Symantec Access Management

  • 1.  CA Directory 14 version installation issue

    Posted Aug 30, 2018 08:05 AM

    Hi,

     

    I'm trying to install the CA Directory 14 version on RHEL7 server. Here are steps followed by me -

    1. Downloaded the package from CA Site on my local machine in .zip file.

    2. Copied the .zip file on Linux server and run unzip to get .iso files

    3. Tried to mount .iso(for dxserver) on my linux box, but it was giving some error message -

    [root@****** install]# mount -o loop /opt/DVD500000000001421.iso /opt/cadir/
    mount: /dev/loop1 is write-protected, mounting read-only

    4. I continued further with installation using by running ./dxsetup.sh from path /opt/cadir/linux_x86_64/dxserver/install

    5. Got below error/warnings with DXserver Installation 

    ============================ DXSERVER INSTALLATION ============================

    Installing DXserver software (as user dsa)
    /opt/CA/Directory/dxserver/install/.dxcshrc: No such file or directory.

    Stopping any existing DXservers, SSL daemons or DXadmind processes

    =========================== CA OpenSSL INSTALLATION ===========================

    Copying CAPKI libs
    ===================== DXSERVER INSTALLATION (CONTINUED) ======================

    /opt/CA/Directory/dxserver/install/.dxcshrc: No such file or directory.
    Setting up environment for account dsa...

    DXserver has installed successfully

     

    Even though the highlighted file exists, but it's marked as hidden.

     

    Post installation, I'm trying to setup a new DSA but it says like dxnewdsa command not found. I tried to set DXHOME to /opt/CA/Directory/dxserver/install but no luck. Directory startup also have issue.

     

    Please note - I'm doing the installation using root user. Did I miss any step or setting up something incorrectly?

     

    Appreciate your help !



  • 2.  Re: CA Directory 14 version installation issue

    Posted Aug 30, 2018 12:03 PM

    This installation should have created a 'dsa' user ID.

     

    If you are root, sudo / su to the dsa user ID

     

    su - dsa    (Ensure you use the - {dash} symbol to ensure the .profile is executed with the environmental variables needed for the dsa userID.

     

     

    Example of the .profile  (which sources the  .dxprofile file)

     

    [dsa@ip-172-31-49-239 ~]$ cat .profile
    . /opt/CA/Directory/dxserver/install/.dxprofile
    [dsa@ip-172-31-49-239 ~]$
    [dsa@ip-172-31-49-239 ~]$
    [dsa@ip-172-31-49-239 ~]$ cat /opt/CA/Directory/dxserver/install/.dxprofile
    umask 027
    DXHOME=/opt/CA/Directory/dxserver
    PATH=$DXHOME/bin:${PATH}
    LD_LIBRARY_PATH=$DXHOME/bin:$LD_LIBRARY_PATH
    export DXHOME PATH LD_LIBRARY_PATH

    if [ -z "$LD_LIBRARY_PATH" ]; then
    LD_LIBRARY_PATH=/opt/CA/jdk1.8.0_71/lib/i386/native_threads
    else
    LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/CA/jdk1.8.0_71/lib/i386/native_threads
    fi
    export LD_LIBRARY_PATH
    POSIXLY_CORRECT=1
    export POSIXLY_CORRECT

    # CA Shared Components
    if [ -f /etc/profile.CA ]; then
    . /etc/profile.CA
    if [ ! -z $CALIB ]; then
    LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${CALIB}
    export LD_LIBRARY_PATH
    fi
    fi

     

     

     

     

    Cheers,

     

    A.



  • 3.  Re: CA Directory 14 version installation issue

    Posted Aug 31, 2018 07:55 AM

    Thank Alan !

     

    Yes, installation created dsa account and dxtools commands works well with it.

     

    However my questions still remain unanswered -

     

    Why are we getting below error message even though the highlighted file exists, but it's marked as hidden?

