LeasePak Server Configuration and Maintenance

CM v.1808 created at Fri Aug 13 00:45:19 -0700 2010
Start here if you have finished installing or upgrading LeasePak and need to perform additional configuration or maintenance on LeasePak server. If you are installing LeasePak for the first time, refer to the document LeasePak Server Preparation and Installation. If you are upgrading or updating LeasePak, refer to LeasePak Server Upgrade and Conversion.

Configuration


LeasePak Environments and Databases
setup_new_env - Creating LeasePak Environments
What You Need To Know Before Using This Command ...
Use setup_new_env to create new production, test, and visitor environments to contain LLDBs.
setup_new_env may only be run by $NSTADMIN, the LeasePak release administrator. Does not require the services of the Queue Manager or of any database server processes.
Common Usage
The following are the two most common examples of using setup_new_env:
Production Environments
setup_new_env env-name db-type db-server db-name
where
Test Environments 
setup_new_env -tl env-name db-type db-server db-name build-descriptor
where the parameters are the same as for Production environments, plus:
  • -tl (minus-lowercase-T-L) signifies a test environment
  • build-descriptor determines where the environment will find its executable copies of LeasePak. For a test environment, it can be the build ID alias live or a build ID in the form bldn.nn.nnnn (for example bld6.10.0179)
Multiple concurrent versions: If there are more than one LeasePak instance accessing the same database server, note that LLDB names must be unique within the entire database system, not just within the individual LeasePak instances.
setup_new_env Worksheet
Note the following values for running setup_new_env:
Name Description Your Value Notes
options commandline switches production: (none) test: -tl visitor: -vl
env-name environment name Must be unique for the specific LeasePak instance
db-type database type ora for Oracle or syb for Sybase
db-server database server name Must be one of the database server names defined for the db-type DBMS when LeasePak was installed
db-name LLDB name LLDB names must be unique for the db-type DBMS on this DBMS host and comply with the selected type of naming convention
build-descriptor LeasePak build ID or alias Must be live or the build ID (in the form bldn.nn.nnnn, for example bld6.10.0179) of a compatible installed LeasePak build. For test and visitor environments only
Running setup_new_env
Log on the application host as $NSTADMIN, the LeasePak release administrator.
Either run setup_new_env with the common usage described above, and demonstrated below, or click here to see the complete syntax of setup_new_env. 
  [nsadm62a:~]  setup_new_env prod syb SEVILLE lpr_prod
The command will produce a display similar to this: 
  [nsadm62a:~]  setup_new_env prod syb SEVILLE lpr_prod
  2009-08-13 17:50:47 setup_new_env:  PRODUCTION prod syb SEVILLE lpr_prod live; Start
  2009-08-13 17:50:48 setup_new_env: Creating environment directory structure...
  2009-08-13 17:50:48 setup_new_env: Creating syb_use...
  2009-08-13 17:50:48 setup_new_env: Creating logdb.*...
  2009-08-13 17:50:51 setup_new_env: Creating envdb.msirc...
  2009-08-13 17:50:52 setup_new_env: Creating msidba placeholder ...
  2009-08-13 17:50:52 setup_new_env: Creating .lp*...
  2009-08-13 17:50:52 setup_new_env: Setting environment security...

  You will need the following for Leasepak PC Client setup:
  IP Address or name: seville
  Environment name:   prod
  Server Port:        6201

  2009-08-13 17:50:53 setup_new_env: End
Back to Top Previous Next
db_create - Creating LeasePak Logical Databases
What You Need To Know Before Using This Command ...
Use db_create to create a new LLDB for a particular environment. If the operator approves it, db_create also will drop an existing LLDB and replace it with an empty LLDB.
db_create may only be run by $NSTDBA, the LeasePak database administrator. It requires that the operator know the password for the database server administrator, $SRVADM; that the operator be prepared to assign a password to any DBO that may be created (see note below); it requires that the database server for the db-type selected when the environment was created using setup_new_env be up and running and capable of executing interactive SQL commands; it does not require the services of the Queue Manager.
db_create may require the operator to enter a password for the DBO, the owner of the LLDB about to be constructed. If the LLDB is being created under Oracle, or if the under Sybase and the LeasePak $SYB_AUTODBO SETUP option Automatically create Sybase database owner names is set to Y (echo $SYB_AUTODBO at the command prompt to see), a separate database system user, with the same name as the LLDB, will be created as the DBO, and the operator will be required to provide a password for this new user. This user should not have a UNIX user account. If $SYB_AUTODBO is N, then the operator will be prompted for an existing Sybase user to be designated as the DBO.
As with most LeasePak db_* commands that affect a particular LLDB, db_create determines the appropriate LLDB to use via the environment created by setup_new_env.
The db_create command may only be run from production and test environments; visitor environments are not allowed to perform data-destroying tasks on the LLDBs they point to. The original, or host environment, given when the visitor environment was created, must be used for performing data-destroying tasks such as db_create.
Do not create an LLDB in the administrative environments, adm_ora or adm_syb.
Common Usage
The following is the most common example of using db_create: 
db_create env-name
where
db_create Worksheet
Note the following values for running db_create:
Name Description Your Value Notes
env-name environment name Must have been previously created using setup_new_env
$SRVADM's password database server administrator This user is the one who actually runs the commands under the database server to provision and create the LLDB
DBO-name The user to be DBO Required if under Sybase and $SYB_AUTODBO is N; is created automatically otherwise
DBO's password LLDB owner The DBO is the user who owns the objects within the LLDB and who grants regular users access to the LLDB
Data size # of megabytes of data space needed Under both Oracle and Sybase; if under Oracle and a dedicated storage segment is to be used, should be "UNLIMITED"
Storage segment if known Oracle: either a common storage segment or a dedicated storage segment (must be dedicated if size > 300MB); Sybase: may not be known ahead of time
Log size # megabytes of log space needed Sybase only
CRITICAL NOTE
Sybase Only
db_create creates an LLDB with the truncate log on checkpoint option enabled. This will empty the database server-generated transaction logs each time an automatic checkpoint is performed by the database server. For production environments, the administrator MUST disable the Sybase truncate log on checkpoint option so that the entire transaction log is available for recovery in the event of a system failure between full backups. The transaction log is vital for recovery from system errors and crashes. It can be managed so that its disk space requirements are kept as low as possible. Refer to the Sybase Adaptive Server documentation for more information or contact the NetSol Help Desk.
Running db_create
Log on the application host as $NSTDBA, the LeasePak database administrator.
Either run db_create with the common usage shown below, or click here to see the complete syntax of db_create. 
    [nsdba62a:~] db_create prod
The command will produce a display similar to the screen print below. For brevity we have deleted several lines (shown by "...") from this screen print; the full output of db_create for Sybase can be seen by clicking here. 
  [nsdba62a:~]  db_create prod
  2009-08-13 17:52:56 db_create: Create (prod)lpr_prod
  2009-08-13 17:52:56 db_create: Running commands as srvadm

  Server Administrator 'srvadm' password: srvadm's password

  Logical database owner 'OWNER' password: database owner's password
  2009-08-13 17:53:14 db_get_dbo: Start
  2009-08-13 17:53:14 db_get_dbo: Running commands as srvadm
  2009-08-13 17:53:17 db_setup_phys: Set up physical storage description for (prod)lpr_prod

  Storage segments with available space:
           lpk_log01   160                        lpk_data05   388
           lpk_log02   230                        lpk_data06   332
           lpk_log03   173                        lpk_data07   380
           lpk_log04   320                        lpk_data08   178
           lpk_log05   581                        lpk_data09   368
          lpk_data04   38                         lpk_data10   298

  [<RET>/Q/q]=quit  [R/r]=redisplay list  [V/v]=view physdb.msirc
  Enter Segment name from list above: lpk_data05
   Enter # MBs required from segment: 150
   Segment type: 'D[ATA]' or 'L[OG]': d

  [<RET>/Q/q]=quit  [R/r]=redisplay list  [V/v]=view physdb.msirc
  Enter Segment name from list above: lpk_log01
   Enter # MBs required from segment: 40
   Segment type: 'D[ATA]' or 'L[OG]': l

  [<RET>/Q/q]=quit  [R/r]=redisplay list  [V/v]=view physdb.msirc
  Enter Segment name from list above:
  Current contents of physdb.msirc:
  setenv  MSIDB_SEG01     "lpk_data05,150,DATA"
  setenv  MSIDB_SEG02     "lpk_log01,40,LOG"

  2009-08-13 17:54:45 db_setup_phys: New physical configuration of (prod)lpr_prod stored in
      $ENVDIR/etc/physdb.msirc
  2009-08-13 17:57:43 db_get_dbo: Start
  2009-08-13 17:57:43 db_get_dbo: Running commands as srvadm
  2009-08-13 17:57:46 db_build: Build (prod)lpr_prod
  2009-08-13 17:57:46 db_build: Running commands as srvadm
  2009-08-13 17:57:47 db_build: Constructing logical LeasePak database - SQL portion...
  2009-08-13 17:57:53 db_set_dbo: Start
  2009-08-13 17:57:56 db_set_dbo: Changing DBO of (prod)lpr_prod to lpr_prod ...
  2009-08-13 17:57:56 db_set_dbo: End
  2009-08-13 17:57:56 db_build: End
  2009-08-13 17:57:56 db_load_obj: Load logical database objects in (prod)lpr_prod
  2009-08-13 17:57:56 db_load_obj: Running commands as DBO, lpr_prod
  Xmap: tbl(mcml) tbl(mcmu) tbl(mja) tbl(mjc) tbl(mjl) tbl(mlo_city) tbl(mlo_county)
  Xmap: tbl(mlt) tbl(mpa_assmt) tbl(msg) tbl(msvb) tbl(msvc) tbl(msvh) tbl(msvi)
  Xmap: tbl(msvl) tbl(msvr) tbl(msvs) tbl(msvu) tbl(msvv) tbl(mvd_mdl) tbl(mvd_mnf)
  ...
  Xmap: idx(mja) idx(mjc) idx(mjl) idx(mlo_city) idx(mlo_county) idx(mlt) idx(mpa_assmt)
  Xmap: idx(msg) idx(msvb) idx(msvc) idx(msvh) idx(msvi) idx(msvl) idx(msvr)
  Xmap: idx(msvs) idx(msvu) idx(msvv) idx(mvd_mdl) idx(mvd_mnf) idx(mwa) idx(mwc)
  ...
  Xmap: idx(rzp) idx(rzq) idx(rzu)
  2009-08-13 18:01:24 db_load_obj: Loaded 640 object scripts into (prod)lpr_prod
  2009-08-13 18:01:24 db_load_obj: End
  2009-08-13 18:01:24 db_load_code: Load SQL code in lpr_prod for prod
  2009-08-13 18:01:24 db_load_code: Running commands as DBO, lpr_prod
  2009-08-13 18:01:24 db_load_code: Creating ordered list of files to load ...
  2009-08-13 18:01:25 db_load_code: Creating alphabetical list of up* code objects ...
  2009-08-13 18:01:25 db_load_code: Creating alphabetical list of authorized cp* code objects ...
  2009-08-13 18:01:25 db_load_code: Replacing authorized cp* objects with user-provided versions .
  2009-08-13 18:01:25 db_load_code: Creating alphabetical list of main procedures to be loaded ...
  2009-08-13 18:01:25 db_load_code: Creating final list(s) of procedures to be loaded ...
  2009-08-13 18:01:25 db_load_code: Rebuilding views ...
  2009-08-13 18:01:32 db_load_code: Loading SQL Code Objects ...
  Xproc: aacompare(dates) lessee(add_remove) alt(cussum) ar(dtl) chk(upd) mjc(convert) mp(davox)
  Xproc: rase(dbaconv_ras) dbaconv(rsc) related(del_app) upd(drawdown_clnt) ext(ela_asset)
      ext(ela_codes) hist(ela)
  ...
  Xproc: upd(allowed) update(passwd) xml(lsesum) mt(mcml) mt(mcmu) mt(mja) mt(mjc)
  Xproc: mt(mjl) mt(rad) mt(raf) mt(rag) mt(rai) mt(ral) mt(rap)
  Xproc: mt(rvd) mt(rxr) mt(rxu) mt(rzg) alt(lsesum) cp(altlsepayinfo) asset(dtl)
  Xproc: asset(sum) col(lsesum) cus(leases) cus(lsesum) mat(lsesum) rap(der) rec(lsesum)
  Xproc: rfw(notes) rgc(info) susp(info)
  2009-08-13 18:13:00 db_load_code: Loaded 570 source files into (prod)lpr_prod
  2009-08-13 18:13:01 db_load_code: End
  2009-08-13 18:13:01 db_set_security: Set db security in (prod)lpr_prod
  2009-08-13 18:13:01 db_set_security: Running commands as lpr_prod
  2009-08-13 18:13:01 db_set_security: Setting general db security in (prod)lpr_prod
  2009-08-13 18:13:16 db_set_security: End
  2009-08-13 18:13:16 db_create: End
Below is the initial part of a run of db_create under Oracle. It shows how db_create will prompt for the DBO's password a second time if the DBO is new, plus it shows how the selection of the storage segment appears under Oracle. In this case a dedicated storage segment has been provided. After the selection of the storage segment, the process continues in a manner similar to that of Sybase. The full output of db_create under Oracle can be seen by clicking here. 
  [nsdba62a:~] db_create prod
  2009-08-13 23:06:09 db_create: Create (prod)lpr_prod
  2009-08-13 23:06:09 db_create: Running commands as srvadm

  Server Administrator 'srvadm' password: srvadm's password

  Logical database owner 'OWNER' password: database owner's password
  2009-08-13 23:06:23 db_get_dbo: Start
  2009-08-13 23:06:23 db_get_dbo: Running commands as srvadm

  Retype password to confirm; leave blank to restart password selection ...
  Confirming Database Owner 'OWNER' password: database owner's password

  2009-08-13 23:06:34 db_setup_phys: Set up physical storage description for (prod)lpr_prod

  Storage segments with available space:
          LPCOMMON                                LPT_PROD

  [<RET>/Q/q]=quit  [R/r]=redisplay list  [V/v]=view physdb.msirc
  Enter Segment name from list above: LPT_PROD
   Enter # MBs required from segment: UNLIMITED
  Current contents of physdb.msirc:
  setenv  MSIDB_SEG01     "LPT_PROD,UNLIMITED"

  2009-08-13 23:07:01 db_setup_phys: New physical configuration of (prod)lpr_prod stored in
      $ENVDIR/etc/physdb.msirc
Back to Top Previous Next
db_restore - Loading Data into a LeasePak Logical Database
What You Need To Know Before Using This Command ...
Use db_restore to copy the LeasePak data stored in a data-set into an LLDB; it destroys any previous data in the LLDB.
db_restore may only be run by $NSTDBA, the LeasePak database administrator. It requires that the operator know the password for the DBO of the LLDB, which was assigned when the LLDB was created by db_create; it requires that the database server for the db-type selected when the environment was created using setup_new_env be up and running and capable of executing interactive SQL commands; it does not require the services of the Queue Manager.
As with most LeasePak db_* commands that affect a particular LLDB, db_restore determines the appropriate LLDB to use via the environment created by setup_new_env.
The db_restore command may only be run from production and test environments; visitor environments are not allowed to perform data-destroying tasks on the LLDBs they point to. The original, or host environment, given when the visitor environment was created, must be used for performing data-destroying tasks such as db_restore.
Common Usage
The following is the most common example of using db_restore: 
db_restore env-name data-set-name [-p proc-count]
where
  • env-name is the environment containing the LLDB that is to be (re)loaded with data from the data-set
  • data-set-name is the group of files containing a complete image of a LeasePak logical database (LLDB), and must be one of:
    • a standard Netsol-provided data-set, seed or level7, found in the current build dsets directory ($udsets)
    • a locally produced data-set found in the release datasets directory ($datasets)
    • a data-set at an arbitrary location on the application host, provided that the data-set parameter is the absolute pathname of a directory containing the files of a compatible data-set
  • [-p proc-count], where proc-count is an integer from 1 to 15, which determines the number of concurrent processes that will be used to move the data from the data-set into the LLDB. The [...] indicates that this parameter is optional; if omitted, the number of concurrent processes defaults to 4, as if -p 4 had been typed on the command line. Values greater than 4 are intended for loading large or very large data-sets.
  • Other Inputs
db_restore Worksheet
Note the following values for running db_restore:
Name Description Your Value Notes
env-name environment name Must have been previously created using setup_new_env, and must contain a valid LLDB created using db_create
data-set data-set name Must be a data-set directory in $udsets or $datasets or the absolute pathname of a directory on the application host that contains a compatible data-set
-p proc-count # of concurrent processes optional parameter; if given must be 1 to 15, default is 4
DBO's password LLDB owner's password db_restore will prompt for this. This password was assigned when the LLDB was created using db_create
Running db_restore
Log on the application host as $NSTDBA, the LeasePak database administrator.
Either run db_restore with the common usage described above, or click here to see the complete syntax of db_restore. 
  [nsdba62a:~]  db_restore prod level7 -p 10
The command will produce a display similar to the screen print below. Enter the DBO's password when prompted. For brevity we have deleted several lines (shown by "...") from this screen print; the full output of db_restore can be seen by clicking here. 
  [nsdba62a:~] db_restore prod level7 -p 10
  2009-08-21 15:27:57 db_restore: Load dataset level7 into database (prod)lpr_prod
  * * * Current contents of all tables in database (prod)lpr_prod will be deleted. * * *
  2009-08-21 15:27:57 db_restore: Running DBMS commands as Database owner: lpr_prod
  2009-08-21 15:27:57 db_restore: Running Unix commands as user: nsdba62a
  
