Environment
Novell Identity Manager 3 User Application
Situation
Resolution
To make the script work it is important to change the variables specified at the top. The default USERAPPBASE path will be the path specified for the UserApp during the installation. The MySQLBASE is, by default, the 'mysql' directory directly underneath where the UserApp was installed. The JBOSSBASE holds the scripts for JBoss and is, by default, the same as the UserApp base directory. If you have changed your installation paths for MySQL or JBoss feel free to change those as appropriate.
The next step requires being connected to the MySQL RDBMS directly or via some interface you are comfortable with. Connecting via the command line is simple enough using the start-mysql-client.sh shipped with the User Application in the MySQL base directory. Starting is as simple as specifying the following line substituting in your password where appropriate (command assumed to be run from MySQL base directory as shipped with IDM's UserApp):
./start-mysql-client.sh root passwordGoesHere
If you are using your own MySQL database that did NOT come with IDM you will need to log in via the normal methods. The command-line in that case would look like the following (assuming the 'mysql' client command is in the path as it normally is (/usr/bin)):
mysql -u root -p
MYSQLUSER and MYSQLPASS variables have been added which should be replaced with the correct information for MYSQL authentication via a user with privileges ONLY to shutdown the server. Creating a user for this purpose is fairly straightforward if you are familiar with MySQL. Using the following line of SQL should do the same thing but changing the password is highly-recommended if you do use this line (if this part does not make sense see the online documentation for MySQL regarding user privileges):
use mysql;
This line basically denies all rights except SHUTDOWN_PRIV. In different versions of MySQL the line above may not work due to additional or fewer privilege possibilities. Consult the documentation or your MySQL administrator for details. An alternative set of commands that may work more-often follows:
use mysql;
On the server where the script was developed the startup script in /etc/init.d was named 'userapp10' (for User Application 1.0, which may not be the correct version number). With that script set to be executable (chmod 700 /etc/init.d/userapp10) the `chkconfig` command was used to install the UserApp as a service.
Group owner and other user rights were eliminated to prevent users from finding the user's password used to stop MySQL. The startup script has some comments that help chkconfig determine in which order the UserApp should be started. If problems occur using `chkconfig -add userapp10` the same operation can be done by adding softlinks from the rc3.d and rc5.d directories (present in /etc/init.d) that point to the userapp10 script (also in /etc/init.d). Prefix those softlinks with S99 and K01 (two softlinks per directory) if all else fails. The output of the ls -l command for those softlinks would like similar to the following:
lrwxrwxrwx 1 root root 12 Jan 5 08:37 S16userapp10 -> ../userapp10
`chkconfig --list userapp` results in output indicating that runlevels 3 and 5 are where the script will be run (3 and 5 are in green).
Using this script please note a couple of issues that will prevent this from working properly. First, the UserApp must be started after the eDirectory instance it is pointing to. If you are running multiple instances of eDirectory please note that the default 8.8 startup script only starts the first instance of eDirectory (as of 2006-01-20) so if the UserApp is pointing to a different instance or that instance is not ready when the UserApp starts you will get Java errors. Restarting the UserApp once the appropriate eDirectory instance is up will resolve those errors. Also note that the script by default writes to log files for troubleshooting and application monitoring purposes. Delete these if you have disk space issues or set the log files to write to /dev/null to prevent logging at all. Environment variables exist in the script for this purpose.
Configure the script to execute on startup.
Additional Information
#!/bin/bash
# Copyright (c) 2005 Novell, Inc. All rights reserved.
#
# Startup for Server
#
# Startup information taken from ndsd script. The same runlevels should
# work for us with the UserApp.
# chkconfig: 35 75 54
# description: Novell Identity Manager User Application
#
### BEGIN INIT INFO
# Provides: userapp
# Required-Start: $ndsd $network $time
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Novell IDM UserApp
# Description: Novell Identity Manager User Application
### END INIT INFO
#Creation help provided from http://wiki.jboss.org/wiki/Wiki.jsp?page=StartJBossOnBootWithLinux linked from Novell IDM Online Forums
#Variables for paths for the UserApp, JBoss, and MySQL. As a note this is
#designed to work for installs done completely via the UserApp installer (no
#existing implementations of JBoss or MySQL). While other configurations should
#work they have not been tested at all.
export USERAPPBASE='/opt/novell/userapp10/idm';
export MYSQLBASE=$USERAPPBASE/mysql;
export JBOSSBASE=$USERAPPBASE;
#These next variables are for logging. To prevent disks from filling up after
#things are working properly it will be a good idea to delete the logs
#periodically or else to set these to /dev/null which may also very-slightly
#increase performance (minimal, really minimal). To watch a service start
#use the `tail -f
export JBOSSLOG=$JBOSSBASE/jbossidm.log;
export MYSQLLOG=$MYSQLBASE/mysqlidm.log;
#Variables for users and passwords. APPLICATIONUSER should be the user in the
#*nix system with rights to run the JBoss application and, probably, the MySQL
#server which is usually in the same path for the full UserApp installation.
