| poslední úprava: 25.4.2007 14:31
Portál AbcLinuxu, 1. května 2025 21:45
23.4.2007 11:24
| Přečteno: 1559×
| Sun Java ES
|
| poslední úprava: 25.4.2007 14:31
V minulém dílu jsme nainstalovali DS a ověřili jsme jeho funkčnost. Dnes se podíváme na startovací prostředí, LDAPS a doprovodné utility.
U serverů jako DS, je většinou žádoucí aby se automaticky nastartovali po (re)bootu systému. Tuto funkčnost si zprovozníme.
Pokud vyzkoušíte obligátní /etc/init.d/dsee_directory start zjistíte, že se nic nenastartovalo. Proč? DS je stavěn na běh víc instancí/stromů zároveň. Proto je třeba DS oznámit které z instancí chceme automaticky startovat. Použijeme k tomu program dsadm (popis).
[root@sjes ~]# [root@sjes ~]# # Nastavíme instanci DS /var/opt/sun/ds-example.com na autostart [root@sjes ~]# /opt/sun/ds6/bin/dsadm autostart /var/opt/sun/ds-example.com The instance /var/opt/sun/ds-example.com will be started at boot time now. [root@sjes ~]# [root@sjes ~]# # vyzkoušíme jestli startovací script opravdu funguje [root@sjes ~]# /etc/init.d/dsee_directory start /etc/init.d/dsee_directory: Starting Directory Server Instance: /var/opt/sun/ds-example.com Server started: pid=2635 [root@sjes ~]# [root@sjes ~]# # kontrola spuštění DS [root@sjes ~]# ps -ef | grep ns-slapd root 2635 1 1 16:08 ? 00:00:00 ns-slapd -D /var/opt/sun/ds-example.com -i /var/opt/sun/ds-example.com/logs/pid root 2690 3265 0 16:08 pts/0 00:00:00 grep ns-slapd [root@sjes ~]#
Povedlo se.
Teď už zbývá jen přidat startovací script démona do správných init level
[root@sjes ~]# [root@sjes ~]# chkconfig dsee_directory on [root@sjes ~]# chkconfig --list dsee_directory dsee_directory 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@sjes ~]#
JES 5 (a poslední dobou čím dál víc SUN produktů) má propracovanou WEB consoli. Pokud ji budete chtít používat doporučuji tento popis principů s ohledem na DS. Já se omezím na její zprovoznění.
[root@sjes ~]# [root@sjes ~]# # zjistíme status DS Control Center [root@sjes ~]# /opt/sun/dscc6/bin/dsccsetup status *** DSCC Application is not registered in Sun Java (TM) Web Console *** DSCC Agent is not registered in Cacao *** DSCC Registry has not been created yet *** [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # inicializujeme DSCC [root@sjes ~]# /opt/sun/dscc6/bin/dsccsetup initialize *** Registering DSCC Application in Sun Java(TM) Web Console This operation is going to stop Sun Java(TM) Web Console. Do you want to continue ? [y,n] y Stopping Sun Java(TM) Web Console... Registration is on-going. Please wait... DSCC is registered in Sun Java(TM) Web Console Restarting Sun Java(TM) Web Console Please wait : this may take several seconds... Sun Java(TM) Web Console restarted successfully *** Registering DSCC Agent in Cacao... Checking Cacao status... Starting Cacao... DSCC agent has been successfully registered in Cacao. *** Choose password for Directory Service Manager: Confirm password for Directory Service Manager: Creating DSCC registry... DSCC Registry has been created successfully *** [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # přidáme DS instanci pro DSCC do DS autostart [root@sjes ~]# /opt/sun/ds6/bin/dsadm autostart /var/opt/sun/dscc6/dcc/ads/ The instance /var/opt/sun/dscc6/dcc/ads will be started at boot time now. [root@sjes ~]# [root@sjes ~]# # a nastartujeme si ji [root@sjes ~]# /opt/sun/ds6/bin/dsadm start /var/opt/sun/dscc6/dcc/ads/ [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # zaregistrujeme si instanci DS v DSCC [root@sjes ~]# /opt/sun/dscc6/bin/dsccreg add-server /var/opt/sun/ds-example.com Enter DSCC administrator's password: /var/opt/sun/ds-example.com is an instance of DS Enter password of "cn=Directory Manager" for /var/opt/sun/ds-example.com: This operation will restart /var/opt/sun/ds-example.com. Do you want to continue ? (y/n) y Starting /var/opt/sun/ds-example.com Connecting to /var/opt/sun/ds-example.com Enabling DSCC access to /var/opt/sun/ds-example.com Restarting /var/opt/sun/ds-example.com Registering /var/opt/sun/ds-example.com in DSCC on localhost. [root@sjes ~]# [root@sjes ~]# /opt/sun/dscc6/bin/dsccreg