PAM A2A / CSPM Client restart on reboot - init script- systemctl on Linux
search cancel

PAM A2A / CSPM Client restart on reboot - init script- systemctl on Linux

book

Article ID: 234057

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Client needs a method to manage the A2A  or CSPM Client as a service.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

The A2A client only comes with a basic init script that you can implement in any Unix/Linux.

Resolution

 Most modern Linux variants now support systemctl as a service manager. You can utilize the OS provided service tool to enable automatic restarts on reboots as well as if the service crashes it can be restarted automatically. 

The following steps are based on the default directory path for the installation so you may need to alter these to adjust for your installation.

1. create a service file with the following content

[root@XXXXX]# vi /etc/systemd/system/cspm.service 

   [Unit]
   Description=A2A / CSPM Client 
   After=network.target network-online.target

   [Service]
   Type=forking
   PIDFile=/opt/cloakware/cspmclient/var/pid_file
   Restart=always
   RestartSec=30
   User=root
   ExecStart=/opt/cloakware/cspmclient/bin/cspmclientd start
   ExecStop=/opt/cloakware/cspmclient/bin/cspmclientd stop
   SuccessExitStatus=143

   [Install]
   WantedBy=multi-user.target


   

2. enable the service

[root@XXXXX]# systemctl enable cspm.service

 

3. start the service

[root@XXXXX]# systemctl start cspm.service

 

4. Check the status of the service

[root@XXXXX]# systemctl status cspm.service

● cspm.service - Notify/A2A agent
     Loaded: loaded (/etc/systemd/system/cspm.service; enabled; vendor preset: disabled)
       Active: active (running) since Mon 2022-02-07 09:39:02 EST; 5h 57min ago
       Process: 28725 ExecStop=/opt/cloakware/cspmclient/bin/cspmclientd stop (code=exited, status=0/SUCCESS)
     Process: 28749 ExecStart=/opt/cloakware/cspmclient/bin/cspmclientd start (code=exited, status=0/SUCCESS)
     Main PID: 28752 (java)
           Tasks: 24
    CGroup: /system.slice/cspm.service
           └─28752 /opt/cloakware/cspmclient_thirdparty/java/bin/java -d64 -classpath /opt/cloakware/cspmclient/lib/cspmclient.jar:/opt/cloakware/cspmclient_thirdparty/jetty/lib/org.mortbay.jetty.jar:/opt/cloakware/cspmclient_thirdparty/jetty/lib/javax.servlet.jar:/opt/cloakware/cspmclient/lib/commons-logg...

Feb 07 09:38:57 XXXXXX systemd[1]: Starting Notify/A2A agent...
Feb 07 09:39:02 XXXXXX cspmclientd[28749]: Client Daemon 28752 started
Feb 07 09:39:02 XXXXXX systemd[1]: Started Notify/A2A agent.

 

5. stop the service

[root@XXXXX]# systemctl stop cspm.service

 

 

Additional important commands. A2A service is now managed by the OS . You cannot manually kill the service after this since the system may restart the service automatically (depending on the configuration defined in the cspm.service).

1. Disable the service

[root@XXXXX]# systemctl disable cspm.service

 

2. If you make a change to the cspm.service file you will need to update the systemctl database before using the commands

[root@XXXXX]# systemctl daemon-reload 

 

 

Note: You can also forcibly clear the A2A cache on restart (and reboot) by adding the following line under the [Service] section. This can be a benefit if you have any issues where the cache became corrupted for any reason. Please note there is is a startup deley that can occur if you are removing this file as A2A will need to re-register. Depending on your configuration this may not be necessary or can cause delays

[Service]

ExecStopPost=/usr/bin/rm -f /opt/cloakware/cspmclient/config/data/.cspmclient.dat