Query: dce_config
OS: hpux
Section: 1m
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
dce_config(1m) dce_config(1m)NAMEdce_config - Configures and starts up DCESYNOPSISdce_config [-i] [-e environment_file] [-c command_file]OPTIONSThe -i option tells dce_config to look in the /etc directory of the install area (which is generally /opt/dce1.0/etc) for the component scripts it needs to run. After you have invoked dce_config once with the -i option, you do not need to use the option again. The -e option causes dce_config to source environment_file at startup. environment_file is a user-created file that sets the DCE and DFS variables that specify responses to the dce_config user prompts. Note that if you do not specify the -e option, dce_config looks for the /etc/opt/dce/dce_config.conf file and sources it if it exists. If the file does not exist, it uses shell variable settings if they are set. The -c option causes dce_config to source command_file at startup. command_file is a user-created shell script that initiates configuration processing.DESCRIPTIONThe dce_config shell command invokes a menu-driven interface that configures and starts up DCE. The dce_config command displays a hierar- chy of menus and invokes individual configuration routines according to users' menu selections. The configuration menu consists of initial cell configuration, additional server configuration, and DCE client configuration. The security server and the first CDS server constitute initial cell configuration. If you use specify an environment file with the -e option and a command file with the -c option, you can completely automate dce_config processing. The Command File The command file consists of config command lines that specify the component to configure and, for DFS, the type of server. A sample command file, config.cmd, is provided by with the DCE source. You can copy the file and use it as supplied or you can use it as guide to creating your own environment file. The sample file is not copied to the install tree during DCE installation. The config lines are in the form: config component { client | gda | sec {client | server | replica} | cds {client | server | replica} | dts {clerk | local | global | ntp-provider | null-provider} dfs {client | scm | privatefs | fs | fldb} } Where Is one of the following values: client--DCE client configuration gda--GDA configuration sec--Security configuration of any one of the following: client--Security client machine server--Security master server machine replica--Security replica machine cds--CDS configuration of any one of the following: client--CDS client machine server--CDS initial server machine replica--Additional CDS server machines dts--DTS configuration of any one of the following: clerk-- DTS clerk machine local--DTS local server machine global--DTS global server machine ntp-provider--DTS NTP time provider machine null-provider--DTS null time provider dfs--DFS configuration of any one of the following: client--DFS client specify scm--System Control machine privatefs--Private File Server machine fs--File Server machine fldb--File Location Database Server machine The Environment File The Environment file sets the DCE and DFS variables. The file entries are in the form: variable=value To change a value, simply replace it with the new value. A sample environment file, config.env, is provided with the DCE source. You can copy the file and use it as supplied or you can use it as guide to creating your own environment file. The sample file is not copied to the install tree during DCE installation. The DCE and DFS Variables The table titled "dce_config Environment Variables" lists the DCE variables you can set for dce_config processing. The table titled "dfs_config Environment Variables" lists the DFS variables you can set. In the tables, the term default refers to the original setting assigned to the variable. +---------------------+---------------------------------------------------+ |Variable | Value | +---------------------+---------------------------------------------------+ |CACHE_CDS_SERVER | The name of the CDS server to cache. It is not | | | required that the cached server be the initial | | | CDS Server. Used during CDS client configura- | | | tion. | +---------------------+---------------------------------------------------+ |CACHE_CDS_SERVER_IP | The IP address of the CDS server to cache. | +---------------------+---------------------------------------------------+ |CELL_ADMIN | The principal name of the initial privileged user | | | of the registry database (known as the "registry | | | creator"). Used during Security server configu- | | | ration. | +---------------------+---------------------------------------------------+ |CELL_ADMIN_PW | The default password assigned to the accounts | | | created when the registry database is created, | | | including the account for the registry creator. | | | The default is | | | -dce-. | +---------------------+---------------------------------------------------+ |CELL_NAME | The name of the cell (without the .../) on which | | | the configuration is being performed. Used dur- | | | ing Security server configuration. | +---------------------+---------------------------------------------------+ |CHANGE_PW | Indicates whether or not dce_config displays | | | 'Password must be changed' on exiting when the | | | cell administrator password (CELL_ADMIN_PW) is | | | the same as the default password. The default is | | | n. It is recommended that you do not change this | | | value in order to help ensure that the cell | | | administrator is not assigned a commonly known | | | password. This variable is used in conjunction | | | with the DEFAULT_PW variable. | +---------------------+---------------------------------------------------+ |CHECK_TIME | Specifies whether or not to check