Using the Login Shell
After the initial CLI (text-based) configuration of the Virtual Appliance, the login shell for the config user is available for use.
After the initial CLI (text-based) configuration of the Virtual Appliance, the login shell for the
configuser is available for use.
Note:In the Amazon Web Services (AWS) platform, the
configuser is used to log in to the web UI only. The
This article contains the following sections:
The config user can switch to the following users:
To switch to a different user, run the following command:
su - <username>
The following aliases (command shortcuts) are available in the Virtual Appliance login shell:
Run the alias on all the Virtual Appliance cluster nodes unless mentioned in the documentation to run on a single node.
- addDiskResize the root ("/") volume on Virtual Appliance by adding an additional virtual disk.
- addJBossDatasourceAdds a defined custom data source that is referenced as an argument pointing to a property file (normally at ”/opt/CA/VirtualAppliance/custom/<APP>/ dataSources”) across all nodes running either the CA Identity Portal or CA Identity Manager applications.
- audit_disableDisables kernel auditing to the log files and to the machine console.
- audit_enableEnables kernel auditing to the log files and to the machine console.
- audit_showShows if the kernel auditing is enabled or disabled.
- backupVapp andand restoreVappBackup and restore the Virtual Appliance configurations and data to a replacement server.ThebackupVappandrestoreVappaliases do not restore CA Directory DSA data in a multiwrite-DISP recovery environment. One such example of a multiwrite-DISP environment is the deployment of User Store and Provisioning Store on multiple Virtual Appliance nodes.To backup data in a multiwrite-DISP environment, do the following:
To restore data in a multiwrite-DISP environment, use therestoreVappalias to restore backup files on all the Virtual Appliance nodes including the external database to maintain data integrity.
- Shutdown the deployed services (Identity Manager, Provisioning Store, Identity Governance, Identity Portal) on all nodes.
- Use thebackupVappalias to take a backup of all the Virtual Appliance nodes.
- Backup the external database.
- check_cluster_clock_sync[Run the alias on any single cluster node]Checks the clock synchronization across the cluster nodes. This test fails if there are servers with a clock offset of more than 15 seconds.The clock synchronization is mandatory for replication to work correctly for a cluster containing multiple User Store or Provisioning Server nodes.
- check_oracle_db_size[Run the alias on any single cluster node]Displays the embedded Oracle 11g Express database data file size.
- compressLogsCompresses all applications in the Virtual Appliance log files to a tar.gz archive file that resides in the home directory.The logs archive also includes the hosts file and Wildfly standalone.xml files for CA Identity Manager, CA Identity Governance, CA Identity Portal.Example:/home/config/vApp_logs_<hostname>_<date>.tgz
- configureCustomHostRecordsAdds custom records to the /etc/hosts file. The custom records are read from /opt/CA/VirtualAppliance/custom/hosts.
- configure_im_jcs_logging_permissionsAllows you to configure permissions for JCS log files for the "config" user that may be arbitrarily written during JCS runtime, without the need to restart JCS.
- configureLoginPromptSet the content of /opt/CA/VirtualAppliance/custom/login-prompt.pre and /opt/CA/VirtualAppliance/custom/login-prompt.post as pre-login and post-login messages accordingly.
- CreateIDMAuthDirCreates the CA Identity Manager Authentication Directory, in case it failed to create automatically during the deployment, or in case an administrator deleted it from the Directories page in the CA Identity Manager Management Console.
- createIDMTrustConfiguration[Run the alias on any single cluster node]Manually creates CA Identity Manager Web-Services object for CA Identity Portal Connector. Run this command only when it fails to run automatically during deployment.
- dbutilServes as a wrapper for CA Identity Governancedbutilutility. Normally, there is no need to invoke it manually as it is called by thepopulateIgDatabasecommand.
- deleteIDMJMSqueueDeletes the CA Identity Manager JMS queue (/opt/CA/wildfly-idm/standalone/data/*).
- DisableIdmAuthFilterSecurity/EnableIdmAuthFilterSecurityDisables or enables CA Identity Manager Management Console Security.
- DisableIdmMgmtConsoleSecurity/EnableIdmMgmtConsoleSecurityDisables or enables CA Identity Manager User Console Authentication Filter Security.
- eurekify-universemigrationExport or import a CA Identity Governance universe from this solution.
- import_wildfly_ssl_certificatesImports SSL certificates from all Wildfly-based products (CA Identity Manager, CA Identity Governance, CA Identity Portal) on all Virtual Appliance nodes to local Java key store. The SSL certificates are available at /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates.
