We had a recent installation of Siteminder (Web Access management tool) into our systems and had to be configured into existing apache installation.
Here are some issues which came up and the tips which you could look into:
1. Did you give write permission to "site minder user"? for Apache Conf directory
(<apache_root>/apache/conf). Write permission for "httpd.conf" file as well.
2. Created directory "/opt/netegrity".
Ideally this should be created in separate filesystem as a good practice.
This would become much helpful for clustering and promotional model.
3. Add entries in the "load module section" within the Apache "httpd.conf" file
5. Did you add "Alias" entries from httpd.conf.
Be careful the apache installation MAY NOT restart until unless you have the mod_alias installed
6. Add entry into "<apache_root>/apache/bin/apachectl" file.
Please note, that this shell level export won't be killed normally. Hence chance of accumulating such process is high.
to find any zombie processes which are being run and kill them off if you encounter below error...
So kill the identified process and restart again.
Issues you might encounter: Not able to shutdown LLAWP process which prevents Apache to restart
If I try shutting down
The only workaround I was able to do is to
1. Kill the LLAWP process # kill -KILL $pidofLLAWP
2. Remove all the shared memory and semaphores from the system
Update:
Found a solution for above Problem.
Create another directory say "some_New_directory" within the "<apache_installation_dir>" and specify this as the "ServerPath" in WebAgent.conf
Here are some issues which came up and the tips which you could look into:
1. Did you give write permission to "site minder user"? for Apache Conf directory
(<apache_root>/apache/conf). Write permission for "httpd.conf" file as well.
2. Created directory "/opt/netegrity".
Ideally this should be created in separate filesystem as a good practice.
This would become much helpful for clustering and promotional model.
3. Add entries in the "load module section" within the Apache "httpd.conf" file
LoadModule sm_module /opt/netegrity/webagent/bin/libmod_sm22.so
SmInitFile <location of apache>/conf/WebAgent.conf
4. Manually add handlers
# Manually added for siteminder
# Add handlers
# Siteminder .exe #
AddHandler cgi-script .exe
# Siteminder .fcc
AddHandler smformsauth-handler .fcc
# Siteminder .sfcc
AddHandler smsslformsauth-handler .sfcc
# Siteminder .scc
AddHandler smadvancedauth-handler .scc
# Siteminder .ccc
AddHandler smcookieprovider-handler .ccc
5. Did you add "Alias" entries from httpd.conf.
Be careful the apache installation MAY NOT restart until unless you have the mod_alias installed
6. Add entry into "<apache_root>/apache/bin/apachectl" file.
# Entry made as per siteminder installation document
export EXTSHM=ON
[[ -r /opt/netegrity/webagent/nete_wa_env.sh ]] && . /opt/netegrity/webagent/nete_wa_env.sh
Please note, that this shell level export won't be killed normally. Hence chance of accumulating such process is high.
ps -ef | grep LLAWP
to find any zombie processes which are being run and kill them off if you encounter below error...
(67)Address already in use: make_sock: could not bind to address [::]:443
(67)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
So kill the identified process and restart again.
kill -9 <processid>
apachectl -k stop
apachectl -k start
Issues you might encounter: Not able to shutdown LLAWP process which prevents Apache to restart
If I try shutting down
# LLAWP /opt/apacheinstallation/apache/conf/WebAgent.conf -APACHE20 -shutdown
[01/May/2012:11:27:59] [Info] [CA WebAgent IPC] [20906050] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0xf4a818d7
[01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmIpcEvent::CSmIpcEvent] Error initializing semaphore -1
[01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmSem::GetValue] Error performing GETVAL operation on semaphore -1 - Invalid argument (22)
[01/May/2012:11:27:59] [Info] [CA WebAgent IPC] [20906050] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0xf4a818d7
[01/May/2012:11:27:59] [Error] [CA WebAgent IPC] [20906050] [CSmIpcEvent::SetEvent] Error reinitializing event with key base 0x1f4
[01/May/2012:11:27:59] [Error] [CA WebAgent LLAWP] [20906050] [Failed to send shutdown signal to the LLAWP. Ensure that the process is running and the path to the WebAgent.conf is correct.]
The process was running at the time of above shutdown command.
The only workaround I was able to do is to
1. Kill the LLAWP process # kill -KILL $pidofLLAWP
2. Remove all the shared memory and semaphores from the system
# Bit dangerous: kill shared memory of LLAWP
ipcs -m | awk ' $5 == "nobody" {print $2}' | awk '{ print $1}' | while read sharedMemory; do
sudo su - -c "ipcrm -m $sharedMemory"
done
# To kill all the semaphores
ipcs -s | awk ' $5 == "nobody" {print $2}' | awk '{ print $1}' | while read semaphore; do
sudo su - -c "ipcrm -s $semaphore"
done
Update:
Found a solution for above Problem.
Create another directory say "some_New_directory" within the "<apache_installation_dir>" and specify this as the "ServerPath" in WebAgent.conf
ServerPath=<apache_installation_dir>/<some_New_directory>