After PCE Installation

This section describes some of the basic things you can see immediately after installing the PCE.

Warning

Any adverse effects of using security scanners or other mechanisms intended to probe or exercise various parts of the PCE or its environment cannot be anticipated by Illumio and are therefore unsupported. Doing so may interfere with or even prevent the PCE from operating properly.

RPM Installation Directories

The PCE software RPM installs to the following directories:

Location	Contents at Installation	Permissions / Ownership
`/opt/illumio-pce/`	PCE software	`dr-xr-x---. root ilo-pce`
`/etc/illumio-pce`	Empty	`drwxr-x---. root ilo-pce`
`/etc/init.d/illumio-pce`	Service script	`-rwxr-xr-x. root root`
`/var/lib/illumio-pce/` `tmp/` `runtime/` `data/` `keys/` `cert/`	Empty	`drwxr-x---. root ilo-pce` `drwx------. ilo-pce ilo-pce` `drwx------. ilo-pce ilo-pce` `drwx------. ilo-pce ilo-pce` `drwx------. ilo-pce ilo-pce` `drwxr-x---. root ilo-pce`
`/var/log/illumio-pce`	Log files	`drwx------. ilo-pce ilo-pce`

RPM Runtime User and Group

The PCE installation creates a runtime user and group named ilo-pce to run the PCE software. For security, the ilo-pce user is configured without a login shell or home directory.

Caution

For better security, do not give the ilo-pce user a login shell or home directory.

You should run PCE commands as root or as a user belonging to the ilo-pce group. You run the PCE software with sudo, as shown throughout this guide:

sudo -u ilo-pce somePCEcommand

You might put several users into the ilo-pce group for shared maintenance or other needs. However, only the ilo-pce user is actually used to run the software.

PCE Control Interface and Other Commands

The Illumio PCE control interface illumio-pce-ctl is a command-line tool for performing key tasks for operating your PCE cluster, such as starting and stopping nodes, setting cluster runlevels, and checking the cluster status.

Important

In this guide, all command-line examples based on an RPM installation. When you install the PCE using the tarball, you must modify the commands based on your PCE user account and the directory where you installed the software.

The PCE includes other command-line utilities used to set up and operate your PCE:

illumio-pce-env: Verify and collect information about the PCE runtime environment.
illumio-pce-db-management: Manage the PCE database.

The PCE control interface can only be executed by the PCE runtime user (ilo-pce), which is created during the PCE RPM installation.

Control Command Access with `usr/bin`

For easier command execution, PCE installation creates softlinks in /usr/bin by default for the Illumio PCE control commands. The /usr/bin directory is usually included by default in the PATH environment variable in most Linux systems. When your PATH does not include /usr/bin, add it to your PATH with the following command. You might want to add this command to your login files ($HOME/.bashrc or $HOME/.cshrc).

export PATH=$PATH:/usr/bin

Syntax of `illumio-pce-ctl`

To make it simpler to run the PCE command-line tools, you can run the following Linux softlink commands or add them to your PATH environment variable.

$ cd /usr/bin
sudo ln -s /opt/illumio-pce/illumio-pce-ctl ./illumio-pce-ctl
sudo ln -s /opt/illumio-pce/illumio-pce-db-management ./illumio-pce-db-management 
sudo ln -s /opt/illumio-pce/illumio-pce-env ./illumio-pce-env

After these commands are executed, you can run the PCE command-line tools using the following syntax:

sudo -u ilo-pce illumio-pce-ctl sub-command --option

Where:

sub-command is an argument displayed by illumio-pce-ctl --help.

PCE Service Script `illumio-pce` for Boot

The illumio-pce service script in /etc/init.d/illumio-pce switches to the runtime user (ilo-pce) prior to running other PCE programs. The primary purpose of the init.d service script is to start the product on boot. The service script can also be run with the /sbin/service command:

$ service illumio-pce
Usage: illumio-pce {start|stop|restart|[cluster-]status|{set|get}-runlevel|control|database|environment|setup}

PCE Runlevels

PCE runlevels define the system services started for common operations, such as upgrade, downgrade, and restore.

The runlevel is set with the following command:

illumio-pce-ctl set-runlevel numeric_runlevel

The numeric_runlevel varies by type of operation.

Setting the runlevel might take some time to complete, depending on the cluster configuration. Check the progress with the following command:

illumio-pce-ctl cluster-status -w

Illumio Core 23.2 Install, Configure, Upgrade