Running IBM Safer Payments as a service

Configure a script to run IBM® Safer Payments as a service on Red Hat® Enterprise Linux® 8 (RHEL 8).

Script:


[Unit]
Description=Safer Payments Service
After=network.target
[Service]
Type=simple
User=SPUser
ExecStart=/usr/bin/iris rootpath=/instancePath id=1
Restart=no
TimeoutSec=0
TimeoutStartSec=0
TimeoutStopSec=0
SendSIGKILL=no
KillSignal=SIGTERM
LimitNOFILE=32768
LimitNPROC=8192
LimitRTPRIO=20
[Install]
WantedBy=multi-user.target

To configure and use the script:

  1. Protect the password file. The script necessitates the use of a password file to store Secure Socket Layer (SSL) certificate passphrases. Storing readable passwords on disk is not compliant with Payment Card Industry Data Security Standard (PCI DSS) requirement 8.2.1. To use the script in a PCI DSS-compliant environment, implement measures to protect the password file.
  2. Store the script in /etc/systemd/system/iris.service.
  3. Replace SPUser in the script with the user name that runs IBM Safer Payments.
  4. Replace /instancePath in the script with the path to the instance configuration.
  5. If you use a Systemd service to stop and start IBM Safer Payments, add the following lines in the script. Changes to the limits.conf file have no effect on Systemd services. Systemd launches applications as cgroup slices, which are not bound to the limitations of the limits.conf file.

    LimitNOFILE=32768

    LimitNPROC=8192

    LimitRTPRIO=20

  6. Add the following lines, which are necessary for IBM Safer Payments to properly shut down. A default setting in the systemd script can kill the application after 90 seconds and prevent data from being fully written to disk. The new lines override the default and prevent data loss, especially if deferred writing is used.

    TimeoutStopSec=0

    SendSIGKILL=no

    KillSignal=SIGTERM

  7. To enable IBM Safer Payments to run at startup, enter:

    systemctl enable iris.service

  8. To start IBM Safer Payments, enter:

    systemctl start iris.service

  9. To stop IBM Safer Payments, enter:

    systemctl stop iris.service

  10. To query if IBM Safer Payments is running, enter:

    systemctl status iris.service