This section outlines the steps you need to follow to install the agent on the OS/400 operating system. This release currently supports version V5R4 and above. This installation process is quite different than for other operating systems, so be sure to follow the steps closely.
The majority of capabilities of the Configuration Change Console will work on the OS/400. There are some limitations however.
Like other operating systems, the agent supports
File creation, modifications, renames and deletes
Process starts and stops
User logins and logouts
Current system resources and configurations
Changes to OS/400 system values
There are some limitations to the OS/400 agent:
The source machine IP for user logins cannot be captured
Directory delete actions cannot be captured
Since the agent will create a new user profile, it must be run by a user with “Security Officer” authority.
The Configuration Change Console agent requires that you install JDK version 1.5 on your OS/400 server. In addition, the Java Group PTF SD99291 must also be installed. Make sure that IBM Toolbox for Java (5722-JC1) and IBM Developer Kit for Java (5722-JV1) and Java Developer Kit 5.0 (5722-JV1) are installed.
For detailed installation instructions, follow the instructions included in the PTF.
Obtain and install the Java Group PTF SF99291 by performing the following steps:
From the command line on your OS/400 system, type GO PTF
From the screen, select option 8
Specify PTF type 1 (for all PTFs) and automatic IPL Y
Verify that the proper version of the Java Group PTF has been installed by executing the following command:
WRKPTFGRP SF99291
The output should be below.
Opt PTF Group Level Status SF99291 18 Installed
After Java Group PTF SF99291 installed, please edit the java.security file under the /QIBM/ProdData/Java400/jdk15/lib/security directory. You will see the following content:
security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse2.IBMJSSEProvider2 security.provider.3=com.ibm.crypto.provider.IBMJCE security.provider.4=com.ibm.security.jgss.IBMJGSSProvider security.provider.5=com.ibm.security.cert.IBMCertPath security.provider.6=com.ibm.security.sasl.IBMSASL security.provider.7=com.ibm.i5os.jsse.JSSEProvider # # List of Sun providers and their preference orders (see above): # #security.provider.1=sun.security.provider.Sun #security.provider.2=sun.security.rsa.SunRsaSign #security.provider.3=com.sun.net.ssl.internal.ssl.Provider #security.provider.4=com.sun.crypto.provider.SunJCE #security.provider.5=sun.security.jgss.SunProvider #security.provider.6=com.sun.security.sasl.Provider
Comment out the first block of security providers for IBM and uncomment the providers from Sun. After you make the changes, your file should look like the following:
#security.provider.1=sun.security.provider.Sun #security.provider.2=com.ibm.jsse2.IBMJSSEProvider2 #security.provider.3=com.ibm.crypto.provider.IBMJCE #security.provider.4=com.ibm.security.jgss.IBMJGSSProvider #security.provider.5=com.ibm.security.cert.IBMCertPath #security.provider.6=com.ibm.security.sasl.IBMSASL #security.provider.7=com.ibm.i5os.jsse.JSSEProvider # # List of Sun providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=com.sun.net.ssl.internal.ssl.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider security.provider.6=com.sun.security.sasl.Provider
The following steps outline how to install the agent on OS/400. If any errors occur during these installation steps, refer to the section below on how to solve the most common installation errors.
Mount the Oracle Configuration Change Console Media on the OS/400 server you want to install the agent on. The two files that you need from the media are:
Agent-os400/Installprobe.sh
Agent-os400/Installprobe.jar
Log into the OS400 server with a user account with elevated security permissions
Start QShell by typing QSH
Change the working directory to the directory where the two install files are located. If you install from the CD, it will typically be mounted under /QOPT.
Run the script installprobe.sh. The script will output the following usage parameters needed.
Usage: <JNDI_PROVIDER_URL> <INSTALL_LIB> <INSTALL_DIR> <USER_ADMIN> <USER_NORMAL> JNDI_PROVIDER_URL : (Required) Enter the server connection URL. For NON-CLUSTERED, you can enter t3s://host:sslPort. For CLUSTERED, you can enter t3s://host1:sslPort1,host2:sslPort2 INSTALL_LIB : (Optional) The library to contain probe. Default value is $DEFAULT_INSTALL_LIB INSTALL_DIR : (Optional) The directory to contain probe. Default value is $DEFAULT_INSTALL_DIR Notes: you can type '-' to use the default value
Run the script installprobe.sh with the proper parameters. For example:
./installprobe.sh t3s://host1:port1 Agent - - -
Where you replace host1 with the hostname or IP of your primary server and port1 with the ssl port (443 by default). If you have a clustered server instance, you change the second parameter to list the primary server and all of the messaging broker servers like this example where there is one primary server and two additional messaging broker servers:
./installprobe.sh t3s://host1:port1,host2:port2,host3:port3 Agent - - -
Running this command will place the agent in the library named Agent in the /arprobe directory.
