IBM Support

IBM Security Guardium GIM install succeeds but Supervisor is not running on server using /etc/inittab

Troubleshooting


Problem

I have installed Guardium Bundle GIM on my database server that uses /etc/inittab as the startup mechanism. The installation says it has succeeded and the GIM process is running, but the Supervisor process is not running. The problem is caused by interaction with perl and the environment variables used by inittab.

Symptom

After install of bundle GIM on servers using /etc/inittab (for example AIX, rhel5), GIM process is running but Supervisor process is not. The Supervisor process can be run manually from the command line as root user.

Cause

Correct functioning of 'init q' command on servers with /etc/inittab as the startup mechanism is a requirement for GIM to install and run. Any problem that prevents this can cause GIM or Supervisor not to run. 'Init q' command should be able to start processes defined in /etc/inittab.
In some cases processes (e.g. GIM or Supervisor) can start when running on the command line as the root user, but not in /etc/inittab with init q. This indicates the cause is a difference between environments for root user and inittab. This could be due to:
  • When a process is started from inittab, its environment variables are set in /etc/environment. If there is a setting in the root user profile that is required, they will not get passed from inittab to the process. PATH, LIBPATH and PERL5LIB are some that might be different.
  • The default (hard coded) limits are in effect for for inittab started processes. From the command line as root user, the limits from /etc/security/limits are in effect.
One inittab problem is described in more detail in this technote. It relates to the PATH environment variable set in the /etc/environment used by inittab. If these are set differently than the root user it can cause Supervisor not to run.

Environment

Database servers that use /etc/inittab as the startup mechanism. See the full list here:

Diagnosing The Problem

Diagnose the basic symptom
  1. Run bundle GIM shell installer, which says the installation was successful
  2. ps -ef | grep gim shows that gim_client.pl process is running
  3. ps -ef | grep supervisor shows that guard_supervisor process is not running
  4. There is a line for both gim and gsvr in /etc/inittab e.g
    • gim:2345:respawn:/usr/bin/perl /usr/local/guardium/modules/GIM/10.6.0.4_r108055_1-1602755227/gim_client.pl
    • gsvr:2345:respawn:/usr/bin/perl /local/guardium/modules/SUPERVISOR/10.6.0.4_r108055_1-1602755308/guard_supervisor
  5. Running 'init q' on the server does not start the guard_supervisor process
  6. Running the guard_supervisor process manually as root on the command line, for example with command below, works and supervisor process is running.
    • /usr/bin/perl /usr/install/guardium/modules/SUPERVISOR/current/guard_supervisor &
Diagnose issues with environment variables
If Supervisor process can start as root user (step 6), but not from inittab (step 5), there is likely a difference between environment variables of root user and inittab.
  1. Check the root user environment variables, logged in as root user run for example:
    • env > /var/tmp/root_env.txt
  2. Check the inittab environment variables.
    • Create a script using appropriate shell for your environment, for example: 
      • #!/bin/bash
env > /var/tmp/init_env.txt
      • Add the script to /etc/inittab, for example:
      • gtest:2345:respawn:/bin/bash /var/tmp/test.sh
      • run 'init q'
  3. Compare root_env.txt file to init_env.txt file. There is likely to be some difference. Specifically check for PATH variable.

Resolving The Problem

If Supervisor process can start as root user, but not from inittab, then matching the inittab environment to the root one should allow Supervisor to run.
Inittab environment is controlled in /etc/environment file. Edit this file to ensure that the same variables as root user are set.
For example if /var/tmp/root_env.txt shows:
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java5/jre/bin:/usr/java5/bin
And /var/tmp/init_env.txt shows:
PATH=/usr/wrong:/etc/wrong
Then /etc/environment file should be changed so it contains:
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java5/jre/bin:/usr/java5/bin
Above is a clear example of how the /etc/environment could be wrong, in real environment the issue may be more subtle, like a syntax error in the file.
After making required changes run 'init q', confirm using steps to diagnose above, then uninstall and reinstall GIM bundle.
IMPORTANT NOTE - Any changes to OS level settings must be approved by OS admins and OS vendor support if required. OS admins are best placed to understand possible issues with changing the OS config. Guardium support does not recommend changing OS settings without input from OS admin.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0TAAS","label":"GIM"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
29 January 2021

UID

ibm16409524

Page Feedback