merge master ps changes from dev. fix NodePort support for the policy…

…-server service
glenn-teillet · Jan 14, 2016 · 4c50691 · 4c50691
1 parent 74a9ee1
commit 4c50691
Show file tree

Hide file tree

Showing 11 changed files with 509 additions and 269 deletions.
diff --git a/README.md b/README.md
@@ -1,2 +1,13 @@
-# vapp-config-base
-CA SSO configuration
+# Solution Configuration
+
+Configuration for the base CA SSO including configuration the Policy Server, Admin UI and Access Gateway
+
+The SSO base solution defines replication controllers, and services for the following components:  access-gateway, admin-ui, policy-server-master, policy-server (worker), and policy-store.
+Each Replication controller is responsible for one Pod, making sure the right number of replicas of that pod are running at all time. Each Pod has two containers running inside of it: Its component (as indicated by its name), as well as a configuration container called a “sidecar”.
+Every time a pod starts it starts all of its containers, in our case it means the container running the pod’s main component (policy-server, policy-store, etc.), as well as a sidecar container. The sidecar container is in-charge of downloading the solution’s configuration zip file from the url that was specified when the solution was deployed, extracting it, and making it available to the other container in its pod in the form of a shared Kubernetes Volume ( of type "emptyDir"). These operations happen every time the sidecar container starts up, thus allowing for configuration to be refreshed every time we start/restart the pod. 
+
+The solution exposes 2 administrative UIs. SSO Administrative UI (default credentials SiteMinder/CAdemo123), and the Access Gateway Admin (default credentials Administrator/CAdemo123). Note that in order to authenticate to the Access Gateway Admin (SPS Admin UI), it is required to use a specific host name as specified when the solution was deployed (by default it is “access-gateway-admin.ca.local”). Make sure to add this host name to your DNS server or your local etc/hosts file and use it when accessing the Access Gateway Admin.
+
+There are two types of replication controller for policy server, one for each policy server role (master and worker). Both servers use the same image. The difference is in their initialization scripts, The role of the master policy server is to initialize and configure the policy store, take care of the generation of agent keys (Agent Key roll-over), as well as be the server that the AdminUI and SPS Admin UI communicate with to perform administrative updates to the policy store. The policy-server-master Service will direct communication only to the master policy-server instance. There should be only one policy-server-master. The policy-server service points to all policy servers, including the master. The number of replicas of worker policy servers can be increased as needed to handle load. This is done via its replication controller (named policy-server). From a console, use the following command to change the number of running replicas of the policy server (x represents the desired number of replicas): 
+kubectl scale rc policy-server --replicas=x
+
diff --git a/base/access-gateway/data/environment.properties b/base/access-gateway/data/environment.properties
@@ -8,31 +8,26 @@ ADMIN_REG_PASSWORD=Q0FkZW1vMTIz
 
 TRUSTED_HOST_NAME=samplehost
 
-# Policy server information
-PS_HOST=policy-server
+# Policy server information. 
+# Agent registration as well as every initial (bootstrap) connection should be done against the 
+# policy-server-master service. Once connected to the PS, the access-gateway will use the policy-server service name
+# as specified in the 'hostconfig' HCO.
+PS_HOST=policy-server-master
 AGENT_NAME=agent
 AGENT_CONFIG_OBJ=agentconfig
 HOST_CONFIG_OBJ=hostconfig
 
 
 SPS_FIPS_VALUE=COMPAT
 
-SM_HOST_FILE=/opt/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf
-
 TOMCAT_USER=nobody
 
 # Apache Information
 APACHE_ADMIN_EMAIL=[email protected]
 APACHE_HTTP_PORT=80
 APACHE_SSL_PORT=443
-
-
 VIRTUAL_HOST_NAMES=access-gateway-admin.ca.local,access-gateway.ca.local
 
