dce_config(8dce) — Maintenance
NAME
dce_config — Installs, configures, and starts up DCE
SYNOPSIS
dce_config [i ] [e environment_file] [c command_file]
Options
iThe i option tells dce_config to look in the /etc directory of the install area (which is generally /opt/dce1.0/etc) for the component scripts it needs to run. After you have invoked dce_config once with the i option, you do not need to use the option again.
e environment_file
The e option causes dce_config to source environment_file at startup. The environment_file variable represents a user-created file that sets the DCE and Distributed File Service (DFS) variables that specfy responses to the dce_config user prompts. Note that if you do not specify the e option, dce_config looks for the /etc/dce_config.conf file and sources it if it exists. If the file does not exist, it uses shell variable settings if they are set.
c command_file
The c option causes dce_config to source command_file at startup. The command_file variable represents a user-created shell script that initiates installation and configuration processing.
Description
The dce_config shell command invokes a menu-driven interface that installs, configures, and starts up DCE. The dce_config command displays a hierarchy of menus and invokes individual installation and configuration routines, according to users’ menu selections.
Installation routines store the binaries required for the server installation that is selected into $DCELOCAL. Binaries required for a client installation are stored on every machine. The configuration menu consists of initial cell configuration, additional server configuration, and DCE client configuration. The security server and the first Cell Directory Service (CDS) server constitute initial cell configuration.
If you specify an environment file with the e option and a command file with the c option, you can completely automate dce_config processing.
The Command File
The command file consists of install and config command lines that specify the component to install and, for DFS, the type of server.
A sample command file, config.cmd, is provided by OSF with the DCE source. You can copy the file and use it as supplied or you can use it as guide to creating your own environment file. The sample file is not copied to the install tree during DCE installation.
The install lines are in the following form:
install component [dfs_server]
where:
componentCan be one of the following values:
secMaster security server binaries
cdsInitial CDS server binaries
gdsGDS server binaries
dtsDistributed Time Service (DTS) server binaries
clientDCE client binaries
sec-replica
Security replica binaries
appdevInterface Definition Language (IDL) compiler and header files for use in DCE application development
cdsbrowser
CDS browser utility
nidl_to_idl
A utility to convert files written in NIDL to files written in IDL
dfs_serverSpecifies the type of DFS server to install; can be one of the following values:
clientDFS client
scmSystem control machine
privatefsPrivate file server
fsFile server
fldbFile location database server
The config lines are in the following form:
config component
{
client |
gda |
sec {client | server | replica} |
cds {client | server | replica} |
dts {clerk | local | global | ntp-provider | null-provider}
dfs {client | scm | privatefs | fs | fldb}
}
where:
componentCan be one of the following values:
clientDCE client configuration
gdaGDA configuration
secSecurity configuration of any one of the following:
clientSecurity client machine
serverSecurity master server machine
replicaSecurity replica machine
cdsCDS configuration of any one of the following:
clientCDS client machine
serverCDS initial server machine
replicaAdditional CDS server machines
dtsDTS configuration of any one of the following:
clerkDTS clerk machine
localDTS local server machine
globalDTS global server machine
ntp-provider
DTS NTP time-provider machine
null-provider
DTS null time-provider
dfsDFS configuration of any one of the following:
clientDFS client specify
scmSystem control machine
privatefsPrivate file server machine
fsFile server machine
fldbFile location database server machine
The Environment File
The environment file sets the DCE and DFS variables. The file entries are in the following form:
variable=value
To change a value, simply replace it with the new value.
A sample environment file, config.env, is provided by OSF with the DCE source. You can copy the file and use it as supplied or you can use it as guide to creating your own environment file. The sample file is not copied to the install tree during DCE installation.
