Symantec Access Management

  • Private Community
 View Only

  • 1.  SiteMinder policy server and CA Directory policy store auto start after reboot

    Posted Nov 29, 2021 01:22 PM
    HI Team,

    Does anyone had configured the auto start upon server reboot of CA Dir policy store and SiteMinder policy server? 

    If so does anyone have made a precheck whether the policy store is started or not in the auto start up script of SiteMinder policy server because we have to make sure the policy store must start before the policy server starts right? 

    Please do let me know if anyone had configured the precheck in the auto start script of SiteMinder policy Server.


  • 2.  RE: SiteMinder policy server and CA Directory policy store auto start after reboot

    Broadcom Employee
    Posted Nov 30, 2021 07:50 AM
    Hi Karthik,

    Not sure how to make SMPS wait (or check) until the Directory DSAs are auto-started upon an OS reboot but you can definitely autostart Directory DSAs upon an OS reboot.

    This is controlled by two factors.

    1) dsaname(s) that are defined/exist under $DXHOME/config/autostart folder on your Linux host.
    2) The actual startup script we use is /etc/init.d/dxserver which I believe is controlled by files located in various sub-folders under /etc/rc.d location.

    e.g.

    [root@mynode rc.d]# ll
    total 4
    drwxr-xr-x. 2 root root 161 Nov 30 07:33 init.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc0.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc1.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc2.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc3.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc4.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc5.d
    drwxr-xr-x. 2 root root 154 Jul 8 11:57 rc6.d
    [root@mynode rc.d]# cd rc0.d
    [root@mynode rc0.d]# ll
    total 0
    lrwxrwxrwx. 1 root root 18 Jul 8 11:57 K01dxserver -> ../init.d/dxserver
    lrwxrwxrwx. 1 root root 15 Oct 10 2018 K03rhnsd -> ../init.d/rhnsd
    lrwxrwxrwx. 1 root root 18 May 22 2019 K40rtvscand -> ../init.d/rtvscand
    lrwxrwxrwx. 1 root root 14 May 22 2019 K40smcd -> ../init.d/smcd
    lrwxrwxrwx. 1 root root 17 May 22 2019 K45symcfgd -> ../init.d/symcfgd
    lrwxrwxrwx. 1 root root 20 Oct 10 2018 K50netconsole -> ../init.d/netconsole
    lrwxrwxrwx. 1 root root 17 Oct 10 2018 K90network -> ../init.d/network
    lrwxrwxrwx. 1 root root 21 May 22 2019 K95autoprotect -> ../init.d/autoprotect
    [root@mynode rc0.d]# cd ../rc1.d
    [root@mynode rc1.d]# ll
    total 0
    lrwxrwxrwx. 1 root root 18 Jul 8 11:57 K01dxserver -> ../init.d/dxserver
    lrwxrwxrwx. 1 root root 15 Oct 10 2018 K03rhnsd -> ../init.d/rhnsd
    lrwxrwxrwx. 1 root root 18 May 22 2019 K40rtvscand -> ../init.d/rtvscand
    lrwxrwxrwx. 1 root root 14 May 22 2019 K40smcd -> ../init.d/smcd
    lrwxrwxrwx. 1 root root 17 May 22 2019 K45symcfgd -> ../init.d/symcfgd
    lrwxrwxrwx. 1 root root 20 Oct 10 2018 K50netconsole -> ../init.d/netconsole
    lrwxrwxrwx. 1 root root 17 Oct 10 2018 K90network -> ../init.d/network
    lrwxrwxrwx. 1 root root 21 May 22 2019 K95autoprotect -> ../init.d/autoprotect
    [root@mynode rc1.d]# cd ../rc2.d
    [root@mynode rc2.d]# ll
    total 0
    lrwxrwxrwx. 1 root root 20 Oct 10 2018 K50netconsole -> ../init.d/netconsole
    lrwxrwxrwx. 1 root root 17 Oct 10 2018 S10network -> ../init.d/network
    lrwxrwxrwx. 1 root root 21 May 22 2019 S21autoprotect -> ../init.d/autoprotect
    lrwxrwxrwx. 1 root root 17 May 22 2019 S22symcfgd -> ../init.d/symcfgd
    lrwxrwxrwx. 1 root root 15 Oct 10 2018 S97rhnsd -> ../init.d/rhnsd
    lrwxrwxrwx. 1 root root 18 May 22 2019 S98rtvscand -> ../init.d/rtvscand
    lrwxrwxrwx. 1 root root 14 May 22 2019 S98smcd -> ../init.d/smcd
    lrwxrwxrwx. 1 root root 18 Jul 8 11:57 S99dxserver -> ../init.d/dxserver
    etc..etc...

    Other references on this topic from Directory side can be found at:

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/release-information/platform-support-matrix.html

    NOTE: In the above, look under 'Considerations' section.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/reference/file-structure-and-file-formats.html

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/known-issues.html

    If SMPS is also set to auto-start, I am sure there is a way to handle this at OS level (may be you can work with your Linux Admin team) to put a halt/wait for SMPS auto-start to kick in while the DSAs finish their startup. I don't have SMPS installed on my node, but I am sure in your case .. you will find something similar to 'dxserver' under the above mentioned folders that can be manipulated (I believe the K or the S numbers) to predefine the startup sequence of each component/services that you are interested in.

    Hope this helps from Directory side of the aisle.

    Thanks,
    Hitesh
    Original Message


  • 3.  RE: SiteMinder policy server and CA Directory policy store auto start after reboot

    Broadcom Employee
    Posted Dec 01, 2021 03:31 PM
    Hi Karthik,

    While not 100% error-proof, one option is to use the nc command to check if the policy store port is responding before proceeding with SMPS startup. For example:

    while ! echo exit | nc -z <host> <port>; do sleep 10; done

    Hope this helps,
    Richard
    Original Message