-#SM_WA_FILENAME=WebAgent.conf
-#SM_WA_DIR=/opt/CA/secure-proxy/proxy-engine/conf/defaultagent
-SM_WA_FILE=/opt/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf
-
 ENABLE_WEBAGENT=YES
 ENABLE_FED_GATEWAY=NO
 

diff --git a/base/access-gateway/init.d/01_init.sh b/base/access-gateway/init.d/01_init.sh
@@ -90,3 +90,7 @@ jar xvf $sps_home/Tomcat/webapps/aaloginservice.war
 cd $sps_home/Tomcat/webapps/proxyui
 jar xvf $sps_home/Tomcat/webapps/proxyui/proxyui.war
 
+
+#Temporary fix for entropy issue. Will be removed/modified once alternative approach is confirmed.
+mv /dev/random /dev/origrandom
+ln -s /dev/urandom /dev/random
diff --git a/base/access-gateway/init.d/02_config.sh b/base/access-gateway/init.d/02_config.sh
@@ -1,38 +1,70 @@
-#!/bin/sh
+#!/bin/bash
 
+# 02_config - This script registers the Admin UI against the Policy Server. 
+
+##### Constants
 ENV_PROP_FILE=/solution/$CONFIG/data/environment.properties
+POLICYSERVER_AVAILABILITY_TIME_OUT=1000
 
+#NETE_SPS_ROOT is defined at the docker image level (as /opt/CA/secure-proxy)
 sps_home=$NETE_SPS_ROOT
-tomcat_user=`/opt/util/parser.sh TOMCAT_USER $ENV_PROP_FILE`
+WAConf_file="$sps_home/proxy-engine/conf/defaultagent/WebAgent.conf"
+sm_host_file="$sps_home/proxy-engine/conf/defaultagent/SmHost.conf"    
+
+ps_host=`/opt/util/parser.sh PS_HOST $ENV_PROP_FILE`
+admin_reg_name=`/opt/util/parser.sh ADMIN_REG_NAME $ENV_PROP_FILE`
+admin_reg_pswd=`/opt/util/parser.sh ADMIN_REG_PASSWORD $ENV_PROP_FILE`
+trusted_host_name=`/opt/util/parser.sh TRUSTED_HOST_NAME $ENV_PROP_FILE`
+ps_hco_name=`/opt/util/parser.sh HOST_CONFIG_OBJ $ENV_PROP_FILE`
+fips_mode=`/opt/util/parser.sh SPS_FIPS_VALUE $ENV_PROP_FILE`
+
 hostname=`/opt/util/parser.sh VIRTUAL_HOST_NAMES $ENV_PROP_FILE`
+aco=`/opt/util/parser.sh AGENT_CONFIG_OBJ $ENV_PROP_FILE`
+enable_WA=`/opt/util/parser.sh ENABLE_WEBAGENT $ENV_PROP_FILE`
+enable_fed_gateway=`/opt/util/parser.sh ENABLE_FED_GATEWAY $ENV_PROP_FILE`
+
 httpd_port=`/opt/util/parser.sh APACHE_HTTP_PORT $ENV_PROP_FILE`
 httpd_ssl_port=`/opt/util/parser.sh APACHE_SSL_PORT $ENV_PROP_FILE`
 server_admin=`/opt/util/parser.sh APACHE_ADMIN_EMAIL $ENV_PROP_FILE`
-fips_mode=`/opt/util/parser.sh SPS_FIPS_VALUE $ENV_PROP_FILE`
-sm_host_file=`/opt/util/parser.sh SM_HOST_FILE $ENV_PROP_FILE`
-aco=`/opt/util/parser.sh AGENT_CONFIG_OBJ $ENV_PROP_FILE`
-enable_WA=`/opt/util/parser.sh ENABLE_WEBAGENT $ENV_PROP_FILE`
-WAConf_file=`/opt/util/parser.sh SM_WA_FILE $ENV_PROP_FILE`
-ajp_port=`/opt/util/parser.sh AJP_PORT $ENV_PROP_FILE`
-shut_down_port=`/opt/util/parser.sh SHUT_DOWN_PORT $ENV_PROP_FILE`
+
 tomcat_http_port=`/opt/util/parser.sh TOMCAT_HTTP_PORT $ENV_PROP_FILE`
 tomcat_ssl_port=`/opt/util/parser.sh TOMCAT_SSL_PORT $ENV_PROP_FILE`
-admin_reg_pswd=`/opt/util/parser.sh ADMIN_REG_PASSWORD $ENV_PROP_FILE`
-ps_host=`/opt/util/parser.sh PS_HOST $ENV_PROP_FILE`
-admin_reg_name=`/opt/util/parser.sh ADMIN_REG_NAME $ENV_PROP_FILE`
-ps_hco_name=`/opt/util/parser.sh HOST_CONFIG_OBJ $ENV_PROP_FILE`
-trusted_host_name=`/opt/util/parser.sh TRUSTED_HOST_NAME $ENV_PROP_FILE`
-enable_fed_gateway=`/opt/util/parser.sh ENABLE_FED_GATEWAY $ENV_PROP_FILE`
-
+tomcat_user=`/opt/util/parser.sh TOMCAT_USER $ENV_PROP_FILE`
+ajp_port=`/opt/util/parser.sh AJP_PORT $ENV_PROP_FILE`
+shut_down_port=`/opt/util/parser.sh SHUT_DOWN_PORT $ENV_PROP_FILE`
 
