Using the Login Shell

After the initial CLI (text-based) configuration of the Virtual Appliance, the login shell for the config user is available for use.
cislp143
After the initial CLI (text-based) configuration of the Virtual Appliance, the login shell for the
config
user is available for use.
Note:
In the Amazon Web Services (AWS) platform, the
config
user is used to log in to the web UI only. The
ec2-user
user
is used to run commands in the Command Line Interface.
This article contains the following sections:
Switching Users
The config user can switch to the following users:
  • dsa
  • imps
  • oracle
To switch to a different user, run the following command:
su - <username>
Available Aliases
The following aliases (command shortcuts) are available in the Virtual Appliance login shell:
Run the alias on all the Virtual Appliance cluster nodes unless mentioned in the documentation to run on a single node.
  • addDisk
    Resize the root ("/") volume on Virtual Appliance by adding an additional virtual disk.
  • addJBossDatasource
    Adds a defined custom data source that is referenced as an argument pointing to a property file (normally at ”/opt/CA/VirtualAppliance/custom/<APP>/ dataSources”) across all nodes running either the CA Identity Portal or CA Identity Manager applications.
  • audit_disable
    Disables kernel auditing to the log files and to the machine console.
  • audit_enable
    Enables kernel auditing to the log files and to the machine console.
  • audit_show
    Shows if the kernel auditing is enabled or disabled.
  • backupVapp and
    and restoreVapp
    Backup and restore the Virtual Appliance configurations and data to a replacement server.
    The
    backupVapp
    and
    restoreVapp
    aliases do not restore CA Directory DSA data in a multiwrite-DISP recovery environment. One such example of a multiwrite-DISP environment is the deployment of User Store and Provisioning Store on multiple Virtual Appliance nodes.
    To backup data in a multiwrite-DISP environment, do the following:
    1. Shutdown the deployed services (Identity Manager, Provisioning Store, Identity Governance, Identity Portal) on all nodes.
    2. Use the
      backupVapp
      alias to take a backup of all the Virtual Appliance nodes.
    3. Backup the external database.
    To restore data in a multiwrite-DISP environment, use the
    restoreVapp
    alias to restore backup files on all the Virtual Appliance nodes including the external database to maintain data integrity.
  • check_cluster_clock_sync
    [Run the alias on any single cluster node]
    Checks the clock synchronization across the cluster nodes. This test fails if there are servers with a clock offset of more than 15 seconds.
    The clock synchronization is mandatory for replication to work correctly for a cluster containing multiple User Store or Provisioning Server nodes.
  • check_oracle_db_size
    [Run the alias on any single cluster node]
    Displays the embedded Oracle 11g Express database data file size.
  • compressLogs
    Compresses all applications in the Virtual Appliance log files to a tar.gz archive file that resides in the home directory.
    The logs archive also includes the hosts file and Wildfly standalone.xml files for CA Identity Manager, CA Identity Governance, CA Identity Portal.
    Example:
    /home/config/vApp_logs_<hostname>_<date>.tgz
  • configureCustomHostRecords
    Adds custom records to the /etc/hosts file. The custom records are read from /opt/CA/VirtualAppliance/custom/hosts.
  • configure_im_jcs_logging_permissions
    Allows you to configure permissions for JCS log files for the "config" user that may be arbitrarily written during JCS runtime, without the need to restart JCS.
  • configureLoginPrompt
    Set the content of /opt/CA/VirtualAppliance/custom/login-prompt.pre and /opt/CA/VirtualAppliance/custom/login-prompt.post as pre-login and post-login messages accordingly.
  • CreateIDMAuthDir
    Creates the CA Identity Manager Authentication Directory, in case it failed to create automatically during the deployment, or in case an administrator deleted it from the Directories page in the CA Identity Manager Management Console.
  • createIDMTrustConfiguration
    [Run the alias on any single cluster node]
    Manually creates CA Identity Manager Web-Services object for CA Identity Portal Connector. Run this command only when it fails to run automatically during deployment.