  Database owner 'lpr_prod' password: database owner's password
  2009-08-21 15:28:02 db_restore: Truncating all tables in database (prod)lpr_prod...
  2009-08-21 15:28:18 db_restore: Deleting data directory contents in environment prod...
  2009-08-21 15:28:18 db_restore: Turning ON fast bcp option...
  2009-08-21 15:28:22 db_restore: Distributing bcp files into 10 portions...
  2009-08-21 15:28:26 db_restore: Loading bcp files into database (prod)lpr_prod...
  2009-08-21 15:28:26 db_restore: Loading rcc in group #1 ...
  2009-08-21 15:28:26 db_restore: Loading rtx in group #2 ...
  2009-08-21 15:28:26 db_restore: Loading rzga in group #3 ...
  2009-08-21 15:28:26 db_restore: Loading req in group #4 ...
  2009-08-21 15:28:26 db_restore: Loading rglc in group #5 ...
  2009-08-21 15:28:26 db_restore: Loading rtr in group #8 ...
  2009-08-21 15:28:26 db_restore: Loading rls in group #7 ...
  2009-08-21 15:28:26 db_restore: Loading rcr in group #6 ...
  2009-08-21 15:28:26 db_restore: Loading rtd in group #9 ...
  2009-08-21 15:28:26 db_restore: Loading msg in group #10 ...
  2009-08-21 15:28:27 db_restore: Loading rlsa in group #3 ...
  2009-08-21 15:28:27 db_restore: Loading rpr in group #10 ...
  2009-08-21 15:28:27 db_restore: Loading rlo in group #6 ...
  2009-08-21 15:28:27 db_restore: Loading res in group #9 ...
  2009-08-21 15:28:27 db_restore: Loading rst in group #2 ...
  2009-08-21 15:28:27 db_restore: Loading reqa in group #7 ...
  2009-08-21 15:28:27 db_restore: Loading rtp in group #1 ...
  2009-08-21 15:28:27 db_restore: Loading rha in group #5 ...
  2009-08-21 15:28:27 db_restore: Loading rsc in group #4 ...
  2009-08-21 15:28:27 db_restore: Loading rhab in group #10 ...
  ...
  2009-08-21 15:28:33 db_restore: Loading rpf in group #8 ...
  2009-08-21 15:28:33 db_restore: Loading rbl in group #7 ...
  2009-08-21 15:28:33 db_restore: Loading msvs in group #6 ...
  2009-08-21 15:28:34 db_restore: Loading raps in group #9 ...
  2009-08-21 15:28:34 db_restore: Loading rapr in group #10 ...
  2009-08-21 15:28:34 db_restore: Loading rcga in group #4 ...
  Portion 6 done Fri Aug 21 15:28:34 PDT 2009
  2009-08-21 15:28:34 db_restore: Loading rcgf in group #2 ...
  2009-08-21 15:28:34 db_restore: Loading mwc in group #3 ...
  2009-08-21 15:28:34 db_restore: Loading msvu in group #5 ...
  2009-08-21 15:28:34 db_restore: Loading rep in group #8 ...
  2009-08-21 15:28:34 db_restore: Loading msvi in group #9 ...
  2009-08-21 15:28:34 db_restore: Loading msvh in group #10 ...
  2009-08-21 15:28:34 db_restore: Loading rlss in group #1 ...
  Portion 5 done Fri Aug 21 15:28:34 PDT 2009
  2009-08-21 15:28:34 db_restore: Loading msvr in group #7 ...
  Portion 9 done Fri Aug 21 15:28:34 PDT 2009
  Portion 10 done Fri Aug 21 15:28:34 PDT 2009
  2009-08-21 15:28:34 db_restore: Loading msvv in group #4 ...
  2009-08-21 15:28:34 db_restore: Loading mjc in group #3 ...
  2009-08-21 15:28:34 db_restore: Loading rac in group #2 ...
  Portion 7 done Fri Aug 21 15:28:35 PDT 2009
  2009-08-21 15:28:34 db_restore: Loading rcgg in group #1 ...
  2009-08-21 15:28:34 db_restore: Loading rbk in group #8 ...
  Portion 4 done Fri Aug 21 15:28:35 PDT 2009
  Portion 3 done Fri Aug 21 15:28:35 PDT 2009
  2009-08-21 15:28:35 db_restore: Loading msvb in group #2 ...
  2009-08-21 15:28:35 db_restore: Loading msvl in group #8 ...
  2009-08-21 15:28:35 db_restore: Loading rai in group #1 ...
  Portion 8 done Fri Aug 21 15:28:35 PDT 2009
  Portion 2 done Fri Aug 21 15:28:35 PDT 2009
  2009-08-21 15:28:35 db_restore: Loading msvc in group #1 ...
  Portion 1 done Fri Aug 21 15:28:35 PDT 2009
  2009-08-21 15:28:39 db_restore: Fast bcp option has been turned off.
  2009-08-21 15:28:39 db_restore: Initializing mxd table in database (prod)lpr_prod...
  2009-08-21 15:28:40 db_update_statistics: Update statistics for all tables in database
      (prod)lpr_prod
  2009-08-21 15:28:40 db_update_statistics: Running commands as database owner: lpr_prod
  2009-08-21 15:29:03 db_update_statistics: End
  2009-08-21 15:29:03 db_restore: End
  Load complete; check /opt/nst/v62a/log/prod.log for any errors
Back to Top Previous Next
User Accounts
User Accounts - LeasePak User Account Overview
What You Need To Know To Understand This Section ...
LeasePak Administrative User Accounts
Administrative Accounts Used to Perform System Functions Related to LeasePak
This section discusses the LeasePak administrative accounts, which include:
This section covering LeasePak administrative accounts does not present any commands to be executed by the administrator or operator. This is because either the user accounts must be created by the system administrator before LeasePak is installed, or the user accounts are created by the installation process itself.
LeasePak Release Administrator
About $NSTADMIN
  • During installation of LeasePak, the SETUP program asks the system administrator to enter the name of the $NSTADMIN user at the prompt: NetSol Admin login name [nsadm62a]. The administrator may enter any name here that is allowed by the selected naming convention and that has an OS login account. This user should not be a user with any other LeasePak functions.
  • NetSol recommends that the system administrator use a name ending in *adm62a for the $NSTADMIN role.
  • SETUP does not create the $NSTADMIN user.
  • The selected user name is available to all LeasePak processes via the environment variable $NSTADMIN.
  • $NSTADMIN is the owner of most files within the LeasePak release structure. It is the only LeasePak user who can execute certain commands: cfg_gen, change_env, configure_rels, db_setup_job, eop_suite II, linkpoint, set_access, setup_new_env, setup_rels_dirs, and upgrade_env. It owns the whole Queue Manager installation, and alone can start and stop the Queues.
LeasePak Database Administrator
About $NSTDBA
LeasePak Primary Login Group
About $NSTGROUP
If the site maintains multiple application hosts for v62a, or multiple DBMS hosts for v62a, the same $NSTGROUP name and GID, and the same user names and UIDs for all kinds of users, must be the same across all such hosts.
Some LeasePak users have reported that they have used the same UID and user name for both of the $NSTADMIN and $NSTDBA users without serious side-effects. NetSol believes that their assumptions are correct; however, NetSol has not performed testing under this arrangement, and cannot express any further opinion about it.
IMPORTANT NOTE
$NSTADMIN and $NSTDBA
These are highly specialized accounts. Their environment variables should always point to the administrative environment (adm_ora or adm_syb) where SETUP initially placed them. Do not change the environment for either of these accounts manually or by using change_env, or set either of them up as LeasePak users.
Because these accounts must remain as configured by SETUP, NetSol strongly recommends that separate $NSTADMIN and $NSTDBA users be set up for each LeasePak release, and that they follow a naming convention that embeds the LeasePak release version in the user names.
Database Server Administrator
About $SRVADM
If the site maintains DBMS hosts separate from the application host, the same name should be used for the $SRVADM role on all hosts. It is not necessary to maintain separate user names for each LeasePak release, as it is for the $NSTADMIN and $NSTDBA users.
IMPORTANT NOTE
$NSTADMIN, $NSTDBA, and $SRVADM
The functions performed, and the scope of the data controlled, by these three LeasePak administrative users are quite specialized. NetSol strongly recommends that the $NSTADMIN and $NSTDBA users be kept unique for each LeasePak release, and that the $SRVADM role not be combined with either role.
Attempting to reduce the complexity of LeasePak administration by making untested shortcuts and combinations cannot fully succeed: the LeasePak software will still observe the distinctions among the different roles.
The only shortcut that NetSol can recommend is to simply assign the same password to each role; then regardless of the role prompted for, the password will be the same. This is not recommended, but is possible and outside the scope of the software to govern. Good management practices should encourage the system administrator to capitalize on LeasePak's security features and incorporate them into the over-all corporate security infrastructure.
Administrative User Account Worksheet
Use this worksheet to help plan for the required Administrative User Accounts:
Role Name to Enter in SETUP (with suggested value) OS Acct? by SETUP? Password Notes
$NSTGROUP nst yes no (none) OS group that must have been created before running SETUP; must be the primary group for all LeasePak OS users
$NSTADMIN nsadm62a yes no The LeasePak Release Administrator is an OS user that must have been created before running SETUP; must have $NSTGROUP as its primary group.
$NSTDBA nsdba62a yes no The LeasePak Database Administrator is an OS user that must have been created before running SETUP; must have $NSTGROUP as its primary group.
$SRVADM srvadm no yes The Database Server Administrator is not an OS user, but is strictly a user within the installed database systems. It is granted sufficient authority to allow it to allocate resources to LLDBs, to create DBOs to own and manage them, and to grant users access to the database systems.
The $NSTGROUP of course has no password, while the 3 user roles do. The system administrator should assign passwords to these users in accordance with site password policies, and in accordance with appropriate OS and database system guidelines.
The Administrative account users do not require translated passwords; they require a single OS password each. These users do not need to log on to the database servers as themselves, because nearly all of the LeasePak OS commands that they execute use $SRVADM or the DBO for LLDB access.
Back to Contents Back to Top Previous Next Back to User Accounts
LeasePak non-Administrative User Accounts
Non-Administrative Account Holders have LeasePak Security Records
This section discusses the LeasePak non-administrative accounts, which include:
Non-Administrative User Types Compared
Table of user features
User Type OS Acct? DBMS Acct? Shell Access? Security Record Created By Range of available options License Class
LeasePak Supervisor yes yes yes Util 108 All Client and Server Functions User
Regular User yes yes no [U0706] Security Updates and reports determined by Supervisor User
Report User yes yes no [U0706] Security Restricted: Reports only Report
Partial Update User yes yes no [U0706] Security Restricted: Reports and a few Updates only Partial
  • User Type - one of the four types of non-administrative users described in this section.
  • OS Acct? - does this type of user require an OS account?
  • DBMS Acct? - does this type of user require an account under the a database server?
  • Shell Access? - does this type of user require direct access to a command shell running on the application host?
  • Security Record Created By - which utility is used to create the security record for this type of user? Util 108 or [U0706] Security.
  • Range of Available Options - which LeasePak menu options are available to this type of user?
  • License Class - The LeasePak license authorizes certain numbers of security records to be created. There are three classes of users involved in this authorization; this column specifies which class each of the user types is authorized by: User, Report or Partial.
LeasePak Supervisor
About the LeasePak Supervisor
Regular LeasePak Users
About Regular LeasePak Users
Restricted Users - LeasePak Report Users and Partial Update Users
About Restricted LeasePak Users
  • There are two type of restricted users: Report users and Partial Update users. The feature they have in common is that they both have access to the entire [R] report menu. Where they differ is that the Partial Update user also has access to a handful of [U] updates.
  • These are specialized users that log on the LeasePak client, do not have direct application host logon privileges, and have restricted menu access as described above. The LeasePak Supervisor can further restrict which reports these users have access to by using [U0706] Security.
  • The administrator should insure that the user names for these users conform to site policies, and are in accordance with the appropriate OS and database system guidelines.
  • The administrator will assign initial passwords to these users; the system administrator and the LeasePak Supervisor have the ability to change their passwords at a later time. Site policies regarding password formulation and changes should be estabished and followed. See Custom General [U0712]:Miscellaneous Customizations for information on how to use LeasePak to help implement site password policies.
  • The basic steps for setting up these users can be found below with the Non-Administrative User Worksheet.
Note that users can be barred from accessing the application host via the OS shell by simply not providing them with the translated OS passwords.
A more certain and secure way of disabling the shell account is by using /usr/bin/false (HP-UX & Solaris) or /sbin/nologin (Linux) as the user's shell (set by the administrator in /etc/passwd). The LeasePak internet services, leasepakd and mpowerd, can still access the stored passwords for proper authentication for the LeasePak client. Because these users cannot log onto the application host, they cannot each maintain their respective home directory; the administrator should make arrangements for this maintenance.
Non-Administrative User Account Worksheet
Use this worksheet to help plan for the various Non-Administrative User Accounts:
Type Name OS Acct? DBMS Acct? UID Password Notes
$NSTGROUP nst no no GID none Every user has the same group name/GID
LeasePak Supervisor env-name+"62a" or
lpsup62a 		yes yes UID client string
SQL Server string
Unix string 		Add LeasePak Security Record in Utility 108
Regular User yes yes UID client string
SQL Server string
Unix string 		Add LeasePak Security Record in [U0706] Security
Set Account Type to Regular User
Report User yes yes UID client string
SQL Server string
Unix string 		Add LeasePak Security Record in [U0706] Security
Set Account Type to Report User
Partial Update User yes yes UID client string
SQL Server string
Unix string 		Add LeasePak Security Record in [U0706] Security
Set Account Type to Partial Upd. User
Creating Non-Administrative Users
The process for creating non-administrative uses is straightforward, and very similar from one user-type to another. This section explains the common process, and also covers the places where the processes for the different user- types diverge.
Overview of New Account Setup Process:
The LeasePak user account user name is used in all LeasePak contexts without variation, therefore the name must be a legal user name in each of those contexts. The single client string password is used (sometimes in hashed, or "translated", form) in all of those contexts, which are:
  1. Select a LeasePak user name and an initial client string password for the user. The string must be between 6 and 8 characters in length and conform to site password policies. The system Administrator or the LeasePak Supervisor can change this client string (and the translated passwords with it) later through the LeasePak client Change Password function.
  2. Use LeasePak Utility 112 Unix and SQL Server password translation to determine the translated passwords for the application host and DBMS host based on the client string. (lease /util 112)
  3. Create an application host account for the user. Use the selected user name and the $NSTGROUP, and set the password to the Unix string password obtained from Utility 112. (useradd, passwd)
  4. The Unix string password must be used on every OS account for that user whether the host is an application host or DBMS host
  5. Create a database system account for the user under each installed database server. Use the selected user name, the group msi, and set the password to the SQL server string password obtained from Utility 112. (db_add_login)
  6. Add the user to the LeasePak Logical Database associated with the environment whose .lplogin and .lpprofile were used above. (db_add_user)
  7. Modify the user's .login and .profile files to read the .lplogin and .lpprofile, or use the sample.login and sample.profile files copied over from the $top/env/env-name/lib directory. (OS start-up files)
  8. Copy the .lplogin and .lpprofile files from the appropriate environment's $top/env/env-name/etc directory to the user's home directory. (change_env)
  9. Find out relevant LeasePak information about the current shell session. (whatami)
  10. Add a LeasePak security record to the LLDB:
IMPORTANT NOTE
LeasePak Security Records
[U0706] Security vs. lease /util 108
It is very important to understand the difference between the "mainstream" user security record maintenance update, [U0706] Security and the non-graphical lease /util 108 utility. The utility option creates a user security record with all LeasePak options that are available under the site's license enabled for that user. The user then is essentially omnipotent, which is usually undesirable.
The user security record created by U0706 Security has typically no menu options enabled, default values everywhere else, and is not a user who can actually perform any business functions until the LeasePak supervisor sets up his or her privileges.
Over the history of LeasePak, many sites have used lease /util 108 improperly to set up regular users, and found themselves with over-enabled users in possession of too much access, leading to errors and audit issues.
It is for this reason that access to lease /util 108 requires an additional Password of the Day that can be obtained by contacting the NetSol Help Desk. The user is advised to use lease /util 108 only once to set up a template LeasePak Supervisor. The supervisor can then clone his own record and use it as a means of producing additional templates of users to be themselves cloned to provide security records for staff. This results in a major improvement in uniformity of user capabilities and IT accountability for the LeasePak-enabled enterprise.
Back to Contents Back to Top Previous Next Back to User Accounts
User Administration Commands
User Administration Commands
lease /util 112
useradd
db_add_login
db_add_user
OS start-up files
change_env
whatami
lease /util 108
[U0706] Security
Back to Contents Back to Top Previous Next Back to User Accounts
lease /util 112 - LeasePak Password Translation
What You Need To Know Before Using This Command ...
Use lease /util 112 to translate the client string password into the equivalent SQL server string password and Unix string password. These three password strings are tied together and they must remain tied or the user will not be able to access LeasePak successfully. Any changes must originate with the client string password.
lease /util 112 may be run by anyone in the $NSTGROUP group, even by the LeasePak Administrative Users such as $NSTADMIN and $NSTDBA, who are not able to run LeasePak themselves. It requires no LLDB, no database server, and no Queue Manager services.
The operator who executes lease /util 112 requires no special permissions or privileges.
Common Usage
The following is an example of using lease /util 112: 
            lease /util 112
where
lease /util 112 Worksheet
Note the following values for running lease /util 112:
Name Description Your Value Notes
client string the "plain-text" password used to log onto the LeasePak client should conform to site password policies for strength, complexity, and frequency of change
SQL server string the translated version of the client string for database use will be used by LeasePak software for accessing the LLDB and the database server. This is the password that should be used with db_add_login.
Unix string the translated version of the client string for OS use will be used by LeasePak software for logging onto the DBMS host and onto the application host. This is the password that should be used with shell.
Running lease /util 112
Log on the application host as any user who is a member of the $NSTGROUP group and who has a LeasePak start-up file assigned to their account.
Run lease /util 112 with the usage described above. 
    [nsadm62a:~] lease /util 112
The command will produce a display similar to the screen print below. 
  [lpuser:~] lease /util 112
  This Utility option may be used to translate a Client password 
  into the equivalent Unix and SQL Server passwords.
  