+##### Functions
+
+# Waiting for the Policy Server service to be ready to register a new trusted host
+register_trusted_host()
+{
+    i=0
+    while true; do
+        if [ "$i" -gt "$POLICYSERVER_AVAILABILITY_TIME_OUT" ]; then
+            exit 1
+        fi
+
+        smreghost -i $ps_host -u $admin_reg_name -p $admin_reg_pswd -hn $trusted_host_name -hc $ps_hco_name -o -cf $fips_mode -f $sm_host_file
+        if [ $? -eq 0 ]; then
+            echo "[*][$(date +"%T")] - smreghost successfully completed..."
+            retval=0
+            break
+        else
+            echo "[*][$(date +"%T")] - Unable to register host against Policy Server. Will try again in 10 seconds($i).........."
+            i=`expr $i + 10`
+            sleep 10
+        fi
+    done
+}
+
+##### Main
 #decrypted using ../password-util/passwordDecode.sh
 admin_reg_pswd=`/solution/$CONFIG/../common/password-util/passwordDecode.sh $admin_reg_pswd`
-
 source $sps_home/ca_sps_env.sh
 
+echo "[*][$(date +"%T")] - Updating configuration files..."
 
 # changes related to httpd.conf file
-
 sed -i "s|#User <RUN_AS_USER>|User $tomcat_user|g" $sps_home/httpd/conf/httpd.conf
 sed -i "s|#LoadModule env_module modules/mod_env.so|LoadModule env_module modules/mod_env.so|g" $sps_home/httpd/conf/httpd.conf
 sed -i "s|#PassEnv LD_LIBRARY_PATH|PassEnv LD_LIBRARY_PATH|g" $sps_home/httpd/conf/httpd.conf
@@ -46,14 +78,10 @@ sed -i "s|<SERVERADMIN>|$server_admin|g" $sps_home/httpd/conf/httpd.conf
 sed -i "s|<SERVERNAME>|$server_name|g" $sps_home/httpd/conf/httpd.conf
 sed -i "s|TraceEnable on|TraceEnable off|g" $sps_home/httpd/conf/httpd.conf
 
-
 # changes related to sps-ctl file
-
 sed -i "s|<RUN_AS_USER>|$tomcat_user|g" $sps_home/proxy-engine/sps-ctl
 sed -i "s|<PROXY_HOME>|$sps_home|g" $sps_home/proxy-engine/sps-ctl
 
-
-
 # changes related to httpd-ssl.conf file
 sed -i "s|<SERVERHOSTNAME>:<SSLPORT>|$httpd_ssl_port|g" $sps_home/httpd/conf/extra/httpd-ssl.conf
 sed -i "s|<SSLPORT>|$httpd_ssl_port|g" $sps_home/httpd/conf/extra/httpd-ssl.conf
@@ -62,118 +90,85 @@ sed -i "s|<FIPSMODEENTRY>|SSLSpsFipsMode $fips_mode|g" $sps_home/httpd/conf/extr
 sed -i "s|<AID>|$sps_home/httpd|g" $sps_home/httpd/conf/extra/httpd-ssl.conf
 sed -i "s|<SERVERADMIN>|$server_admin|g" $sps_home/httpd/conf/extra/httpd-ssl.conf
 
