Inter Process Communication with Unix Operating System – How Peoplesoft Uses them?

First of all, I am going to tell you something about IPC System on Unix Operating System and how it is related managing a Peoplesoft based environment.

I took this topic first since PeopleSoft uses this for the application server and Process Scheduler server level; we need to know IPC System to understand how these PeopleSoft server processes work. We normally face issues related to this during our real-time supporting a Peoplesoft environment. A process, in Unix perspective, is a running program, created by the fork() system call. That’s all.

We can say, processes are created by ‘forking’.  Forking means a new process is getting created.  Obviously it also means we have a parent process to create a child process.  So, there exists a process, a running program in Unix system, which creates a sub-process. These two are parent and child processes.

I am trying to explain the Unix IPC System with relate to Peoplesoft server components.
Peoplesoft Application Server has many processes. You will be knowing almost all of them, for example:
BBL, PSAPPSRV, PSSAMSRV, PSQRYSRV, PSQCKSRV, JSL, WSL, Integration Broker server processes etc.
Peoplesoft Application Server is said to be the core of Peoplesoft Internet Architecture (PIA).  It has two components; Peoplesoft services and Peoplesoft server processes.

The Peoplesoft server processes needs to communicate among themselves using IPC System on the Unix Operating System.
That’s why, understanding IPC System in Unix, is one of the important items to be familiar with. Basically, Unix processes communicate using socket. Some of the important IPC Sockets are (We are talking about System V IPC here):

Shared Memory
Message Queues
Semaphores
Named Pipes etc

Problem Situation:
Whenever booting Peoplesoft Server processes, if it complains that already “Server Exists”, most likely, there are some IPC resources not cleanly closed. In that case, it is better to lost down all the “ipcs”, and then using these Peoplesoft Shell scripts.
Peoplesoft provides a shell script for handling IPC in Unix Operating System.

The script is called “ipcrmall.sh”. This script needs to be run as below:
cd $PS_HOME
. ./psconfig.sh
cd appserv
./ipcrmall.sh psoft psoftgrp
Here ‘psoft’ is user account that peoplesoft runs. ‘psoftgrp’ is group name.

IMPORTANT Note:

Here I assume the following:  You have only ONE Peoplesoft domain running using “psoft” account. For multiple domains running on the same user account (which is not a good practice!), you need to follow different approach for multiple domains (I will tell you later about this!) After we run this command, there is a new shell script getting created “killipc.sh”,you need ro run this script to remove the IPC that peoplesoft uses.
If you open “ipcrmall.sh” shell script, you can very easily understand, following three commands are useful:
“ipcs -m” – Lists all the Shared Memory in the System
“ipcs -s”  -  Lists all the Semaphores in the System
“ipcs -q”  – Lists all the Message Queues in the System

Tuxedo uses these three IPC mechanisms for inter-process communication.

Perils of DataMover Access – Part 1

Did you know that users connected to DataMover will have database access similar to access id?

What does this mean for you in a Production Environment? This can be really scary if you do not have security in place to ensure that DataMover access is restricted and controlled. Use the below SQL to determine who has access to DataMover, through which permission list and role.

SELECT DISTINCT A.CLASSID, B.ROLENAME, C.ROLEUSER
FROM PSAUTHITEM A, PSROLECLASS B, PSROLEUSER C, PSOPRDEFN D
WHERE A.CLASSID = B.CLASSID
AND B.ROLENAME = C.ROLENAME
AND A.MENUNAME = ‘DATA_MOVER’
AND D.OPRID = C.ROLEUSER
AND D.ACCTLOCK = 0

Ensure that the above SQL does not fetch any surprises.

What can a user with access to Datamover do?

As we see above, the user can create an Oracle user and grant DBA role to that user. And this is just one example of the access that is available to that OPRID after logging on to Datamover. Basically all access available to access id is now available to the OPRID.

Summary:
1. Ensure that only authorized OPRID’s have access to DataMover security in PeopleSoft
2. Audit changes to PSAUTHITEM
3. Control privileges granted to access id. Do not go overboard and assign DBA role to the access id.

Next Steps:
In Part 2, I will provide some tips on auditing online security to ensure that any online changes to DataMover access are audited.
In Part 3, I will cover tips for DataMover security in non-production environment and conclude the post on ‘Perils of DataMover Access’.

My journey – From Web Development into the world of Unix and PeopleSoft!

Long long ago, I started my software career as a web developer who wrote coding on Perl CGI and running them using Apache….. Good or bad, I forgot most of the coding part now, except If I see part of the code, I am able differentiate whether this is a shell script or a perl script. And one more skill(really?) that, I developed was to understand the script based on the extension provided to the script or program whether that is a shell script, perl script or python script (.sh,.ksh,.csh,.pl,.py sometimes .bash)…

We were using a Linux distribution at that time (I hope it was Redhat 6.x or 7.x something), that was one more reason why I am talking always about perl, shell or python here..  All I want to say here is, I am not a developer and only a small potion of my life, I was associated with coding… thats all.

Believe me, I really do not know what was the ‘exact’ reason why I moved to Unix Administration after a short ‘webo’ experience… I believe there may be reasons, one of them was my engineering background (Chemical Engineering – dont ask me why I moved to computers, that is another good topic for research!), I got bored with coding work. Moving to unix, full time, was purely a decision taken by myself based on my personal liking.

I used HP_UX during my college days and was developed a huge interest with Unix at that time. Then I got Sun Certified (both System Admin and Network Admin for the Solaris 8 Operating Environment). I tried to become Redhat certified (and failed with 25% score, I didn’t retry again!). I did a lot of setup, configurations, etc on Solaris. After that I become certified in HP_UX with System Administration as well. Just after that, one more miracle happened, I moved to a new project as a Peoplesoft Administrator. This time, It was not my decision, a decison whether rational or irrational, I do not know, taken based on Organizational requirement ( Herbert Simon may call it as “Organizationally rational decision” in his Decision-making model).  And I still continue doing Unix, Peoplesoft and some more bunch of software support.

Nobody is an expert in any areas, especially if you take Unix and Peoplesoft, they are like Ocean, but there is an end always on what we know. We need constant updates from Industry about latest progress, new releases, etc. Some of the operating systems that Peoplesoft runs are Sun Solaris OE (Version 10 being latest), IBM AIX 5L, HP_UX 11i and Microsoft’s OS’s. I worked mostly on Sun Solaris, IBM AIX and HP_UX during my career till now, along with PeopleSoft Infrastructure involved, so most of my experiences that I am going to write here, will be related to this cluster of software.

If you provide Peoplesoft infrastructure support and you want to be an expert, obviously two non-peoplesoft components that you should know well, the Operating System and the DBMS system. These are like two eyes for a PeopleSoft infrastructure support person, for one who provide either infrastructure support or architectural support for a Peoplesoft environment. In most of my blogs I will talk about Unix and PeopleSoft (I know only about this). I will write more on this on coming days on this blogs. Hope you will enjoy reading about them.