  Do you wish to continue (Y/N)? Y 
  
  
  Unix and SQL Server password translation utility
  
  Instructions:  Enter the Client password.  The equivalent Unix and SQL Server
                 passwords will be displayed.
  
  Enter the Client string, <RETURN> to exit: aardvark
  
  Client string: aardvark
  SQL Server string: ketxjyf3
  Unix string: bfuumxi0
  
  Enter the Client string, <RETURN> to exit: 
  [lpuser:~]
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
useradd - OS User Account Creation
What You Need To Know Before Using This Command ...
The system administrator uses a command like useradd to add new OS user accounts. This is not a function of LeasePak, but of ordinary administration of the application host and the dbms host. LeasePak of course depends on this administration, but places only a few requirements on how it is accomplished.
IMPORTANT NOTE
LeasePak Requirements for User OS Accounts
LeasePak OS users must have the following:
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
db_add_login - Database System Account Creation
What You Need To Know Before Using This Command ...
Use db_add_login to add a user who is already an OS user to the database system in order for that user to utilize the services provided by the database server, such as access to an LLDB.
db_add_login may only be run by $NSTDBA, the LeasePak database administrator. It requires that the database server for the db-type selected on the command line be up and running and capable of executing interactive SQL commands; does not require the services of the Queue Manager.
The operator who executes db_add_login must know the $SRVADM's, the Database server administrator, password.
Unlike most db_* commands, db_add_login does not affect a particular LLDB, so there is no environment parameter given when executing it.
Common Usage
The following is an example of using db_add_login: 
db_add_login db-type user-name user-password
where
db_add_login Worksheet
Note the following values for running db_add_login:
Name Description Your Value Notes
db-type database type ora for Oracle or syb for Sybase
user-name OS account login name existing OS login account name, not already added to the database system
user-password SQL server password from lease /util 112 This password is tied to the client string password and to the Unix string password. The SQL server string password and the Unix string password are derived together from the client string password in lease /util 112.
$SRVADM's password Database server administrator's password The system administrator assigned the $SRVADM password during LeasePak SETUP (installation). db_add_login is one of the LeasePak commands that accesses the database server using $SRVADM's credentials, hence its password is required
Running db_add_login
Log on the application host as $NSTDBA, the LeasePak database administrator.
Run db_add_login with the usage described above. 
    [nsdba62a:~] db_add_login ora jstettner ketxjyf3
Or, for increased security: 
    [nsdba62a:~] db_add_login ora jstettner
The above form of the command runs db_add_login without:
The command will produce a display similar to the screen print below. 
  [nsdba62a:~] db_add_login ora jstettner ketxjyf3
  2009-09-09 15:21:21 db_add_login: Add ora DBMS login jstettner
  2009-09-09 15:21:21 db_add_login: Running commands as srvadm
  
  Server Administrator 'srvadm' password: srvadm's password
  2009-09-09 15:21:30 db_add_login: Start: ora jstettner
  2009-09-09 15:21:31 db_add_login: End
  [nsdba62a:~]
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
db_add_user - Granting Access to LLDB to user
What You Need To Know Before Using This Command ...
Use db_add_user to grant to an existing user within the database system access to the LLDB attached to a LeasePak environment.
db_add_user may only be run by $NSTDBA, the LeasePak Database Administrator. It requires that the database server for the db-type determined when the selected environment was built using setup_new_env be up and running and capable of executing interactive SQL commands; does not require the services of the Queue Manager.
The operator who executes db_add_user must know the DBO's password, which was set when the LLDB was built using db_create.
Like most db_* commands, db_add_user affects a particular LLDB which is determined by the environment given as the first parameter to the command.
The db_add_user command may only be run from production and test environments; visitor environments are not allowed to perform configuration-changing tasks on the LLDBs they point to. The original, or host environment, given when the visitor environment was created, must be used for performing configuration-changing tasks such as db_add_user.
Common Usage
The following is an example of using db_add_user: 
db_add_user env-name user-name access-group
where
  • env-name indicates the LeasePak environment which contains the LLDB that will be affected by the command
  • user-name is the name of an existing user login within the database system, who is not already a user of the LLDB
  • access-group is either msi or msir. msi is the access that all users who access LeasePak using the LeasePak client, and grants read and write permission on all LeasePak tables, and execute permission on all LeasePak stored procedures. msir grants only read permission on the LeasePak tables. It cannot be used to access LeasePak through the LeasePak client or to access any LeasePak Utility on the application host. msir is intended for use by non-LeasePak users such as analysts who require read access but will not be able to make any changes to the data.
  • Other inputs
    • The operator will be prompted for the DBO's (the database owner) password. For security, the characters of the password are not printed on the screen as the operator types them.
db_add_user Worksheet
Note the following values for running db_add_user:
Name Description Your Value Notes
env-name environment name Must have been previously created using setup_new_env; the LLDB that the environment points to must exist; the environment must be a test or production environment.
user-name Database server login name existing database system user name, not already granted access to the LLDB
access-group LLDB access group either msi for all LeasePak users; or msir for read-only analysts
DBO's password LLDB owner's password the DBO password, assigned when the DBO was created, most likely at the same time the LLDB was built using db_create
Running db_add_user
Log on the application host as $NSTDBA, the LeasePak Database Administrator.
Run db_add_user with the usage described above. 
    [nsdba62a:~] db_add_user prod jstettner msi
The command will produce a display similar to the screen print below. 
  [nsdba62a:~] db_add_user prod jstettner msi
  2009-09-10 18:39:50 db_add_user: Add user jstettner to (prod)lpr_prod
  2009-09-10 18:39:50 db_add_user: Running commands as lpr_prod
  
  Database Owner 'lpr_prod' password: database owner's password
  2009-09-10 18:39:58 db_add_user: End
  [nsdba62a:~]
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
OS start-up files - Preparing the User Account to Enter LeasePak
What You Need To Know To Understand This Section ...
Use vi to modify a user's OS start-up file to configure his or her account for LeasePak upon logging in.
Modifying a user's start-up file may be performed by the system administrator or the individual user, depending on who owns the files and what kind of access modes the files have been given. Typically, this would be performed by the system administrator upon creation of the user's OS account.
IMPORTANT NOTE
LeasePak User Types and Start-up Files
start-up files are an essential element to a user's ability to run a command shell on the application host. Generally only those LeasePak users who require shell access will have start-up files that may require modification. Therefore, Report Users and Partial Update Users should not have start-up files that require modification.
Only the Administrative Users $NSTADMIN and $NSTDBA, the LeasePak Supervisor and those Regular Users with shell access will have start-up files that may require modification.
If the system administrator chooses to use the template start-up files located in LeasePak's $live/lib directory, sample.login and sample.profile, as the basis for the start-up files of the LeasePak users he or she creates, then the modification required is already incorporated. If the system administrator uses files of a different origin, then the functionality provided in the template files must be inserted into the start-up files used.
Modifying the start-up files
Below are the contents of the two template start-up files provided in $live/lib. These are truly minimal start-up files, and probably not adequate in and of themselves to fully provision a user for anything but accessing LeasePak at the shell level; they are adequate for that task.
Below is the template file sample.login. It is intended for use by users who are using the csh or tcsh command shells: 
###############################################################
# NetSol Sample .login file
# $Revision: 6.2.0.2 $ $Date: 2009/09/11 00:26:42 $
###############################################################
# Set up the default search paths:
set path=( $path . )

#set up the terminal
eval `tset -s -Q -m ':?vt100' `
stty erase "^H" kill "^U" intr "^C" eof "^D" susp "^Z" hupcl ixon ixoff tostop
tabs    

alias cd 'cd \!*; set prompt="[${LOGNAME}:${cwd}] "'
cd $cwd

#  Source user's .lplogin file to set up LEASEPAK/UX environment

        if ( -f $HOME/.lplogin )  then 
                source $HOME/.lplogin
        else
                echo "Warning:  You don't have a .lplogin file"
        endif
Below is the template file sample.profile. It is intended for use by users who are using the sh, ksh, or bash command shells: 
###############################################################
# NetSol Sample .profile file
# $Revision: 6.2.0.3 $ $Date: 2009/09/11 00:31:49 $
###############################################################
# Set up the terminal:
        eval ` tset -s -Q -m ':?vt100' `
        stty erase "^H" kill "^U" intr "^C" eof "^D"
        stty hupcl ixon ixoff
        tabs

# Set up the search paths:
        PATH=$PATH:.

# Set up the shell variables:
        EDITOR=vi
        export EDITOR

# Source user's .lpprofile file to set up LEASEPAK/UX environment

        if [ -f $HOME/.lpprofile ] ; then 
                . $HOME/.lpprofile
        else
                echo "Warning:  You don't have a .lpprofile file!"
        fi
In both cases, the sample start-up files set up the user' terminal or terminal emulator, set up a path variable, and set some other environment variables.
They both then check for the existence of a LeasePak start-up file in the user's $HOME directory, and if found, read it into the shell process, but if not found, print a message to the user advising them that no LeasePak start-up files was found.
CRITICAL NOTE
In Order for LeasePak to Work
The user's environment must assign to the TERM or term variable (depending on shell) a value that is supported by the Queue Manager. See System Requirements for more information.
IMPORTANT NOTE
LeasePak Start-up Files
When a LeasePak environment is created using setup_new_env, two LeasePak start-up files are created: .lplogin and .lpprofile. In order for a user shell to be configured for LeasePak, the user's .login or .profile file must read in one of these LeasePak start-up files. The next section discusses how to make this happen.
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
change_env - Providing User with Environment-Specific Start-Up
What You Need To Know Before Using This Command ...
Use change_env to set the environment that a user with shell access will log into when they log onto the application host. This copies the LeasePak start-up files described in the previous section to the user's home directory.
change_env may be executed only by $NSTADMIN LeasePak Release Administrator. It requires neither the services of the database server nor the services of the Queue Manager.
IMPORTANT NOTE
change_env and the LeasePak Administrative Users
$NSTADMIN cannot use change_env to affect its own account or the account of $NSTDBA, the LeasePak Database Administrator. These accounts are pre-configured by the SETUP program to point to the primary DBMS's administrative environment and must remain configured that way.
Their roles are to administer the entire release and its databases, not just a single environment or database.
Common Usage
The following is an example of using change_env: 
change_env user-name release-version env-name modes
where
change_env Worksheet
Note the following values for running change_env:
Name Description Your Value Notes
user-name Database server login name existing fully configured LeasePak user name, whose home directory is either writable by $NSTGROUP or contains LeasePak start-up files which are writable by $NSTGROUP or by $NSTADMIN
release-version LeasePak release version where environment is located Must exist and contain indicated environment; its top directory must be within the $NSTDIR directory tree
env-name environment name Must have been previously created using setup_new_env; the LLDB that the environment points to must exist; the environment and its LLDB be accessible to the user
access-modes file access modes to apply to start-up files 660 if user is to be able to change his or her own environment, 640 if not
The very first LeasePak user in a new installation of course cannot acquire the .lp* files using change_env. This user, usually the LeasePak Supervisor, must copy the files from the environment to the home directory, using this command line to do so: 
    [lpsup62a:~] cp <top-dir>/env/<env-name>/etc/.lp* $HOME
where <top-dir> is the top directory and <env-name> is the environment name.
Running change_env
Log on the application host as $NSTADMIN, the LeasePak release administrator.
Run change_env with the usage described above. 
    [nsadm62a:~] change_env jstettner v62a prod 640
The command will produce a display similar to the screen print below. 
  [nsadm62a:~] change_env jstettner v62a prod 640


  2009-09-15 05:07:47 change_env: Environment for jstettner changed to version v62a, prod 
  environment

  Be sure jstettner logs off and logs in again to have changes take effect
  [nsadm62a:~]
Note that the resulting files are owned by $NSTADMIN, and are not writable by the user; this is the effect of the 640 access modes. Note also that the original LeasePak start-up files were backed up with the extended name _bak. 
[nsadm62a:~] ls -l /home/jstettner/.lp*
-rw-r-----   1 nsadm62a    nst          493 Sep 15 09:07 .lplogin
-r--r-----   1 jstettner   nst          502 Aug  5 09:55 .lplogin_bak
-rw-r-----   1 nsadm62a    nst          507 Sep 15 09:07 .lpprofile
-r--r-----   1 jstettner   nst          530 Aug  5 09:56 .lpprofile_bak
[nsadm62a:~]
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
whatami - Identifying User Current Environment
What You Need To Know Before Using This Command ...
Use whatami to determine which environment the user is set up to log into.
whatami may be executed by any user who is configured for LeasePak. whatami is not used to determine if a user is configured for a LeasePak environment; it is used to determine which LeasePak environment the user is configured for. It requires neither the services of the database server nor the services of the Queue Manager.
Running whatami
Log on the application host as any LeasePak user with shell access.
Run whatami as follows: 
    [lpuser:~] whatami
The command will produce a display similar to the screen print below. 
  [lpuser:~] whatami
  User                       : jstettner
  LeasePak version           : v62a
  Installed in               : /opt/nst/v62a
  Environment name           : prod
  Environment type           : PRODUCTION
  
  Database name              : lpr_prod
  DBMS name                  : Sybase
  Database server            : SEVILLE
  Database home              : /opt/sybase
  
  Designated build           : live
  Current linked-in build    : bld6.20.3078
  Executable directory is a  : link to build directory
  
  You will need the following for LeasePak PC Client setup:
  IP Address or name         : seville
  Server Port                : 6200
  [lpuser:~]
The data displayed provides a glimpse into the user's environment, giving the following information:
Item Example Notes
User jstettner OS login account name
LeasePak version v62a LeasePak release version
Installed in /opt/nst/v62a top directory
Environment name prod environment that the user is configured for
Environment type PRODUCTION PRODUCTION, TEST, or VISITOR
Database name lpr_prod the LLDB of the environment
DBMS name Sybase Oracle or Sybase
Database server SEVILLE the database server under which the LLDB is built
Database home /opt/sybase directory where database system software is installed
Designated build live a build id or build id alias
Current linked-in build bld6.20.3078 the build that Designated build evaluates to; the actual build that the environment is linked to.
Executable directory is a link to build directory How the executable files are linked to the environment; other value is directory of links to executables
IP Address or name seville name or address of the application host. This could also be in web form lpak.myleasingco.com or an IP address such as 192.168.00.117
Server Port 6200 the TCP port number on which LeasePak listens for connection requests
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
lease /util 108 - Providing the LeasePak Supervisor with LeasePak Security Record
What You Need To Know Before Using This Command ...
Use lease /util 108 to add a fully enabled LeasePak Security Record for a user (usually just the LeasePak Supervisor). Only one user should be set up this way; that user then uses [U0706] Security to set up template users or roles, which then can be cloned into individual Security records for individual employees.
lease /util 108 may be run by any LeasePak-enabled user who is a user (see db_add_user) in the LLDB belonging to the target environment. It requires that the database server for the db-type delegated by setup_new_env be up and running and capable of executing interactive SQL commands; does not require the services of the Queue Manager.
lease /util 108 requires the operator to input his/her client string plus the Password of the Day before he or she is allowed to create any security records. The Password of the Day may be obtained only by contacting NetSol Help Desk, and will work only on the calendar day on which it was issued or for which it was issued.
lease /util 108 Worksheet
Note the following values for running lease /util 108:
Name Description Your Value Notes
operator's name The operator's login name The operator must have a database system login account and must be a user in the LLDB of the environment.
operator's password The operator must provide his client string password the client string password was assigned when the operator's account was created.
Password of the Day allows operator to use lease /util 108 obtain the Password of the Day from NetSol Help Desk
user-name login name of user must be an existing OS login account name, who has a login on the appropriate database system (see db_add_login) and who is a user in the LLDB (see db_add_user)of the environment to which the user is assigned (see change_env).
user initials the initials that will represent the user within LeasePak. The initials must be unique within the LLDB as must the user name; the initials are three characters; LeasePak does not enforce any derivation of the initials from the user name; initials are entirely arbitrary as long as they are alphanumeric characters and unique.
user-status a quick checklist; all must be 'Yes'   Yes  No
  Yes  No
  Yes  No
 < Yes/No : does user have OS login account?
< Yes/No : does user have database system login?
< Yes/No : has user been added to the LLDB?
Running lease /util 108
Terminal emulation: the operator's current shell session must use one of the supported terminal types. Refer to System Requirements for more information.
Log on the application host as lpsup62a, the LeasePak Supervisor.
Run lease /util 108 as shown below. 
    [lpsup62a:~] lease /util 108
The command will produce a display similar to the screen print below. Enter Y when asked about continuing, and then the operator's client string password. 
  [lpsup62a:~] lease /util 108
  This Utility option is an NetSol Technologies Client Services tool used in
  initial client account setup.  WARNING: Improper use of this utility
  will cause severe harm.
  