  • dbutil
    Serves as a wrapper for CA Identity Governance
    dbutil
    utility. Normally, there is no need to invoke it manually as it is called by the
    populateIgDatabase
    command.
  • deleteIDMJMSqueue
    Deletes the CA Identity Manager JMS queue (/opt/CA/wildfly-idm/standalone/data/*).
  • DisableIdmAuthFilterSecurity
    /
    EnableIdmAuthFilterSecurity
    Disables or enables CA Identity Manager Management Console Security.
  • DisableIdmMgmtConsoleSecurity
    /
    EnableIdmMgmtConsoleSecurity
    Disables or enables CA Identity Manager User Console Authentication Filter Security.
  • eurekify-universemigration
    Export or import a CA Identity Governance universe from this solution.
  • import_wildfly_ssl_certificates
    Imports SSL certificates from all Wildfly-based products (CA Identity Manager, CA Identity Governance, CA Identity Portal) on all Virtual Appliance nodes to local Java key store. The SSL certificates are available at /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates.
  • install_vmware_tools
    Installs VMware tools from a mounted CDROM drive containing a VMware tools installation media or from an ISO file (supplied as an argument on the command line).
    To uninstall VMware tools, run:
    install_vmware_tools -u
  • listSSLCert
    Prints the SHA1 fingerprint of an SSL certificate that is retrieved from a remote server.
    • Usage for port 443: listSSLCert <Host name>
    • Usage for other ports: listSSLCert <Host name>:<Port
  • measure_io_performance
    Runs a disk throughput measurement test. This is identical to the prerequisite test executed the first time a Virtual Appliance node is installed and configured from the CLI.
  • MountNetworkShares
    Mounts network shares that are defined in /opt/CA/VirtualAppliance/custom/mounts.
  • patch_vapp
    Installs the Virtual Appliance patch file (supplied as an argument on the command line).This command can be used to install all patch types (Example: Hotfixes, Cumulative Patches, Service Packs). This is the only supported option to patch or upgrade a system.
  • patch_vapp_via_cdrom
    Installs the Virtual Appliance patch file from a CD-ROM attached to the virtual machine
  • populateIgDatabase
    Runs during the deployment and upgrade operations and normally there is no need to invoke it manually. This command populates the CA Identity Governance database with the default tables that are required by the application.A valid use case to run this command is when a customer wants to "reset" CA Identity Governance database by dropping and re-creating the databases/schemas, and wants to avoid re-deploying the solution.
  • pwdtools
    Runs the CA Identity Manager Password tools (normally, required when performing integration with CA Single Sign-On). Use this command to encrypt passwords that need to be stored in the
    ra.xml
    configuration file.
  • reconfigure_ig
    Recreate the file-system configuration of CA Identity Governance.
  • reconfigure_im
    Recreate the file-system configuration of CA Identity Manager.
  • reconfigure_ip
    Recreate the file-system configuration of CA Identity Portal.
  • RegisterExternalConnectorServer
    Serves as a command-line substitute for the "Register Connector Server" functionality on the web-ui → External Tools page.
    Normally, there is no need to execute this command.
  • registerJavaConnectors
    Normally, there is no need to run this command.
    This command registers or re-registers Java Connector servers to the Provisioning Directory based on the latest Metadata in the locally installed Connector Server product (or the Connector Server install image, as fallback).
  • remove_failed_node_ssh_fingerprint
    Specifies circumstances where a Virtual Appliance node that crashed beyond recovery was replaced with another one having the same IP addresses.
  • removeJBossDatasource
    Removes a defined custom data source that is referenced as an argument pointing to a property file at ”/opt/CA/VirtualAppliance/custom/<APP>/ dataSources” across all nodes running either the CA Identity Portal or CA Identity Manager applications.
  • remove_service
    Removes a service from the file system.
