How to Create Symantec SiteMinder Solutions Systemd Scripts on Linux/UNIX

Article By: Tiffany Kongpachith

Systemd is a Linux system tool that includes various features including a bootstrapping system used to start and manage system processes. These systemd scripts make it easy to start, stop, or restart your script, as well as configure it to start automatically on boot. In this document, user will be able to utilize and execute the systemd scripts to start|stop|restart|status services pertaining to the Symantec SiteMinder Policy Store, SiteMinder Policy Server, SiteMinder Administrative User Interface, and SiteMinder Access Gateway.

Prerequisites

  • Assumption that SiteMinder Policy Store has been fully installed and configured.
  • Assumption that SiteMinder Policy Server has been fully installed and configured.
  • Assumption that SiteMinder Administrative User Interface has been fully installed and configured.
  • Assumption that SiteMinder Access Gateway has been fully installed and configured.
  • Assumption that a service account has been created for SiteMinder and its other solutions and that the service account will be used to execute the system scripts/systemctl commands. (i.e. smuser)
  • Important! This task must be configured by a Linux “root” account to apply the scripts for automatic restart on a server reboot.
  • The user knows based on their implementation where the ${JAVA_ROOT} directory is located.
  • The user knows based on their implementation where the install directory for SiteMinder is located. (i.e. ${siteminder_home/})
  • The user knows based on their implementation where the install directory for the Access Gateway is located. (i.e. ${sps-home/})

Systemd Scripts for SiteMinder Policy Store

  1. Log in to the server containing the SiteMinder Policy Store with the Linux “root” account for the environment.
  2. Navigate to the /etc/systemd/system directory.
  3. Create a new service script called ”NAME.service”. Replace ‘NAME’ with any name that best represents the process you are trying to auto-start. (i.e. dxserver.service) for the SiteMinder Policy Store of the following contents:
    Note: You can create the service script file by executing the commands “touch dxserver.service” or “vi dxserver.service”
    [Unit]Description=CA Directory DXserver ServiceAfter=network.target

     [Service]

    Type=forking

    ExecStart=/etc/rc.d/init.d/dxserver start

    ExecStop=/etc/rc.d/init.d/dxserver stop

    RemainAfterExit=true

     [Install]

    WantedBy=multi-user.target

  4. Create a backup of the dxserver file and rename it to “dxserver.old”.
  5. The file named NAME.service (i.e. dxserver.service) will be placed within the /usr/lib/systemd/system directory.
    1. Run the following commands to start the Policy Store as a service/daemon process and create the symbolic link to /etc/systemd/system/multi-user.target.wants.

    Note: Replace NAME with the name provided in Step 3.
    $ systemctl daemon-reload
    $ systemctl enable NAME (i.e. dxserver)
    $ systemctl start NAME (i.e. dxserver)

  6. On a server reboot the Policy Store should start automatically.
    Execute the command:
    ps -ef|grep dsa
    Expected Result – the user should see the expected output: 

    For example:
    dsa       3005     1  0 17:29 ?        00:00:00 python dxagent_cp_engine.py
    dsa       3051     1  0 17:29 ?        00:00:00 dxserver start policystore
    dsa       3055     1  0 17:29 ?        00:00:00 dxserver start sessionstore
    root      3072  2128  0 17:29 pts/0    00:00:00 grep –color=auto dsa

The user will be able to execute the command “sudo systemctl start|stop|status dxserver” to check the status, start, and stop services for the SiteMinder Policy Store.

Systemd Script for SiteMinder Policy Server

  1. Log in to the server containing the SiteMinder Policy Server with the Linux “root” account for the environment.
  2. Navigate to the /etc/systemd/system directory.
  3. Create a new service script called ”NAME.service”. Replace ‘NAME’ with any name that best represents the process you are trying to auto-start. (i.e. siteminder.service) for the SiteMinder Policy Server of the following contents:
    Note: You can create the service script by executing the commands “touch siteminder.service” or “vi siteminder.service”
    [Unit]Description=SiteMinder ServiceAfter=network.target dxserver.service

     [Service]

    Type=forking

    User=smuser

    ExecStart=-${siteminder_home/}/start-all 

    ExecStop=-${siteminder_home/}/stop-all

    Restart=on-abort

     [Install]

    WantedBy=multi-user.target

  4. Run the following commands to start the Policy Server as a service/daemon process.
    Note: Replace NAME with the name provided in Step 3.
    $ systemctl daemon-reload
    $ systemctl enable NAME (i.e. siteminder)
    $ systemctl start NAME (i.e. siteminder)

The user will be able to execute the command “sudo systemctl start|stop|status siteminder” to check the status, start, and stop services for the SiteMinder Policy Server.