    ============================ DXSERVER INSTALLATION ============================

    Installing DXserver software (as user dsa)
    /opt/CA/Directory/dxserver/install/.dxcshrc: No such file or directory.

    Stopping any existing DXservers, SSL daemons or DXadmind processes

    =========================== CA OpenSSL INSTALLATION ===========================

    Copying CAPKI libs
    ===================== DXSERVER INSTALLATION (CONTINUED) ======================

    /opt/CA/Directory/dxserver/install/.dxcshrc: No such file or directory.
    Setting up environment for account dsa...

    DXserver has installed successfully

     

    Regards,

    Vishal



  • 4.  Re: CA Directory 14 version installation issue

    Posted Aug 31, 2018 11:35 AM

    VKSSO

     

    I think it may be to do with permission. We are running as "root", but we are creating "dsa" users and then assigning permissions to "dsa" user. So I'm thinking is it a race condition as to what happens first (e.g. sequencing).

     

    "root" is not a luxury. Hence the best way to do this is, create the expected OS user and login as that OS User. The install CA Directory. I recently did this and I did not see this error message.

     

    Having said that do you see the file post install. As you exit out and login in as "dsa" user does the $DXHOME get set automatically. If that be the case, I would be inclined to say the error message may be cosmetic. 



  • 5.  Re: CA Directory 14 version installation issue

    Posted Aug 31, 2018 12:18 PM

    Agree with Dennis, if the DSA account has access to that file then access is working.  As is for why you see a permission issue, if this solution was installed under the root userID, I would not have expected that permission error message.

     

    Below are pulled from a reference system, to allow you to compare.

     

     

    Example:   View of the DSA account using the C shell  (csh) in /etc/passwd

     

    [dsa@ip-172-31-49-239 ~]$ cat /etc/passwd | grep dsa
    dsa:x:503:504:DXserver Administrator:/opt/CA/Directory/dxserver:/bin/csh
    [dsa@ip-172-31-49-239 ~]$

     

    Example:  View of the CSH shell   (.cshrc)  permissions 

    (which is called by OS based on which shell is defined)


    [dsa@ip-172-31-49-239 ~]$ ls -lart
    total 296
    drwxr-x--- 4 dsa etrdir 4096 May 20 2015 dxagent
    -rw-r----- 1 dsa etrdir 48 May 26 2016 .profile
    -rw-r----- 1 dsa etrdir 51 May 26 2016 .cshrc
    drwxr-x--- 15 dsa etrdir 4096 Dec 5 2017 samples
    drwxr-x--- 2 dsa etrdir 4096 Dec 5 2017 bin
    drwxr-x--- 2 dsa etrdir 4096 Dec 5 2017 uninstall
    drwxr-x--- 2 dsa etrdir 4096 Dec 5 2017 install
    drwxr-xr-x 12 dsa etrdir 4096 Apr 13 07:42 config
    drwxr-x--- 8 dsa etrdir 4096 Aug 1 20:57 backup.vapp
    drwxr-xr-x 4 dsa etrdir 4096 Aug 1 20:57 ..
    -rw-r----- 1 dsa etrdir 0 Aug 1 21:06 .default_userstore_data_imported
    drwx------ 3 dsa etrdir 4096 Aug 3 17:13 .local
    drwx------ 3 dsa etrdir 4096 Aug 3 17:13 .cache
    drwxr-x--- 2 dsa etrdir 4096 Aug 26 07:50 pid
    drwxr-x--- 6 dsa etrdir 4096 Aug 26 07:50 data
    -rw------- 1 dsa etrdir 12374 Aug 27 20:16 .viminfo
    drwxr-xr-x 15 dsa etrdir 4096 Aug 27 20:16 .
    -rw------- 1 dsa etrdir 2718 Aug 27 20:30 .history
    drwxr-xr-x 2 dsa etrdir 65536 Aug 31 00:00 logs
    drwxr-x--- 2 dsa etrdir 4096 Aug 31 00:00 backup

     

     

    Example of contents of .cshrc


    [dsa@ip-172-31-49-239 ~]$ cat .cshrc
    source /opt/CA/Directory/dxserver/install/.dxcshrc

     

    Permissions of the .dxcshrc file.


