Server handling
This section describes the server handling for nevisAuth.
The administrative command-line interface (CLI)
You can use the administrative nevisAuth command-line interface (CLI) to create and manage instances of nevisAuth. The command-line interface consists of the following commands:
Static commands
| Feature | Functional Description |
|---|---|
| nevisauth pkg | Print out the current component version. |
| nevisauth inst | List instances. |
nevisauth inst create <instance> | Create a new instance, by creating a directory under/var/opt/nevisauth,copying template files from/opt/nevisauth, and replacing the variables in the template. Register the component instance as a service in system.d. Usekey=valuecommand line arguments for the variable replacement in the template files. Use the INST_CUSTOM_TEMPLATE=<path> command line argument to provide configuration templates. |
nevisauth inst exists <instance> | Check the existence of the instance directory. |
nevisauth inst remove <instance> | Stop the running instance. Make a backup of the instance, by zipping the instance directory. Remove the instance directory/var/opt/nevisauth/<instance>.* Remove the system.d* service entries. |
Instance commands
| Feature | Functional Description |
|---|---|
nevisauth <instance> start | Start instance via system.d. |
nevisauth <instance> stop | Stop instance via system.d. |
nevisauth <instance> restart | Call stop + start. |
nevisauth <instance> status | Show the aggregate status of the instance. |
nevisauth <instance> config | Edit the application configuration. |
nevisauth <instance> config env | Edit the environment configuration. |
nevisauth <instance> config vmargs | Edit the configuration file containing the JVM arguments. This is an alias of the config env command. |
nevisauth <instance> config log | Edit the log configuration. |
nevisauth <instance> config server | Edit the instance server configuration. |
nevisauth <instance> log | List the server log files.Info: This command is not supported by the nevisIDM component. |
Setting up servers
The instance commands are used to install new server instances. There is a default instance for easy installation. Other or additional instances need to be configured by providing setup parameters.
The table below describes all relevant instance commands.
| Command | Description |
|---|---|
| nevisauth inst | This command lists the names of all configured server instances. |
nevisauth inst create <name> | To set up a new server instance, enter the following command: # nevisauth inst create default The newly created instance will be deployed on port 8991.You can provide the setup parameters on the command line or by passing a setup property file: # nevisauth inst create default /tmp/setup.properties The most important parameters are: *AUTH_SERVER_URL: Defines the network listener that the server is supposed to start. * AUTH_SIGNER_KEYSTORE: Defines the key material to use for token signing. * SERVER_SSL_KEYSTORE, SERVER_SSL_TRUSTSTORE: Defines the key material for the frontend SSL/TLS adapter (HTTPS). * AUTH_TRANSPORT_KEYSTORE, AUTH_TRANSPORT_TRUSTSTORE: Defines the key material to configure JavaSE related (backend) subsystems (JNDI for LDAPS connections; JSSE for, for example, HTTPS backend connections). * INST_CUSTOM_TEMPLATE: Defines the directory that contains the custom configuration files to replace the ones delivered with the package (see /opt/nevisauth/template for available files and the required structure of this directory). For variable use, inspect the standard configuration template in /opt/nevisauth/template. For details about configuration semantics, see the chapter Components. |
nevisauth inst remove <name> | This command: makes a backup of the existing instance (=>/var/opt/nevisauth). stops the server (nevisauth <name> stop). * removes all files related to that instance (rm -r /var/opt/nevisauth/<name>). |
nevisauth inst exists <name> | This command is used by configuration scripts to query for already installed server instances. |
Controlling the server
This section describes the commands for controlling the server. See the for an overview of the relevant commands.
| Commands | Description |
|---|---|
nevisauth <instance> start | The start command nevisauth start uses the system.d service to start the server process if it is not already running. |
nevisauth <instance> stop | To shut down a running server, the stop command nevisauth stop stops the system.d service. |
nevisauth <instance> restart | This command performs a stop command nevisauth stop, followed by a start command nevisauth start. |
Retrieving status information
This section describes the command for displaying status information. See the:
| Command | Description |
|---|---|
nevisauth <instance> status | This command displays basic information on the server's current runtime state. |
# nevisauth status
------------------------------------------------------------------------
Status : UP
Component : nevisauth / 4.12.13.0
Instance : default
Process : isi3server
Ownership : bin / bin
Network port(s) : 8990
Filedescriptors : 4096
Process ID : 25063
JRE/JDK : /opt/adnjdk16
Logfile(s) : /var/opt/nevisauth/default/log/esauth4sv.log
/var/opt/nevisauth/default/log/jmxagent.log
------------------------------------------------------------------------
Command for displaying status information
Configuration editing
Configuration editing is usually not an every day administration task and is not required for operation. In production, manual changes of parameters should only be done in emergency cases and only by experienced staff who knows exactly about the effect of such changes.
The table below describes the relevant configuration commands.
| Command | Description |
|---|---|
nevisauth <instance> config | The command nevisauth config (or nevisauth config core) opens the main configuration file /var/opt/nevisauth/default/conf/esauth4.xml for editing in a vi-editor.You can configure the following aspects in the main configuration file: Authentication plug-ins and their interaction Session management setup * Access control. Changing the configuration requires a server restart. |
nevisauth <instance> config vmargsnevisauth <instance> config env | This command allows specifying arguments to be passed to the JVM initialization, the JAVA_OPTS. It opens the configuration file /var/opt/nevisauth/default/conf/env.conf for editing in a vi-editor. The command behaves exactly the same as the config env command and exists only for legacy purposes.Changing the configuration requires a server restart. |