The DCE and DFS Variables
The first of the tables that follows lists the DCE variables you can set for dce_config processing. The second of the tables lists the DFS variables you can set. In the tables, the term default refers to the setting assigned to the variable by OSF.
| _ | _ | ||
| Variable | Value | ||
| _ | _ | ||
| CACHE_CDS_SERVER | The name of the CDS server to cache. It is not required that the cached server be the initial CDS server. Used during CDS client configuration. | ||
| _ | _ | _ | |
| CACHE_CDS_SERVER_IP | The IP address of the CDS server to cache. | ||
| _ | _ | ||
| CELL_ADMIN | The principal name of the initial privileged user of the registry database (known as the registry creator). Used during security server configuration. | ||
| _ | _ | ||
| CELL_ADMIN_PW | The default password assigned to the accounts created when the registry database is created, including the account for the registry creator. The default is dce- . |
||
| _ | _ | ||
| CELL_NAME | The name of the cell (without the .../) on which the configuration is being performed. Used during security server configuration. | ||
| _ | _ | ||
| CHANGE_PW | Indicates whether or not dce_config displays the message Password must be changed on exiting when the cell administrator password (CELL_ADMIN_PW) is the same as the default password. The default is n. It is recommended that you do not change this value in order to help ensure that the cell administrator is not assigned a commonly known password. This variable is used in conjunction with the DEFAULT_PW variable. | ||
| _ | _ | ||
| CHECK_TIME | Specifies whether or not to check client and server clock synchronization; y indicates the time will be checked while n indicates it will not. The default is y. | ||
| _ | _ | ||
| DC_DISPLAY_THRESHOLD | Specifies the messages to write to stdout. Possible values are ERROR, WARNING, SUMMARY, DETAIL, VERBOSE, and DEBUG. The default is SUMMARY. | ||
| _ | _ | ||
| DC_LOG_THRESHOLD | Specifies the minimum priority log messages to write to the log file, /tmp/dce_config.log. Possible values are ERROR, WARNING, SUMMARY, DETAIL, VERBOSE, and DEBUG. The default is DEBUG. | ||
| _ | _ | ||
| DEFAULT_MAX_ID | The highest value UNIX ID for principals. The default value is 32767, which means that only principals with UNIX IDs lower than 32767 can access the cell. It is recommended that you accept the default. Used during security server configuration. | ||
| _ | _ | ||
| DEFAULT_PW | Contains the default password used when the registry is created. This variable is used to determine if the cell administrator’s password (CELL_ADMIN_PW) is the same as the default password. When the user exits dce_config , the value of DEFAULT_PW and CELL_ADMIN_PW are checked. If they are the same and if the CHANGE_PW variable is set Y, dce_config issues the warning message Password must be changed. The default for this variable is dce- . If your site has a commonly used and known password, change the DEFAULT_PW variable to that password to help ensure that the cell administrator account is not assigned a commonly known password. | ||
| _ | _ | ||
| DIR_REPLICATE | Controls the replication of CDS directories when an additional CDS server is being created at DCE configuration time. The value y will cause dce_config to prompt for more directories to replicate; n will not. The default is n. | ||
| _ | _ | ||
| DOMAIN_NAME | The name of the host domain. Used as a default in the Security client configuration for Kerberos5 compatibility if /etc/resolv.conf does not contain a domain name. This variable is appended to the hostname to get the fully qualified name in the format: hostname.domain_name. For example, if DOMAIN_NAME is set to company.com and the host name is abc, the fully qualified hostname will be abc.company.com. | ||
| _ | _ | ||
| _ | _ | ||
| Variable | Value | ||
| _ | _ | _ | _ |
| DO_CHECKS | Controls the display of three prompts. The first is whether or not the prompt Press <Return> to continue, <Ctrl-C> to exit: is returned when dce_config encounters a nonfatal error. This prompt forces the user to acknowledge the error and offers a way to exit dce_config . The second and third prompt occur during master security server configuration. They prompt for a UNIX ID number at which the security server will start assigning automatically generated group UNIX IDs and principal UNIX IDs. If this prompt is turned off, the default is the default described in the DEFAULT_MAX_ID and GID_GAP variables. For the DO_CHECKS variable, y displays the prompt; n does not. The default is y. | ||