    [dsa@ip-172-31-49-239 ~]$ ls -lart /opt/CA/Directory/dxserver/install/.dxcshrc
    -rw-r----- 1 dsa etrdir 549 Aug 1 20:57 /opt/CA/Directory/dxserver/install/.dxcshrc
    [dsa@ip-172-31-49-239 ~]$

     

     

     

    View of the CA Directory install log:

    - Compare - 

     

    [dsa@ip-172-31-49-239 Directory]$ pwd
    /opt/CA/Directory
    [dsa@ip-172-31-49-239 Directory]$ cat cadir_install_20180801205752.log
    Wed Aug 1 20:57:52 GMT 2018
    dxsetup
    -responsefile /opt/CA/.VAPP_install/CADirectory_upgrade_for_CA_Virtual_Appliance.rsp

    ============================= CURRENT INSTALLATION ============================

    Checking current install of CA Directory DXagent... Preview version detected (earlier than 12.5.12858)
    All files from the DXagent preview will be kept under /opt/CA/Directory/dxserver/dxagent.preview
    No CA Directory Management UI detected
    Checking current install of DXserver... 12.0.10205
    No DXwebserver detected
    Checking current install of JRE... 1.8.0_71

    ============================= DXSERVER QUESTIONS ==============================

    Current installed version of CA Directory:
    Version 12.0 (Build 10205)

    This setup will upgrade it to:
    Version 12.6 (Build 14058)

    Checking for existing dsa account...

    The dsa account exists.
    Its home directory and group membership will be modified if necessary.

    ============================ DIRECTORY PERMISSIONS ============================

    Checking directory permissions

    DXserver...

    Directory permissions verified

    ============================ DXSERVER INSTALLATION ============================

    Upgrading DXserver software (as user dsa)

    ========================= CA OpenSSL INSTALLATION =========================

    [CAPKI] Parameters: mode=install, caller=ETRDIR, instdir=, env=all, verbose=true
    [CAPKI] This installer contains CAPKI Version 5.2.0
    [CAPKI] Using install directory as specified by CASHCOMP
    [CAPKI] Installation directory: /opt/CA/SharedComponents/CAPKI
    [CAPKI] Checking for Permissions
    [CAPKI] Proper permissions are set for installation directory
    [CAPKI] Disk space is available
    [CAPKI] Existing Version RV=2
    [CAPKI] Existing installation of CAPKI found: Version 5.0.3
    [CAPKI] Updated installed files log: /opt/CA/SharedComponents/CAPKI/CAPKI5/Linux/amd64/64/files.dat
    [CAPKI] CAPKI Install Successful, return Value is 0


    ==================== DXSERVER INSTALLATION (CONTINUED) ======================

    Setting up environment for account dsa...

    DXserver has installed successfully

    =============================== REBOOT SCRIPTS ================================

    Setting system scripts to start CA Directory components at system boot

    =========================== INSTALLATION COMPLETE ============================

    Changing group ownership and file permissions

    Install completed: Wed Aug 1 20:57:58 GMT 2018
    dxserver 12.6.04 (build 14058) Linux 64-Bit

    ============================== STARTING DXSERVERS =============================


    ***********************************
    ****** Installation Complete ******
    ***********************************
    # ==============================
    # CA Directory Response File
    # ==============================
    # 12.6.04 build 14058