-
-
-
 # To create $sps_home/arcot/odbc/odbc.ini
-
 touch $sps_home/arcot/odbc/odbc.ini
 chmod 775 $sps_home/arcot/odbc/odbc.ini
-echo "[ODBC Data Sources]" > $sps_home/arcot/odbc/odbc.ini
-echo "CAAdvancedAuthDSN=SiteMinder Policy Server Wire Protocol" >> $sps_home/arcot/odbc/odbc.ini
-echo "" >> $sps_home/arcot/odbc/odbc.ini
-echo "[CAAdvancedAuthDSN]" >> $sps_home/arcot/odbc/odbc.ini
-echo "Driver=$sps_home/arcot/lib/libdaproxy.so" >> $sps_home/arcot/odbc/odbc.ini
-echo "HostConfigFile=$sps_home/arcot/conf/SmHostFlow.conf" >> $sps_home/arcot/odbc/odbc.ini
-echo "" >> $sps_home/arcot/odbc/odbc.ini
-echo "[ODBC]" >> $sps_home/arcot/odbc/odbc.ini
-echo "Trace=0" >> $sps_home/arcot/odbc/odbc.ini
-echo "DATrace=0" >> $sps_home/arcot/odbc/odbc.ini
-echo "DATraceSettingsFile=$sps_home/arcot/conf/datracesettings.ini" >> $sps_home/arcot/odbc/odbc.ini
-echo "TraceFile=$sps_home/arcot/logs/odbctrace.out" >> $sps_home/arcot/odbc/odbc.ini
-echo "TraceDll=$sps_home/arcot/odbc/lib/NStrc27.so" >> $sps_home/arcot/odbc/odbc.ini
-echo "InstallDir=$sps_home/arcot/odbc/" >> $sps_home/arcot/odbc/odbc.ini
 
+cat << _EOF_ > $sps_home/arcot/odbc/odbc.ini
+[ODBC Data Sources] 
+CAAdvancedAuthDSN=SiteMinder Policy Server Wire Protocol
 
+[CAAdvancedAuthDSN]
+Driver=$sps_home/arcot/lib/libdaproxy.so
+HostConfigFile=$sps_home/arcot/conf/SmHostFlow.conf
 
-# To create $sps_home/proxy-engine/conf/defaultagent/WebAgent.conf
+[ODBC]
+Trace=0
+DATrace=0
+DATraceSettingsFile=$sps_home/arcot/conf/datracesettings.ini
+TraceFile=$sps_home/arcot/logs/odbctrace.out
+TraceDll=$sps_home/arcot/odbc/lib/NStrc27.so
+
+InstallDir=$sps_home/arcot/odbc/
+_EOF_
 
-touch $sps_home/proxy-engine/conf/defaultagent/WebAgent.conf
+# To create $sps_home/proxy-engine/conf/defaultagent/WebAgent.conf
+touch $WAConf_file
 chmod 777 $WAConf_file
-echo "# WebAgent.conf - configuration file for SiteMinder Secure Proxy" > $WAConf_file
-echo "" >> $WAConf_file
-echo "LOCALE=en-US" >> $WAConf_file
-echo "HostConfigFile=\"$sm_host_file\"" >> $WAConf_file
-
-echo "AgentConfigObject=\"$aco\"" >> $WAConf_file
-echo "ServerPath=\"ServerPath_default\"" >> $WAConf_file
-echo "EnableWebAgent=\"$enable_WA\"" >> $WAConf_file
-echo "#localconfigfile=\"$sps_home/proxy-engine/conf/defaultagent/LocalConfig.conf\"" >> $WAConf_file
-echo "LoadPlugin=\"$sps_home/agentframework/bin/libHttpPlugin.so\"" >> $WAConf_file
-echo "LoadPlugin=\"$sps_home/agentframework/bin/libSPSPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libSPPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libDisambiguatePlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libOpenIDPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libSessionLinkerPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libOAuthPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libSAMLDataPlugin.so\"" >> $WAConf_file
-echo "#LoadPlugin=\"$sps_home/agentframework/bin/libCertSessionLinkerPlugin.so\"" >> $WAConf_file
-echo "AgentIdFile=\"$sps_home/proxy-engine/conf/defaultagent/AgentId.dat\"" >> $WAConf_file
 