#The MYSQLUSER variable is for a user in the MySQL database with rights to
#shutdown the server (preferably that is all the rights that user has in case
#it is compromised somehow). The MYSQLPASS variable is for that MYSQLUSER's
#password. Because this information is in here it is highly recommended that
#you make this script owned by root (or whomever is UID=0) and by nobody else
#(`chmod 700 /etc/init.d/userapp10`). Using the default username and password
#(at least for the MySQL login) is not recommended.
export APPLICATIONUSER='userappuser';
export MYSQLUSER='mysqlshutdown';
export MYSQLPASS='my5q15hutd0wn';
#Check for JBoss log and create/fix if not there or not writable.
if [ ! -f "$JBOSSLOG"] || [ ! -w "$JBOSSLOG"]
then
touch $JBOSSLOG;
chown $APPLICATIONUSER $JBOSSLOG;
chmod u+w $JBOSSLOG;
fi
#Check for MySQL log and create/fix if not there or not writable.
if [ ! -f "$MYSQLLOG"] || [ ! -w"$MYSQLLOG"]
then
touch $MYSQLLOG;
chown $APPLICATIONUSER $MYSQLLOG;
chmod u+w $MYSQLLOG;
fi
#Method to start things up.
start(){
echo "Starting Novell Identity Manager UserApp..."
echo `date "+%s - %Y-%m-%d %H:%M:%S"` - Starting MySQL >> $MYSQLLOG 2>&1;
echo `date "+%s - %Y-%m-%d %H:%M:%S"` - Starting JDBC >> $JBOSSLOG 2>&1;
#Start MySQL...this seems to work reliably.
su -l $APPLICATIONUSER -c "$MYSQLBASE/start-mysql.sh >> $MYSQLLOG 2>&1";
#Start JBoss. This works properly as long as eDirectory is up. If running
#8.8 and multiple instances note that as of 2006-01-20 only the first instance
#is started by the ndsd startup script by default. If errors occur start the
#instance of eDirectory and restart the UserApp and all should be well.
#If using an SELinux system such as RHEL 4, use the command below instead of
#the "su":
#eval "runuser - $APPLICATIONUSER -c '$MYSQLBASE/start-mysql.sh>> $MYSQLLOG 2>&1 &'";
su -l $APPLICATIONUSER -c "$JBOSSBASE/start-jboss.sh >> $JBOSSLOG 2>&1 &";
}
#Method to shut things down.
stop(){
echo "Stopping Novell Identity Manager UserApp..."
echo `date "+%s - %Y-%m-%d %H:%M:%S"` - Stopping MySQL >> $MYSQLLOG 2>&1;
echo `date "+%s - %Y-%m-%d %H:%M:%S"` - Stopping JDBC >> $JBOSSLOG 2>&1;
#Stop JBoss.
su - $APPLICATIONUSER -c "$JBOSSBASE/stop-jboss.sh >> $JBOSSLOG 2>&1";
#Give JBoss enough time to stop before stopping MySQL. This will affect shutdown and restart times.
sleep 10
#Stop MySQL...this seems to work if you put in your username and password
#which does not make me comfortable. Created new user just for shutting down
#server and will hide this file from regular users in the filesystem. Even
#doing this it is highly-recommended to hide this file from group/other
#reads, writes, and executes (chmod 700). It would be a very bad idea to use
#the root user in here which may seem an easy way to make things work quickly.
#su - $APPLICATIONUSER -c "$MYSQLBASE/stop-mysql.sh mysqlshutdown my5q15hutd0wn >>&MYSQLLOG 2>&1";
su - $APPLICATIONUSER -c "$MYSQLBASE/stop-mysql.sh $MYSQLUSER $MYSQLPASS >> $MYSQLLOG 2>&1"
}
#Method to restart services.
restart(){
stop
# give stuff some time to stop before we restart
sleep 60
# protect against any services that can't stop before we restart (warning:
# this kills all Java instances running as '$APPLICATIONUSER' user)
su -l $APPLICATIONUSER -c 'killall java'
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
connect)
connect $2 $3
;;
*)
echo "Usage: `basename "$0"` {start|stop|restart}"
exit 1
;;
esac
exit 0
.Formerly known as TID# 10100086