    # User parameters
    INSTUSER=root
    DXUSER=dsa
    DXSHELL=/bin/csh
    DXUID=
    DXGROUP=etrdir
    DXGID=

    # Install parameters
    INSTALLDX=y
    INSTALLDOC=
    INSTALLDXAGENT=n
    SETUID=n

    # Location parameters
    ETDIRHOME=/opt/CA/Directory
    DXHOME=/opt/CA/Directory/dxserver
    CAPKILOC=

    # DXagent parameters
    DXAGENTCLIENT=dxaclient
    DXAGENTPORT=9443
    DXAGENTPASS=

    # Upgrade parameters
    BACKUPBIN=y
    BACKUPLOC=/opt/CA/Directory/dxserver/backup.vapp
    RESTARTDSAS=y

    [dsa@ip-172-31-49-239 Directory]$

     

     

     

     

    If you wish to narrow this issue down, I would suggest uninstall, and then re-install under 'root' user ID.

    - See if you can recreate this issue.

    - type "set" before and after install as 'root' ID to check current environmental variables.

     

     

     

    Cheers,

     

    Alan.



  • 6.  Re: CA Directory 14 version installation issue

    Posted Sep 05, 2018 11:17 AM

    Hi Alan,

     

    Installation is done using root user only.



  • 7.  Re: CA Directory 14 version installation issue

    Posted Sep 05, 2018 12:22 PM

    For continued RCA, I would suggest looking at possible OS dependencies that may come into play.

         System Requirements - CA Directory - 14.0 - CA Technologies Documentation 

         SSL Processing - CA Directory - 14.0 - CA Technologies Documentation 

     

     

    1) Shell Packages installed on the OS:   Bash, CSH

       -  Root uses Bash   

       -  New DSA id mayl use CSH or Bash

     

    2)  Path to OS libraries.

    -  Use strace (or install) and execute this for every binary (or install process) to assist with RCA.

    -  Validate :  Linux Kernel 2.6.16 with glibc 2.11    &   openssl libraries

     

     

    Example:

     

    Validate shell used.

    config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > cat /etc/passwd | grep root
    root:x:0:0:root:/root:/bin/bash

     

    config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > cat /etc/passwd | grep dsa
    dsa:x:503:504:DXserver Administrator:/opt/CA/Directory/dxserver:/bin/csh

     

     

    Validate path of any OS library dependency with strace

     

