | query | { config -timer <period> <notbefore> <notafter> } Description: perform, query or configure automatic integrity check ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity validate 66% complete. Estimated time remaining 00:06:32 @ (852.7/s) \ 100% complete. Estimated time remaining 00:00:00 | 374.2/s) \ Database integrity validation completed successfully.