Services must be started and stopped in the right order.
This is Shawn's preferred method.
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start |
Start the management tool,
odsmgmt |
Upon startup of odsmgmt, if there were any errors during shut down you would see them.
Start the service by hitting s,
------------------------------ CP Directory Server Management ------------------------------ Enter the letter for the management operation required: (s) Start the directory (w) Display directories running (l) Display odssched.log (e) Report any errors or warnings that occurred (c) Clears any errors or warnings that have occurred (q) Quit >s odssched 10393 started |
Verify that the service is working,
>v pid inst action fails state name options 10394 M default 0 ok odsmdsa -d"/var/cpshadow" 10395 0 restart this 0 ok odssdsa 10396 1 restart this 0 ok odssdsa 10397 0 restart this 0 ok odscomms 10398 0 restart this 0 ok odscommsi 10399 0 default 0 ok odsshadi 10400 0 restart this 0 ok odsldap3 -ldap:389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 |
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start odsmgmt |
Log into CA1.
Start the Critical Path Directory Server as the diradmin user,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start odsstart |
Verify that the service is running properly,
odsmgmt -v pid inst action fails state name options 6933 M default 0 ok odsmdsa -d"/var/cpmaster" 6934 0 restart this 0 ok odssdsa 6935 1 restart this 0 ok odssdsa 6936 0 restart this 0 ok odscomms 6937 0 restart this 0 ok odscommsi 6938 0 default 0 ok odsshadi 6939 0 restart this 0 ok odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 |
You can also see the processes,
ps -ef | grep ods diradmin 6932 1191 0 14:11:41 ? 0:00 odssched diradmin 6934 6932 0 14:11:41 ? 0:00 odssdsa -I0 diradmin 6936 6932 0 14:11:41 ? 0:00 odscomms -P0 -I0 diradmin 6935 6932 0 14:11:41 ? 0:00 odssdsa -I1 diradmin 6933 6932 0 14:11:41 ? 0:00 odsmdsa -d"/var/cpmaster" -I0 diradmin 6937 6932 0 14:11:41 ? 0:00 odscommsi -P0 -I0 diradmin 6938 6932 0 14:11:41 ? 0:00 odsshadi -I0 root 6939 6932 0 14:11:41 ? 0:09 odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 -instanceNum diradmin 8235 5612 0 14:30:29 pts/2 0:00 grep ods |
The primary Critical Path Directory Services is now running.
Log into RS1.
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
su - su - diradmin odselog -a # Check if there were errors before you start cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start odsstart odsmgmt -v |
Should put instructions here on verifying shadow agreement works. 2 ways, view new Directory entries and see if it replicates or use DAC (Directory Access Centre) fat client program. |
Alternatively, there is another command startstop.sh That will start both the Informix Database and the CA. |
Please note that you must import environment settings before running the scripts. . ./env_settings.sh
Log into CA1,
su - su - master oninit -v # Start Informix |
You see various output as Informix starts,
Checking group membership to determine server run modesucceeded Reading configuration file '/opt/informix/etc/onconfig'...succeeded Creating /INFORMIXTMP/.infxdirs ... succeeded Creating infos file "/opt/informix/etc/.infos.entrust_unx_shm" ... "/opt/informix/etc/.conf.entrust_unx_shm" ... succeeded Writing to infos file ... succeeded Checking config parameters...succeeded Allocating and attaching to shared memory...succeeded Creating resident pool 2300 kbytes...succeeded Creating buffer pool 10002 kbytes...succeeded Initializing rhead structure...succeeded Initializing ASF ...succeeded Initializing Dictionary Cache and SPL Routine Cache...succeeded Bringing up ADM VP...succeeded Creating VP classes...succeeded Onlining 0 additional cpu vps...succeeded Onlining 2 IO vps...succeeded Initialization of Encryption...succeeded Forking main_loop thread...succeeded Initializing DR structures...succeeded Forking 1 'ipcstr' listener threads...succeeded Starting tracing...succeeded Initializing 2 flushers...succeeded Initializing log/checkpoint information...succeeded Opening primary chunks...succeeded Opening mirror chunks...succeeded Initializing dbspaces...succeeded Validating chunks...succeeded Initialize Async Log Flusher...succeeded Forking btree cleaner...succeeded Initializing DBSPACETEMP list Checking database partition index...succeeded Checking location of physical log...succeeded Initializing dataskip structure...succeeded Checking for temporary tables to drop Forking onmode_mon thread...succeeded Verbose output complete: mode = 5 |
Do a final check to verify Informix is running,
onstat - IBM Informix Dynamic Server Version 9.40.UC9 -- On-Line -- Up 00:01:56 -- 33792 Kbytes |
Log into CA1.
Using entsh is Shawn's preferred method of starting the CA. You must be a master user.
su - su - master entsh Entrust Authority (TM) Security Manager Control Command Shell 7.1 SP3 Patch 165634(208) Copyright 1994-2011 Entrust. All rights reserved. |
This will take you into the ensh command shell. Execute the following commands to login as one of the Master users. Note the capital M on the name of the master.
login Master User Name: Master1 Password: You are logged in to Security Manager Control ou=CA200,o=e-Scotia.com,c=CA.Master1 $ |
Start the actually service subsystems,
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service start ou=CA200,o=e-Scotia.com,c=CA.Master1 $ service status sep Entrust SEP enabled up 2 processes keygen Key Generator enabled up 1 processes backup Automatic Backup enabled up 1 processes integ Database Integrity Check enabled up 1 processes amb CRL and Maintenance enabled up 1 processes ash Admin Service Handler enabled up 8 processes cmp PKIX-CMP enabled up 2 processes xap XML Admin Protocol enabled up 2 processes |
There may actually be more than one Roaming Server instances. However they have no dependency on each other.
Start RS1.
su - root cd /opt/roamingserver ./entroamsrv.sh start Starting Entrust roaming server... Done |
What happened to ./entrs.sh -d? It still works but Shawn recommends this new command. |
You can verify the Roaming Server started by looking at the logs,
tail ./rslog 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Acceptable symmetric algorithms for client-server communication: CAST-128 TripleDES IDEA 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Lockout user after 4 failed login attempts in 1 hours. 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Lockout attempt check is enabled. 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Disallow logins with non-integrity-protected roaming user information. 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Roaming Service mode is Default (All Service) 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 DEBUG: Started prune thread 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Automatic update of the server's keys has been disabled 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Initializing TCP socket on port 6420 2011/06/29 16:54:05 entrs:ROAM,15927:1000(svradm):1 Ready to accept requests! |
New versions of Roaming Server no longer need to to use root to start services. Shawn fixed RS3 to use svradm. |
There is also an extra RS3 to enable Enforced Roaming ID for Admin Services 7.3. This is temporary until Entrust provides a fix to allow AS itself to enforce Roaming IDs.
su - svradm cd /opt/roamingserver_URS ./entroamsrv.sh start Starting Entrust roaming server... Done |
...
If there are alerts around the database log into entsh as a master use,
ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity Syntax: db integrity validate | query | { config -timer <period> <notbefore> <notafter> } Description: perform, query or configure automatic integrity check ou=CA200,o=e-Scotia.com,c=CA.Master1 $ db integrity validate 66% complete. Estimated time remaining 00:06:32 @ (852.7/s) \ 100% complete. Estimated time remaining 00:00:00 | 374.2/s) \ Database integrity validation completed successfully. |