    config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > su - dsa
    [dsa@vapp01r142 ~]$
    [dsa@vapp01r142 ~]$ cd bin
    [dsa@vapp01r142 ~/bin]$ strace dxserver
    execve("/opt/CA/Directory/dxserver/bin/dxserver", ["dxserver"], [/* 27 vars */]) = 0
    brk(0) = 0x7f3f1fe66000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb2d000
    access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
    open("/opt/CA/Directory/dxserver/bin/tls/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/Directory/dxserver/bin/tls/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/Directory/dxserver/bin/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/Directory/dxserver/bin/tls", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/Directory/dxserver/bin/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/Directory/dxserver/bin/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/Directory/dxserver/bin/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/Directory/dxserver/bin", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
    open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
    open("/etc/ld.so.cache", O_RDONLY) = 3
    fstat(3, {st_mode=S_IFREG|0644, st_size=28919, ...}) = 0
    mmap(NULL, 28919, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3f1fb25000
    close(3) = 0
    open("/lib64/libcrypt.so.1", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\f\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=40872, ...}) = 0
    mmap(NULL, 2318816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1ef96000
    mprotect(0x7f3f1ef9d000, 2097152, PROT_NONE) = 0
    mmap(0x7f3f1f19d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f3f1f19d000
    mmap(0x7f3f1f19f000, 184800, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1f19f000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libresolv.so.2", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00009\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=111440, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb24000
    mmap(NULL, 2202248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1ed7c000
    mprotect(0x7f3f1ed92000, 2097152, PROT_NONE) = 0
    mmap(0x7f3f1ef92000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3f1ef92000
    mmap(0x7f3f1ef94000, 6792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1ef94000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libm.so.6", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=596864, ...}) = 0
    mmap(NULL, 2633912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1eaf8000
    mprotect(0x7f3f1eb7b000, 2093056, PROT_NONE) = 0
    mmap(0x7f3f1ed7a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x82000) = 0x7f3f1ed7a000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libpthread.so.0", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000^\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=143280, ...}) = 0
    mmap(NULL, 2212848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e8db000
    mprotect(0x7f3f1e8f2000, 2097152, PROT_NONE) = 0
    mmap(0x7f3f1eaf2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f3f1eaf2000
    mmap(0x7f3f1eaf4000, 13296, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1eaf4000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/librt.so.1", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240!\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=44472, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb23000
    mmap(NULL, 2128816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e6d3000
    mprotect(0x7f3f1e6da000, 2093056, PROT_NONE) = 0
    mmap(0x7f3f1e8d9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3f1e8d9000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libdl.so.2", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=20024, ...}) = 0
    mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e4cf000
    mprotect(0x7f3f1e4d1000, 2097152, PROT_NONE) = 0
    mmap(0x7f3f1e6d1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3f1e6d1000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libc.so.6", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\1\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=1924768, ...}) = 0
    mmap(NULL, 3750184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e13b000
    mprotect(0x7f3f1e2c5000, 2097152, PROT_NONE) = 0
    mmap(0x7f3f1e4c5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f3f1e4c5000
    mmap(0x7f3f1e4cb000, 14632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1e4cb000
    close(3) = 0
    open("/opt/CA/Directory/dxserver/bin/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/lib64/libfreebl3.so", O_RDONLY) = 3
    read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\n\0\0\0\0\0\0"..., 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=10312, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb22000
    mmap(NULL, 2105520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1df38000
    mprotect(0x7f3f1df3a000, 2093056, PROT_NONE) = 0
    mmap(0x7f3f1e139000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3f1e139000
    close(3) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb21000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb20000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb1f000
    arch_prctl(ARCH_SET_FS, 0x7f3f1fb20700) = 0
    mprotect(0x7f3f1e139000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1e4c5000, 16384, PROT_READ) = 0
    mprotect(0x7f3f1e6d1000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1e8d9000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1eaf2000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1ed7a000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1ef92000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1f19d000, 4096, PROT_READ) = 0
    mprotect(0x7f3f1fb2e000, 98304, PROT_READ) = 0
    mprotect(0x7f3f1f3ed000, 4096, PROT_READ) = 0
    munmap(0x7f3f1fb25000, 28919) = 0
    set_tid_address(0x7f3f1fb209d0) = 16290
    set_robust_list(0x7f3f1fb209e0, 24) = 0
    futex(0x7ffcdbf715ac, FUTEX_WAKE_PRIVATE, 1) = 0
    futex(0x7ffcdbf715ac, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f3f1fb20700) = -1 EAGAIN (Resource temporarily unavailable)
    rt_sigaction(SIGRTMIN, {0x7f3f1e8e0cb0, [], SA_RESTORER|SA_SIGINFO, 0x7f3f1e8ea7e0}, NULL, 8) = 0
    rt_sigaction(SIGRT_1, {0x7f3f1e8e0d40, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f3f1e8ea7e0}, NULL, 8) = 0
    rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
    getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM64_INFINITY}) = 0
    getuid() = 503
    setresuid(-1, 503, -1) = 0
    write(2, "\nUsage: dxserver <command>\nwhere"..., 1146
    Usage: dxserver <command>
    where <command> is one of the following:
    version display version information
    start <server> start the specified server
    start all start all servers
    stop <server> stop the specified server (if running)
    stop all stop all servers (if running)
    forcestart <server> start the specified server, even if in inconsistent state
    forcestop <server> terminate the specified server (if running)
    install <server> install server in the autostart list
    remove <server> remove server from the autostart list
    status [server] report status of the server. If server is
    omitted, the status of all servers is reported
    init all signal all servers to reload configuration (if running)
    init <server> signal server to reload configuration
    onlinebackup <server> signal server to perform an online backup (if running)
    logroll <server> signal server to perform a rollover for logs
    whose max-lines are configured (if running)
    ) = 1146
    exit_group(1) = ?
    +++ exited with 1 +++
    [dsa@vapp01r142 ~/bin]$