list-servers Enter DSCC administrator's password: Hostname Port sPort Type Owner iPath Description ---------------- ---- ----- ---- ----- --------------------------- ----------- sjes.example.com 389 636 DS root /var/opt/sun/ds-example.com 1 server instance(s) found in DSCC on localhost. [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# ####################################### [root@sjes ~]# # zjistíme stav Common Agent Containeru [root@sjes ~]# /opt/sun/cacao/bin/cacaoadm status default instance is DISABLED at system startup. default instance is not running. [root@sjes ~]# [root@sjes ~]# # nastavíme si default instanci na startup a nastartujeme si ji [root@sjes ~]# /opt/sun/cacao/bin/cacaoadm enable --instance default [root@sjes ~]# /opt/sun/cacao/bin/cacaoadm status default instance is ENABLED at system startup. default instance is not running. [root@sjes ~]# service common-agent-container-1 start [root@sjes ~]# /opt/sun/cacao/bin/cacaoadm status default instance is ENABLED at system startup. Current retries count : 0/4 Processes: 12071 12072 Uptime: 0 day(s), 0:0 [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # nastavíme common-agent-container-1 do správných levelů [root@sjes ~]# [root@sjes ~]# chkconfig common-agent-container-1 on service common-agent-container-1.old does not support chkconfig [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # budeme ho muset upravit [root@sjes ~]# [root@sjes ~]# echo "2a3,5 > # chkconfig: 2345 86 41 > # description: Starts and stops Cacao container instances > #" | patch /etc/init.d/common-agent-container-1 [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# chkconfig common-agent-container-1 on [root@sjes ~]# [root@sjes ~]# chkconfig --list common-agent-container-1 common-agent-container-1 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@sjes ~]# [root@sjes ~]# [root@sjes ~]# # zkontrolujeme webconsoli [root@sjes ~]# /usr/sbin/smcwebserver status Sun Java(TM) Web Console is stopped [root@sjes ~]# [root@sjes ~]# # nastavíme autostart, nastavime a zkontrolujeme [root@sjes ~]# /usr/sbin/smcwebserver enable [root@sjes ~]# chkconfig webconsole on [root@sjes ~]# service webconsole start Starting Sun Java(TM) Web Console Version 3.0.2 ... The console is running. [root@sjes ~]# /usr/sbin/smcwebserver status Sun Java(TM) Web Console is running [root@sjes ~]#
Java WEB console nyní poslouchá na https://sjes.example.com:6789. Přihlašte se jak root.
Zatím je přístupná pouze DS Control Center v levé dolní části. Přihlašte se do ní (admin:adminadmin z minulého dílu) a v "Directory Servers" uvidíte váš DS. V záložce Settings/Directory Service Managers klikněte na admin a změňte mu heslo na "dscc6pwd"
=========================== Doplněno ==========================================
Občas je užitečné vědět jak věci dělat z příkazové řádky. naučíme se vytvořit DS instanci kompletě z příkazové řádky.
[root@sjes ~]#
[root@sjes ~]# # volby pro vytvoření nové instance DS
[root@sjes ~]# /opt/sun/ds6/bin/dsadm create --help
Usage: dsadm create [ -iG ] [ -u USER_NAME -g GROUP_NAME ] [ -h HOST_NAME ] [ -p PORT ] [ -P SSL_PORT ] [ -D DN ] [ -w PWD_FILE ] INSTANCE_PATH
Creates Directory Server instance
The accepted values for OPTIONS are:
-g GROUP_NAME, --groupname GROUP_NAME
Sets the instance owner group ID (Default: current user group)
-h HOST_NAME, --hostname HOST_NAME
Sets the hostname (Default: name of current host system)
-i, --no-inter
Does not prompt for password
-G, --no-legacy-scripts
Does not generate legacy scripts in Directory Server instance
-p PORT, --port PORT
Uses PORT for LDAP traffic (Default: 389/1389)
-w PWD_FILE, --pwd-file PWD_FILE
Reads the root DN password from PWD_FILE (Default: prompt for pwd)
-D DN, --rootDN DN
Uses DN as Directory Manager DN (Default: cn=Directory Manager)
-P SSL_PORT, --secure-port SSL_PORT
Uses SSL_PORT for secure LDAP traffic (Default: 636/1636)
-u USER_NAME, --username USER_NAME
Sets the instance owner user ID (Default: current user name)
For global options, use dsadm --help.
INSTANCE_PATH Path of the Directory Server instance to create
For more information, see dsadm(1M).
