Starting the Session Failover Components (Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide)

Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide

Starting the Session Failover Components

Access Manager 7 2005Q4 provides the amsfo script to perform these functions:

Start and stop the Java Message Queue (MQ) broker specified for the session failover deployment.
Start and stop the amsessiondb client specified for the session failover deployment.
Read the amsfo.conf configuration file and take specific actions based on variables in the file. For example, you can have the script first delete and then recreate the Berkeley DB database.
Write the amsessiondb.log, jmq.pid, and amdb.pid files in the /tmp/amsession/logs/ directory. The default log directory is determined by the LOG_DIR variable in the amsfo.conf file.

To start the Access Manager session failover components, follow this sequence:

Set the variables in the in the amsfo.conf configuration file, as required by your deployment. For a description of these variables, see Table 6–4
Run the amsfo script to start the Java Message Queue (MQ) broker and the amsessiondb client. For detailed information, see Running the amsfo Script.
Start each Access Manager instance by starting the respective web container. For information, see the Sun Java System Access Manager 7 2005Q4 Administration Guide.

Running the `amsfo` Script

The amsfo script includes the start and stop options:

Usage: amsfo { start | stop }

To run the amsfo script, follow these steps:

Log in as or become superuser (root).
Set the variables in the amsfo.conf file, as required for your deployment. For a description of these variables, see Table 6–4.
Run the script. For example, to start the session failover components on a Solaris system with Access Manager installed in the default directory:
```
# cd  /opt/SUNWam/bin
# ./amsfo start
```
To check the results of the script, see the /tmp/amsession/logs/amsessiondb.log file.

The following table describes the variables in the amsfo.conf configuration file. Set these variables as needed for your deployment before you run the amsfo script.

Table 6–4 amsfo.conf Configuration File


Variable	Description
`AM_HOME_DIR`	Access Manager default installation directory. The default directory depends on the platform: Solaris systems: `AccessManager-base/SUNWam` Linux systems: `AccessManager-base/identity` `AccessManager-base` represents the base installation directory for Access Manager. The default values are `/opt` on Solaris systems and `/opt/sun` on Linux systems.
`AM_SFO_RESTART`	Specifies (true or false) whether the script should automatically restart the `amsessiondb` client. The default is true (restart the `amsessiondb` client).
`CLUSTER_LIST`	Message Queue broker list participating in the cluster. The format is: `host1:port,host2:port,host3:port` For example: `jmq1.example.com:7777,jmq2.example.com:7777,jmq3.example.com:7777` There is no default.
`DATABASE_DIR`	Directory where the session database files will be created. The default is `"/tmp/amsession/sessiondb"`.
`DELETE_DATABASE`	Specifies (true or false) whether the script should delete and then create a new database when the `amsessiondb` process is restarted. The default is true.
`LOG_DIR`	Location of the log directory. The default is `"/tmp/amsession/logs"`.
`START_BROKER`	Specifies (true or false) whether the Message Queue broker should be started with the `amsessiondb` process. Set this variable as follows: true - The Message Queue broker will run on the same machine as the `amsessiondb` process. false - The Message Queue broker and the `amsessiondb` process will run on different machines. The default is true.
`BROKER_INSTANCE_NAME`	Name of the Message Queue broker instance to start. The default is `aminstance`.
`BROKER_PORT`	Port for the local Message Queue broker instance. The default is 7777.
`BROKER_VM_ARGS`	Java VM arguments. The default is `"-Xms256m -Xmx512m"`, which sets the maximum value based on the system resources.
`USER_NAME`	User name used to connect to the Message Queue broker. The default is guest. If you specified a different user name under step 3–Add a New User in the Message Queue Server, set `USER_NAME` to that name.
`PASSWORDFILE`	Location of the password file that contains the encrypted password used to connect to the Message Queue broker. To generate the encrypted password, use the `amsfopasswd` script, as described in `amsfopasswd` Script The default is `$AM_HOME_DIR/.password`, where `$AM_HOME_DIR` specifies the Access Manager default installation directory.

`amsfopasswd` Script

The amsfopasswd script accepts the Message Queue broker password in clear text and returns the encrypted password in a file. You can then use this file as input to the amsfo script (PASSWORDFILE variable).

The amsfopasswd script is located in the following directory:

Solaris systems: AccessManager-base/SUNWam/bin
Linux systems: AccessManager-base/identity/bin

The default AccessManager-base installation directory is /opt on Solaris systems and /opt/sun on Linux systems.

Use the following syntax to run the amsfopasswd script.

amsfopasswd -f filename | --passwordfile filename 
            -e password | --encrypt password
amsfopasswd -h | --help

The following table describes the amsfopasswd script arguments.

Table 6–5 amsfopasswd Script Arguments


Argument	Description
`-f filename \| --passwordfile filename`	Path to the destination file where `amsfopasswd` stores the encrypted password.
`-e password \| --encrypt password`	Clear text password that `amsfopasswd` encrypts.
`-h \| --help`	Display the `amsfopasswd` command usage and then exit.

The following example shows the amsfopasswd script. The encrypted password is stored in the /opt/SUNWam/.password file.

# ./amsfopasswd -f /opt/SUNWam/.password -e mypassword