client and | | | server clock synchronization: y indicates the | | | time will be checked; n indicates it will not. | | | The default is y. | +---------------------+---------------------------------------------------+ |DC_DISPLAY_THRESHOLD | Specifies the messages to write to stdout. Pos- | | | sible values are ERROR, WARNING, SUMMARY, DETAIL, | | | VERBOSE, and DEBUG. The default is SUMMARY. | +---------------------+---------------------------------------------------+ |DC_LOG_THRESHOLD | Specifies the Minimum priority log messages to | | | write to the log file, $DCELOCAL/var/con- | | | fig/dce_config.log. Possible values are ERROR, | | | WARNING, SUMMARY, DETAIL, VERBOSE, and DEBUG. | | | The default is DEBUG. | +---------------------+---------------------------------------------------+ |DEFAULT_MAX_ID | The highest value UNIIX ID for principals. The | | | default value is 2147483646, which means that | | | only principals with UNIX IDs lower than | | | 2147483646 can access the cell. It is recom- | | | mended that you accept the default. Used during | | | Security Server configuration. | +---------------------+---------------------------------------------------+ |DEFAULT_PW | Contains the default password used when the reg- | | | istry is created. This variable is used to | | | determine if the cell administrator's password | | | (CELL_ADMIN_PW) is the same as the default pass- | | | word. When the user exits dce_config, the value | | | of DEFAULT_PW and CELL_ADMIN_PW are checked. If | | | they are the same and if the CHANGE_PW variable | | | is set Y, dce_config issues the warning message | | | Password must be changed. The default for this | | | variable is -dce-. If your site has a commonly | | | used and known password, change the DEFAULT_PW | | | variable to that password to help ensure that the | | | cell administrator account is not assigned a com- | | | monly known password. | +---------------------+---------------------------------------------------+ |DIR_REPLICATE | Controls the replication of CDS directories when | | | an additional CDS server is being created at DCE | | | configuration time. The value y will cause | | | dce_config to prompt for more directories to | | | replicate; n will not. The default is n. | +---------------------+---------------------------------------------------+ |DO_CHECKS | Controls the display of three prompts. The first | | | is whether or not the | | | Press <RETURN> to continue, CTRL-C to exit: | | | prompt is returned when dce_config encounters a | | | non-fatal error. This prompt forces the user to | | | acknowledge the error and offers a way to exit | | | dce_config. The second and third prompt occur | | | during master Security server configuration. | | | They prompt for a UNIX ID number at which the | | | Security server will start assigning automati- | | | cally generated group UNIX IDs and principal UNIX | | | IDs. If this prompt is turned off, the default | | | is the default described in the DEFAULT_MAX_ID | | | and GID_GAP variables. For the DO_CHECKS vari- | | | able, y displays the prompt; n does not. The | | | default is y. | +---------------------+---------------------------------------------------+ |EXIT_ON_ERROR | An indication of whether or not dce_config will | | | exit in the event of a fatal error: y indicates | | | that dce_config exits when it encounters a fatal | | | error; n indicates it will not. The default is | | | n. Setting this variable to y or n can help pre- | | | vent a "here" file from getting out of sync with | | | dce_config. | +---------------------+---------------------------------------------------+ |GID_GAP | The increment above highest currently used GID at | | | which the Security service will start assigning | | | automatically generated GIDs. The value of this | | | variable is used with the LOW_GID variable to set | | | the starting point for UIDs automatically | | | assigned by the Security server. Default is 100. | | | Used in Security server configuration. | +---------------------+---------------------------------------------------+ |HOST_NAME_IP | The IP address of node on which dce_config is | | | running. | +---------------------+---------------------------------------------------+ |KEYSEED | A character string used to seed the random key | | | generator in order to create the master key for | | | the master and each slave database. Each data- | | | base has its own master key and thus keyseed. | | | Used in Security server configuration. | +---------------------+---------------------------------------------------+ |LAN_NAME | For multiple LAN configurations, the internal | | | name of the LAN (in the LAN profile). Used in | | | CDS server configuration. | +---------------------+---------------------------------------------------+ |LOW_GID | The value at which the Security server will start | | | assigning automatically generated group IDs. The | | | default is the value of the highest group ID cur- | | | rently used on the machine being configured, | | | incremented by the value of GID_GAP. Although | | | there is no restriction that the value of LOW_GID | | | must be higher than the machine's highest group | | | ID, if you supply a LOW_GID that is less than or | | | equal to the highest currently used group ID, | | | dce_config issues a warning message and prompts | | | the user to reenter LOW_GID. Used in master | | | Security server configuration. | +---------------------+---------------------------------------------------+ |LOW_UID | The value at which the Security Server will start | | | assigning automatically generated UNIX IDs. The | | | default is the value of the highest UNIX ID cur- | | | rently used on the machine being configured, | | | incremented by the value of UID_GAP. Although | | | there is no restriction that the value of LOW_UID | | | must be higher than the machine's highest UNIX | | | ID, if you supply a LOW_UID that is less than or | | | equal to the highest currently used UNIX ID, | | | dce_config issues a warning message and prompts | | | the user to reenter LOW_UID. Used in master | | | Security server configuration. | +---------------------+---------------------------------------------------+ |MULTIPLE_LAN | An indication of whether or not to configure the | | | node with multiple LAN capabilities: y indicates | | | configure with multiple LAN capabilities, n indi- | | | cates do not. Used in CDS configuration | +---------------------+---------------------------------------------------+ |NTP_HOST | The name of the host on which the NTP time | | | provider server is running. Used in DTS Time | | | Provider configuration. | +---------------------+---------------------------------------------------+ |PWD_MGMT_SVR | The default pathname to the Password Management | | | server, which is $DCELOCAL/bin/pwd_strength. | | | Used in Password Management server configuration. | +---------------------+---------------------------------------------------+ |PWD_MGMT_SVR_OPTIONS | The default option or options for the Password | | | Management server (pwd_strength). The value of | | | the variable is set to -v (verbose) at server | | | configuration. | +---------------------+---------------------------------------------------+ |REMOVE_PREV_CONFIG | An indication of whether or not to remove all | | | remnants of previous configurations before per- | | | forming the new configuration: y indicates remove | | | all remnants; n indicates do not. Be aware that | | | if you set this variable to y, dce_config will | | | stop and remove all configured components each | | | time you configure any component, and you must | | | reconfigure them all. Used in all component con- | | | figurations. | +---------------------+---------------------------------------------------+ |REP_CLEARINGHOUSE | The name for new clearinghouse. Used in addi- | | | tional CDS server configuration. | +---------------------+---------------------------------------------------+ |SEC_SERVER | The name of the machine on the the cell's master | | | Security server runs. Used in security client | | | configuration. | +---------------------+---------------------------------------------------+ |SEC_SERVER_IP | The IP address for server named in SEC_SERVER. | +---------------------+---------------------------------------------------+ |SYNC_CLOCKS | An indication of whether or not to synchronize | | | all client clocks with the Security server clock: | | | y indicates that client and server clocks will be | | | synchronized; n indicates they will not. If this | | | variable is set to n, and clocks are out of sync | | | by more than the value specified in the TOLER- | | | ANCE_SEC variable, the user is prompted for | | | whether or not to synchronize them. This variable | | | is valid only if the CHECK_TIME variable is set | | | to y. For DFS machine configurations, this vari- | | | able should be set to y. | +---------------------+---------------------------------------------------+ |TIME_SERVER | Specifies the host that the Security client will | | | try to synchronize its clock against. This host | | | must have a DTS server (dtsd) running on it. The | | | recommended choice for the host is the one run- | | | ning the master Security server (the name speci- | | | fied in the SEC_SERVER variable). | +---------------------+---------------------------------------------------+ |TOLERANCE_SEC | The number of seconds a client system clock can | | | differ from the Security server system clock | | | before either the user prompted to synchronize | | | clocks or clocks are synchronized automatically. | | | The default is 120 seconds. Both the Security | | | service and the CDS service require that be no | | | more than a 5-minute difference between the | | | clocks on any two nodes in a cell. For a DFS | | | File Location Database Server, the variable | | | should not be set to less than 90 seconds. | +---------------------+---------------------------------------------------+ |UID_GAP | The increment above highest currently used UID at | | | which the Security service will start assigning | | | automatically generated UIDs. The value of this | | | variable is used with the LOW_UID variable to set | | | the starting point for UIDs automatically | | | assigned by the Security server. Default is 100. | | | Used in Security server configuration. | +---------------------+---------------------------------------------------+ |UNCONFIG_HOST_PRESET | The name of the node to be unconfigured. Used | | | with the unconfigure option. | +---------------------+---------------------------------------------------+ +-------------------+---------------------------------------------------+ |Variable | Value | +-------------------+---------------------------------------------------+ |AGG_FS_TYPE | The type of filesystem for the aggregate to be | | | exported. Possible values are native meaning the | | | native file system (e.g. UFS, JFS) or episode | | | meaning the Episode (LFS) file system. | +-------------------+---------------------------------------------------+ |AGG_DEV_NAME | The device name of the aggregate to be exported, | +-------------------+---------------------------------------------------+ |AGG_MOUNT_PATH | The mount path for the aggregate (e.g. | | | /usr/users). | +-------------------+---------------------------------------------------+ |AGG_NAME | The name to be used for the aggregate to be | | | exported (e.g. user.jlw). | +-------------------+---------------------------------------------------+ |AGG_ID | The unique numerical aggregate ID for the | | | exported aggregate. | +-------------------+---------------------------------------------------+ |CACHE_SIZE_RAM | The number of bytes to use for an in-memory | | | cache. | +-------------------+---------------------------------------------------+ |CACHE_SIZE_DISK | The number of bytes to use for a local disk | | | cache. | +-------------------+---------------------------------------------------+ |CACHE_DIR_DISK | The pathname of the directory to use for a local | | | disk cache. | +-------------------+---------------------------------------------------+ |CLIENT_CACHE_LOC | An indication of whether the cache is stored in | | | memory or on disk. machine values are mem mean- | | | ing the cache is stored in memory or disk meaning | | | the cache is stored on the local disk. | +-------------------+---------------------------------------------------+ |CONFIG_NFS_GATEWAY | An indication of whether or not to configure the | | | DFS client as an NFS gateway. Possible values | | | are y and n; n is the default. | +-------------------+---------------------------------------------------+ |EPI_FORMAT_PART | An indication of whether or not to format a disk | | | partition as an Episode aggregate. Possible val- | | | ues are y to format the partition or n to not. | +-------------------+---------------------------------------------------+ |EPI_FORCE_INIT | An indication of whether or not to force the ini- | | | tialization of a partition as an Episode aggre- | | | gate, possibly losing data. Possible values are | | | y or the initialization or n to not. | +-------------------+---------------------------------------------------+ |INIT_LFS | An indication of whether or not to initialize the | | | LFS (using epiinit). Possible values are y to | | | initialize or n to not. | +-------------------+---------------------------------------------------+ |LOAD_LFS_KEXT | An indication of whether or not to load the LFS | | | kernel extensions. Possible values are y to load | | | or n to not. | +-------------------+---------------------------------------------------+ |ROOT_FILESET_NM | The name of the DFS root fileset. | +-------------------+---------------------------------------------------+ |SCM_NAME | The name of the system control machine to be used | | | during configuration. | +-------------------+---------------------------------------------------+ +-------------------+---------------------------------------------------+ Component Scripts The dce_config script calls component scripts that reside in the /opt/dcelocal/etc directory (or in the etc directory of the install area) with symbolic links to /etc. In a custom configuration script, you can call the component scripts directly and supply the required input via the environment variables. The names and functions of the component scripts follows: dce_shutdown--Shuts down all DCE server processes (auditd, dtsd, cdsadv, cdsd, and secd), except for DFS processes (dfsd) via the dcecp or other control programs. This script must be run on the machine running the daemon processes. You must be root or another privileged user to run the script. You should always run the script before reconfiguring DCE. If the dce_shutdown script cannot shut down a daemon gently, it sends a kill signal to all the DCE daemons. If for any reason you do not want to use a control program, you can execute the script manually. The dce_shutdown script run with its -f option will find and kill the DCE daemons. This behavior is the same as that of the dce.clean script, which was included in DCE R1.0.3 and previous releases. DCE R1.1 does not include the dce.clean script, but provides the name as a symbolic link to the dce_shutdown script for the user's convenience. dfs.clean--Kills DFS server processes. This script must be run on the machine running the processes. It should be run before reconfigur- ing DCE. (Note that some DFS daemon processes cannot be killed by dfs.clean.) dce.rm [install]--Removes all data and configuration files created by DCE servers after initial configuration except for data and files created by DFS servers. This script must be run on the machine running the processes. It should be run before reconfiguring DCE. If you invoke the script with the install parameter, the script removes the binary files added during installation. dfs.rm [install]--Removes data and configuration files created by DFS servers after initial configuration. This script must be run on the machine running the processes, and dced must be running on that machine. The dfs.rm script should be run before reconfiguring DCE. If you invoke the script with the install parameter, the script removes the binary files added during installation. Note that this script invokes the dce.clean script. dce.unconfig hostname--Removes all DCE clients on hostname from the Security and Directory service databases. It should be run before reconfiguring a client machine. dfs.unconfig hostname--Removes the DFS client on hostname from the Security and Directory service databases. It should be run before reconfiguring a client machine. dce_com_env--Sets environment variables. dce_config_env--Calls the dce_com_env script that sets the environment variables. dce_com_utils--Contains common functions used by dce_config and dfs_config. dce_config_utils--Contains internal routines used by dce_con- fig scripts. dfs_config--Configures a machine as a DFS server or client. rc.dce--Starts DCE daemons. This script cannot be run remotely; it must be run on the machine on which the daemons are being started. rc.dfs--Starts DCE daemons. This script cannot be run remotely; it must be run on the machine on which the daemons are being started. Privilege Required You must have root authority to run the dce_config command.EXIT VALUESIn case of an error, this command repeats requests for correct input. The user can exit the program from any menu.RELATED INFORMATIONBooks: OSF DCE Administration Guide dce_config(1m)