+cat << _EOF_ >  $WAConf_file
+# WebAgent.conf - configuration file for SiteMinder Secure Proxy
+
+LOCALE=en-US
+HostConfigFile="$sm_host_file"
+AgentConfigObject="$aco"
+
+ServerPath="ServerPath_default"
+EnableWebAgent="$enable_WA"
+#localconfigfile="$sps_home/proxy-engine/conf/defaultagent/LocalConfig.conf"
+LoadPlugin="$sps_home/agentframework/bin/libHttpPlugin.so"
+LoadPlugin="$sps_home/agentframework/bin/libSPSPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libSPPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libDisambiguatePlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libOpenIDPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libSessionLinkerPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libOAuthPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libSAMLDataPlugin.so"
+#LoadPlugin="$sps_home/agentframework/bin/libCertSessionLinkerPlugin.so"
+
+AgentIdFile="$sps_home/proxy-engine/conf/defaultagent/AgentId.dat"
+_EOF_
 
 #changes to server.conf
 sed -i 's|$$AJP_PORT|'"$ajp_port"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$SHUT_DOWN_PORT|'"$shut_down_port"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$LOCALHTTPPORT|'"$tomcat_http_port"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$LOCALHTTPSPORT|'"$tomcat_ssl_port"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$CACERTPATH|'"$sps_home/SSL/certs"'|g' $sps_home/proxy-engine/conf/server.conf
+
 sed -i 's|$$CACERTFILENAME|'"$sps_home/SSL/certs/ca-bundle.cert"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$RULESFILE|'"$sps_home/proxy-engine/conf/proxyrules.xml"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$POLICY_SERVER_VERSION|12.5|g' $sps_home/proxy-engine/conf/server.conf
-sed -i 's|$$SMINITFILE|'"$sps_home/proxy-engine/conf/defaultagent/WebAgent.conf"'|g' $sps_home/proxy-engine/conf/server.conf
+sed -i 's|$$SMINITFILE|'"$WAConf_file"'|g' $sps_home/proxy-engine/conf/server.conf
 sed -i 's|$$HOSTNAME|'"$hostname"'|g' $sps_home/proxy-engine/conf/server.conf
 
 if [[ "$enable_fed_gateway" = "yes" || "$enable_fed_gateway" = "YES" ]] ; then
         sed -i 's|enablefederationgateway="no"|enablefederationgateway="yes"|g' $sps_home/proxy-engine/conf/server.conf
 fi
 
-
 #changes to apachectl
-sed -i 's|/vobs/3ptysrc/apache/httpd-unix/Release/Apache2|/opt/CA/secure-proxy/httpd|g' $sps_home/httpd/bin/apachectl
+sed -i 's|/vobs/3ptysrc/apache/httpd-unix/Release/Apache2|'"$sps_home/httpd"'|g' $sps_home/httpd/bin/apachectl
 