  Do you wish to continue (Y/N)? Y
  Client Password?  client-string
The command will produce a display similar to the screen print below. Enter the password of the day (obtained from the NetSol Help Desk) when prompted. Then enter the username, in this example, lpsup62a followed by ENTER, when prompted. Finally, enter the user's initials, in this example, sup followed by ENTER, when prompted.
The final ENTER after the user initials causes LeasePak to perform the insertion of the LeasePak Security Record.
lease /util 108 will then prompt for another user name. If the operator simply presses ENTER, lease /util 108 exits back to the command prompt. 
  Password? password-of-the-day
  
  
  Enter username, <RETURN> to exit: lpsup62a
  Enter user initials: sup
  User successfully added.
  
  Enter username, <RETURN> to exit: 
  [lpsup62a:~]
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
[U0706] Security - Providing User with LeasePak Security Record
What You Need To Know To Understand This Section ...
Use [U0706] Security to add LeasePak Security Records for most LeasePak non-administrative users.
[U0706] Security may only be run by the LeasePak Supervisor or by regular users authorized by the LeasePak Supervisor. It requires that the database server selected by setup_new_env be up and running and capable of executing interactive SQL commands; does not require the services of the Queue Manager.
[U0706] Security is a LeasePak Client update; the operator must have access to a Windows PC with the v62a LeasePak Client properly installed on it, as well as appropriately configured accounts giving access to LeasePak.
About [U0706] Security
This section details a few items from [U0706] Security related to setting up the various types of user accounts. Refer to the LeasePak Reference Guide for the full documentation on [U0706] Security.
Determining the user type
To specify whether an account is a regular, report, or partial update user, select the appropriate LeasePak Account Status value on the Port. Sec. tab of [U0706] Security
Forcing a user password change
In most cases, the administrator will want users to change their passwords the first time they log on the LeasePak client. To force a user password change, select Force Password Change on next login on the Waiver Tol./Password tab of [U0706] Security. After the user logs on the client and changes the password, this box will clear.
Changing others' passwords
If you wish to grant a user the ability to change other users' passwords, you will need to do the following: See Maintenance->Passwords.
Back to Contents Back to Top Previous Next Back to Creating Non-Administrative Users
LeasePak Queue Manager
Queue Manager - Introduction
What You Need To Know To Understand This Section ...
The LeasePak Queue Manager, what it is, how to use it
IMPORTANT NOTE
If you have used LeasePak before Version 6.2a
You must read this section ...
... as some important aspects of the Queue Manager have changed. The installation of the Queue Manager software is still the same, but configuration is not.
Beginning in about Version 5.3a, the Queue Manager self configures, leaving only the establishment of queues, printers, and print queues for the administrator.
What is the Queue Manager?
The Queue Manager is a software service on the application host that provides LeasePak with two very important functions:
  1. job queues, also known as batch queues, which allow a series of programs to be set up to execute in parallel and/or in sequence without further operator intervention. The queue is like a list of tasks to be done; new tasks are added to the end and the oldest tasks are taken from the queue and performed. LeasePak uses the batch queues for background unattended tasks, primary of which is End of Period processing.
  2. Print queues operate much like batch queues: the first tasks added are the first ones executed. Print queues have the added feature of being connected to an OS managed printer or print spooler, or print queues can be attached to a particular hardware port on the application host.
How is the v62a Queue Manager different?
The most immediate difference is that in v62a the SETUP program, once the Queue Manager software is installed, calls a special version of the Queue Manager Config file, which obtains parameters from the execution environment and fully parameterizes a clone of itself. There is no editing of the Config file required to set parameters such as SYSTEM and MAXDEV, etc.
On the Linux platform, a new version of the Queue Manager software permits the relocation of the Queue Manager temporary directory and spool directory. This has resulted in a modified filesystem layout that is discussed in detail in Application Host Preparation.
Major Components of Queue Manager
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
service nst_qm_${INST_ID}$RELS3 - Queue Start and Stop
What You Need To Know Before Using This Command ...
IMPORTANT NOTE
The Queue Manager Runs Only on the Application Host
In the following discussion, note that the Queue Manager runs exclusively on the application host, and never on the DBMS Host. Therefore all commands related to the Queue Manager must be executed while logged into the application host.
Use service nst_qm_${INST_ID}62a ($QMINITFNAME)to start up and shut down the Queue Manager queues. Once they are started up, they should continue running until the administrator stops them and shuts them down. NetSol recommends that the administrator execute the NetSol utility script cleanse_s7 on a daily basis as this will ensure that whatever accumulation of errors or irregularities might be left by the Queue Manager are cleared away, and so that the space for job logicals is freed up. This process stops the queues and then restarts them. Generally this should be done immediately before executing EOP.
service nst_qm_${INST_ID}62a may only be run by root, the system administrator. It does not require any database server processes, and controls the services of the Queue Manager.
The operator who executes service nst_qm_${INST_ID}62a should not be logged into a LeasePak environment.
The service script, nst_qm_${INST_ID}62a, is installed by SETUP in the application host's init.d directory and on the HP-UX and Solaris platforms are tied by SETUP to run level 1 and run level 3 through links in the rc1.d and rc3.d directories. On the Linux platform, SETUP installs the service in $INITDIR, then calls chkconfig to handle the creation of the run level links. It is prioritized to run towards the end of the boot sequence and to be shut down early in the shutdown process. It should to be altered with great caution and then only by a knowledgeable administrator. The NetSol Help Desk should be contacted before changing the service script or the related links.
Common Usage
The following are examples of the most common ways of using service nst_qm_${INST_ID}62a: 
 # service nst_qm_${INST_ID}62a start
where
  • nst_qm_${INST_ID}62a is the service script created by SETUP.
  • start is the command the operator wishes to send to the service, nst_qm_${INST_ID}62a in this instance. This command tells the service to initialize itself and begin providing its services. 
 # service nst_qm_${INST_ID}62a stop
where
  • nst_qm_${INST_ID}62a is the service script created by SETUP.
  • stop is the command the operator wishes to send to the service, nst_qm_${INST_ID}62a in this instance. This command tells the service to stop providing its services and to free any resources it may have acquired. 
 # service nst_qm_${INST_ID}62a status
where
  • nst_qm_${INST_ID}62a is the service script created by SETUP.
  • status is the command the operator wishes to send to the service, nst_qm_${INST_ID}62a in this instance. This command tells the service to display information about its current status.
About the service command -
service is a command that is native to the Linux OS.

The equivalent command lines on HP-UX would be: 
 # /sbin/init.d/nst_qm_${INST_ID}62a start
 # /sbin/init.d/nst_qm_${INST_ID}62a status
 # /sbin/init.d/nst_qm_${INST_ID}62a stop
And on Solaris would be: 
 # /etc/init.d/nst_qm_${INST_ID}62a start
 # /etc/init.d/nst_qm_${INST_ID}62a status
 # /etc/init.d/nst_qm_${INST_ID}62a stop
Running service nst_qm_${INST_ID}62a
Log on the application host as root, the system administrator.
Run service nst_qm_${INST_ID}62a as follows: 
 # service nst_qm_${INST_ID}62a start
The command will produce a display similar to the screen print below. 
  # service nst_qm_${INST_ID}62a start
  
  Setting Linux subsys lock ...
  Checking/creating v62a Qmgr temporary directories ...
  Starting v62a Queue Manager ...
  Job limit = 1
  Sector7 VX/DCL V3.1.9r6 (Sep 12 2007 07:37:12)
  Copyright (C) 1985-2006 Sector 7 USA Inc.
  All Rights Reserved
  Sector7 VX/DCL V3.1.9r6 (Sep 12 2007 07:37:12)
  Copyright (C) 1985-2006 Sector 7 USA Inc.
  All Rights Reserved
  Batch queue SYS$BATCH, running
  
  Batch queue LP$EOP1, running
  
  Print queue SYS$BLACKHOLE, running,  on LPBH:,  mounted form DEFAULT
  
  Print queue SYS$PRINT, running,  on LPSP:,  mounted form DEFAULT
  
  Print queue SITE$PRINT, running,  on LPHPLJ:,  mounted form DEFAULT
  
  #
Or: 
 # service nst_qm_${INST_ID}62a status
The command will produce a display similar to the screen print below. 
  # service nst_qm_${INST_ID}62a status
  
  Sector7 VX/DCL V3.1.9r6 (Sep 12 2007 07:37:12)
  Copyright (C) 1985-2006 Sector 7 USA Inc.
  All Rights Reserved
  Batch queue SYS$BATCH, running
          /PRIORITY=0     /NOENABLE_GENERIC
          /JOB_LIMIT=1
  
  Batch queue LP$EOP1, running
          /PRIORITY=0     /NOENABLE_GENERIC
          /JOB_LIMIT=1
  
  Print queue SYS$BLACKHOLE, running,  on LPBH:,  mounted form DEFAULT
          /PRIORITY=0     /NOENABLE_GENERIC
          /DEFAULT=(FEED, FORM=DEFAULT)   /STOCK="DEFAULT"
  
  Print queue SYS$PRINT, running,  on LPSP:,  mounted form DEFAULT
          /PRIORITY=0     /NOENABLE_GENERIC
          /DEFAULT=(FEED, FORM=DEFAULT)   /STOCK="DEFAULT"
  
  Print queue SITE$PRINT, running,  on LPHPLJ:,  mounted form DEFAULT
          /PRIORITY=0     /NOENABLE_GENERIC
          /DEFAULT=(FEED, FORM=DEFAULT)   /STOCK="DEFAULT"
  #
Or: 
 # service nst_qm_${INST_ID}62a stop
The command will produce a display similar to the screen print below. 
  # service nst_qm_${INST_ID}62a stop
  
  Stopping v62a Queue Manager ...
  Sector7 VX/DCL V3.1.9r6 (Sep 12 2007 07:37:12)
  Copyright (C) 1985-2006 Sector 7 USA Inc.
  All Rights Reserved
  