| _ | _ | _ | _ |
| EXIT_ON_ERROR | An indication of whether or not dce_config will exit in the event of a fatal error: y indicates that dce_config exits when it encounters a fatal error; n indicates it will not. The default is n. Setting this variable to y or n can help prevent a “here” file from getting out of sync with dce_config . | ||
| _ | _ | _ | _ |
| GID_GAP | The increment above highest currently used GID at which the security service will start assigning automatically generated GIDs. The value of this variable is used with the LOW_GID variable to set the starting point for unique identifiers (UIDs) automatically assigned by the security server. Default is 100. Used in security server configuration. | ||
| _ | _ | _ | _ |
| HOST_NAME_IP | The IP address of node on which dce_config is running. | ||
| _ | _ | ||
| KEYSEED | A character string used to seed the random key generator in order to create the master key for the master and each slave database. Each database has its own master key and thus keyseed. Used in security server configuration. | ||
| _ | _ | _ | _ |
| LAN_NAME | For multiple local area network (LAN) configurations, the internal name of the LAN (in the LAN profile). Used in CDS server configuration. | ||
| _ | _ | _ | _ |
| LOGFILE | The full pathname of the log file produced by dce_config . The default is /tmp/dce_config.log | ||
| _ | _ | _ | _ |
| LOW_GID | The value at which the security server will start assigning automatically generated group IDs. The default is the value of the highest group ID currently used on the machine being configured, incremented by the value of GID_GAP. Although there is no restriction that the value of LOW_GID must be higher than the machine’s highest group ID, if you supply a LOW_GID that is less than or equal to the highest currently used group ID, dce_config issues a warning message and prompts the user to reenter LOW_GID. Used in master security server configuration. | ||
| _ | _ | _ | _ |
| LOW_UID | The value at which the security server starts assigning automatically generated UNIX IDs. Default is value of highest UNIX ID currently used on machine being configured, incremented by value of UID_GAP. There is no requirement that the value of LOW_UID be higher than the machine’s highest UNIX ID, but if you supply a LOW_UID less than or equal to the highest currently used UNIX ID, dce_config issues a warning message and prompts you to reenter LOW_UID. Used in master security server configuration. | ||
| _ | _ | _ | _ |
| MULTIPLE_LAN | An indication of whether or not to configure the node with multiple LAN capabilities: y indicates configure with multiple LAN capabilities, n indicates do not. Used in CDS configuration. | ||
| _ | _ | _ | _ |
| NTP_HOST | The name of the host on which the NTP time-provider server is running. Used in DTS time provider configuration. | ||
| _ | _ | _ | _ |
| PWD_MGMT_SVR | The default pathname to the password management server, which is $DCELOCAL/bin/pwd_strength. Used in password management server configuration. | ||
| _ | _ | _ | _ |
| PWD_MGMT_SVR_OPTIONS | The default option or options for the password management server (pwd_strength ). The value of the variable is set to v (verbose) at server configuration. | ||
| _ | _ | _ | _ |
| REMOVE_PREV_INSTALL | An indication of whether or not to remove all remnants of previous DCE installations before performing the new install; y indicates remove all remnants while n indicates do not. Be aware that if you set this variable to O, dce_config will automatically remove all installed components each time you install any component, and you must reinstall them all. Used in all component installations. | ||
| _ | _ | _ | _ |
| REMOVE_PREV_CONFIG | An indication of whether or not to remove all remnants of previous configurations before performing the new configuration: y indicates remove all remnants; n indicates do not. Be aware that if you set this variable to y, dce_config will stop and remove all configured components each time you configure any component, and you must reconfigure them all. Used in all component configurations. | ||