  • repair_service
    Resets the file system part of a given service to factory defaults.
    WARNING
    : This command should only be used in extreme conditions of disk corruption leading to inability to start a service. You must take a backup of the custom content and configurations for the given service before executing this command.
    Note
    : In a system that is upgraded from Virtual Appliance 14.0 to 14.1 where a master password was never configured, after repairing CA Identity Portal, the services have "
    CAIMAG1
    " as their default administrator password. This password can be changed after the repair sequence.
  • resetInternalDB
    Resets the embedded (Oracle 11g Express) database state. It deletes all CA Identity Manager, CA Identity Portal, and CA Identity Governance environment data and configurations, while restoring them to the “clean” Virtual Appliance state.
  • resetVappServiceAccountPassword
    Allows resetting the password for the Virtual Appliance service account (named: "vapp-service") on the Provisioning Directory. Use this command only when the customer disabled the account or changed its password, or in case the password for the account has expired.
  • reset_vapp_to_factory_defaults
    Remove all data of previous deployments from the file-system.
  • resizeDisk
    Allows resizing the file-system size on the "/" volume after the Virtual Disk that is assigned to the Virtual Appliance Virtual Machine has been expanded in the host Virtualization platform.
    Example:
    VMware ESX
    The expansion operation in the host Virtualization platform typically requires shutting down the guest Virtual Machine.
  • restart_ig
    Restarts CA Identity Governance application.
  • restart_jcs
    Restarts the Connector Server.
  • restart_rs
    Restarts Report Server application.
  • restart_im
    Restarts CA Identity Manager application.
  • restart_ip
    Restarts CA Identity Portal application.
  • restart_oracle
    Restarts the internal Oracle 11g Express database (if deployed).
  • restart_ps
    Restarts the Provisioning Server.
  • rollback_vapp
    Rolls back a previously installed patch.
  • s
    Performs a solution health status check and displays the console-based output.
    Note:
    The output is immediately set as the login banner.
  • setEntropyWatermark
    Sets the watermark value of the Linux random-number generator (RNGD). The default is 3000.
  • selectTimeZone
    Allows configuring the server time-zone.
  • set_log_level_cs
    Sets the application log level of the JCS.
  • set_log_level_ig
    Sets the application log level of CA Identity Governance.
  • set_log_level_ip
    Sets the application log level of CA Identity Portal.
  • setPublicIp
    Applicable to the Virtual Appliance instances deployed on AWS or Azure.
    This command attempts to determine the public IP address of the node. It is used in the Web-UI dashboard which exposes links to the applications.
  • setTimeAndDate
    Allows configuring the server date and time.
  • setVappUserPassword
    Sets the Virtual Appliance user password (normally the "config" user).
    This is equivalent to running the "passwd" command.
  • set_vApp_webui_session_timeout
    Displays or configures the session inactivity timeout (in minutes) for the Virtual Appliance Admin UI (listening on port 10443).
  • start_dxserver
    Starts all CA Directory DSAs.
    Note:
    If all CA Directory DSAs are started, the monitor will not display per-DSA status. Instead, it will display "[OK] All DSAs are started".
  • start_ig
    Starts CA Identity Governance application.
  • start_im
    Starts CA Identity Manager application.
  • start_ip
    Starts CA Identity Portal application.
  • start_jcs
    Starts the Connector Server.
  • start_oracle
    Starts the internal Oracle 11g Express database (if deployed).
  • start_ps
    Starts the Provisioning Server.
  • stopDeploymentProcess
    Stops an ongoing deployment process.
    This command needs to be invoked on the node from whose web-ui the current deployment operation started. This command should only be executed in extreme conditions where a deployment operation is halted and does not finish.
  • stop_dxserver
    Stops all CA Directory DSAs.
  • stop_ig
    Stops CA Identity Governance application.
  • stop_im
    Stops CA Identity Manager application.
  • stop_ip
    Stops CA Identity Portal application.