  #
IMPORTANT NOTE
Running service nst_qm_${INST_ID}62a without root
The service script, nst_qm_${INST_ID}62a, interacts with the Queue Manager by using 4 files, called command-files or com-files, which contain instructions in the scripting language DCL, used by the Queue Manager.
Though it is not recommended, the $NSTADMIN can start the queue manager and the queues by directly accessing these com-files.
Directly accessing the Queue Manager com-files
The com-files
The start command executes two com-files: start_qmgr.com and start_queues.com. The first of these starts the system spooler which supervises the queues. The second starts the queues themselves, and requires a job_limit parameter.
The stop command executes one com-file: stop_qmgr.com. This tells the system spooler to shutdown the queues and to terminate itself.
The status command executes one com-file: show_que_com. This tells the system spooler to display the status of all of the queues that it controls.
Using the com-files "Manually"
Though it is not recommended, $NSTADMIN, the LeasePak Release Administrator, can start and stop the queues by directly invoking the com-files. This short-circuits a number of important tasks performed by the script. When invoking these scripts "manually" the operator must provide the job limit for start_queues.com.
The administrator can invoke these procedures
  • to start the queues by:
    • Logging onto the application host as $NSTADMIN
    • and executing: 
       dcl -n $QMDIR/com/start_qmgr.com 
 . $QMJOB_LIM_FILE
 dcl -n $QMDIR/com/start_queues.com $QLIM
      Though this will start the Queue Manager and the queues successfully, on Linux it is missing an important element: the subsys lock file cannot be created except by root. This would be an issue only if the administrator subsequently transitions the run level of the system to one where the queues are supposed to be running; in the absence of the /var/lock/subsys lock file, init will not know that the queues are running and will start a whole new set.
  • to get the status of the queues by:
  • and to stop the queues by:
IMPORTANT NOTE
Direct access is not recommended for Queue Start and Stop
NetSol does not recommend that $NSTADMIN should manually start and stop the Queue Manager. There are several tasks performed by the nst_qm_${INST_ID}62a service that require administrator privileges, which $NSTADMIN does not have.
The inability to set the subsys lock is a potentially serious deficiency. The init process relies on the existence or non-existence of this lock to determine the current state of the service. If the service is running, but there is no lock, then one of two things will occur when the system run level changes:
  1. If transitioning to a run level where the queue manager is not supposed to run, then init will fail to stop the service because it sees no subsys lock; or ...
  2. If transitioning to a run level where the queue manager is supposed to run, then init will start up another copy, because it sees no subsys lock.
When it is necessary for $NSTADMIN to start and stop the queues...
When $NSTADMIN does start the queues manually, as he must when running cleanse_s7, then he must insure that the actual state of the Queue Manager matches the state of the subsys lock before run-level changes are made.
This means that if the file /var/lock/subsys/nst_qm_${INST_ID}v62a exists, then the queues should be running at any run-level transition. And if /var/lock/subsys/nst_qm_${INST_ID}v62a does not exist, then the queues should not be running at any run-level transition.
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
vi <cfgfile> - Editing Configuration Files
What You Need To Know Before Using This Command ...
Use vi <cfgfile> to make necessary changes to the Queue Manager configuration files, Config and DEVINIT, which are located at $QMDIR/library. Note that Config begins with an uppercase "C" and that DEVINIT is all uppercase.
vi <cfgfile> may only be run by $NSTADMIN, the LeasePak Release Administrator. It does not require any database server processes, nor the services of the Queue Manager.
Before editing the Queue Manager configuration files, the operator should insure that the queues are not running, by executing the procedure $QMDIR/com/show_que.com as described above; if they are running, the procedure $QMDIR/com/stop_qmgr.com must be executed to stop them, as described above.
The operator must also insure that there are no LeasePak processes running that are attached to the Queue Manager's shared memory resources by executing ipcs. See IPC.
The operator who performs this task must be familiar with the vi text editor or an equivalent available on the application host.
IMPORTANT NOTE
Handling read-only files with vi
Queue Manager configuration files, Config and DEVINIT, located in $QMDIR/library, have file access modes set to 440, or read-only, as do many other files.
On Linux, the operator may override these access modes when in vi by performing the vi write command this way: :w!(ENTER), instead of the normal :w(ENTER). This causes vi to modify the file's access modes to a writable value, and perform the write, and then reset the access modes back to read-only.
This works only if the user editing the file is also the owner of the file, or is root. In this case, the Queue Manager configuration files are owned by $NSTADMIN, who is the user who is editing if the above instructions are followed. Otherwise, the procedure below for HP-UX and Solaris must be used.
On HP-UX and Solaris, the operator must manually change the file access modes before and after editing with vi. The sequence of commands required then to vi <cfgfile> is: 
  [nsadm62a:~] chmod 640 $QMDIR/library/Config
  [nsadm62a:~] vi $QMDIR/library/Config
  [nsadm62a:~] chmod 440 $QMDIR/library/Config
The chmod command must be executed by the owner of the file or by root, the system administrator; the vi command may be done by anyone with write access to the file; in this case the owner is $NSTADMIN, so there should be no problem with these particular files.
CRITICAL NOTE
For maintainability and reliability
Do not modify the Queue Manager configuration files except as discussed in this document, or unless instructed to do so by NetSol.
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
Editing start_queues.com
What You Need To Know Before Using This Command ...
Use vi start_queues.com to make necessary changes to the Queue Manager queue initialization file, start_queues.com, which is located in $QMDIR/com.
vi start_queues.com may only be run by $NSTADMIN, the LeasePak Release Administrator. It does not require any database server processes, nor the services of the Queue Manager.
The operator who performs this task must be familiar with the vi text editor or an equivalent available on the application host.
The status of the Queue Manager queues is not important to the editing of this file.
IMPORTANT NOTE
Handling read-only start_queues.com with vi
The com-file start_queues.com, located in $QMDIR/com, has its file access modes set to 400, or read-only. This means that special handling is required when editing the file with vi.
See Handling read-only files with vi above for the procedures that are used to handle this issue.
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
ipcs & ipcrm - Inter Process Communication
What You Need To Know To Understand This Section ...
The Queue Manager uses the OS IPC, or inter process communications, capabilities to manage the queues and their work-load, and to manage the pseudo-devices that the Queue Manager interacts with.
The pseudo-devices and jobs are handled using shared memory. When configuring one of the database servers, it is important to leave some of the application host's shared memory resource for the Queue Manager.
The individual queues are managed by the system spooler using a form of IPC called message queues.
Both types of IPC, shared memory and message queues, are identified by keys, which are arbitrary numbers that applications share among themselves so that they can hook up to the same resource that they are supposed to be sharing. Thus each LeasePak driver that is running within a LeasePak instance on a single application host must know the key to the shared memory that it shares with all the other drivers.
This key is determined by the SETUP program when LeasePak is installed. The administrator is prompted for the key by the configuration prompt, Shared memory key for Queue Mgr IPC [62000]:. It is recommended that the administrator accept the offered default value unless it is known that this value will conflict with other users of the resource.
The key input at installation is generally available in the environment variable $QMSHMEMKEY, and is stored in the Queue Manager configuration in the Config file located in the $QMDIR/library directory. The parameter name in the Config file is SYSTEM.
The actual keys used by the Queue Manager are $QMSHMEMKEY, $QMSHMEMKEY + 1; the key used for the message queues is $QMSHMEMKEY.
Use the ipcs command to display the status of the various IPC resources in use on the application host. Use the ipcrm command to remove any unneeded or obsolete IPC instances. ipcrm should be used sparingly if at all. It is often better to reboot the application host than to use ipcrm.
The ipcs command may be executed by any user with shell access to the application host. The ipcrm command may be executed only by root (the system administrator), also on the application host.
These commands require no services of the database server, nor of the Queue Manager. All LeasePak queues and drivers must be terminated before using the ipcrm command to remove any Queue Manager resources. The ipcs command may be run at any time.
Common Usage
There are two primary OS commands for handling the IPC resources: ipcs and ipcrm. The most common ways to use ipcs are: 
 [nsadm62a:~] ipcs -mbco
where
  • -mbco indicates that basic information on the shared memory resource is to be displayed.
and: 
 [nsadm62a:~] ipcs -q
where
  • -q indicates that basic information on the message queues resource is to be displayed.
ipcs shows the status of the various IPC resources in use. To determine which ones belong to the Queue Manager, one needs to find the keys in use. The size of the resources are also shown by ipcs. Unfortunately, the key is displayed in hexadecimal while the Queue Manager configuration stores it in decimal.
To convert the decimal key into hexadecimal, the operator may use the following small script at the command line: 
 $AWK '{printf "%08x\n", $1}'
then type the key and press ENTER; the script will print the hexadecimal value of the key and wait for another key. Press CTRL-D when done.
The most common way to use ipcrm is: 
 # ipcrm -opt key [-opt key] ...
where
In order to determine the amount of shared memory resource the Queue Manager will require, one may attempt to calculate it from the two determining factors, MAXDEV and MAXJOB, but this is notoriously unreliable as the Queue Manager package silently makes adjustments, so the actual amount of shared memory required can really only be determined by using ipcs. This will print the segment sizes actually allocated by the Queue Manager, under the SEGSZ column.
Calculating Device and Job Slots
Generally the default Config:MAXDEV parameter is sufficient unless there are a great many terminals to support. The Config:MAXJOB parameter is calculated via the following formula:
Calculation of Queue Manager Config:MAXJOB
(2 x CU) +
(4 x JL x NQ) +
PQ
where:
     CU = concurrent users
     JL = Queue Job Limit
     NQ = number of Batch Queues
     PQ = number of Print Queues
The value derived from this formula should be taken as a starting place for tuning the Queue Manager instance. It is advisory only.
Running ipcs
Log on the application host as $NSTADMIN, the LeasePak release administrator.
Run ipcs as follows to display shared memory information: 
 [nsadm62a:~] ipcs -mbco
The command will produce a display similar to the screen print below. 
  [nsadm62a:~] ipcs -mbco
  IPC status from /dev/kmem as of Fri Oct  2 09:24:42 2009
  T    ID     KEY        MODE        OWNER   GROUP   CREATOR  CGROUP NATTCH   SEGSZ
  Shared Memory:
  m     8 0x0000f230 --rw-rw-rw-      root    root      root    root   13    307808
  m     9 0x0000f231 --rw-rw-rw-      root    root      root    root   13     47112
  m  1548 0x652821f4 --rw-------    sybase  sybase    sybase  sybase    6 554074112
  m   525 0x0000eac4 --rw-rw-rw-  nsadm62a     nst  nsadm62a     nst   13    307808
  m  4624 0x0000eac5 --rw-rw-rw-  nsadm62a     nst  nsadm62a     nst   13     47112
  m  4625 0x00000000 D-rw-------    sybase  sybase    sybase  sybase    2     65540
  m  4626 0x0000ee48 --rw-rw-rw- jstettner     nst jstettner     nst    0    307808
  m  4627 0x0000ee49 --rw-rw-rw- jstettner     nst jstettner     nst    0     47112
  [nsadm62a:~]
Determining size of Queue Manager's Shared Memory Segment
Key Config:SYSTEM Release SEGSZ
0x0000f230
0x0000f231		 62000 v62a 307,808
+ 47,112
= 354,920
0x0000ee48
0x0000ee49		 61000 v61a 307,808
+ 47,112
= 354,920
0x0000eac4
0x0000eac5		 60100 v60b 307,808
+ 47,112
= 354,920
Also, under NATTCH, the operator can determine how many application connections there are to the resources. 13 happens to be the number of queues plus the system spooler, so the operator can see that the queues for v62a and v60b are likely running.
Run ipcs as follows to display message queue information: 
 # ipcs -q
The command will produce a display similar to the screen print below. 
  [nsadm62a:~] ipcs -q
  IPC status from /dev/kmem as of Fri Oct  2 09:26:45 2009
  T ID     KEY        MODE         OWNER GROUP
  Message Queues:             
  q  0 0x3c300734 -Rrw--w--w-       root  root
  q  1 0x3e300734 --rw-r--r--       root  root
  q  2 0x0000f230 --rw-rw-rw-       root  root
  q  3 0x0000f231 --rw-rw-rw-       root  root
  q  4 0x0000eac4 --rw-rw-rw-       root  root
  q  5 0x0000eac5 --rw-rw-rw-       root  root
  q  7 0x0000ee48 --rw-rw-rw-  jstettner   nst
  q  8 0x0000ee49 --rw-rw-rw-  jstettner   nst
  [nsadm62a:~]
Running ipcrm
  1. Log on the application host as root (the system administrator).
  2. Execute ipcs -mboc as explained above.
  3. Run ipcrm as follows to remove shared memory keys 0x0000f23a and 0x0000f23b: 
     # ipcrm -M 0x0000f23a -M 0x0000f23b
    The command will produce a display similar to the screen print below.
  4. Re-execute the ipcs -mboc command.
These three commands produce output similar to the following: 
  # ipcs -mboc
  IPC status from /dev/kmem as of Mon Oct  5 00:14:08 2009                                     
  T    ID     KEY        MODE        OWNER   GROUP   CREATOR  CGROUP NATTCH   SEGSZ
  Shared Memory:                                                                      
  m     0 0x413007ba --rw-rw-rw-      root    root    root     root       0    348
  m     1 0x4e0c0002 --rw-rw-rw-      root    root    root     root       1  61760
  m     2 0x4134487f --rw-rw-rw-      root    root    root     root       1   8192
  m 26115 0x5e2c003a --rw-------      root    root    root     root       1    512
  m     4 0x0000f23a --rw-rw-rw-      root    root    root     root       0 307808
  m     5 0x0000f23b --rw-rw-rw-      root    root    root     root       0  47112
  m     6 0x0000eac4 --rw-rw-rw-      root    root    root     root      13  67200
  m     7 0x0000eac5 --rw-rw-rw-      root    root    root     root      13  31512 
  # ipcrm -M 0x0000f23a -M 0x0000f23b 
  # ipcs -mboc
  IPC status from /dev/kmem as of Mon Oct  5 00:15:51 2009                                     
  T    ID     KEY        MODE        OWNER   GROUP   CREATOR  CGROUP NATTCH   SEGSZ
  Shared Memory:                                                                      
  m     0 0x413007ba --rw-rw-rw-      root    root    root     root       0    348
  m     1 0x4e0c0002 --rw-rw-rw-      root    root    root     root       1  61760
  m     2 0x4134487f --rw-rw-rw-      root    root    root     root       1   8192
  m 26115 0x5e2c003a --rw-------      root    root    root     root       1    512
  m     6 0x0000eac4 --rw-rw-rw-      root    root    root     root      13  67200
  m     7 0x0000eac5 --rw-rw-rw-      root    root    root     root      13  31512
Why aren't the Queue Manager's shared memory segments consistently owned?
In one screen print from ipcs above, we see the shared memory for several LeasePak releases. The owner of each release's shared segment, though, is different. One set of segments is owned by root; the next is owned by $NSTADMIN; the third by a regular user.
The reason is: the shared memory segments are owned by the process that first executed a Queue Manager process since the last time shared memory was cleared, usually when the application host is rebooted.
  • owned by root - probably started at boot by init script
  • owned by $NSTADMIN - probably started by $NSTADMIN, possibly using cleanse_s7
  • owned by regular user - probably started by user launching LeasePak
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
Editing the Queue Manager Configuration I
What You Need To Know To Understand This Section ...
About Batch Queue Definitions
Batch and Job Queues
Batch Queues have the following features:
The Queue Manager, as installed on the application host by SETUP, contains fully configured batch queues, targeting hardware and operations at NetSol headquarters. All of these entries are examples for the administrator in configuring entries for his or her site.
IMPORTANT NOTE
System Administrator must complete Queue Manager configuration
The System administrator must configure the Batch queues. The example values in the Queue Manager configuration files at install are inappropriate for site use.
LeasePak will not function properly using the installed configuration.
Back to Contents Back to Top Previous Next Back to LeasePak Queue Manager
DCL Batch init - Batch Queue Definitions
What You Need To Know To Understand This Section ...
init - usage #1
The DCL init command has two forms as used in LeasePak. The first form, discussed here, is for creating the batch queues. It is: 
  $ init/que/start/job_limit=n/batch batch-queue-name
where
  • $ is the command introducer
  • init is the actual command name
  • in DCL, /-characters introduce command qualifiers, not file path component separators. Command qualifiers are basically equivalent to "-"-options.
  • /que - indicates a queue is to be created
  • /start - indicates that the individual manager process, qmgr, should be started
  • ?!/job_limit=!? - controls the maximum number of jobs that can run on the queue concurrently
  • n - indicates the number of jobs job_limit should allow
  • /batch - indicates the kind of queue being created
  • batch-queue name - name by which the queue will be known to the Queue Manager.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration I
Batch Queues in start_queues.com - Starting a Batch Queue
What You Need To Know To Understand This Section ...
Common Usage
The com-file start_queues.com can be viewed as three separate but related parts: first is forms definition, related to the third section, the print queue definitions, and the second section, the batch queue definitions.
Before any actual statements, it is essential that each com-file begin with the DCL statement: 
  set noon
- this sets up default error handling.
The syntax of the com-file in general is important to note, especially:
  • the command introducer $ which must precede every command
  • the command continuation - which must terminate every command line that wraps to the next line
  • the comment character, !, which hides everything up to the end of the line, or until the next !
After every three queue-defining init commands, there should be a wait command to slow down the process for about 3-5 seconds, so that the system spooler can catch up. See Example below.
IMPORTANT NOTE
How many batch queues should there be?
LeasePak requires a queue named sys$batch. NetSol recommends that the administrator create a batch queue for each portfolio. The conventional name for the portfolio queues is lp$eopnn, where nn is the two digit portfolio number.
batch queue initialization Worksheet
Note the following values for writing batch queue initializations:
Name Description Your Value Notes
basic command for batch queues $ init/que/start Combine this with the values below to make entries in start_queues.com
/job_limit= maximum concurrent jobs /job_limit= a number between 1 and 255
queue-name Queue name lower-case alphanumeric, or $. Conventionally, lp$EOPnn
Writing the Queue Initialization entries
Log on the application host as $NSTADMIN.
Use vi to create a new qdef file: 
  [nsadm62a:~] vi qdef.new  
  $ init/que/start/job_limit=10/batch SYS$BATCH
  $ init/que/start/job_limit=10/batch lp$eop01
  $ init/que/start/job_limit=10/batch lp$eop02
  $ wait 00:00:03
and so on for the remainder of the batch queues to be initialized.
In earlier versions of LeasePak, the wait commands used an abbreviated format for the time to delay, and allowed commands such as wait 3 to delay 3 seconds. There have been reports that using this format can result in very long delays, as if the 3 were being taken to mean 3 hours!. It is best to use the prescribed HH:MM:SS syntax.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration I
Parallel processing - Queue Job Limits
What You Need To Know To Understand This Section ...
CRITICAL NOTE
Batch Queue Job Limit Impacts EOP Performance
Possibly no other single setting can affect EOP performance as much as the setting of the job_limit parameter. NetSol recommends that the administrator set the job_limit (now a SETUP parameter in v62a) according to the following guidelines:
Guidelines for setting the Batch Queue Job Limit
The Batch Queue Job Limit is the maximum number of jobs which can run concurrently on the Batch Queue. Possible values for the Job Limit range from 1 to 255. The minimum recommended setting for the Job Limit is 6 tol 10. In many cases, the Job Limit should be set to a value greater than 10.
The optimal value for the Job Limit depends on multiple factors, such as:
The goal is to set the Job Limit high enough to effectively make use of the available hardware and database system resources, without overstressing those resources.
If the Job Limit is set too low, an insufficient number of jobs will run in parallel, thus decreasing the performance of EOP.
If the Job Limit is set too high, an excess number of jobs will run in parallel, leading to hardware and database system resource competition and decreased EOP performance.
There's an optimal Job Limit setting where the number of jobs running in parallel maximizes the performance of EOP. For each particular system, experimentation with different settings for the Job Limit is recommended to determine the optimal Job Limit setting.
How to set the job_limit
Working backwards, starting with the job limit as it becomes a parameter to start_queues.com: the sample start_queues.com shipping with v62a will take an optional job limit parameter. In the absence of the parameter, the job limit defaults to a reasonable level. It also issues a warning that the administrator has not set a job limit. The administrator is fully in charge of the contents of the com-file of course, and has a range of choices of how to implement the job limit:
The following code has been added to start_queues.com to handle the job limit parameter passed to it: 
  $ if P1 .eqs. "" then - 
          write sys$output "WARNING: Job Limit Parameter is empty; defaulting Queue Job Limit to 6"
  $ if P1 .eqs. "" then P1 = 6
How to adjust the job_limit
Simply using vi, or even just echoing from the shell, the administrator can change the value used by nst_qm_${INST_ID}$RELS3 and by the cleanse_s7 utility in order to fine tune the value in $QMJOB_LIM_FILE. The file is owned by $NSTADMIN but is still read-only, see Handling read-only files with vi to edit the file, or make it writable by $NSTADMIN ( chmod 644 $QMDIR/library/$QMJOB_LIM_FILE) until the tuning effort has been completed.
Simply change the value assigned to $QLIM to the desired number, write, quit, and test. First test: restart the queues with service nst_qm_${INST_ID}$RELS3 restart and then check the job limit using service nst_qm_${INST_ID}$RELS3 status, which should show the new value.
Print queues have an inherent, immutable job limit of one (1)
This is because, clearly, a single printer device cannot print two or more jobs simultaneously. Consequently, the job limit parameter is not valid with printer INIT commands.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration I
Editing the Queue Manager Configuration II
What You Need To Know To Understand This Section ...
About Printer Definitions
Print Queues
Print Queues have the following features:
The Queue Manager, as installed on the application host by SETUP, contains fully configured printers and print queues, targeting hardware and operations at NetSol headquarters. These entries are examples to assist the administrator in configuring entries for his or her site.
The important points to remember about printer definition are:
  • set up the Host Printing System first
  • get the printers planned for use with LeasePak installed and working
  • plan how to map the printers to devices to print queues
  • get one printer working with LeasePak
  • then do the rest
Parts of the printer and print queue definitions are found in 5 separate places:
IMPORTANT NOTE
System Administrator must complete printer configuration
The System administrator must configure the Print queues and perform printer installation. The example values in the Queue Manager configuration files at install are inappropriate for site use.
LeasePak will not function properly using the installed configuration.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration I
Printer Worksheets - Planning Printers and Print Queues
What You Need To Know To Understand This Section ...
  1. Map out the Host Printing System spooler command. This table shows the /usr/bin/lp spooler command for the lp Host Printing System, and leaves space for another command to be mapped for cases where lp is not used.
    The table maps the command line: 
     /usr/bin/lp -dprinter -odouble -otl66 -oc -s 2>>$VXTMP/log/device.log < %s
    Spooler Commands
    Item /usr/bin/lp values Site values
    command path /usr/bin/lp
    print destination -d(print destination)
    printer options -odouble
    -oc
    -otl66
    be silent -s
    error output 2>> $VXTMP/log/device.log
    file to print < %s     %s
    Note that for File to print the %s is required, whether it is redirected input as it is for /usr/bin/lp or is a simple argument to some other command.
    Note that -oc above is an output option for the particular printer, and is not related to any -c make a copy option for /usr/bin/lp.
    In fact, the make a copy of the file functionality that is required of any Host Printing System spooler is satisfied by putting the data to be printed on the stdin of the command; this forces /usr/bin/lp to make its private copy of the data that will need to be kept somewhere pending the availability of the printer mechanism.
  2. Map the Host Printing System print destinations to pseudo-device and print queue names.
    Printer Names
    Print Destination Pseudo-device Print Queue
    (default) LPSP: sys$print
    (paperless queue) LPBH: sys$blackhole
    xyz LPXYZ: xyz$print
    The above table shows two required print queues that must exist for LeasePak to operate correctly, sys$print and sys$blackhole.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
DCL Printer init - Print Queue Definitions
What You Need To Know To Understand This Section ...
init - usage #2 - init entries in start_queues.com
The DCL init command has two forms as used in LeasePak. The first form, discussed above, is for creating the batch queues. The second, discussed here, is for creating the print queues: 
  $ init/que/start/form=formname/on=dev print-queue-name
where
  • $ is the command introducer
  • init is the actual command name
  • in DCL, /-characters introduce command qualifiers, not file path component separators. Command qualifiers are basically equivalent to "-"-options.
  • /que - indicates a queue is to be created
  • /start - indicates that the individual manager process, qmgr, should be started
  • /form= - indicates what kind of paper stock is expected in the printer
  • formname - is the actual form type designation from a define/form statement (see below)
  • /on= - indicates that the next value is the pseudo-device that the printer is attached to.
  • dev - the pseudo-device that the printer is attached to. All pseudo-device names must end with : (colon); all printer device names must begin with LP. The pseudo-device name is a key element in printer definitions as it ties together the 3 files that contain the various parts of each printer definition.
  • print-queue name - name by which the queue will be known to the Queue Manager.
Print Queue initialization Worksheet
Note the following values for writing print queue initializations:
Name Description Your Value Notes
basic command for print queues $ init/que/start Combine this with the values below to make entries in start_queues.com
/form= form name /form= a pre-defined form
/on= pseudo-device /on=LP____: from table of Printer Names above
print queue-name Print queue name ____$print from table of Printer Names above
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
Printer Forms - Form Definitions
What You Need To Know To Understand This Section ...
Print queues managed by the Queue Manager require the predefinition of the printable area of the paper stock on which the printers print. These predefined types are called Forms.
Form Definitions
Forms should be defined in start_queues.com. At a minimum, the following two forms need to be defined:
  • default, or portrait orientation; add these lines to qdef.new, at the beginning of the file, after the initial set noon: 
      $ define/form default 0 -
    /description="Portrait Compressed Letter Document" -
    /Length=66 -
    /margin=(Bottom=6,Top=6, Left=10, Right=10) -
    /stock=default -
    /truncate -
    /width=132
  • landscape, for landscape orientation; add these lines to qdef.new, immediately after the definition for the default form: 
      $ define/form landscape 50 -
    /description="Landscape Letter Document" -
    /Length=45 -
    /margin=(Bottom=6,Top=6, Left=10, Right=10) -
    /stock=default -
    /truncate -
    /width=132
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
Pseudo-Devices - Printer Connections in DEVINIT
What You Need To Know To Understand This Section ...
Printer devices in DEVINIT
In a later section, DEVINIT, the Queue Manager pseudo-device table, is discussed at length. However, for the present purpose of printer definition, this brief description will suffice.
DEVINIT is located in $QMDIR/library. Its file access modes make it read only, and therefore requires Handling read-only files with vi to edit the file.
Each printer is connected to a pseudo-device. Even if it is the same printer in reality, it may be segregated for reasons of functionality (for example, portrait versus landscape). Each printer device should be all upper-case, and should begin with LP; all pseudo-device names must end with : (colon). The entry in DEVINIT should be similar to the following: 
  device-name  /dev/null  LP  512
This device-name will appear in start_queues.com and in the Config file.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
Transfering the print job - Printer Mapping Entries in Config
What You Need To Know To Understand This Section ...
To join the Queue Manager to the Host Printing System, the print jobs spooled by the print queues are transfered to the Host Printing System by invoking the Host Printing System's spooler command. This section describes how that is configured.
Host Printing System Mapping Entries
The Host Printing System mapping entries are located in the Config file, itself located in the $QMDIR/library directory.
This is the format of a Host Printing System mapping entry: 
  device spooler-command
  • device - the pseudo-device to which the printer is connected and for which a queue is established; printer devices must begin with LP and all pseudo-devices must end with :.
  • spooler-command - the full command line to be invoked by the Queue Manager to print the job. See table Spooler Commands above.

