For continued RCA, I would suggest looking at possible OS dependencies that may come into play.
System Requirements - CA Directory - 14.0 - CA Technologies Documentation
SSL Processing - CA Directory - 14.0 - CA Technologies Documentation
1) Shell Packages installed on the OS: Bash, CSH
- Root uses Bash
- New DSA id mayl use CSH or Bash
2) Path to OS libraries.
- Use strace (or install) and execute this for every binary (or install process) to assist with RCA.
- Validate : Linux Kernel 2.6.16 with glibc 2.11 & openssl libraries
Example:
Validate shell used.
config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > cat /etc/passwd | grep root
root:x:0:0:root:/root:/bin/bash
config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > cat /etc/passwd | grep dsa
dsa:x:503:504:DXserver Administrator:/opt/CA/Directory/dxserver:/bin/csh
Validate path of any OS library dependency with strace
config@vapp01r142 VAPP-14.2.0 (192.168.242.158):~ > su - dsa
[dsa@vapp01r142 ~]$
[dsa@vapp01r142 ~]$ cd bin
[dsa@vapp01r142 ~/bin]$ strace dxserver
execve("/opt/CA/Directory/dxserver/bin/dxserver", ["dxserver"], [/* 27 vars */]) = 0
brk(0) = 0x7f3f1fe66000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb2d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/opt/CA/Directory/dxserver/bin/tls/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/Directory/dxserver/bin/tls/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/Directory/dxserver/bin/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/Directory/dxserver/bin/tls", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/Directory/dxserver/bin/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/Directory/dxserver/bin/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/Directory/dxserver/bin/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/Directory/dxserver/bin", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/tls", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/x86_64/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/x86_64", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/opt/CA/jdk1.8.0_71/lib/i386/native_threads/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/opt/CA/jdk1.8.0_71/lib/i386/native_threads", 0x7ffcdbf6fc90) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=28919, ...}) = 0
mmap(NULL, 28919, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3f1fb25000
close(3) = 0
open("/lib64/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\f\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=40872, ...}) = 0
mmap(NULL, 2318816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1ef96000
mprotect(0x7f3f1ef9d000, 2097152, PROT_NONE) = 0
mmap(0x7f3f1f19d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f3f1f19d000
mmap(0x7f3f1f19f000, 184800, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1f19f000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00009\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=111440, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb24000
mmap(NULL, 2202248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1ed7c000
mprotect(0x7f3f1ed92000, 2097152, PROT_NONE) = 0
mmap(0x7f3f1ef92000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3f1ef92000
mmap(0x7f3f1ef94000, 6792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1ef94000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`>\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=596864, ...}) = 0
mmap(NULL, 2633912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1eaf8000
mprotect(0x7f3f1eb7b000, 2093056, PROT_NONE) = 0
mmap(0x7f3f1ed7a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x82000) = 0x7f3f1ed7a000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000^\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=143280, ...}) = 0
mmap(NULL, 2212848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e8db000
mprotect(0x7f3f1e8f2000, 2097152, PROT_NONE) = 0
mmap(0x7f3f1eaf2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f3f1eaf2000
mmap(0x7f3f1eaf4000, 13296, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1eaf4000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=44472, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb23000
mmap(NULL, 2128816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e6d3000
mprotect(0x7f3f1e6da000, 2093056, PROT_NONE) = 0
mmap(0x7f3f1e8d9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3f1e8d9000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=20024, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e4cf000
mprotect(0x7f3f1e4d1000, 2097152, PROT_NONE) = 0
mmap(0x7f3f1e6d1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3f1e6d1000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1924768, ...}) = 0
mmap(NULL, 3750184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1e13b000
mprotect(0x7f3f1e2c5000, 2097152, PROT_NONE) = 0
mmap(0x7f3f1e4c5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f3f1e4c5000
mmap(0x7f3f1e4cb000, 14632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f1e4cb000
close(3) = 0
open("/opt/CA/Directory/dxserver/bin/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libfreebl3.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\n\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=10312, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb22000
mmap(NULL, 2105520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f1df38000
mprotect(0x7f3f1df3a000, 2093056, PROT_NONE) = 0
mmap(0x7f3f1e139000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3f1e139000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb21000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb20000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f1fb1f000