| _ | _ | _ | _ |
| REP_CLEARINGHOUSE | The name for new clearinghouse. Used in additional CDS server configuration. | ||
| _ | _ | _ | _ |
| SEC_SERVER | Name of the machine on which cell’s master security server runs. Used in security client configuration. | ||
| _ | _ | _ | _ |
| SEC_SERVER_IP | IP address for server named in SEC_SERVER. | ||
| _ | _ | _ | _ |
| SYNC_CLOCKS | Indication of whether or not to synchronize all client clocks with the security server clock; y indicates that client and server clocks will be synchronized while n indicates they will not. If set to n, and clocks are out of sync by more than value specified in the TOLERANCE_SEC variable, user is prompted whether or not to synchronize them. Valid only if CHECK_TIME variable is set to y. For DFS machine configurations, should be set to y. | ||
| _ | _ | _ | _ |
| TIME_SERVER | Specifies the host that security client will try to synchronize its clock against. Host must have a DTS server (dtsd ) running. Recommended choice for host is the one running the master security server (name specified in the SEC_SERVER variable). | ||
| _ | _ | _ | _ |
| TOLERANCE_SEC | Number of seconds a client system clock can differ from the security server system clock before either the user prompted to synchronize clocks or clocks are synchronized automatically. Default is 120 seconds. Both security service and CDS require there be no more than 5-minute difference between clocks on any two nodes in a cell. For a DFS file location database server, should not be set to less than 90 seconds. | ||
| _ | _ | _ | _ |
| UID_GAP | The increment above highest currently used UID at which security service starts assigning automatically generated UIDs. The value of this variable is used with the LOW_UID variable to set the starting point for UIDs automatically assigned by the security server. Default is 100. Used in security server configuration. | ||
| _ | _ | _ | _ |
| UNCONFIG_HOST_PRESET | Name of node to be unconfigured. Used with unconfigure option. | ||
| _ | _ | _ | _ |
| AGG_FS_TYPE | The type of file system for the aggregate to be exported. Possible values are native meaning the native file system (such as UFS, JFS) or episode meaning the episode (LFS) file system. | ||
| _ | _ | _ | _ |
| AGG_DEV_NAME | The device name of the aggregate to be exported, | ||
| _ | _ | _ | _ |
| AGG_MOUNT_PATH | The mount path for the aggregate (such as /usr/users). | ||
| _ | _ | _ | _ |
| AGG_NAME | The name to be used for the aggregate to be exported (such as user.jlw). | ||
| _ | _ | _ | _ |
| AGG_ID | The unique numerical aggregate ID for the exported aggregate. | ||
| _ | _ | _ | _ |
| CACHE_SIZE_RAM | The number of bytes to use for an in-memory cache. | ||
| _ | _ | _ | _ |
| CACHE_SIZE_DISK | The number of bytes to use for a local disk cache. | ||
| _ | _ | _ | _ |
| CACHE_DIR_DISK | The pathname of the directory to use for a local disk cache. | ||
| _ | _ | _ | _ |
| CLIENT_CACHE_LOC | An indication of whether the cache is stored in memory or on disk. machine values are mem meaning the cache is stored in memory or disk meaning the cache is stored on the local disk. | ||
| _ | _ | _ | _ |
| CONFIG_NFS_GATEWAY | An indication of whether or not to configure the DFS client as an NFS gateway. Possible values are y and n; n is the default. | ||
| _ | _ | _ | _ |
| DFS_SERVER_INSTALL | An indication of which type of DFS server to install: SCM for system control machine; FS for file server; PRIVATEFS for private file server; FLDB for file location database server. | ||
| _ | _ | _ | _ |
| EPI_FORMAT_PART | An indication of whether or not to format a disk partition as an episode aggregate. Possible values are y to format the partition or n to not. | ||
| _ | _ | _ | _ |
| EPI_FORCE_INIT | An indication of whether or not to force the initialization of a partition as an Episode aggregate, possibly losing data. Possible values are y or the initialization or n to not. | ||
| _ | _ | _ | _ |
| INIT_LFS | An indication of whether or not to initialize the LFS (using epiinit). Possible values are y to initialize or n to not. | ||
| _ | _ | _ | _ |
| INSTALL_OPT_SERS | An indication of whether or not to install the optional DFS servers (bak, butc, upclient ). Possible values are y to install or n to not. | ||