- install_vmware_toolsInstalls VMware tools from a mounted CDROM drive containing a VMware tools installation media or from an ISO file (supplied as an argument on the command line).To uninstall VMware tools, run:install_vmware_tools -u
- listSSLCertPrints the SHA1 fingerprint of an SSL certificate that is retrieved from a remote server.
- Usage for port 443: listSSLCert <Host name>
- Usage for other ports: listSSLCert <Host name>:<Port
- measure_io_performanceRuns a disk throughput measurement test. This is identical to the prerequisite test executed the first time a Virtual Appliance node is installed and configured from the CLI.
- MountNetworkSharesMounts network shares that are defined in /opt/CA/VirtualAppliance/custom/mounts.
- patch_vappInstalls the Virtual Appliance patch file (supplied as an argument on the command line).This command can be used to install all patch types (Example: Hotfixes, Cumulative Patches, Service Packs). This is the only supported option to patch or upgrade a system.
- patch_vapp_via_cdromInstalls the Virtual Appliance patch file from a CD-ROM attached to the virtual machine
- populateIgDatabaseRuns during the deployment and upgrade operations and normally there is no need to invoke it manually. This command populates the CA Identity Governance database with the default tables that are required by the application.A valid use case to run this command is when a customer wants to "reset" CA Identity Governance database by dropping and re-creating the databases/schemas, and wants to avoid re-deploying the solution.
- pwdtoolsRuns the CA Identity Manager Password tools (normally, required when performing integration with CA Single Sign-On). Use this command to encrypt passwords that need to be stored in thera.xmlconfiguration file.
- reconfigure_igRecreate the file-system configuration of CA Identity Governance.
- reconfigure_imRecreate the file-system configuration of CA Identity Manager.
- reconfigure_ipRecreate the file-system configuration of CA Identity Portal.
- RegisterExternalConnectorServerServes as a command-line substitute for the "Register Connector Server" functionality on the web-ui → External Tools page.Normally, there is no need to execute this command.
- registerJavaConnectorsNormally, there is no need to run this command.This command registers or re-registers Java Connector servers to the Provisioning Directory based on the latest Metadata in the locally installed Connector Server product (or the Connector Server install image, as fallback).
- remove_failed_node_ssh_fingerprintSpecifies circumstances where a Virtual Appliance node that crashed beyond recovery was replaced with another one having the same IP addresses.
- removeJBossDatasourceRemoves a defined custom data source that is referenced as an argument pointing to a property file at ”/opt/CA/VirtualAppliance/custom/<APP>/ dataSources” across all nodes running either the CA Identity Portal or CA Identity Manager applications.
- remove_serviceRemoves a service from the file system.
- repair_serviceResets the file system part of a given service to factory defaults.WARNING: This command should only be used in extreme conditions of disk corruption leading to inability to start a service. You must take a backup of the custom content and configurations for the given service before executing this command.Note: In a system that is upgraded from Virtual Appliance 14.0 to 14.1 where a master password was never configured, after repairing CA Identity Portal, the services have "CAIMAG1" as their default administrator password. This password can be changed after the repair sequence.
- resetInternalDBResets the embedded (Oracle 11g Express) database state. It deletes all CA Identity Manager, CA Identity Portal, and CA Identity Governance environment data and configurations, while restoring them to the “clean” Virtual Appliance state.
- resetVappServiceAccountPasswordAllows resetting the password for the Virtual Appliance service account (named: "vapp-service") on the Provisioning Directory. Use this command only when the customer disabled the account or changed its password, or in case the password for the account has expired.
- reset_vapp_to_factory_defaultsRemove all data of previous deployments from the file-system.
- resizeDiskAllows resizing the file-system size on the "/" volume after the Virtual Disk that is assigned to the Virtual Appliance Virtual Machine has been expanded in the host Virtualization platform.Example:VMware ESXThe expansion operation in the host Virtualization platform typically requires shutting down the guest Virtual Machine.
- restart_igRestarts CA Identity Governance application.
- restart_jcsRestarts the Connector Server.
- restart_rsRestarts Report Server application.
- restart_imRestarts CA Identity Manager application.
- restart_ipRestarts CA Identity Portal application.
- restart_oracleRestarts the internal Oracle 11g Express database (if deployed).
- restart_psRestarts the Provisioning Server.
- rollback_vappRolls back a previously installed patch.
- sPerforms a solution health status check and displays the console-based output.Note:The output is immediately set as the login banner.
- setEntropyWatermarkSets the watermark value of the Linux random-number generator (RNGD). The default is 3000.
- selectTimeZoneAllows configuring the server time-zone.
- set_log_level_csSets the application log level of the JCS.
