You can use the Policy Agent to automatically start, stop,
and monitor a set of related applications. Policy Agent starts the
applications and monitors them to ensure that they remain active.
Before you begin
If Policy Agent determines that any applications have not
started or have stopped, it continues to try to start or restart the
applications, up to a configurable retry limit within a configurable
retry period.
Requirement: To automatically
monitor applications, you must start Policy Agent with a user ID that
has superuser authority UID(0). For sample RACF® commands, see the EZARACF member of SEZAINST.
Procedure
To configure the Policy Agent for automatic monitoring,
perform the following steps:
- Decide what applications you want to monitor. You
can use the Policy Agent to monitor any or all of the following applications:
- Defense Manager daemon (DMD)
- Internet Key Exchange daemon (IKED)
- Network security services daemon (NSSD)
- Syslog daemon (SYSLOGD)
- Traffic Regulation Management daemon (TRMD)
Determine which of these applications you currently use,
or want to start using, in your environment, and for each application,
determine whether you want the Policy Agent to start, stop, and monitor
the application.
Requirements: - To start the application, you must use a cataloged procedure that
accepts a number of variables that are provided by the Policy Agent.
A sample procedure is included in SEZAINST(EZAPOLPR).
- If you want to manually start, restart, or stop the application,
you must use MODIFY commands that are directed to the Policy Agent.
If you issue the commands directly to the application itself, Policy
Agent is not aware of the action and the monitoring logic will probably
not produce the expected results.
Results: - If you start the Policy Agent after you have already started an
application to be monitored, Policy Agent starts monitoring the application
if it was originally started with the same job name that is configured
to the Policy Agent. If the application needs to be restarted later,
it is restarted using the cataloged procedure configured to the Policy
Agent. This might not be the same procedure that was originally used
to start the application.
- If you start the Policy Agent after you have already started an
application to be monitored, but the application does not use the
same job name that is configured to the Policy Agent, then the Policy
Agent is not able to detect that the application is active. The Policy
Agent will try to start another instance of the application, which
is likely to fail.
Tip: If you configure applications to be
monitored by the Policy Agent, ensure those applications are not running
before starting the Policy Agent. However, you probably want to start
syslogd before starting the Policy Agent, so you should ensure that
Policy Agent is configured with the correct syslogd job name.
- Configure the applications that you want to monitor using
the AutoMonitorApps statement. You can configure applications
that you want to monitor that are or are not associated with a particular
TCP/IP stack. You can specify the cataloged procedure used to start
each application, the job name for the application, and other application-specific
parameters on the AutoMonitorApps statement.
Perform the following
steps to configure the applications that you want to monitor:
- Specify the AutoMonitorApps statement in the main Policy Agent
configuration file.
- Use the AppName parameter to specify each application that is
not associated with a particular TCP/IP stack. All supported applications
except TRMD fall into this category.
- Use the TcpImageName and AppName parameters to specify each application
that is associated with a particular TCP/IP stack. TRMD is the only
application that falls into this category.
- Use the ProcName parameter for each AppName parameter on the AutoMonitorApps
statement to specify the cataloged procedure that is used to start
each application. Because all key data is passed to the procedure
as variables, you can use a single procedure for all configured applications.
You can also use a unique procedure for one or more applications.
- Use the Jobname parameter for each AppName parameter on the AutoMonitorApps
statement to specify the job name for each application.
- Use the StartParms parameter for each AppName parameter on the
AutoMonitorApps statement to specify start parameters for each application.
- Use one or more EnvVar parameters for each AppName parameter on
the AutoMonitorApps statement to specify application-specific parameters,
such as time zone or configuration file name. You can specify any
or all environment variables that are accepted by the specific application.
The following example shows the AutoMonitorApps statement:
AutoMonitorApps
{
AppName IKED
{
Procname POLPROC
}
AppName TRMD
{
TcpImageName TCPIP1
{
Procname POLPROC
Jobname TRMD1
}
TcpImageName TCPIP3
{
Procname POLPROC
Jobname TRMD3
}
}
}
This example shows how to specify parameters for two
types of applications:
- An application without stack affinity, meaning that a single copy
of the application runs regardless of how many TCP/IP stacks are running.
This example uses IKED as such an application.
- An application with stack affinity, meaning that one instance
of the application runs on each TCP/IP stack. This example uses TRMD
as such an application.
- Configure global monitoring parameters using the AutoMonitorParms
statement. Use the AutoMonitorParms statement in the main
Policy Agent configuration file to specify global monitoring parameters,
such as the monitor time interval and retry limits.
- Use the MonitorInterval parameter to specify the monitor interval
in seconds.
- Use the RetryLimitCount and RetryLimitPeriod parameters to specify
how many times within a given time period Policy Agent should try
to start or restart an application. If the application fails to successfully
start or restart after the retry limit has been reached, Policy Agent
stops trying until the application is manually started using the MODIFY procname,MON,START,application command.