| _ | _ | _ | _ |
| INSTALL_OPT_CLIENT | An indication of whether or not to install the optional DFS client (cm, bos , and fts) binaries. Possible values are y to install or n to not. | ||
| _ | _ | _ | _ |
| LOAD_LFS_KEXT | An indication of whether or not to load the LFS kernel extensions. Possible values are y to load or n to not. | ||
| _ | _ | _ | _ |
| ROOT_FILESET_NM | The name of the DFS root fileset. | ||
| _ | _ | _ | _ |
| SCM_NAME | The name of the system control machine to be used during configuration. | ||
| _ | _ | _ | _ |
Component Scripts
The dce_config script calls component scripts that reside in the /opt/dcelocal/etc directory (or in the etc directory of the install area) with symbolic links to /etc. In a custom configuration script, you can call the component scripts directly and supply the required input via the environment variables. The names and functions of the component scripts follows:
dce_shutdown
Shuts down all DCE server processes (auditd , dtsd , cdsadv , cdsd , secd , gdsd , gdad ), except for DFS server processes (dfsd ). The script is executed via dcecp or another control program. It must be run on the machine running the daemon processes to be shut down. You must be root or another priviledged user to run the script. You should always run the script before reconfiguring DCE.
The dce_shutdown script attempts to shut down a daemon gently. If it fails to do so, it will send a kill signal to all the DCE daemons.
The dce_shutdown script can also be run directly if for any reason you do not want to use a control program. When the script is run with the f option, it will find and kill the DCE daemons. This behavior is the same as that of the dce.clean script, which was included in DCE R1.0.3 and previous releases. DCE R1.1 does not include the dce.clean script, but provides the name as a symbolic link to the dce_shutdown script for the user’s convenience.
dfs.cleanKills DFS server processes. This script must be run on the machine running the processes. It should be run before reconfiguring DCE. (Note that some DFS daemon processes cannot be killed by dfs.clean.)
dce.rm [install]
Removes all data and configuration files created by DCE servers after initial configuration except for data and files created by DFS servers. This script must be run on the machine running the processes. It should be run before reconfiguring DCE. If you invoke the script with the install parameter, the script removes the binary files added during installation.
dfs.rm [install]
Removes data and configuration files created by DFS servers after initial configuration. This script must be run on the machine running the processes, and dced must be running on that machine. The dfs.rm script should be run before reconfiguring DCE. If you invoke the script with the install parameter, the script removes the binary files added during installation. Note that this script invokes the dce.clean script.
dce.unconfig hostname
Removes all DCE clients on hostname from the security and directory service databases. It should be run before reconfiguring a client machine.
dfs.unconfig hostname
Removes the DFS client on hostname from the security and directory service databases. It should be run before reconfiguring a client machine.
dce_com_env
Sets environment variables.
dce_config_env
Calls the dce_com_env script that sets the environment variables.
dce_com_utils
Contains common functions used by dce_config and dfs_config .
dce_config_utils
Contains internal routines used by dce_config scripts.
dfs_config
Configures a machine as a DFS server or client.
rc.dceStarts DCE daemons. This script cannot be run remotely; it must be run on the machine on which the daemons are being started.
rc.dfsStarts DCE daemons. This script cannot be run remotely; it must be run on the machine on which the daemons are being started.
Privileges Required
You must have root authority to run the dce_config command.
Exit Values
In case of an error, this command repeats requests for correct input. The user can exit the program from any menu.
Errors
A representative list of errors that might be returned is not shown here. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
Related Information
Books: OSF DCE Administration Guide