This install script might show some warning messages if the library, directory or users being created already exist.
When you see the following prompt, type “y” and Enter to start the agent installation. Press any other key if you want to abort the installation at this point.
Do you want to install the Configuration Change Console Agent? (y – install, any other key to exit)
After the installation is finished, change the directory to the {agent install dir}/bin directory. Run the following script to set the user and password on the Configuration Change Console Server that you can authenticate this agent with. The user must have the administrator or super-administrator product role.
./resetauth.sh
The following sections describe the required post installation tasks for the OS/400 Agent installation.
Follow these steps:
From the main menu screen in OS/400, type the following command and press Enter.
wrksysval sysval(qaudctl)
From the Work With System Values screen, selection Option 2- Change and press Enter.
Verify that the following items are included under Auditing Control. If they are not there, enter them manually.
Note:
The QSYS/QAUDJRN journal must exist before you can change the QAUDCTL system value to a value other than *NONE.Follow these steps:
From the main menu screen in OS/400, type the following command and press enter.
wrksysval sysval(qaudlvl)
From the Work With System Values screen, selection Option 2- Change and press Enter.
Verify that the following items are included under Auditing Control. If they are not there, enter them manually.
During the agent installation, a subsystem description is created with the same name as the library. The installation process also creates an autostart job entry in the subsystem. Therefore, to start the agent service, simply start the subsystem; to stop the agent service, end the subsystem.
For example, if the agent was installed in library AGENT, start the service by entering the following at the command prompt and pressing Enter:
strsbs agent/agent
To end the service, type the following at the command prompt and press Enter:
endsbs agent *immed
To stop the agent during system operations, add the stop command (in the example above, endsbs agent *immed) to your shutdown procedures to automatically end the agent with a system shutdown. You may also add the start command to your restart procedures to automatically restart the agent at system restart.
You may also want to add it to the QSTRUP program, so that it starts during the IPL process.
To manually uninstall the agent (assuming the library is called AGENT), follow these steps:
Stop the agent by typing the following command in a command prompt and pressing Enter:
endsbs agent *immed
Delete the library by typing the following command and prompt and pressing Enter:
dltlib agent
Start the qshell by typing the following at the command prompt and pressing Enter:
qsh
Type the following at the command prompt to delete the agent directory where /targetdir is the path to the directory where the agent was installed. For example: /ArProbe:
rm –rf /targetdir
Note:
The rm (remove) command is finished when the qshell session displays a $ character beneath the rm command entry. If you exit the qshell (by pressing F3) prior to the display of the $ character, the rm command will not complete. Wait for the display of the $ character before exiting qshell. Processing of the rm command may take several minutes on your system.Alternatively, the agent can be uninstalled entirely through a qshell on the AS/400 device where the agent is installed.
Start the qshell by typing the following at the command prompt and pressing Enter:
qsh
At the command prompt, change directory to the agent installation directory. For example where arprobe is the directory of your agent installation:
cd /arprobe
Uninstall the agent by typing the following at the command prompt and pressing Enter:
uninstall.sh
This section details how to print out a job log for any errors encountered during the OS/400 agent installation. An example of an Unsuccessful Installation error message is:
UNSUCCESSFUL INSTALL OF ORACLE CONFIGURATION CHANGE CONSOLE
Follow these steps:
Immediately following the receipt of an error message, display the current jobs by typing DSPJOB at the command prompt and pressing F4.
Write down the job, user and number information displayed for the error.
At the prompt, enter the following command and press Enter.
SIGNOFF *LIST
Log back into the OS/400 interface and at the prompt type WRKJOB
and press F4.
On the resulting screen, enter the Job, User, and Number from step 2. Under the option field, input *SELECT
and press Enter.
Select option 4. Work with spooled files by entering the number 4 at the prompt. Press Enter.
Locate QPJOBLOG in the list of spooled files and enter a 2 in the Opt column for the row containing file QPJOBLOG. Press Enter.
On the resulting screen, specify the network name of your printer in the Printer field and press Enter.
Sign off and keep the printed log for reference when filing a ticket with Oracle.