    The table shows /usr/bin/lp, spooler command of the lp Host Printing System , a standard and widely available print spooler. The administrator may use any program desired in this location, and it need not necessarily be a print command; it could send the print jobs to a mobile device or upload to a website, dial a pager, whatever is needed.
    There are certain minimal requirements for programs that can be used in this context:
    • It must accept the data to print in a file, or on its standard input, and can have this represented in the command line by the symbol %s;
    • It must make its own private copy of the data received before giving control back to the process that called it, as the caller is responsible for cleaning up such files, while the spooler is responsible for managing the private copies it makes;
    • It must put out diagnostics only on stderr.
    It is impossible to document what sorts of options alternate programs may require. The administrator must first understand how the system works as presented here and then experiment with new ways of using the facility.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
Adding Printers to the Queue Manager - Finalizing Queue Configuration
What You Need To Know To Understand This Section ...
Adding Printers to the Queue Manager
This section documents how a sample set of print queues and batch queues make up start_queues.com, DEVINIT, and Config.
See Starting a Batch Queue above for more information on com-files such as start_queues.com.
IMPORTANT NOTE
Required Print Queues
LeasePak requires a queue named sys$print on device LPSP:. LeasePak also requires a paperless queue named sys$blackhole on device LPBH:. See table at Printer Names above.
Writing the start_queues.com
Log on the application host as $NSTADMIN.
Use vi to edit start_queues.com, or create a new file: 
  [nsadm62a:~] vi $QMDIR/com/start_queues.com
The first statement must be: 
  $set noon
This should be followed by the form definitions.
Then add the code to handle the job-limit parameter
Then add the batch queue definitions
Finally followed by the print queue definitions: 
  $ init/que/start/form=default/on=LPSP: sys$print
  $ init/que/start/form=default/on=LPBH: sys$blackhole
  $ wait 00:00:03
  $ init/que/start/form=default/on=LPF35SI: f35si$print
  $ init/que/start/form=landscape/on=LPF35SIL: f35sil$print
  $ wait 00:00:03
In earlier versions of LeasePak, the wait commands used an abbreviated format for the time to delay, and allowed commands such as wait 3 to delay 3 seconds. There have been reports that using this format can result in very long delays, as if the 3 were being taken to mean 3 hours!. It is best to use the prescribed HH:MM:SS syntax.
The final result should look like: 
  $ set noon
  $ define/form default 0 -
    /description="Portrait Compressed Letter Document" -
    /Length=66 -
    /margin=(Bottom=6,Top=6, Left=10, Right=10) -
    /stock=default -
    /truncate -
    /width=132 
  $ define/form landscape 50 -
    /description="Landscape Letter Document" -
    /Length=45 -
    /margin=(Bottom=6,Top=6, Left=10, Right=10) -
    /stock=default -
    /truncate -
    /width=132 
  $ if P1 .eqs. "" then -
          write sys$output "WARNING: Job Limit Parameter is empty; defaulting Queue Job Limit to 6"
  $ if P1 .eqs. "" then P1 = 6
  $ init/que/start/job_limit='P1'/batch SYS$BATCH
  $ init/que/start/job_limit='P1'/batch lp$eop01
  $ init/que/start/job_limit='P1'/batch lp$eop02
  $ wait 00:00:03                 
  $ init/que/start/form=default/on=LPSP: sys$print
  $ init/que/start/form=default/on=LPBH: sys$blackhole
  $ wait 00:00:03
  $ init/que/start/form=default/on=LPF35SI: f35si$print
  $ init/que/start/form=landscape/on=LPF35SIL: f35sil$print 
  $ wait 00:00:03
  $ show que/all
The final show que/all is the equivalent of service nst_qm_${INST_ID}$RELS3 status.
Writing the DEVINIT
Log on the application host as $NSTADMIN.
Use vi to edit DEVINIT, or create a new file: 
  [nsadm62a:~] vi $QMDIR/library/DEVINIT
Add the following entries: 
  DUA0:           /               DK      512
  NL:             /dev/null       NL      10240
  LPSP:           /dev/null       LP      512
  LPBH:           /dev/null       LP      512
  LPF35SI:        /dev/null       LP      512
  LPF35SIL:       /dev/null       LP      512
The entries for DUA0: (D-U-A-ZERO-colon), NL:, LPSP: and LPBH: are required. The entries for LPF35SI: and LPF35SIL: are examples.
Writing the Config
Log on the application host as $NSTADMIN.
Use vi to edit Config: 
  [nsadm62a:~] vi $QMDIR/library/Config
Insure that all printer-related entries in the installed Config are deleted or commented out with #s. Then add these lines: 
  LPSP:   /usr/bin/lp -dsystem -oc -s \
                                                   2>>$VXTMP/lpsp.log < %s
  LPBH:     :  
  LPF35SI:  /usr/bin/lp -d5si -odouble -otl66 -oc -s \
                                                   2>>$VXTMP/lpf35si.log < %s
  LPF35SIL: /usr/bin/lp -d5si -odouble -olandscape -ofp12.5 -otl45 -s \
                                                   2>>$VXTMP/lpf35sil.log < %s
Note that $VXTMP (or any other $ prefixed variable) is valid in the Config file of Queue Manager version 3.3.1 or later. Version 3.1.7 must use explicit paths throughout Config.
Note the unusual entry for LPBH:. This is the Black Hole or paperless queue. Jobs sent to LPBH: simply vanish. The mapping shows that the OS command for LPBH: jobs is the null command, which does nothing, as is appropriate for this print destination.
Back to Contents Back to Top Previous Next Back to Editing the Queue Manager Configuration II
Miscellaneous
License and Activation - Registration Codes
What You Need To Know To Before Using This Command ...
This command may be run by any user with shell account access on the application host.
Obtaining License and Activation Information
Use the /ver option of the lease command to obtain license information and activation codes: 
 lease /ver
Here is an example of using lease /ver: 
 [lpuser:~] lease /ver
and part of its output: 
  [lpuser:~]  lease /ver
        LEASEPAK UX
        Copyright (c) 1995-2009, NetSol Technologies, Inc.
        ------------------------------------------------------------
        Version        : 6.2a-
        Build date     : 05-Oct-09 04:59   
        Client name    : Your Leasing Company                
        Client code    : YC
        User License   : 00099
        Report License : 00009
        Partial License: 00000

        Registration Codes
        ------------------------------------------------------------
        dx Generation   : SER-########-XXX-??????
        Print Spy       : SER-########-XXX-??????
        FormPak         : SER-########-XXX-??????
        Eop Monitor     : SER-########-XXX-??????
        LeasePak EC     : SER-########-XXX-??????
Click here to see the full output of lease /ver.
Back to Contents Back to Top Previous Next
Internet Services
What You Need To Know To Understand This Section ...
About Internet Services
This section covers the files and entries created by the SETUP program to handle requests for services.
The form, location, purpose, and contents of the files and entries is explained; how to create them is not, as that is the properly the task of SETUP.
The specific items covered are:
leasepakd service request
The leasepakd service is an Internet service available on certain exposed TCP ports of the application host.
The leasepakd service requires entries in two locations:
  1. /etc/services requires a single-line entry
  2. (x)inetd configuration
    • HP-UX & Solaris - the file /etc/inetd.conf requires a single-line entry
    • Linux - a file named with the service name is required in the /etc/xinetd.d directory
These entries are created using the following values from SETUP:
leasepakd service request - entry #1
/etc/services: 
  nst_lp62a${INST_ID}_6200  6200/tcp   # ${INST_ID_CMT} LeasePak v62a leasepakd /opt/nst/v62a
where:
The port number is more or less arbitrary. It is prompted for during SETUP with the prompt TCP port assignment for leasepakd inet daemon [6200]:. The administrator should accept the default, 6200, unless he or she knows that this will create conflicts. The number entered must be more than 1023 and less than 65536. The port is available to all LeasePak-configured processes through the environment variable LEASEPAKD_PORT.
That being said, there is a relationship between the port number chosen and the LeasePak release version. Briefly, ports 6000, 6010, 6100, and 6200 relate precisely to LeasePak versions v60a, v60b, v61a, and v62a. If the administrator needs to assign different numbers, it may be useful to find a way to fit into the pattern. The mPowerd service, discussed below, uses by default the leasepakd port plus 6, so mPowerd will default to 6206 in v62a.
The precise format of this entry is important, including the comment. When SETUP looks to see if a port selected by the administrator is available, it can detect whether or not an existing entry is one that was created by SETUP at some earlier point and so make appropriate modifications including allowing the port to be reassigned, but only if the format is exactly what is expected.
In v62a SETUP is not recognizing identical uses of the port and reports "port is in use". 
  [lpuser:~] grep nst_lp /etc/services
  nst_lp62a${INST_ID}_6200  6200/tcp   # ${INST_ID_CMT} LeasePak v62a leasepakd /opt/nst/v62a
mPowerd service request - entry #1
The mPowerd service is an Internet service available on certain exposed TCP ports of the application host.
In configuration, it is identical to leasepakd in every respect, except that its service ID is nst_mp62a${INST_ID}_$MPOWERD_PORT and its default port, prompted for in SETUP by the prompt TCP port assignment for mPowerd inet daemon [**], and its value is available through the environment variable MPOWERD_PORT.
These entries are created using the following values from SETUP: 
  [lpuser:~] grep nst_mp /etc/services
  nst_mp62a${INST_ID}_6206  6206/tcp   # ${INST_ID_CMT} LeasePak v62a mPowerd /opt/nst/v62a
leasepakd service request - HP-UX & Solaris - entry #2
/etc/inetd.conf: 
  nst_lp62a${INST_ID}_6200 \
    stream tcp nowait root \
    /opt/nst/v62a/live/bin/leasepakd \
    leasepakd -d /opt/nst/v62a \
    -l /opt/nst/v62a/log/leasepakd.log \
    -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd
where:
  • nst_lp62a${INST_ID}_6200 - the service ID which connects this entry to entry #1 on /etc/services
  • stream tcp nowait root - these provide detailed information about the protocol in use
  • /opt/nst/v62a/live/bin/leasepakd - the full pathname of the image invoked to handle requests for this service
  • leasepakd -d /opt/nst/v62a -l /opt/nst/v62a/log/leasepakd.log \
    -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd - the full command line for the service 
  [lpuser:~] grep leasepakd /etc/inetd.conf
  nst_lp62a${INST_ID}_6200 stream tcp nowait root \
    /opt/nst/v62a/live/bin/leasepakd leasepakd \
    -d /opt/nst/v62a -l /opt/nst/v62a/log/leasepakd.log \
    -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd
mPowerd service request - HP-UX & Solaris - entry #2
In configuration, mPowerd's second entry it is identical to that of leasepakd in every respect, except that its service ID is nst_mp62a${INST_ID}_6206 and the path components which of course reflect mPowerd. 
  [lpuser:~] grep mPowerd /etc/inetd.conf
  nst_mp62a${INST_ID}_6206 stream tcp nowait root \
    /opt/nst/v62a/live/bin/mPowerd mPowerd \
    -d /opt/nst/v62a -l /opt/nst/v62a/log/mPowerd.log \
    -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd
leasepakd service request - Linux - entry #2
/etc/xinetd.d/nst_lp62a${INST_ID}_6200: 
  # default: off
  # description: leasepakd allows connections to 
  # ${INST_ID_CMT} LeasePak v62a leasepakd /opt/nst/v62a
  
  service nst_lp62a${INST_ID}_6200
  {
        disable         = no
        id              = nst_lp62a${INST_ID}_6200
        socket_type     = stream
        user            = root
        server          = /opt/nst/v62a/live/bin/leasepakd
        wait            = no
        protocol        = tcp
        port            = 6200
        server_args     = -d /opt/nst/v62a -l /opt/nst/v62a/log/leasepakd.log \
        -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd 
  }
where:
  • # ${INST_ID_CMT} LeasePak v62a leasepakd /opt/nst/v62a - service comment as in /etc/services
  • disable = no - service is enabled
  • id = nst_lp62a${INST_ID}_6200 - the service ID which connects this entry to entry #1 in /etc/services
  • socket_type = stream
    protocol = tcp
    wait = no - these provide detailed information about the protocol in use
  • server = /opt/nst/v62a/live/bin/leasepakd - the full pathname of the image invoked to handle requests for this service
  • port = 6200 - the port associated with this service as in /etc/services
  • server_args = -d /opt/nst/v62a -l /opt/nst/v62a/log/leasepakd.log \
    -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd - the command line arguments for the service 
  [lpuser:~] cat /etc/xinetd.d/nst_lp*
  # default: off
  # description: leasepakd allows connections to 
  # ${INST_ID_CMT} LeasePak v62a leasepakd /opt/nst/v62a
  
  service nst_lp62a${INST_ID}_6200
  {
        disable         = no
        id              = nst_lp62a${INST_ID}_6200
        socket_type     = stream
        user            = root
        server          = /opt/nst/v62a/live/bin/leasepakd
        wait            = no
        protocol        = tcp
        port            = 6200
        server_args     = -d /opt/nst/v62a -l /opt/nst/v62a/log/leasepakd.log \
        -f /opt/nst/v62a/etc/${HOST}_v62a_rt.lpkd 
  }
mPowerd service request - Linux - entry #2
In configuration, mPowerd's second entry it is identical to that of leasepakd in every respect, except that its service ID is nst_mp62a${INST_ID}_6206 and the path components which of course reflect mPowerd.
In that light, there is little reason to display /etc/xinetd.d/nst_mp62a${INST_ID}_6206.
Back to Contents Back to Top Previous Next
System Restart
What You Need To Know To Understand This Section ...
About System Restart
This section covers the files and entries created by the SETUP program in $INITDIR and links in the sibling rc?.d directories to handle system restart.
The form, location, purpose, and contents of the files and entries is explained; how to create them is not, as that is properly the task of SETUP.
The specific items covered are:
Queue Manager Restart
The Queue Manager is restarted by the service script nst_qm_${INST_ID}$RELS3 as described in Queue Start and Stop.
The service script is built on the template $live/lib/qmgr.tmplt, and uses the following values from SETUP:
Oracle Restart
The Oracle instance is restarted by the service script nst_dbora.
The service script is located in application host's init.d directory. See About the service Command.
The service script is built on the template $live/lib/dbora.tmplt, and uses the following values from SETUP:
The nst_dbora service script uses $INSTANCES_LIST, or /etc/netsol_dbms_instances, which lists the instance names of any Oracle instances that are to be controlled by nst_dbora. This list is installed by SETUP, but the administrator must enter the names of the instances after the installation.
Sybase Restart
The Sybase dataserver is restarted by the service script nst_dbsyb.
The service script is located in application host's init.d directory. See About the service Command.
The service script is built on the template $live/lib/sybase12, and uses the following values from SETUP:
  • $SYBDIR - the installation directory for the Sybase software
  • $SYBSRV - the Sybase dataserver to restart
  • $SYBBKSRV - the Sybase backup-server to restart
  • $SYSINSTALLFLAGS - position 4:
    Y = install nst_dbsyb
    N = do not install nst_dbsyb
Back to Contents Back to Top Previous Next

Maintenance


Backups
Backup Policies - Backing up the LLDB
What You Need To Know to Understand this Section ...
Backup Policies
IMPORTANT NOTE
NetSol strongly recommends ...
That the system administrator perform database backups at least daily. These backups should include regular full backups as well as properly scheduled incremental backups. With the Sybase database system, it may also be necessary to backup the transaction log periodically as well.