-echo "Running dbutil..."
-$ARCOT_HOME/bin/dbutil -init $admin_reg_pswd
-$ARCOT_HOME/bin/dbutil -pi CAAdvancedAuthDSN $admin_reg_pswd
-$ARCOT_HOME/bin/dbutil -pi admin $admin_reg_pswd $admnin_reg_pswd
-
-echo "Running smreghost..."
-TIME_OUT=500
-i=0
-
-while true; do
-    if [ "$i" -gt "$TIME_OUT" ]; then
-        exit 1
-    fi
-
-    smreghost -i $ps_host -u $admin_reg_name -p $admin_reg_pswd -hn $trusted_host_name -hc $ps_hco_name -cf $fips_mode -f $sm_host_file
-    if [ $? -eq 0 ]; then
-        echo "Smreg host successful..."
-        retval=0
-        break
-    else
-        echo "Unable to register host...."
-        i=`expr $i + 10`
-        echo "Sleeping for 10 secs and re trying.........."
-        sleep 10
-    fi
-done
-
-cp $sm_host_file  $ARCOT_HOME/conf/SmHostFlow.conf
-
-sed -i 's|D\:\\\\netscape\\\\server4\\\\https-webserv1\\\\config\\\\WebAgent.conf|'"$sps_home/proxy-engine/conf/defaultagent/WebAgent.conf"'|g' $sps_home/Tomcat/webapps/affwebservices/WEB-INF/classes/AffWebServices.properties
-
-sed -i 's|SmHostConfPath=|SmHostConfPath='"$sps_home/proxy-engine/conf/defaultagent/SmHost.conf"'|g' $sps_home/Tomcat/webapps/chs/WEB-INF/classes/config/chsConfig.properties
+#changes to tomcat configuration files
+sed -i 's|D\:\\\\netscape\\\\server4\\\\https-webserv1\\\\config\\\\WebAgent.conf|'"$WAConf_file"'|g' $sps_home/Tomcat/webapps/affwebservices/WEB-INF/classes/AffWebServices.properties
 
+sed -i 's|SmHostConfPath=|SmHostConfPath='"$sm_host_file"'|g' $sps_home/Tomcat/webapps/chs/WEB-INF/classes/config/chsConfig.properties
 sed -i 's|AgentConfigObject=|AgentConfigObject='"$aco"'|g' $sps_home/Tomcat/webapps/chs/WEB-INF/classes/config/chsConfig.properties
 
 sed -i 's|c\:\\\\FWS.log|'"$sps_home/proxy-engine/logs/affwebserv.log"'|g' $sps_home/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties
-
 sed -i 's|c\:\\\\FWSTrace.log|'"$sps_home/proxy-engine/logs/FWSTrace.log"'|g' $sps_home/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties
-
 sed -i 's|D\:\\\\program\ files\\\\netegrity\\\\webagent\\\\config\\\\FWSTrace.conf|'"$sps_home/proxy-engine/conf/defaultagent/FederationTrace.conf"'|g' $sps_home/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties
 
-cp $sps_home/proxy-engine/conf/defaultagent/WebAgent.conf $sps_home/proxy-engine/conf/webservicesagent/WebAgent.conf
-
 #modifying server.conf
 sed -n '/<Context*/,/<\/Context>/p' $sps_home/proxy-engine/conf/server.conf > /tmp/output.txt
 sed -i '1d' /tmp/output.txt
@@ -182,5 +177,17 @@ sed -i '/<Context name*/,/<\/Context>/d' $sps_home/proxy-engine/conf/server.conf
 sed -i -e '/<Contexts>/ r /tmp/output.txt' $sps_home/proxy-engine/conf/server.conf
 rm -rf /tmp/output.txt
 
-echo "Starting sps service ..."
+cp $WAConf_file $sps_home/proxy-engine/conf/webservicesagent/WebAgent.conf
+
+echo "[*][$(date +"%T")] - Running dbutil..."
+$ARCOT_HOME/bin/dbutil -init $admin_reg_pswd
+$ARCOT_HOME/bin/dbutil -pi CAAdvancedAuthDSN $admin_reg_pswd
+$ARCOT_HOME/bin/dbutil -pi admin $admin_reg_pswd $admnin_reg_pswd
+
+echo "[*][$(date +"%T")] - Running smreghost..."
+# Waiting for the Policy Server service to be ready to register a new trusted host
+register_trusted_host
+cp $sm_host_file  $ARCOT_HOME/conf/SmHostFlow.conf
+
+echo "[*][$(date +"%T")] - Starting Secure Proxy Server service ..."
 $sps_home/proxy-engine/sps-ctl start
diff --git a/base/admin-ui/data/configuration.properties b/base/admin-ui/data/configuration.properties
@@ -1,6 +1,5 @@
-PS_HOST=policy-server
+PS_HOST=policy-server-master
 
 PS_USERNAME=siteminder
 
-
 PS_PASSWORD=Q0FkZW1vMTIz