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # vytvoříme novou instanci
[root@sjes ~]#
[root@sjes ~]# /opt/sun/ds6/bin/dsadm create /var/opt/sun/ds-example.org
389 port already in use
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # protože porty už obsadila instance ds-example.com musíme je specifikovat
[root@sjes ~]#
[root@sjes ~]# /opt/sun/ds6/bin/dsadm create -p 1389 -P 1636 /var/opt/sun/ds-example.org
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use 'dsadm start /var/opt/sun/ds-example.org' to start the instance
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # nastartujeme
[root@sjes ~]#
[root@sjes ~]# /opt/sun/ds6/bin/dsadm start /var/opt/sun/ds-example.org
Server started: pid=25927
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # zkusíme prohledat
[root@sjes ~]#
[root@sjes ~]# ldapsearch -x -h sjes.example.com -D "cn=Directory Manager" -p 1389 -w instancepwd -s sub objectclass=* dn
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: objectclass=*
# requesting: dn
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # musíme založit BaseDN za pomoci utility dsconf
[root@sjes ~]#
[root@sjes ~]# /opt/sun/ds6/bin/dsconf --help
Usage: dsconf SUBCMD [GLOBAL_OPTS] [SUBCMD_OPTS] [SUBCMD_OPERANDS]
Configure a Directory Server instance
The accepted values for SUBCMD are:
accord-repl-agmt Ensures the authentication properties of the destination suffix are in accord with those of the replication agrement
backup Backs up Directory Server data (cn=config excluded)
create-encrypted-attr Creates an encrypted attribute
create-index Creates an indexed attribute
create-plugin Creates a plugin
create-repl-agmt Creates replication agreement for existing suffix
create-repl-priority Creates a prioritized replication rule on a master
create-suffix Creates suffix and empty data
delete-encrypted-attr Deletes an encrypted attribute
delete-index Deletes an indexed attribute
delete-plugin Deletes a plugin
delete-repl-agmt Deletes replication agreement
delete-repl-priority Deletes a prioritized replication rule
delete-suffix Deletes suffix configuration and data
demote-repl Demotes an existing replicated suffix
disable-plugin Disables a plugin
disable-repl Abandons replication for replicated suffix
disable-repl-agmt Disables replication with another directory
enable-plugin Enables a plugin
enable-repl Enables replication by assigning a role to an existing suffix
enable-repl-agmt Enables replication with another directory
export Exports suffix data to LDIF format
get-index-prop Displays index property values
get-log-prop Displays server log property values
get-plugin-prop Displays plugin property values
get-repl-agmt-prop Displays replication agreement property values
get-server-prop Displays server property values
get-suffix-prop Displays suffix property values
help-properties Lists properties exposed by subcommands
import Populates existing suffixes with LDIF data
info Displays information about server configuration
init-repl-dest Launches total update of remote replica from local suffix
list-encrypted-attrs Lists encrypted attributes and displays their property values
list-indexes Lists indexed attributes
list-plugins Lists plugins
list-repl-agmts Lists replication agreements
list-repl-priorities Lists prioritized replication rules and displays their property values
list-suffixes Lists suffixes
promote-repl Promotes an existing replicated suffix
pwd-compat Changes Directory Server password compatibility mode
reindex Rebuilds indexes of an existing suffix
restore Restores Directory Server data from backup archive
rotate-log-now Launches a rotation of a log file
set-index-prop Sets index property values
set-log-prop Sets server log property values
set-plugin-prop Sets plugins property values
set-repl-agmt-prop Sets replication agreement property values
set-server-prop Sets server property values
set-suffix-prop Sets suffix property values
show-repl-agmt-status Displays a comparison of a source and destination suffix configuration and the status of the replication agreement
show-task-status Displays a status of Directory Server active tasks
update-repl-dest-now Forces updates of remote replica from local suffix
The accepted values for GLOBAL_OPTS are:
-c,--accept-cert
Does not ask for confirmation before accepting non-trusted server certificates
-?,--help
Displays this message or subcommand help message
-h HOST, --hostname HOST
Connects to Directory Server on HOST (Default: $DIRSERV_HOST or localhost)
-i,--no-inter
Does not ask for confirmation
-p PORT, --port PORT
Connects to Directory Server on PORT (Default: $DIRSERV_PORT or 389)
-w FILE, --pwd-file FILE
Binds with pwd read from FILE (Default:$LDAP_ADMIN_PWF or prompt for pwd)
-j,--reject-cert
Does not ask for confirmation before rejecting non-trusted server certificates (for this session only)
-P PORT, --secure-port PORT
Connects to Directory Server on secure port PORT
-e,--unsecured
Connects over LDAP with no secure connection
-D USER_DN, --user-dn USER_DN
Binds as USER_DN (Default: $LDAP_ADMIN_USER or cn=Directory Manager)
-v,--verbose
Displays extra information
For more information, see dsconf(1M).
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # vytvoříme suffix v instanci na portu 1389
[root@sjes ~]#
[root@sjes ~]# /opt/sun/ds6/bin/dsconf create-suffix -p 1389 "dc=example,dc=org"
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]#
[root@sjes ~]# # a otestujeme
[root@sjes ~]#
[root@sjes ~]# ldapsearch -x -h sjes.example.com -D "cn=Directory Manager" -b "dc=example,dc=org" -p 1389 -w instancepwd -s sub objectclass=* dn
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope sub
# filter: objectclass=*
# requesting: dn
#
# example.org
dn: dc=example,dc=org
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@sjes ~]#
[root@sjes ~]#
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.