If the administrator is unsure of the best procedures for scheduling backups, he or she should contact the NetSol Help Desk to obtain guidance.
There are a number of ways of performing backups, including:
  1. Each database system has a native backup utility. This can be used to obtain backups of not just the LLDB but also of important database system configuration information, and in a manner that facilitates the proper restoration of the entire system.
  2. Each OS has a native backup utility, or more, which could potentially be used to capture images of the devices on which the database system resides.
  3. There are third-party backup and archival packages available on all LeasePak OSs.
  4. The administrator can also use the LeasePak utility, db_snapshot. This program is the counter-part to the db_restore program discussed above.
Each method has good and bad features:
  1. database system native backup utility:
    • Good: can perform backups that allow easier retoration of an LLDB.
      Good: can include general database system matter as well.
      Good: optmized by the vendor for that database system.
      Good: can perform backups while the database is online.
    • Bad: does not backup the $ENVDIR/data directory by default, and may not be able to do so at all.
      Bad: backups are sometimes incompatible with database server instances on other hosts.
      Bad: cannot be used to completely restore the database system in the event of a media failure.
  2. OS native backup utility:
    • Good: can easily backup disks containing LLDB data, as well as database system configurations and $ENVDIR/data.
    • Bad: can be complex to use.
      Bad: not very reliable for restoring less than the entire DBMS host.
      Bad: database must be quiescent while the backup is performed.
  3. third-party backup utility, often part of a larger management tool suite:
    • Good: may have sophisticated ease-of-use features.
      Good: may have the capability to do the right thing in regards to backing up and restoring database systems.
      Good: may have the capability to handle the $ENVDIR/data directory correctly.
    • Bad: Potentially has all the bad points of the first two options above.
  4. db_snapshot, a NetSol utility script:
db_snapshot is useful as an alternate, supplemental form of backup. However, the primary backup solution should be a native database system backup, as only native database system backups can be used to fully recover a database system when media failure occurs.
Back to Contents Back to Top Previous Next
db_snapshot - Copying LeasePak data out of the LLDB
What you need to know before using this command ...
Use db_snapshot copy the contents of an LLDB to a LeasePak data-set. Unlike the native backup utility, db_snapshot handles both the LeasePak table data and the required accompanying C-ISAM files. A data-set created by db_snapshot can be loaded using db_restore into any LLDB of the same LeasePak version on any supported OS and database system, with the noteworthy exception of the Sybase notebook tables, which can exceed the size supported under the equivalent Oracle tables.
db_snapshot may only be run by $NSTDBA, the LeasePak database administrator. It requires that the operator know the password for the DBO of the LLDB, which was assigned when the LLDB was created by db_create; it requires that the database server for the db-type selected when the environment was created using setup_new_env be up and running and capable of executing interactive SQL commands; it does not require the services of the Queue Manager.
As with most LeasePak db_* commands that affect a particular LLDB, db_snapshot determines the appropriate LLDB to use via the environment created by setup_new_env.
The db_snapshot command may be run from any type of environment, unlike db_restore because it does not alter the LLDB.
If the snapshot name given to db_snapshot has already been used for a snapshot, the previous snapshot contents are removed at the outset, and the new contents copied in. db_snapshot does not allow the operator to snapshot into the seed or level7 data-sets.
Common Usage
The following is the most common example of using db_snapshot: 
db_snapshot env-name data-set-name [-p proc-count]
where
  • env-name is the environment containing the LLDB whose data is to be copied into the data-set
  • data-set-name is the group of files containing a complete image of a LeasePak logical database (LLDB), and must be one of:
  • [-p proc-count], where proc-count is an integer from 1 to 15, which determines the number of concurrent processes that will be used to move the data from the LLDB into the data-set. The [...] indicates that this parameter is optional; if omitted, the number of concurrent processes defaults to 4, as if -p 4 had been typed on the command line.
  • Other Inputs
IMPORTANT NOTE
Creating snapshots of live data
The LLDB must be quiescent at the time of the snapshot, or else the resulting data may not be consistent. There might also be lock contention, where either users using the LLDB or db_snapshot is prohibited from moving forward because of contention in accessing the same data. This should only be temporary, but could slow either process down. Quiescent means that no one is making any changes to the data in the LLDB during that timeframe.
It is best if the users are kept out of the LLDB during the snapshot process.
CRITICAL NOTE
Backing up $ENVDIR/data
Every LeasePak environment has a data subdirectory on the application host. When pointing to an environment, the environment directory is symbolized by the environment variable $ENVDIR. LeasePak creates a number of C-ISAM files in this directory that are intrinsic parts of the LLDB. Any complete backup must backup the *.dat and *.idx files in the environment's data directory.
If the application host and the DBMS host are separate computers, the snapshot process would be run from the application host. This would require that all of the snapshot data from the LLDB be transferred over the network to the application host. This could adversely affect performance.
The only way to mitigate this problem is to install a copy of LeasePak on the DBMS host strictly for the purpose of facilitating bulk data operations such as db_snapshot and db_restore. If this approach is used, then the $ENVDIR/data directory needs to be exported to the network so that the snapshot can access it from the DBMS host as an NFS mounted filesystem.
In the LeasePak instance on the DBMS host the administrator should create an environment mirroring the one on the application host and referencing its LLDB. To prevent accidental access to the LLDB through this environment, the administrator should remove the directory or link $ENVDIR/exe on the DBMS host copy, and should also direct SETUP to not install the leasepakd service on the DBMS host, by answering the SETUP prompt Install LeasePak TCP port in inet configuration? (Y/N) [N] with N.
db_snapshot Worksheet
Note the following values for running db_snapshot:
Name Description Your Value Notes
env-name environment name Must have been previously created using setup_new_env, and must contain a valid LLDB created using db_create
data-set data-set name Must be a new or existing data-set directory in $datasets or the absolute pathname of a directory on the application host that can contain a data-set
-p proc-count # of concurrent processes optional parameter; if given must be 1 to 15, default is 4
DBO's password LLDB owner's password db_snapshot will prompt for this. This password was assigned when the LLDB was created using db_create
Running db_snapshot
Log on the application host as $NSTDBA, the LeasePak database administrator.
Either run db_snapshot with the common usage described above, or click here to see the complete syntax of db_snapshot. 
  [nsdba62a:~]  db_snapshot prod level7 -p 10
The command will produce a display similar to the screen print below. Enter the DBO's password when prompted. For brevity we have deleted several lines (shown by "...") from this screen print; the full output of db_snapshot can be seen by clicking here. 
  [nsdba62a:~] db_snapshot prod prod20091013 -p 10
  2009-10-13 13:09:13 db_snapshot: Unload database (prod)lpr_prod into dataset 
      prod20091013
  2009-10-13 13:09:13 db_snapshot: Running commands as DBO: lpr_prod
  
  Database Owner 'lpr_prod' password: database owner's password
  2009-10-13 13:09:25 db_snapshot: Creating prod20091013 directory...
  2009-10-13 13:09:26 db_snapshot: Getting list of user tables sorted by size...
  2009-10-13 13:09:55 db_snapshot: Distributing tables into 10 portions...
  2009-10-13 13:10:02 db_snapshot: Performing bcp out for the tables...
  rcc 1
  req 2
  rcr 3
  rst 4
  rtx 5
  rglc 6
  rls 8
  rzga 7
  rlsa 9
  msg 10
  rlsb 5
  rha 7
  rtr 1
  rlo 3
  rsc 2
  reqa 6
  rtd 9
  ...
  ruet 9
  rsq 4
  Portion 6 done Tue Oct 13 13:10:13 PDT 2009
  rxr 10
  rxrp 1
  rub 4
  ruqt 2
  run 8
  rwt 7
  rxup 3
  runt 9
  Portion 10 done Tue Oct 13 13:10:13 PDT 2009
  Portion 5 done Tue Oct 13 13:10:13 PDT 2009
  rxp 9
  ruj 4
  rxf 8
  rxu 2
  Portion 3 done Tue Oct 13 13:10:13 PDT 2009
  Portion 1 done Tue Oct 13 13:10:13 PDT 2009
  rzu 9
  rus 4
  rzp 7
  rzq 8
  Portion 2 done Tue Oct 13 13:10:13 PDT 2009
  ryr 4
  Portion 7 done Tue Oct 13 13:10:13 PDT 2009
  Portion 8 done Tue Oct 13 13:10:13 PDT 2009
  Portion 9 done Tue Oct 13 13:10:13 PDT 2009
  Portion 4 done Tue Oct 13 13:10:14 PDT 2009
  2009-10-13 13:10:14 db_snapshot: End
  Unload complete; check /opt/nst/v62a/log/prod.log for any errors
  [nsdba62a:~]
Back to Contents Back to Top Previous Next
Native Backups - Periodic Backup of Database Systems
IMPORTANT NOTE
Native DBMS Backups
Because db_snapshot does not backup many of the important structural elements of the database systems, and cannot be used to completely restore the database system in the event of media failure, NetSol recommends that the administrator periodically use native database system commands to back up all LLDBs and transaction logs, including ones used by the database system. For more information, refer to the appropriate documents below:
Reference Documentation
Oracle 11gR2
  • User's guide: Oracle Database Backup and Recovery User's Guide 11gR2
  • Reference guide: Oracle Database Backup and Recovery Reference 11gR2
  • Introduction: Oracle Database 2 Day DBA 11gR2: Chapter 9 Performing Backup and Recovery
Oracle 9iR2
  • Oracle 9i Backup and Recovery Concepts
  • Oracle 9i Backup and Recovery Strategies
  • Oracle 9i User-Managed Backup and Recovery Guide
Sybase 12.5
Adaptive Server Enterprise 12.5 System Administration Guide:
  • Developing a Backup and Recovery Plan
  • Backing Up and Restoring User Databases
  • Restoring the System Databases
Sybase 12.0
  • System Administration Guide
Back to Contents Back to Top Previous Next
Passwords
What You Need To Know to Understand this Section ...
User Passwords
LeasePak has a complex password scheme due to its complexity as a product as well as to the variety of platforms it runs on.
The user has his or her plain text password, or client string password. Generally this is all that most users are aware of. However, to access the LLDB and drivers, the user must also have accounts in the application host OSsand in the database systems that contain the LLDBs. Initially, these were set by the administrator.
To effect a password change for a user, the following locations need to be updated:
  • The database system which has the user's account. If there are multiple database systems installed, then potentially each of them must be individually updated.
  • The application host must have its /etc/passwd or /etc/shadow updated.
  • There are tables in the LLDB governing certain aspects of password administration which may have to be updated.
This section of the System Administration Guide covers briefly how to change passwords for various types of users.
The following list describes who can change which passwords:
Back to Contents Back to Top Previous Next
Security Administrator - Granting Security Authority
What You Need To Know to Understand this Section ...
Any user with application host or DBMS host login access, and who knows the $SRVADM's password, can perform this procedure.
Normally, the $SRVADM, the database server administrator, wields Security Authority in the database system. However, the administrator may want to give this authority to a regular user or to the LeasePak supervisor so that that person can effect user password changes without exposing the $SRVADM password unnecessarily.
Procedure to Grant Security Authority to a user
Security Authority is granted in different ways in the different database systems.
The operator should log onto the application host as $NSTDBA, the LeasePak database administrator. To be sure that the $NSTDBA can connect to the database system needed, the operator should execute: 
  [nsdba62a:~]  . $TOPDIR/env/adm_dbms/etc/.lpprofile
if using the sh, bash, or ksh shell, or: 
  [nsdba62a:~]  source $TOPDIR/env/adm_dbms/etc/.lplogin
if using the csh or tcsh shell, and where dbms is either ora or syb.
  • Oracle
    Once $NSTDBA can access Oracle, execute: 
     [nsdba62a:~] sqlplus "sys as sysdba"
    And enter the sysdba password when prompted. Then at the SQL> prompt, execute: 
     SQL> grant alter user to target-user;
    Now the target-user can log onto sqlplus and change the passwords of other users.
  • Sybase
    Once $NSTDBA can access Sybase, execute: 
     [nsdba62a:~] isql -Usa
    And enter the sa password when prompted. Then at the 1> prompt, execute: 
      1> grant role sso_role to target-user
      2> go
    Now the target-user can log onto isql and change the passwords of other users.
Back to Contents Back to Top Previous Next
System User Passwords - DBO, $SRVADM, sa and sysdba
What You Need To Know to Understand this Section ...
Performing database system-only password changes
The system users are the DBOs, $SRVADM, sysdba and sa. A DBO and $SRVADM may exist in multiple database systems; if so, the password used for that user should be uniform across all of the installed database systems.
Oracle
The Oracle database system-only password change is performed by the system user or a user with Security Authority logging into sqlplus as follows: 
 % sqlplus
enter the user name and user-password when prompted. 
 SQL> alter user system-user identified by new-password
where:
  • user is the system user or a user with Security Authority
  • user-password is the password of the user, may be same as old-password
  • system-user is a DBO, $SRVADM or sysdba
  • old-password is the system-user's old password
  • new-password is the new password being assigned to the system-user
Sybase
The Sybase database system-only password change is performed by the system user or a user with Security Authority logging into isql as follows: 
  % isql -Uuser -Puser-password
  1> sp_password user-password, new-password, system-user
where:
  • user is the system user or a user with Security Authority
  • user-password is the password of the user, may be same as old-password
  • system-user is a DBO, $SRVADM or sa
  • old-password is the system-user's old password
  • new-password is the new password being assigned to the system-user
Back to Contents Back to Top Previous Next
Change Password Update - Password Change By User
What You Need To Know to Understand this Section ...
The user can perform this update only if allowed by the LeasePak supervisor through [U0706] Security.
The user changes his or her own password by accessing the Change Password update on the LeasePak client Options Menu. The Reference Guide describes how to go about this.
Back to Contents Back to Top Previous Next
lpchgpass - Change By Administrator
What You Need To Know Before Using This Command ...
The lpchgpass may be run only by root (the system administrator). It also requires knowing the $SRVADM's password, or knowing a user account with Security Authority.
If there are multiple database systems installed and the user has accounts in more than one, the administrator will have to perform this procedure on each database system. The user's password needs to be changed only once per database system, even if he or she has been given access (db_add_user) to more than one LLDB within the database system.
Common Usage
The following shows how lpchgpass is typically used: 
  lpchgpass config-file env-name user-name security-admin
where: The utility will then update the database system and the OS with the passwords generated from the client string password.
lpchgpass Worksheet
Note the following values for running lpchgpass:
Name Description Your Value Notes
config-file run-time configuration script top/etc/host_v62a_rt.msirc top/etc/host_release_rt.msirc
env-name environment name where the user has database access
user-name user whose password is being changed
security-admin a user who holds Security Authority usually $SRVADM, but can be any user who has Security Authority. See Granting Security Authority.
new-password new password of user 6-8 characters
security-admin's password password of user with Security Authority usually $SRVADM, but can be any user who has Security Authority.
Running lpchgpass
Log on the application host as root (the system administrator)
Run lpchgpass with the common usage described above. 
  #  cd /opt/nst/v62a/env/prod
  #  . etc/.lpprofile
  #  exe/lpchgpass $CFGDIR/$MSI_RT_CFG prod jstettner $SRVADM
The command will produce a display similar to the screen print below. Enter when prompted:
  • the user's new password
  • confirm the user's new password
  • $SRVADM's password
   # cd /opt/nst/v62a/env/prod
   # . etc/.lpprofile
   # exe/lpchgpass $CFGDIR/$MSI_RT_CFG prod jstettner $SRVADM
   Enter new password for user: user's password
   Confirm new password for user: user's password
   Enter password of the SSO role: SSO's password
   Password set correctly
   #
Back to Contents Back to Top Previous Next
Locked Accounts - Unlocking Accounts
What You Need To Know to Understand this Section ...
If LeasePak has been configured to lockout users from the system after a certain number of consecutive failed login attempts (SETUP prompt Max bad logins before lockout (0=disabled) [0], environment variable LEASEPAKD_LOCKOUT, then the administrator will periodically need to unlock these accounts.
This lockout capability is available only on client logins through leasepakd or mPowerd.
The account is locked by creation of a semaphore file in the user's home directory with the name .lpdlogin-lck.
Unlocking An Account
Log onto the application host as root (the system administrator) and execute: 
  rm -f home-path/user-name/.lpdlogin-lck
where:
  • home-path - the directory where user home directories are placed, usually /home
  • user-name - name of the user whose account is to be unlocked
Back to Contents Back to Top Previous Next
Housekeeping
df - Monitoring Disk Space
What You Need To Know Before Using This Command ...
Common Usage
The most common usage of the df command depends on the OS:
HP-UX
  bdf
Linux
  df
Solaris
  df -k
IMPORTANT NOTE
Make Sure There Is Enough Disk Space for End of Period
The administrator should carefully monitor diskspace on both the application host and the DBMS host. Any filesystem that has more than 90% in the Use% column is in danger of running out of space during End of Period processing. If the usage pattern of the host indicates periods of heavy use, frequent checks of available space are advised.
Any filesystem with more than 95% in Use% should be regarded as critical.
Running df
Run df as shown above for the OS of the host. For example, on Linux: 
  [lpuser:~]  df
All three forms of the command produce similar output, for example as follows: 
  [lpuser:~] df
  Filesystem                      1K-blocks      Used Available Use% Mounted on
  /dev/mapper/VolGroup00-LogVol00   8062392    657072   6989168   9% /
  /dev/md0                           194366     25394    158937  14% /boot
  /dev/mapper/VolGroup01-LogVol01   4128448    139468   3779268   4% /tmp
  /dev/mapper/VolGroup01-LogVol00   8256952   2653856   5183668  34% /usr
  /dev/mapper/VolGroup01-LogVol02   4128448   2565024   1353712  66% /var
  /dev/mapper/VolGroup01-LogVol03  20642428   1245624  18348228   7% /home
  /dev/mapper/VolGroup01-LogVol04  25803068   8847068  15645280  37% /opt
  /dev/mapper/VolGroup01-LogVol05  77409288   4153856  69323272   6% /opt/nst
  /dev/mapper/VolGroup01-LogVol06  25803068  12881880  11610468  53% /opt/oracle/oradata
  /dev/mapper/VolGroup01-LogVol07  25803068    531904  23960444   3% /opt/sybase/sybdata
  tmpfs                             4087568      5708   4081860   1% /dev/shm
  netfs:/export/nfs/backup        371902464  48316928 304694272  14% /backup
  [lpuser:~]
Back to Contents Back to Top Previous Next
cleanup & cleanse_s7 - Cleaning Up Queue Manager Temporary Files
What You Need To Know Before Using These Commands ...
Run cleanse_s7 immediately before executing End of Period. The recommended form is the first usage, cleanse_s7 -a, as this performs all of the tasks that NetSol recommends be performed on the Queue Manager in preparation for EOP.
cleanse_s7 may be run only by $NSTADMIN. It does not require any LLDB services.
Common Usage
cleanup
This is an example of running Cleanup: 
  cleanup
It removes temporary files from the Queue Manager temporary directories that belong to processes that are no longer running. It is important to remove these files, because if another process with the same process ID as that of an existing file starts, it will abort because it sees the file as already in use. This will lead to multiple, random and confounding failures in almost any LeasePak process, from logging into the LeasePak client to running End of Period.
Typically, the administrator sets up a job in crontab to periodically execute cleanup, about once every hour or two. See the example entries below.
cleanse_s7
This is the most common example of using cleanse_s7: 
  cleanse_s7 -a
where:
  • -a - indicates that all functions that can be performed on the Queue Manager should be performed. It is equivalent of the second usage below
second form
  cleanse_s7 -sptdlrq
where:
  • -s indicates that the stop queues function should be executed
  • -p indicates that the .JOB files in the system spooler directories are to be removed, effectively clearing the queues
  • -t indicates that the VXRT.LOG (the Queue Manager error log) is to be truncated
  • -d indicates that certain temp files more than 24 hours old are to be removed
  • -l indicates that the logicals tables are to be removed
  • -r indicates that the system spooler should be restarted
  • -q indicates that the individual queues should be restarted
third form
  cleanse_s7
which is the equivalent of cleanse_s7 -sptdrq, and performs only the tasks supported in earlier versions of the program, which were all of the above except -l remove logical tables.
Note that regardless of the order the various options are listed on the command line, the selected tasks will always be performed in the same order. All selected options must be combined into a single argument preceded by -.
Running cleanse_s7
Here is an example of running cleanup: 
  [lpuser:~]  cleanup
This is an example of running cleanse_s7: 
  [nsadm62a:~]  cleanse_s7 -a
  [nsadm62a] cleanse_s7 -a
  2009-10-15 14:22:46 cleanse_s7: Start: -sptdlrq 
       RT_CONFIG=/opt/nst/qm/v62a/qm_3_17/library/Config, 
       LNMDIR=/tmp/qm/v62a, JSPDIR=/opt/nst/qm/v62a/qm_3_17/spool
  2009-10-15 14:22:46 cleanse_s7: Stopping queues ...
  VX/DCL - DEC VMS DCL Emulation for Unix
  Copyright (C) 1985-1995 Isleworth Ltd.
  All Rights Reserved
  2009-10-15 14:22:52 cleanse_s7: Purging spooler .JOBS ...
  2009-10-15 14:22:53 cleanse_s7: Truncating VXRT.LOG ...
  2009-10-15 14:22:53 cleanse_s7: Purging JOB* PD_* PT_* SOR* *ERR and PJOB* files ...
  2009-10-15 14:22:53 cleanse_s7: Logical name tables ...
  2009-10-15 14:22:53 cleanse_s7: Restarting spooler ...
  VX/DCL - DEC VMS DCL Emulation for Unix
  Copyright (C) 1985-1995 Isleworth Ltd.
  All Rights Reserved
  2009-10-15 14:23:00 cleanse_s7: Restarting queues ...
  VX/DCL - DEC VMS DCL Emulation for Unix
  Copyright (C) 1985-1995 Isleworth Ltd.
  All Rights Reserved
  Batch queue SYS$BATCH, running
  