  • stop_jcs
    Stops the Connector Server.
  • stop_oracle
    Stops the internal Oracle 11g Express database (if deployed).
  • stop_ps
    Stops the Provisioning Server.
  • swapManager
    Adds extra swap volume in Virtual Appliance. This alias enables the following functionalities:
    • Adds a separate disk as swap space to the system.
    • Removes the added disk from the server swap space.
    Note:
    The disk must not be a partition, a logical volume, or a member of the system volume group.
  • sync_vapp_custom_content
    [Run the alias on any single cluster node]
    Synchronizes content across all nodes for custom content under
    /opt/CA/VirtualAppliance/custom
    directory.
  • tail_cs_log
    Monitors the Connector Server log.
  • tail_ig_log
    Monitors CA Identity Governance application log.
  • tail_im_log
    Monitors CA Identity Manager application log.
  • tail_ip_log
    Monitors CA Identity Portal application log.
  • tail_ps_log
    Monitors the Provisioning Server log.
  • tdl
    Monitors the Virtual Appliance deployment log.
  • tvl
    Monitors the Virtual Appliance main log.
  • tvcl
    Monitors the Central Logging log.
  • twl
    Monitors the Virtual Appliance web server log.
  • updateManager
    Provides Amazon Web Services (AWS) security updates.
  • vapp_sync
    [Run the alias on any single cluster node]
    Synchronizes custom files of deployed applications, which are at /opt/CA/VirtualAppliance/custom/<application name>.
    This command is required in the following cases where,
    • there are multiple nodes of the same application type in the solution (Example, CA Identity Manager)
    • the application nodes are not configured with a shared network location for storing common shared files.
    Note
    : This command performs in a uni-directional fashion, overwriting files on remote nodes with files from the current node (from where the command has been executed).
  • vAppUserPortalShowAllServices
    Disables or enables a flag which controls whether a system with CA Identity Portal installed will show only Identity in the User Portal web-ui (the default behavior) or shows CA Identity Portal and also other installed products (if applicable) - CA Identity Manager and CA Identity Governance.
  • vcl / view_vapp_central_log
    Lets you view the Central Logging log.
  • vdl
    Lets you view the Virtual Appliance deployment log.
  • view_cs_log
    Lets you view the Connector Server log.
  • view_ig_log
    Lets you view the CA Identity Governance application log.
  • view_im_log
    Lets you view the CA Identity Manager application log.
  • view_ip_log
    Lets you view the CA Identity Portal application log.
  • view_ps_log
    Lets you view the Provisioning Server log.
  • vvl
    Lets you view the Virtual Appliance main log.
  • vwl
    Lets you view the Virtual Appliance web server log.
  • wildfly-ssh-keymgr
    Manage SSH key-pairs under the ownership of user
    wildfly
    for purposes of automated execution of code on a remote server.
Available Privileged Commands (sudo)
The config user can execute the following commands as user dsa or imps with elevated privileges using "sudo" (by prefixing them with the "sudo" command):
  • halt
  • shutdown
  • reboot
  • All init scripts in /etc/init.d/
  • /opt/CA/wildfly-portal/bin/add-user.sh
  • /opt/CA/wildfly-idm/bin/add-user.sh
  • /opt/CA/wildfly-ig/bin/add-user.sh
  • date
  • mount
  • umount
  • ps
  • netstat
  • service
  • net-snmp-create-v3-user
  • sysctl
    For custom changes to persist, ensure that you add the custom configurations after the CA Technologies - END marker in the
    /etc/sysctl.conf
    file.
  • chkconfig
  • route
  • ethtool
  • iptables
  • iptables-save / iptables-restor
  • top
  • killall
  • kill
  • traceroute
  • ntpdate
  • ntpq
  • loadkeys
    Usage: To change the keyboard layout on the CLI console, run the loadkeys command followed by the language code (Example: us, fr, de, it).