- set_log_level_igSets the application log level of CA Identity Governance.
- set_log_level_ipSets the application log level of CA Identity Portal.
- setPublicIpApplicable to the Virtual Appliance instances deployed on AWS or Azure.This command attempts to determine the public IP address of the node. It is used in the Web-UI dashboard which exposes links to the applications.
- setTimeAndDateAllows configuring the server date and time.
- setVappUserPasswordSets the Virtual Appliance user password (normally the "config" user).This is equivalent to running the "passwd" command.
- set_vApp_webui_session_timeoutDisplays or configures the session inactivity timeout (in minutes) for the Virtual Appliance Admin UI (listening on port 10443).
- start_dxserverStarts all CA Directory DSAs.Note:If all CA Directory DSAs are started, the monitor will not display per-DSA status. Instead, it will display "[OK] All DSAs are started".
- start_igStarts CA Identity Governance application.
- start_imStarts CA Identity Manager application.
- start_ipStarts CA Identity Portal application.
- start_jcsStarts the Connector Server.
- start_oracleStarts the internal Oracle 11g Express database (if deployed).
- start_psStarts the Provisioning Server.
- stopDeploymentProcessStops an ongoing deployment process.This command needs to be invoked on the node from whose web-ui the current deployment operation started. This command should only be executed in extreme conditions where a deployment operation is halted and does not finish.
- stop_dxserverStops all CA Directory DSAs.
- stop_igStops CA Identity Governance application.
- stop_imStops CA Identity Manager application.
- stop_ipStops CA Identity Portal application.
- stop_jcsStops the Connector Server.
- stop_oracleStops the internal Oracle 11g Express database (if deployed).
- stop_psStops the Provisioning Server.
- swapManagerAdds extra swap volume in Virtual Appliance. This alias enables the following functionalities:
Note:The disk must not be a partition, a logical volume, or a member of the system volume group.
- Adds a separate disk as swap space to the system.
- Removes the added disk from the server swap space.
- sync_vapp_custom_content[Run the alias on any single cluster node]Synchronizes content across all nodes for custom content under/opt/CA/VirtualAppliance/customdirectory.
- tail_cs_logMonitors the Connector Server log.
- tail_ig_logMonitors CA Identity Governance application log.
- tail_im_logMonitors CA Identity Manager application log.
- tail_ip_logMonitors CA Identity Portal application log.
- tail_ps_logMonitors the Provisioning Server log.
- tdlMonitors the Virtual Appliance deployment log.
- tvlMonitors the Virtual Appliance main log.
- tvclMonitors the Central Logging log.
- twlMonitors the Virtual Appliance web server log.
- updateManagerProvides Amazon Web Services (AWS) security updates.
- vapp_sync[Run the alias on any single cluster node]Synchronizes custom files of deployed applications, which are at /opt/CA/VirtualAppliance/custom/<application name>.This command is required in the following cases where,
Note: This command performs in a uni-directional fashion, overwriting files on remote nodes with files from the current node (from where the command has been executed).
- there are multiple nodes of the same application type in the solution (Example, CA Identity Manager)
- the application nodes are not configured with a shared network location for storing common shared files.
- vAppUserPortalShowAllServicesDisables or enables a flag which controls whether a system with CA Identity Portal installed will show only Identity in the User Portal web-ui (the default behavior) or shows CA Identity Portal and also other installed products (if applicable) - CA Identity Manager and CA Identity Governance.
- vcl / view_vapp_central_logLets you view the Central Logging log.
- vdlLets you view the Virtual Appliance deployment log.
- view_cs_logLets you view the Connector Server log.
- view_ig_logLets you view the CA Identity Governance application log.
- view_im_logLets you view the CA Identity Manager application log.
- view_ip_logLets you view the CA Identity Portal application log.
- view_ps_logLets you view the Provisioning Server log.
- vvlLets you view the Virtual Appliance main log.
- vwlLets you view the Virtual Appliance web server log.
- wildfly-ssh-keymgrManage SSH key-pairs under the ownership of userwildflyfor purposes of automated execution of code on a remote server.
Available Privileged Commands (sudo)
The config user can execute the following commands as user dsa or imps with elevated privileges using "sudo" (by prefixing them with the "sudo" command):
- All init scripts in /etc/init.d/
- sysctlFor custom changes to persist, ensure that you add the custom configurations after the CA Technologies - END marker in the/etc/sysctl.conffile.
- iptables-save / iptables-restor
- loadkeysUsage: To change the keyboard layout on the CLI console, run the loadkeys command followed by the language code (Example: us, fr, de, it).