  Batch queue LP$EOP1, running
  
  Print queue SYS$BLACKHOLE, running,  on LPBH:,  mounted form DEFAULT
  
  Print queue SYS$PRINT, running,  on LPSP:,  mounted form DEFAULT
  
  Print queue DEV$PRINT, running,  on LP5SI:,  mounted form DEFAULT
  
  Print queue DEVL$PRINT, running,  on LP5SIL:,  mounted form LANDSCAPE
  
  2009-10-15 14:23:24 cleanse_s7: End
  [nsadm62a]
Here are examples of crontab entries to run cleanup every two hours at 53 minutes after the hour. 
 # Linux RHEL5
   53   */2  *      *   *     root ". ~nsadm62a/.lpprofile; cleanup" >/dev/null 2>&1
                    
  # HP-UX, Solaris, & Linux RHEL4
   53  1,3,5,7,9,11,13,15,17,19,21,23 *  *  *  ". ~nsadm62a/.lpprofile; cleanup" \
                                                   >/dev/null 2>&1
Back to Contents Back to Top Previous Next
Jobs on Hold - Releasing Held Jobs
What You Need To Know To Understand This Section ...
There are occasions when there may be jobs on batch queues with the status of Holding (for example, if End of Period was submitted with the state of Hold). On such occasions, the operator should use the following procedure to release jobs so identified so that they begin executing.
Procedure to Release Held Jobs
  1. Log on the application host as $NSTADMIN.
  2. Enter DCL by executing: 
      [nsadm62a:~]  dcl
  3. At the $ prompt, execute: 
      $ show queue/all
    This will display all of the queues and any jobs on them. If the queue is already known, the operator may execute: 
      $ show queue/all queue-name
    This is an example of the output of this command: 
      $ show queue/all
  Batch queue SYS$BATCH, running
  Jobname               Username   Entry   Status                        
  -------               --------   -----   ------                        
  TESTHOLD              jstettner   2480  Holding                       
  
  Batch queue LP$EOP1, running
  
  Batch queue LP$EOP2, running
  4. The operator makes note of the entry numbers of jobs in Holding status that are to be released
  5. For each job to be released, the operator executes the following: 
      $ set entry entry-number/release
    There is no system response to this command. The operator must repeat the show queue command to verify that the job is executing or has executed.
  6. When finished, the operator exits DCL by executing: 
      $  logout
The operator can also release held End of Period jobs interactively through the LeasePak Client. For more information, refer to the LeasePak Reference Guide document End of Period [U04]: Interactive Updates, in the section on Submit [U0401].
Back to Contents Back to Top Previous Next
db_truncate_rhr - Purge RHR Table Monthly
What You Need To Know Before Using This Command ...
During End of Month, LeasePak writes Historical Tax Released records to the RHR table. LeasePak does not use these records after End of Month is complete, and the table will grow indefinitely unless it is cleaned periodically. Use db_truncate_rhr to purge the RHR table after Month End processing from the LLDB for a particular environment.
db_truncate_rhr may only be run by $NSTDBA, the LeasePak database administrator. It requires that the operator know the password for the database owner or DBO.
As with most LeasePak db_* commands that affect a particular LLDB, db_truncate_rhr determines the appropriate LLDB to use via the environment created by setup_new_env.
The db_truncate_rhr command may only be run from production and test environments; visitor environments are not allowed to perform data-destroying tasks on the LLDBs they point to. The original, or host environment, given when the visitor environment was created, must be used for performing data-destroying tasks such as db_truncate_rhr.
IMPORTANT NOTE
End of Month Processing must be completed satisfactorily
The Administrator must be absolutely certain that Month End has completed successfully and that the RHR records are no longer needed before running this command
Common Usage
The most common way db_truncate_rhr is used is: 
  [nsdba62a]  db_truncate_rhr environment-name
where:
  • env-name is the name of the environment containing the LLDB with the RHR table that needs purging
  • Other inputs
    • DBO's password - the operator will be prompted for the database owner's password, which is usually assigned when db_create was run to create the LLDB. 
  [nsdba62a:~] db_truncate_rhr prod
  2009-10-15 22:42:23 db_truncate_rhr: Truncate rhr table in database lpr_prod of 
      environment prod
  2009-10-15 22:42:23 db_truncate_rhr: Running commands as DBO: lpr_prod
  
  Database Owner 'lpr_prod' password: database owner's password
  2009-10-15 22:42:31 db_truncate_rhr: End
  [nsdba62a:~]
Back to Contents Back to Top Previous Next
About Cores - Clean Up Core Files
What You Need To Know To Understand This Section ...
Core Files and Dumping Core
A core file or core dump is a file created by the OS when a program terminates under certain abnormal conditions. See elsewhere in this System Administration Guide for information about how to enable or disable the creation of core files by LeasePak. If cores are enabled in LeasePak, then every time a driver aborts with an error, LeasePak itself causes a core dump.
A core file is a snapshot of memory that was in use by a program at the moment of its termination. With this image, programmers can often determine the immediate cause of an error and sometimes even what led up to the error.
Because the LeasePak server programs, or drivers, are so complex they are very large and require large amounts of memory for data besides what is required for the program itself. This means that core files can be huge, and so occupy a great deal of disk space.
It is necessary for the administrator to be constantly vigilant in regards to core files.
What core files look like and where they lurk
Cores can occur in any directory and can be caused by any program, not just by LeasePak. However, LeasePak cores are some of the largest the administrator is likely to see, so they are the main focus here.
LeasePak cores occur in two primary locations:
  1. the user's home directory, most often left by interactive drivers
  2. the environment $ueop or $ueop/com directory, most often left by end of period drivers
Core files are named differently in Linux. The advantage to the Linux method is that if there is a situation where a series of programs in a batch job abort consecutively, on HP-UX and Solaris, each consecutive core file overwrites the one previous, and even if a dozen programs fail, there will still be only one core, and that will not be the one that would show how the series of errors began. On Linux, the series of cores would all have individual names based on their PIDs (process IDs). The downside to the Linux approach is that the dozen cores take up 12 times as much room as the single core.
The ways the administrator will deal with keeping core files under control are twofold:
  1. Make sure cores are enabled in LeasePak only when necessary and when constructive use of them is planned (cores are always enabled in End of Period);
  2. Run a job as root at least daily, removing core files older than a day or two.
Cleaning up the core files
This is an example of how to clean up LeasePak core files on HP-UX and Solaris. First, login as root, then ... 
  #  . ~nsadm62a/.lpprofile
  #  find /home/ $TOPDIR/ -name core -mtime +2 \
        -exec ls -l {} \; -exec rm -f {} \; > /tmp/core.log 2>&1
This scans the /home directories and the LeasePak instance directory for core files older than 2 days, prints their name, size, and timestamp and then removes them, with the resulting information recorded in a log file.
This is an example of how to clean up LeasePak core files on Linux. First, login as root, then ... 
  #  . ~nsadm62a/.lpprofile
  #  find /home/ $TOPDIR/ -name 'core.*' -mtime +2 \
        -exec ls -l {} \; -exec rm -f {} \; > /tmp/core.log 2>&1
This scans the /home directories and the LeasePak instance directory for core.* files older than 2 days, prints their name, size, and timestamp and then removes them, with the resulting information recorded in a log file.
Here is the results of such a scan: 
  #  . ~nsadm62a/.lpprofile
  #  find /home/ $TOPDIR/ -name core -mtime +2 \
      -exec ls -l {} \; -exec rm -f {} \; > /tmp/core.log 2>&1
  #  cat /tmp/core.log
  -rw-------   1 lpsup62a   nst        11933308 Aug 27 22:58 /opt/nst/v62a/env/devtest/eop/core
  -rw-------   1 ruthere    nst        11933308 Aug 18 11:24 /opt/nst/v62a/env/prod/eop/core
  -rw-------   1 jstettner  nst        15865468 Oct  6 04:10 /home/jstettner/core
The administrator can put the find command into the crontab and have this task performed automatically and regularly.
Back to Contents Back to Top Previous Next
LeasePak log files - Logs that require supervision and maintenance
What You Need To Know To Understand This Section ...
LeasePak's various log files
The log files listed in the following table are not all universally high growth rate and large sized files. Some are trivial. There is an indicator of what the potential is for excessively rapid growth and/or excessive size or excessive number of individual log files.
Table of Log File Potential Issue Codes
CODE DESCRIPTION
G excessively rapid growth
S excessive size
Q quantity of log files may become issue
X Debug logs that should not normally be used
H logs Handled by cleanse_s7
++ high potential for a problem
+ moderate potential for a problem
~ low potential for problem
Table of log files
SUB-
SYSTEM		 DIRECTORY LOGFILE POTEN.
LLDB
Environments		 $msilog admin.log ~
dblib_lib.log ~
dbms.log ~
job.log GS++
leasepakd.log GS+
mPowerd.log G+
ENVNAME.log GS++
Conversions $msilog ENVNAME_convYYMMDDHHMM.log SQ+
Oracle   9i BACKGROUND_DUMP_DEST/ alert_ORADB.log Q+
$ORACLE_HOME/network/log/ listener.log SQ+
USER_DUMP_DEST/ *.trc X++
Oracle   11g $ORACLE_BASE/diag/rdbms/ORADB/ORAINST/alert/ log.xml Q+
$ORACLE_BASE/diag/rdbms/ORADB/ORAINST/trace/ alert_ORADB.log Q+
$ORACLE_BASE/diag/tnslsnr/<dbms-host>/listener/alert/ log.xml Q+
$ORACLE_BASE/diag/tnslsnr/<dbms-host>/listener/trace/ listener.log SQ+
DIAGNOSTIC_DEST/... *.trc X++
/var/tmp ora_startup_shutdown.log ~
DAVOX $ueop/log davox_dl.log ~
$udata/ m2_BBBB_YYMMDD_HHMMSS.log ~
EOPS-II $ueop/log eop_run.log G~
pPOR_status.log GSQ+
EOPS-III $ueop/log eops_event.log GS++
pPOR_session.log SQ+
eops_proc.log S+
eops_gen.log S+
eops_dbg.log X+
eops_state.log X+
event_handler.log X++
Queue Manager /tmp VXRT.log H~
Config:LNMDIR job_*, PD_*, PT_* HQ+
Config:JSPDIR JSPLOG, QMGRLOG.*, PJOBLOG.* Q+S++
LeasePak $HOME leasepak_error.log GS++
lxcommand_PID.log XQ+
lxbuffer_PID.log XQ+
lxproc_PID.log XQ+
lpadbdrvr_PID.log XQ+
Back to Contents Back to Top Previous Next