Systemd Script for SiteMinder Administrative User Interface (UI)

  1. Log in to the server containing the SiteMinder Admin UI with the Linux “root” account for the environment.
  2. Navigate to the /etc/systemd/system directory
  3. Create a new service script called ”NAME.service”. Replace ‘NAME’ with any name that best represents the process you are trying to auto-start. (i.e. smadminui.service) for the SiteMinder Administrative User Interface (UI) of the following contents:
    Note: You can create the service script by executing the commands “touch smadminui.service” or “vi smadminui.service”
    [Unit]Description=SiteMinder AdminUIAfter=network.target

     [Service]

    Type=simple

    User=smuser

    ExecStart=-${siteminder_home/}/adminui/bin/standalone.sh &

    ExecStop=-${siteminder_home/}/adminui/bin/jboss-cli.sh -c –command=:shutdown

    Restart=on-failure

    WorkingDirectory=${siteminder_home/}/adminui/bin

     [Install]

    WantedBy=multi-user.target

  4. Run the following commands to start the Admin UI as a service/daemon process.
    Note: Replace NAME with the name provided in Step 3.
    $ systemctl daemon-reload
    $ systemctl enable NAME (i.e. smadminui)
    $ systemctl start NAME (i.e. smadminui)

The user will be able to execute the command “sudo systemctl start|stop|status smadminui” to check the status, start, and stop services for the SiteMinder Admin UI.

Systemd Script for SiteMinder Access Gateway

  1. Log in to the server containing the SiteMinder Access Gateway with the Linux “root” account for the environment.
  2. Navigate to the /etc/systemd/system directory.
  3. Create a new service script called ”NAME.service”. Replace ‘NAME’ with any name that best represents the process you are trying to auto-start. (i.e. sps-ctl.service) for the SiteMinder Access Gateway of the following contents:
    Note: You can create the service script by executing the commands “touch sps-ctl.service” or “vi sps-ctl.service”
    [Unit]
    Description=CA Access GatewayAfter=syslog.target network.target

     [Service]

    Type=forking

     

    Environment=JAVA_HOME=${JAVA_ROOT}/jre

    Environment=CATALINA_PID=${sps_home/}/proxy-engine/tmp/sps.pid

    Environment=CATALINA_HOME=${sps_home/}/Tomcat

    Environment=CATALINA_BASE=${sps_home/}/Tomcat

    Environment=’CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC’

    Environment=’JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom’

     

    ExecStart=/bin/bash ${sps_home/}/proxy-engine/sps-ctl start

    ExecStop=/bin/bash ${sps_home/}/proxy-engine/sps-ctl stop

    ExecStartssl=/bin/bash ${sps_home/}/proxy-engine/sps-ctl startssl

     

    #User=smuser

    #Group=smgroup

    UMask=0003

    RestartSec=10

    Restart=always

    [Install]

    WantedBy=multi-user.target

  4. Run the following commands to start the Access Gateway as a service/daemon process.
    Note: Replace NAME with the name provided in Step 3.
    $ systemctl daemon-reload
    $ systemctl enable NAME (i.e. sps-ctl)
    $ systemctl start NAME (i.e. sps-ctl)

The user will be able to execute the command “sudo systemctl start|stop|status sps-ctl” to check the status, start, and stop services for the SiteMinder Access Gateway.

Summary of Creating Symantec SiteMinder Solutions Systemd Scripts:

Creating these systemd scripts will ensure all the SiteMinder component services will help with starting, stopping, or restarting processes, as well as benefit knowing that the services will start up upon boot and server reboot due to an outage or server patching activities.

Looking for additional help with Systemd on Linux/UNIX? ISX Consulting is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including Symantec SiteMinder and Symantec Identity Suite. Take your interoperability to the next level, and contact an ISX consultant today.

ISXHow to Create Symantec SiteMinder Solutions Systemd Scripts on Linux/UNIX

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *