Administration commands

All administration commands for use by the siqadmin user are stored in the /home/siqadmin/bin/ directory.

These administration commands serve as resources that allow the siqadmin user to run specific commands or scripts that would otherwise require root authority. These general administration commands are currently available:
  • appstackcfg - AppStack configuration utility.
  • auditcfg - utility for configuring AppStack auditing.
  • bake - internally used.
  • bastioncfg - internally used.
  • bootstrap - command-line interface for provisioning, updating, and testing the server.
  • certcfg - certificate configuration utility.
  • change_atlas_password - utility for changing the atlas password.
  • change_audituser_password - utility for changing the audituser password.
  • change_cda_db_password - utility for changing the password for the CDA service database. Run this command at lease once after enabling the CDA service to overwrite the default password (Passw0rd!).
  • change_reportuser_password - utility for changing the reportuser password.
  • change_superadmin_password - utility for changing the superadmin password.
  • create_cda_service_user - internally used.
  • dbcheck - internally used.
  • fipscfg - FIPS configuration utility.
  • force_sync - command to trigger an immediate synchronization with the governance catalog.
  • ldapcfg - LDAP configuration utility.
  • netcfg - Network configuration utility.
  • pg_dumpall - internally used.
  • postgres_port_close - command to close the port for communication with the PostgreSQL instance.
  • postgres_port_open - command to close the port for communication with the PostgreSQL instance.
  • postupgrade - command for applying security updates as part of upgrading the AppStack.
  • psql - interactive interface for working with Postgres.
  • smtpcfg - command-line interface for setting up the SMTP account. For UI based changes, use the appstackcfg utility.
  • storediqapi - enable or disable the IBM® StoredIQ® APIs.
  • sync_ldap - command to trigger an immediate synchronization of user details in the IBM StoredIQ database with the directory server.
  • systemctl - command to manage services, for example, to start and stop the services or to query the status.
    The set of services that can be managed with the siqadmin account are defined in the /siqsec/siqadmin.syslst file. The default set consists of the appstack and vault services.
  • upgrade_appstack - internally used.
  • upload_report - utility for uploading custom report designs.
  • vault_check - utility for identifying and eventually fixing issues with the vault service.
  • vault_status - command to display the vault status.
Important: Run these commands as shown. Do not try to run them from the /siq/bin directory; this will result in an error. For example, instead of running /siq/bin/appstackcfg, simply run appstackcfg.

Additional administration commands

The following set of commands is available in addition to the general administration commands.

All edit commands listed here run the Linux sudoedit command to edit the respective system files. For detailed information about the sudoedit command, see the Linux man pages.

edit_etc_hosts
Edits the /etc/hosts system file.
edit_etc_resolv_conf
Edits the /etc/resolv.conf system file.
edit_etc_siq_gateway_yaml
Edits the /etc/siq/gateway.yaml system file.
edit_etc_siq_local_yaml
Edits the /etc/siq/local.yaml system file.
edit_etc_siq_oauth_conf
Edits the /etc/siq/oauth.conf system file.
edit_etc_siq_proxy_conf
Edits the /etc/siq/proxy.conf system file.
edit_etc_siq_report_conf
Edits the /etc/siq/report.conf system file.
siq_files_access
Changes the group ownership for the IBM StoredIQ log files and other IBM StoredIQ related files and directories to siqadmin and sets the permissions for these files and directories to read/write for the group.
By default, the group ownership is siqadmin for this set of files and directories:
  • /siq/env/tomcat
  • /siq/env/websphere-liberty/usr/servers/ediscovery_connector/etc/atlas_setup.properties
  • /var/bootstrap
  • /var/siq/download
  • /var/siq/log

Because the siqadmin user is a member of the siqadmin group, this user is granted read and write access to these files.

By default, this command is run each time you log in as siqadmin user to make sure the appropriate permissions are set for any new files that were created in the listed directories and that do not have the required access permissions for group siqadmin set initially. However, you can run this command manually at any time if required.

If the siqadmin user needs access to additional files, the default set of files and directories can be extended by the root administrator. For more information, see Administration files.

vault_check
Runs the vault check tool (/siqsec/bin/vaultCheck.sh) for troubleshooting the vault service.

The tool helps you identify and eventually fix issues with the vault service. It checks whether the vault is functional and its data is consistent; it provides a detailed summary including a list of the detected problems and provides instructions for fixing those problems. The output of the tool can be used for debugging and analysis and also contributes to the information that you must gather before contacting IBM Support.

vault_status
Runs the vault status tool (/siqsec/bin/vaultStatus.sh)

Extending the set of administration commands

As siqadmin user, you can create and store your own command files in the /home/siqadmin/bin directory without interfering with the IBM StoredIQ provided command setup.