cell(8dce) — Maintenance
NAME
cell — A dcecp task object that operates on a DCE cell
SYNOPSIS
cell backup [cell_name]
cell catalog [cell_name]
cell help [operation | verbose ]
cell operations
cell ping [cell_name] [clients ] [replicas ]
cell show [cell_name] [simplename ]
Arguments
cell_nameThe name of a single cell to operate on. The name must be a fully qualified cell name such as either of the following:
/.../their_cell.goodco.com
/.:
operationThe name of the cell operation for which to display help information.
Description
The cell task object represents a single DCE cell as a whole, including all machines, services, resources, principals, and so on. The optional cell_name argument is a single cell name (not a list of cell names). If omitted, the local cell (/.:) is the default.
Attributes
secservers
Each value is the name of a security server in the cell.
cdsservers
Each value is the name of a machine running a Cell Directory Service (CDS) server in the cell. The name is the simple name found under /.:/hosts.
dtsservers
Each value is the name of a Distributed Time Service (DTS) server in the cell.
hostsEach value is the name of a host in the cell, including machines mentioned previously as servers; for example, hosts/machine1.
See the OSF DCE Administration Guide for more information about attributes.
Errors
A representative list of errors that might be returned is not shown here. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
Operations
cell backup
Backs up the master security database and each clearinghouse with master replicas in the cell. The syntax is as follows:
cell backup [cell_name]
The cell backup command backs up the master security database and each clearinghouse with master replicas in the cell. It requires that dced be running on each of the server hosts. It takes no arguments or options.
Prepare a cell for regular backup operations by changing the access control lists (ACLs) on two of the dced objects on the local machine and setting up an extended registry attribute (ERA) that can specify a backup destination (typically a tape archive). Then add the new attribute to the principals for the master DCE Security Service registry database and all CDS clearinghouses with master replicas that you want to back up. To do this, follow these steps:
1.Put the DCE daemon into partial service mode by sending the dced process the correct signal:
# kill -SIGUSR1 pid_of_dced
#
2.Invoke dcecp with the local option:
# dcecp -local
dcecp>
3.Modify ACLs on the local hostdata and srvrconf objects to allow the subsys/dce/dced-admin group access by using the following dcecp acl operations:
dcecp> acl modify hostdata -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -d-rwx} -io -local
dcecp>
4.Put the DCE daemon back into full service mode with the following command:
# kill -SIGUSR1 pid_of_dced
#
5.Create an ERA as a string that specifies a backup destination. Name the ERA /.:/sec/xattrschema/bckp_dest and the type printstring. Select the ACL manager named principal and set its four permission bits to r (read), m (manage), r (read), and D (Delete) as shown in the following command:
dcecp> xattrschema create /.:/sec/xattrschema/bckp_dest \
> -encoding printstring -aclmgr {principal r m r D}
dcecp>
6.Add the new ERA (bckp_dest) to the principal dce-rgy (the DCE Security Service registry database). Set the value to be the tar filename or the device that is the backup destination, as follows:
dcecp> principal modify dce-rgy -add {bckp_dest tarfilename_or_device}
dcecp>
7.Add the new ERA (bckp_dest) to the principal /.:/hosts/hostname/cds-server (the CDS server). Set the value to be the tar filename or the device that is the backup destination, as follows:
dcecp> principal modify /.:/hosts/hostname/cds-server
> -add {bckp_dest tarfilename_or_device}
dcecp>
Now, whenever you want to back up your registry database or CDS database, you can simply invoke a cell backup command.
You can back up another cell by including the cell name as an argument to the cell backup command. Note that you need the necessary permissions in the remote cell. (Refer to the registry object reference page for the required privileges.) This command returns an empty string on success.
Privileges Required
The cell backup command requires that the administrator be logged in as the local superuser (root). It also requires the user to be authenticated to the security service as the cell administrator.
Examples
dcecp> cell backup
dcecp>
cell catalog
Lists the foreign cells that are known by the specified cell. The syntax is as follows:
cell catalog [cell_name]
The catalog operation returns a list of the names of all cells currently registered in the specified cell. The list includes the name of the specified cell itself and of any registered foreign cells. If no cell_name is provided, the operation returns cells registered in the local cell.
Privileges Required
You must have r (read) permission to the /.:/sec/principal directory and r (read) permission to the specified cell principals.