arch_prctl(ARCH_SET_FS, 0x7f3f1fb20700) = 0
mprotect(0x7f3f1e139000, 4096, PROT_READ) = 0
mprotect(0x7f3f1e4c5000, 16384, PROT_READ) = 0
mprotect(0x7f3f1e6d1000, 4096, PROT_READ) = 0
mprotect(0x7f3f1e8d9000, 4096, PROT_READ) = 0
mprotect(0x7f3f1eaf2000, 4096, PROT_READ) = 0
mprotect(0x7f3f1ed7a000, 4096, PROT_READ) = 0
mprotect(0x7f3f1ef92000, 4096, PROT_READ) = 0
mprotect(0x7f3f1f19d000, 4096, PROT_READ) = 0
mprotect(0x7f3f1fb2e000, 98304, PROT_READ) = 0
mprotect(0x7f3f1f3ed000, 4096, PROT_READ) = 0
munmap(0x7f3f1fb25000, 28919) = 0
set_tid_address(0x7f3f1fb209d0) = 16290
set_robust_list(0x7f3f1fb209e0, 24) = 0
futex(0x7ffcdbf715ac, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7ffcdbf715ac, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f3f1fb20700) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f3f1e8e0cb0, [], SA_RESTORER|SA_SIGINFO, 0x7f3f1e8ea7e0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f3f1e8e0d40, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f3f1e8ea7e0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM64_INFINITY}) = 0
getuid() = 503
setresuid(-1, 503, -1) = 0
write(2, "\nUsage: dxserver <command>\nwhere"..., 1146
Usage: dxserver <command>
where <command> is one of the following:
version display version information
start <server> start the specified server
start all start all servers
stop <server> stop the specified server (if running)
stop all stop all servers (if running)
forcestart <server> start the specified server, even if in inconsistent state
forcestop <server> terminate the specified server (if running)
install <server> install server in the autostart list
remove <server> remove server from the autostart list
status [server] report status of the server. If server is
omitted, the status of all servers is reported
init all signal all servers to reload configuration (if running)
init <server> signal server to reload configuration
onlinebackup <server> signal server to perform an online backup (if running)
logroll <server> signal server to perform a rollover for logs
whose max-lines are configured (if running)
) = 1146
exit_group(1) = ?
+++ exited with 1 +++
[dsa@vapp01r142 ~/bin]$
Test performance for any issues, using dxsoak CLI:
Example script:
#!/bin/bash
###################################################################3
#
# Validate CA Directory performance with dxsoak command
# Ref: /opt/CA/Directory/dxserver/samples/dxsoak
#
# 1. Install CA Directory democorp sample
# /opt/CA/Directory/dxserver/samples/democorp/setup.sh -q
# 2. Create a service account under democorp DSA with Password & validate
# cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP
# 3. Execute dxsoak command with service DN and Password
# 4. Execute dxsoak command with pre-fix of time command &
# allow to run for hours, then break out for a validation
# of performance over long periods
#
# Example:
# Validate service DN and Password are correct:
#dxsearch -h `hostname` -p 19389 -c -x -b o=DEMOCORP,c=AU -D "cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU" -w "Password01"
#
# Execute dxsoak command with sample file fo democorp.eldf provided under /opt/CA/Directory/dxserver/samples/dxsoak
#time ./dxsoak -t 2 -q 10 -h sandbox01:19359 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf
#time ./dxsoak -c -t 2 -q 10 -h sandbox01:19359 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf
#
#
#
HOSTNAME=`hostname`
PORT=19389
_PASSWORD=Password01
echo "$HOSTNAME $PORT $_PASSWORD"
echo "##################################################################"
echo "# Remove prior democorp "
dxserver stop democorp
dxserver remove democorp
dxemptydb democorp
rm -rf $DXHOME/config/servers/democorp.dxi
rm -rf $DXHOME/config/knowledge/democorp.dxc
rm -rf $DXHOME/data/democorp.*
echo "##################################################################"
echo "# Install democorp "
cd $DXHOME/samples/democorp/
./setup.sh -q
#echo "##################################################################"
#echo "# Update OS F/W Ports for democorp TCP 19389"
#firewall-cmd --zone=public --permanent --add-port=$PORT/tcp
#firewall-cmd --reload
echo "##################################################################"
echo "# Create service account with Password=$_PASSWORD "
cd $DXHOME/samples
cat << EOF > $DXHOME/samples/dxsoak/diradmin.ldif
version: 1
dn: cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: diradmin
sn: diradmin
userPassword: $_PASSWORD
EOF
echo "##################################################################"
echo "# Validate service account & Password"
dxmodify -a -h$HOSTNAME -p $PORT -f $DXHOME/samples/dxsoak/diradmin.ldif
dxsearch -h$HOSTNAME -p $PORT -c -x -b o=DEMOCORP,c=AU -D "cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU" -w "$_PASSWORD"
echo ""
echo ""
echo ""
echo "##################################################################"
echo "# Execute the dxsoak command with the service account & time command"
echo "# allow to run for over 1 hour to get better metrics"
echo ""
cd $DXHOME/samples/dxsoak
time ./dxsoak -c -t 2 -q 10 -h $HOSTNAME:$PORT -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w $_PASSWORD -f democorp.eldf
Other install options:
Use the RPM package, that may have additional checks for OS dependencies with warning messages.
Install Using RPM Packages - CA Directory - 14.0 - CA Technologies Documentation
Review the support matrix for any possible OS deviations.
CA Directory Compatibility Matrix - CA Technologies
Cheers,
Alan