Set up the idsd daemon on an HCL Informix® server
to enable starting a server in a high-availability cluster or adding
a shared disk secondary (SDS) server.
Prerequisite: You need root
privileges on the Informix server
for this procedure.
To use the HCL OpenAdmin Tool (OAT) for Informix for
remote administration tasks including starting a server in a high-availability
cluster, or adding a secondary server, install and configure the following
daemons on the Informix server:
- An Internet service daemon such as the xinetd or inetd internet
daemons for UNIX and Linux.
- idsd, a daemon process that allows OAT to
start a remote Informix server.
The daemon resides on the same host as the Informix server,
and must be located in a directory accessible to user informix.
The idsd daemon is invoked through the xinetd or inetd daemons.
Important: You cannot use the remote
administration features on Windows or
MAC OS.
To configure an internet daemon and the idsd daemon:
- Ensure that the idsd daemon is installed with Informix, in
the $INFORMIXDIR/bin directory. Ensure that the owner and group are informix, and that
the permissions are 0754:
For example:
[informix@myhost]/usr/informix/bin% ls -la idsd
-rwxr-xr-- 1 informix informix 23717 Oct 15 16:34 idsd
- On the server, set up encryption for the connection. For Informix 11.70,
use the GSKCmd tool that is available as a part of IBM® JRE
1.6 or later. For earlier Informix versions,
use the GSKCmd tool that is included in the IBM Global
Security Kit (GSKit).
- Create a key database using the following GSKCmd command-line
parameters for your platform:
command -keydb -create -db keydb_name.kdb -pw password -type cms -stash
For
example: gsk8cmd -keydb -create -db mydb.kdb -pw mypassw0rd -type cms -stash
- Create a self-signed certificate using the following
GSKCmd command-line parameters:
command -cert -create -db keydb_name.kdb -pw password -label label_text
-dn distinguished name
-size <1024 | 512 | 2048> -default_cert yes
Where: distinguished
name is an X.500 distinguished name. The distinguished
name is a quoted string with the following format: CN=common
name (required), O=organization, OU=organization
unit, L=location, ST=state or
province, C=country. For example:
gsk8cmd -cert -create -db mydb.kdb -pw mypassw0rd -label mycertificatelabel
-dn "CN=lenexa.ibm.com,O=ibm,OU=IBM HTTP Server,ST=KS,C=US"
-size 1024 -default_cert yes
- Open the xinetd or inetd configuration file
for editing, and add a service entry for the idsd daemon.
Important: If the GSKIT_VERSION configuration
parameter is set to a nondefault version of IBM Global
Security Kit,
add the -g NUMBER server program
argument to the xinetd or inetd service entry to specify
the IBM Global
Security Kit version.
- For the xinetd server daemon: /etc/xinetd.conf.
service idsd
{
disable = no
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/informix/bin/idsd
server_args = -l /usr/informix/idsd.log
-k /usr/informix/idsd -n idsd_label
}
- For the inetd server daemon on UNIX: /etc/inetd.conf:
idsd stream tcp nowait root /usr/informix/bin/idsd idsd
-l /usr/informix/idsd.log -k /usr/informix/idsd -n idsd_label
- Open the file /etc/services for editing
and add a service named idsd. For example:
idsd 10000/tcp
In
this example, port number 10000 is used, but you can use any other
port greater than 1024 that is not already in use. However, the name
must be idsd, and the protocol must be tcp.
- Restart the xinetd or inetd service daemons. In most implementations, you can restart by sending the SIGHUP
signal to the running inetd or xinetd process. However,
on some Linux platforms, you
can run the following command as root:
service xinetd restart