     

     

     

     

     

    Test performance for any issues, using dxsoak CLI:

     

     

    Example script:

     

     

    #!/bin/bash

    ###################################################################3
    #
    # Validate CA Directory performance with dxsoak command
    # Ref: /opt/CA/Directory/dxserver/samples/dxsoak
    #
    # 1. Install CA Directory democorp sample
    # /opt/CA/Directory/dxserver/samples/democorp/setup.sh -q
    # 2. Create a service account under democorp DSA with Password & validate
    # cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP
    # 3. Execute dxsoak command with service DN and Password
    # 4. Execute dxsoak command with pre-fix of time command &
    # allow to run for hours, then break out for a validation
    # of performance over long periods
    #
    # Example:
    # Validate service DN and Password are correct:
    #dxsearch -h `hostname` -p 19389 -c -x -b o=DEMOCORP,c=AU -D "cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU" -w "Password01"
    #
    # Execute dxsoak command with sample file fo democorp.eldf provided under /opt/CA/Directory/dxserver/samples/dxsoak
    #time ./dxsoak -t 2 -q 10 -h sandbox01:19359 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf
    #time ./dxsoak -c -t 2 -q 10 -h sandbox01:19359 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf
    #
    #
    #
    HOSTNAME=`hostname`
    PORT=19389
    _PASSWORD=Password01
    echo "$HOSTNAME $PORT $_PASSWORD"


    echo "##################################################################"
    echo "# Remove prior democorp "
    dxserver stop democorp
    dxserver remove democorp
    dxemptydb democorp
    rm -rf $DXHOME/config/servers/democorp.dxi
    rm -rf $DXHOME/config/knowledge/democorp.dxc
    rm -rf $DXHOME/data/democorp.*


    echo "##################################################################"
    echo "# Install democorp "
    cd $DXHOME/samples/democorp/
    ./setup.sh -q


    #echo "##################################################################"
    #echo "# Update OS F/W Ports for democorp TCP 19389"
    #firewall-cmd --zone=public --permanent --add-port=$PORT/tcp
    #firewall-cmd --reload


    echo "##################################################################"
    echo "# Create service account with Password=$_PASSWORD "
    cd $DXHOME/samples
    cat << EOF > $DXHOME/samples/dxsoak/diradmin.ldif
    version: 1
    dn: cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: person
    objectClass: top
    cn: diradmin
    sn: diradmin
    userPassword: $_PASSWORD
    EOF


    echo "##################################################################"
    echo "# Validate service account & Password"
    dxmodify -a -h$HOSTNAME -p $PORT -f $DXHOME/samples/dxsoak/diradmin.ldif
    dxsearch -h$HOSTNAME -p $PORT -c -x -b o=DEMOCORP,c=AU -D "cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU" -w "$_PASSWORD"


    echo ""
    echo ""
    echo ""
    echo "##################################################################"
    echo "# Execute the dxsoak command with the service account & time command"
    echo "# allow to run for over 1 hour to get better metrics"
    echo ""
    cd $DXHOME/samples/dxsoak
    time ./dxsoak -c -t 2 -q 10 -h $HOSTNAME:$PORT -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w $_PASSWORD -f democorp.eldf

     

     

     

     

     

    Other install options:

     

    Use the RPM package, that may have additional checks for OS dependencies with warning messages.

    Install Using RPM Packages - CA Directory - 14.0 - CA Technologies Documentation 

     

     

    Review the support matrix for any possible OS deviations.

    CA Directory Compatibility Matrix - CA Technologies 

     

     

     

     

     

    Cheers,

     

    Alan