...
- Stores CA certificates
- CRLs
- Optionally, user information
Starting Services
Services must be started and stopped in the right order.
- Master Directory and any Directory Shadows
- Informix Database
- CA
- Roaming Server all instances
Start Directory via Management Tool
This is Shawn's preferred method.
Primary Directory
Code Block |
---|
|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start |
Start the management tool,
Upon startup of odsmgmt, if there were any errors during shut down you would see them.
Start the service by hitting s,
Code Block |
---|
|
------------------------------
CP Directory Server Management
------------------------------
Enter the letter for the management operation required:
(s) Start the directory
(w) Display directories running
(l) Display odssched.log
(e) Report any errors or warnings that occurred
(c) Clears any errors or warnings that have occurred
(q) Quit
>s
odssched 10393 started |
Verify that the service is working,
Code Block |
---|
|
>v
pid inst action fails state name options
10394 M default 0 ok odsmdsa -d"/var/cpshadow"
10395 0 restart this 0 ok odssdsa
10396 1 restart this 0 ok odssdsa
10397 0 restart this 0 ok odscomms
10398 0 restart this 0 ok odscommsi
10399 0 default 0 ok odsshadi
10400 0 restart this 0 ok odsldap3 -ldap:389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
|
Shadow Directory
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
Code Block |
---|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsmgmt
|
Start Directory via Command Line
Primary Directory
Log into CA1.
Start the Critical Path Directory Server as the diradmin user,
Code Block |
---|
|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpmaster # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart |
Verify that the service is running properly,
Code Block |
---|
|
odsmgmt -v
pid inst action fails state name options
6933 M default 0 ok odsmdsa -d"/var/cpmaster"
6934 0 restart this 0 ok odssdsa
6935 1 restart this 0 ok odssdsa
6936 0 restart this 0 ok odscomms
6937 0 restart this 0 ok odscommsi
6938 0 default 0 ok odsshadi
6939 0 restart this 0 ok odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1
|
You can also see the processes,
Code Block |
---|
|
ps -ef | grep ods
diradmin 6932 1191 0 14:11:41 ? 0:00 odssched
diradmin 6934 6932 0 14:11:41 ? 0:00 odssdsa -I0
diradmin 6936 6932 0 14:11:41 ? 0:00 odscomms -P0 -I0
diradmin 6935 6932 0 14:11:41 ? 0:00 odssdsa -I1
diradmin 6933 6932 0 14:11:41 ? 0:00 odsmdsa -d"/var/cpmaster" -I0
diradmin 6937 6932 0 14:11:41 ? 0:00 odscommsi -P0 -I0
diradmin 6938 6932 0 14:11:41 ? 0:00 odsshadi -I0
root 6939 6932 0 14:11:41 ? 0:09 odsldap3 -ldap:1389 -ldaps:0 -http:0 -https:0 -charsetv2:iso8859-1 -instanceNum
diradmin 8235 5612 0 14:30:29 pts/2 0:00 grep ods
|
The primary Critical Path Directory Services is now running.
Shadow Directory
Log into RS1.
Repeat the above steps except the data directory changes from cpmaster to cpshadow,
Code Block |
---|
su -
su - diradmin
odselog -a # Check if there were errors before you start
cd /var/cpshadow # You MUST be in the Critical Path Data Directory of the instance you want to start
odsstart
odsmgmt -v |
Note |
---|
Should put instructions here on verifying shadow agreement works. 2 ways, view new Directory entries and see if it replicates or use DAC (Directory Access Centre) fat client program. |
Informix Database
Note |
---|
Alternatively, there is another command startstop.sh That will start both the Informix Database and the CA. |
Log into CA1,
Code Block |
---|
|
su -
su - master
oninit -v # Start Informix |
You see various output as Informix starts,
Code Block |
---|
|
Checking group membership to determine server run modesucceeded
Reading configuration file '/opt/informix/etc/onconfig'...succeeded
Creating /INFORMIXTMP/.infxdirs ... succeeded
Creating infos file "/opt/informix/etc/.infos.entrust_unx_shm" ... "/opt/informix/etc/.conf.entrust_unx_shm" ... succeeded
Writing to infos file ... succeeded
Checking config parameters...succeeded
Allocating and attaching to shared memory...succeeded
Creating resident pool 2300 kbytes...succeeded
Creating buffer pool 10002 kbytes...succeeded
Initializing rhead structure...succeeded
Initializing ASF ...succeeded
Initializing Dictionary Cache and SPL Routine Cache...succeeded
Bringing up ADM VP...succeeded
Creating VP classes...succeeded
Onlining 0 additional cpu vps...succeeded
Onlining 2 IO vps...succeeded
Initialization of Encryption...succeeded
Forking main_loop thread...succeeded
Initializing DR structures...succeeded
Forking 1 'ipcstr' listener threads...succeeded
Starting tracing...succeeded
Initializing 2 flushers...succeeded
Initializing log/checkpoint information...succeeded
Opening primary chunks...succeeded
Opening mirror chunks...succeeded
Initializing dbspaces...succeeded
Validating chunks...succeeded
Initialize Async Log Flusher...succeeded
Forking btree cleaner...succeeded
Initializing DBSPACETEMP list
Checking database partition index...succeeded
Checking location of physical log...succeeded
Initializing dataskip structure...succeeded
Checking for temporary tables to drop
Forking onmode_mon thread...succeeded
Verbose output complete: mode = 5
|
Do a final check to verify Informix is running,
Code Block |
---|
|
onstat -
IBM Informix Dynamic Server Version 9.40.UC9 -- On-Line -- Up 00:01:56 -- 33792 Kbytes |
CA
Log into CA1.
Using entsh is Shawn's preferred method of starting the CA. You must be a master user.
Code Block |
---|
su -
su - master
entsh
Entrust Authority (TM) Security Manager Control Command Shell 7.1 SP3 Patch 165634(208)
Copyright 1994-2011 Entrust. All rights reserved. |
This will take you into the ensh command shell. Execute the following commands to login as one of the Master users. Note the capital M on the name of the master.
Code Block |
---|
login
Master User Name: Master2
Password:
You are logged in to Security Manager Control
ou=CA200,o=e-Scotia.com,c=CA.Master2 $ |
Start the actuall service subsystems,
Code Block |
---|
ou=CA200,o=e-Scotia.com,c=CA.Master2 $ service start
ou=CA200,o=e-Scotia.com,c=CA.Master2 $ service status
sep Entrust SEP enabled up 2 processes
keygen Key Generator enabled up 1 processes
backup Automatic Backup enabled up 1 processes
integ Database Integrity Check enabled up 1 processes
amb CRL and Maintenance enabled up 1 processes
ash Admin Service Handler enabled up 8 processes
cmp PKIX-CMP enabled up 2 processes
xap XML Admin Protocol enabled up 2 processes |
Roaming Server
There may actually be more than one Roaming Server instances. However they have no dependency on each other.
Log into RS1
Code Block |
---|
|
su - root
cd /opt/roamingserver
./entroamsrv.sh start
Starting Entrust roaming server... Done |
Note |
---|
What happened to ./entrs.sh -d? It still works but Shawn recommends this new command. |
Log into RS3
Note |
---|
New versions of Roaming Server no longer need to to use root to start services. Shawn fixed RS3 to use svradm. |
There is also an extra RS3 to enable Enforced Roaming ID for Admin Services 7.3. This is temporary until Entrust provides a fix to allow AS itself to enforce Roaming IDs.
Code Block |
---|
|
su - svradm
cd /opt/roamingserver_URS
./entroamsrv.sh start
Starting Entrust roaming server... Done |
Stopping Services
...