Some environments require the use PAM (LDAP) based service accounts with predefined naming standards for software ownership (files and directories). Local server built-in accounts and groups are not allowed.

"dsa" and "etrdir" that are created by the installer are not acceptable. This document provides a way for the cluster setup tool to be used by a user other than the default dsa/etrdir accounts.

Install EEM on both primary and secondary. Change the file ownership from "dsa" to 'newuser' for all the CADirectory files, in order to follow infrastructure requirements. Configured the cluster setup using eiam-clustersetup.jar, appears to run successfully.  However, the service status returned "stopped" in the clustersetup.jar prompt 

# java -jar eiam-clustersetup.jar -p XXXXXXX
03/06/2021 9:38:34 AM IclUtil itechLibInit
INFO: iTechSDK initialized successfully
INFO  - EIAM_HOME [/opt/CA/SharedComponents/EmbeddedEntitlementsManager/]
INFO  - IGW_LOC [/opt/CA/SharedComponents/iTechnology/]
INFO  - DXHOME [/opt/CA/SharedComponents/CADirectory/dxserver/]
INFO  - Hostname identified as [eemserver1.example.com]
EiamAdmin password :
INFO  - Checking server status
INFO  - igateway status      [stopped]
INFO  - dxserver status      [stopped]
======

The secondary EEM portal logon using EiamAdmin returns an error.

Do a manual sync between the EEM servers by:  Stop secondary EEM server,  Copy itechpoz.db file from primary to secondary, Delete the itechpoz.tx file. Restart dxserver and igateway processes.

The secondary should now be functional and allow to login using EiamAdmin. Service status in the clustersetup.jar should work fine too now. 

But, the config files ownership is overwritten by 'dsa' user if we run the DELTA/FULL sync using eiam-clustersetup.jar 

1) Change dxuser and dx group in response.properties file located in $EIAM_HOME to a custom user / group names.  Save the file and then redo eiam-clustersetup

DXUSER=dsa
DXGROUP=etrdir

2) Testing after the above change is made: 

[root@eemserver2 bin]# java -jar eiam-clustersetup.jar -p eemserver1.example.com
Jul 16, 2021 2:24:13 AM IclUtil itechLibInit
INFO: iTechSDK initialized successfully
INFO  - EIAM_HOME [/opt/CA/SharedComponents/EmbeddedEntitlementsManager/]
INFO  - IGW_LOC [/opt/CA/SharedComponents/iTechnology/]
INFO  - DXHOME [/opt/CA/Directory/dxserver/]
INFO  - Hostname identified as [eemserver2.example.com]
EiamAdmin password :
INFO  - Checking server status
INFO  - igateway status      [started]
INFO  - dxserver status      [started]

Are you sure you want to continue? [Y/N]:y
[eemserver2.example.com]>list
-------------------------------------------------------
INFO  - Summary
=======================================================
INFO  - Listing failover nodes for server
-------------------------------------------------------
INFO  - Hostname:Dsa Port

-------------------------------------------------------
INFO  - eemserver2.example.com(*):509

-------------------------------------------------------
[eemserver2.example.com]>sync
=======================================================
INFO  - Select current machine hostname
=======================================================
INFO  -    [1] eemserver1.example.com:509
INFO  -    [2] eemserver2.example.com:509
Select Hostname from [1 - 2] : 2
INFO  - Synchronization level
INFO  -    [1] [NEW] secondary node is being added first time
INFO  -    [2] [DELTA] secondary node is being synced to update configurations
Select Synchronization mode from [1 - 2] : 1
=======================================================
INFO  - Syncing with primary server
-------------------------------------------------------
Primary server                 Secondary server
-------------------------------------------------------
eemserver1.example.com eemserver2.example.com
-------------------------------------------------------
INFO  - Re-configuring of server may lead to loss of data, it is advised to perform a backup of configuration and data store.
Are you sure you want to continue? [Y/N]:y
INFO  - Stopping dxserver service
INFO  - Stopping igateway service
INFO  - Configuring the knowledge group file
INFO  - ----------------------------------------------------
INFO  - The knowledge group file iTechPoz.dxg resides in the directory: /opt/CA/Directory/dxserver//config/knowledge/itechpoz.dxg
INFO  -
INFO  - Node was removed successfully
INFO  - Fetching configuration from eemserver1.example.com
INFO  - Adding self node [eemserver2.example.com]
INFO  - Generating:  : /opt/CA/SharedComponents/iTechnology/iAuthority.conf
INFO  - Generating:  : /opt/CA/SharedComponents/iTechnology/iControl.conf
INFO  - Generating:  : /opt/CA/SharedComponents/iTechnology/rootcert.cer
INFO  - Generating:  : /opt/CA/SharedComponents/iTechnology/rootcert.key
INFO  -
INFO  -
INFO  - Generating certificate for host : eemserver1.example.com
INFO  -
INFO  -
INFO  - Generating file : /opt/CA/Directory/dxserver/config/ssld/itechpoz-trusted.pem
INFO  -
INFO  - Adding failover node [eemserver1.example.com]
INFO  - Generating:  : /opt/CA/SharedComponents/iTechnology/iControl.conf
INFO  - Configuring DSA itechpoz for host eemserver2.example.com
INFO  - Configuring the itechpoz knowledge file
INFO  - ----------------------------------------------------
INFO  - The itechpoz knowledge file /opt/CA/Directory/dxserver//config/knowledge/itechpoz.dxc.dxc  resides in the directory: {2}
INFO  - Writing the itechpoz knowledge file
INFO  -
INFO  - Configuring DSA itechpoz-eemserver1.example.com for host eemserver1.example.com
INFO  - Configuring the itechpoz-eemserver1.example.com knowledge file
INFO  - ----------------------------------------------------
INFO  - The itechpoz-eemserver1.example.com knowledge file /opt/CA/Directory/dxserver//config/knowledge/itechpoz-eemserver1.example.com.dxc.dxc  resides in the directory: {2}
INFO  - Writing the itechpoz-eemserver1.example.com knowledge file
INFO  -
INFO  - Configuring the knowledge group file
INFO  - ----------------------------------------------------
INFO  - The knowledge group file iTechPoz.dxg resides in the directory: /opt/CA/Directory/dxserver//config/knowledge/itechpoz.dxg
INFO  -
INFO  - Configuring the settings file
INFO  - ----------------------------------------------------
INFO  - /opt/CA/Directory/dxserver//config/settings/itechpoz.dxc
INFO  -
INFO  - Clearing secondary server dsa-db
INFO  - Starting dxserver service
INFO  - Starting igateway service
INFO  - Run [status] to get server details.
[eemserver2.example.com]>status
INFO  - Checking server status
INFO  - igateway status      [started]
INFO  - dxserver status      [started]

3) No errors noted after the above, now verify the ownership of the config files created by the above tool:

/opt/CA/Directory/dxserver/config/knowledge
[root@eem-server  knowledge]# ls -l
total 20
-rw-rw-r-- 1 customuser customgroup  608 Jul 16 02:25 itechpoz.dxc
-rw-rw-r-- 1 customuser customgroup  165 Jul 16 02:25 itechpoz.dxg
-rw-r--r-- 1 customuser customgroup  638 Jul 16 02:25 itechpoz-eemserver1.example.com.dxc
-rw-r----- 1 customuser customgroup 5242 Apr 18  2018 knowledge.help