Examples
dcecp> cell catalog /.:
/.../gumby_cell
/.../pokey_cell
/.../barney_cell
dcecp>
cell help
Returns help information about the cell task object and its operations. The syntax is as follows:
cell help [operation | verbose ]
Options
verboseDisplays information about the cell task object.
Used without an argument or option, the cell help command returns brief information about each cell operation. The optional operation argument is the name of an operation about which you want detailed information. Alternatively, you can use the verbose option for more detailed information about the cell task object itself.
Privileges Required
No special privileges are needed to use the cell help command.
Examples
dcecp> cell help
backup Backs up master security database and master clearinghouses.
catalog Returns the names of the cells known to a cell.
ping Shows the current server status of the cell.
show Shows attributes describing the configuration of a cell.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
cell operations
Returns a list of the operations supported by the cell task object. The syntax is as follows:
cell operations
The list of available operations is in alphabetical order except for help and operations, which are listed last.
Privileges Required
No special privileges are needed to use the cell operations command.
Examples
dcecp> cell operations
backup catalog ping show help operations
dcecp>
cell ping
Performs quick checks to test whether a cell is running. The syntax is as follows:
cell ping [cell_name] [clients ] [replicas ]
Options
clientsThis option causes the command to ping every machine in the cell. It does this by looping though /.:/hosts and doing a host ping on each host name. In case of failure, it generates an error and returns a list of hosts that could not be contacted. On success, it returns DCE clients available.
replicasThis option causes the command to ping the master security server, each security replica in the cell, all the CDS servers in the cell, and all the DTS servers in the cell. In case of failure, it generates an error and returns a list of servers that could not be contacted. On success, it returns DCE servers available .
The ping operation performs a quick check to test whether a cell is running.
If called with no option, it pings (using server ping ) the master security server, the CDS server that currently holds the write copy of the the cell root directory (/.:), and all the DTS servers in the cell. In case of failure, it generates an error and returns a list of servers that could not be contacted. On success, it returns DCE services available.
The replicas option causes the command to ping each security replica and CDS server as well as those mentioned above. In case of failure, it generates an error and returns a list of servers that could not be contacted. On success, it returns DCE servers available.
The clients option causes the command to ping every machine in the cell. It does this by looping though /.:/hosts and doing a host ping on the host name. In case of failure, it generates an error and returns a list of hosts that could not be contacted. On success, it returns DCE clients available .
Privileges Required
You must have r (read) permission to the following directories: /.:/hosts, /.:/hosts/hostname, and /.:/subsys/dce/sec.
Examples
The following command tests whether the core services master servers are available:
dcecp> cell ping /.../blue.cell.osf.org
DCE services available
dcecp>
The following command tests whether the core services and their replicas are available:
dcecp> cell ping -replicas
DCE servers available
dcecp>
The following command tests the presence of all DCE hosts in a cell:
dcecp> cell ping -clients
DCE clients available
dcecp>
cell show
Returns attributes describing the configuration of the specified cell. The syntax is as follows:
cell show [cell_name] [simplename ]
Options
simplename
Returns the cell information without prepending the cell name.
The show operation returns attributes describing the configuration of the specified cell. The returned attributes are as follows:
secservers
Each value is the name of a security server.
cdsservers
Each value is the name of a machine running a CDS server. The name is the simple name found under /.:/hosts.
dtsservers
Each value is the name of a DTS server in the cell.
hostsEach value is the name of a host in the cell, including machines mentioned previously as servers; for example, hosts/machine1.
See the OSF DCE Administration Guide for more information about attributes.
Privileges Required
You must have r (read) permission to the following directories in the CDS namespace: /.:/hosts, /.:/hosts/hostname, and /.:/susbys/dce/sec/master
Examples
dcecp> cell show /.../dcecp.cell.osf.org
{secservers
/.../dcecp.cell.osf.org/subsys/dce/sec/ice
/.../dcecp.cell.osf.org/subsys/dce/sec/fire}
{cdsservers
/.../dcecp.cell.osf.org/hosts/frick}
{dtsservers
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja}
{hosts
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja}
dcecp>
dcecp> dcecp> cell show -simplename
{secservers
subsys/dce/sec/ice}
{cdsservers
hosts/frick}
{dtsservers
hosts/frick
hosts/ice
hosts/ninja}
{hosts
hosts/frick
hosts/ice
hosts/ninja}
dcecp>
Related Information
Commands: dcecp(8dec0, directory(8dce), host(8dce), server(8dce).