Running IBM Safer Payments as a service
Configure a script to run IBM® Safer Payments as a service on Red Hat® Enterprise Linux® 8 (RHEL 8).
Script:
[Unit]
Description=Safer Payments Service
After=network.target
[Service]
Type=simple
User=SPUser
ExecStart=/usr/bin/iris rootpath=/instancePath id=1
Restart=no
TimeoutSec=0
TimeoutStartSec=0
TimeoutStopSec=0
SendSIGKILL=no
KillSignal=SIGTERM
LimitNOFILE=32768
LimitNPROC=8192
LimitRTPRIO=20
[Install]
WantedBy=multi-user.target
To configure and use the script:
- Protect the password file. The script necessitates the use of a password file to store Secure Socket Layer (SSL) certificate passphrases. Storing readable passwords on disk is not compliant with Payment Card Industry Data Security Standard (PCI DSS) requirement 8.2.1. To use the script in a PCI DSS-compliant environment, implement measures to protect the password file.
- Store the script in /etc/systemd/system/iris.service.
- Replace SPUser in the script with the user name that runs IBM Safer Payments.
- Replace /instancePath in the script with the path to the instance configuration.
- If you use a Systemd service to stop and start IBM Safer
Payments, add the following lines in the
script. Changes to the limits.conf file have no effect on Systemd services.
Systemd launches applications as cgroup slices, which are not bound to the limitations of the
limits.conf
file.
LimitNOFILE=32768
LimitNPROC=8192
LimitRTPRIO=20
- Add the following lines, which are necessary for IBM Safer
Payments to properly shut down. A default
setting in the systemd script can kill the application after 90 seconds and prevent data from being
fully written to disk. The new lines override the default and prevent data loss, especially if
deferred writing is
used.
TimeoutStopSec=0
SendSIGKILL=no
KillSignal=SIGTERM
- To enable IBM Safer
Payments to run at
startup, enter:
systemctl enable iris.service
- To start IBM Safer
Payments,
enter:
systemctl start iris.service
- To stop IBM Safer
Payments, enter:
systemctl stop iris.service
- To query if IBM Safer
Payments is running,
enter:
systemctl status iris.service