HP NonStop DCE Installation, Configuration, and Management Guide Abstract This guide describes how to install, configure, and manage an HP NonStop™ Distributed Computing Environment (DCE) cell on an HP NonStop S-series or HP Integrity NonStop NS-series server. Product Version NonStop DCE 1.1 Supported Release Version Updates (RVUs) This publication supports all currently supported D-series, G-series, and H-series RVUs until otherwise indicated by its replacement publication.
Document History Part Number Product Version Published 429552-001 NonStop DCE 1.1 November 2001 429552-002 NonStop DCE 1.1 June 2002 429552-003 NonStop DCE 1.1 August 2002 429552-004 NonStop DCE 1.1 December 2003 429552-005 NonStop DCE 1.
HP NonStop DCE Installation, Configuration, and Management Guide Glossary Index Examples What’s New in This Guide v Guide Information v New and Changed Information About This Guide vii Audience vii Organization vii Further Reading viii Notation Conventions Tables v viii 1. Introduction to NonStop DCE Content 1-1 Core and Optional Services 1-1 NonStop DCE Extensions to OSF DCE Unsupported Features 1-3 1-2 2.
3. Installing NonStop DCE (continued) Contents 3. Installing NonStop DCE (continued) Uninstalling DCE 3-16 Monitoring the dce_config Script 3-17 4.
7. Managing a DCE Cell (continued) Contents 7. Managing a DCE Cell (continued) Troubleshooting the Security Server 7-5 Troubleshooting the Cell Directory Service (CDS) Server 7-6 Verifying Distributed Time Service (DTS) Server Operation 7-7 When All Else Fails 7-8 DCE Serviceability Messages 7-8 Event Management Service (EMS) 7-10 A. Migration Guide Migrating From DCE Version 1.0.
Tables (continued) Contents Tables (continued) Table B-1.
What’s New in This Guide Guide Information HP NonStop DCE Installation, Configuration, and Management Guide Abstract This guide describes how to install, configure, and manage an HP NonStop™ Distributed Computing Environment (DCE) cell on an HP NonStop S-series or HP Integrity NonStop NS-series server. Product Version NonStop DCE 1.
What’s New in This Guide New and Changed Information HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 vi
About This Guide This guide is an introduction to the HP NonStop Distributed Computing Environment (DCE). This guide provides information necessary to install, configure, and administer a DCE cell. It highlights the differences between NonStop DCE and Open Software Foundation (OSF) DCE configuration and administration. Audience This guide is intended for the system administrator whose task is to install and configure NonStop DCE.
About This Guide Further Reading Further Reading For additional information about DCE, see: • NonStop DCE publications: DCE Application Programming Guide NonStop DCE customized reference pages • OSF DCE publications provided by HP; these books are also published by Prentice Hall: OSF DCE Administration Guide Introduction OSF DCE Administration Guide Core Components OSF DCE Application Development Guide Core Components OSF DCE Application Development Guide Introduction and Style Guide OSF DCE Problem D
About This Guide Notation Conventions Notation Conventions The subsections that follow describe the conventions used for: • • • • Hypertext Links General Syntax Notation Notation for Messages Change Bar Notation Hypertext Links Blue underline is used to indicate a hypertext link within text. By clicking a passage of text with a blue underline, you are taken to the location described. For example: This requirement is described under Backup DAM Volumes and Physical Disk Drives on page 3-2.
About This Guide General Syntax Notation each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces. A group of items enclosed in braces is a list from which you are required to choose one item. The items in the list may be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
Notation for Messages About This Guide Line Spacing. If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]...
About This Guide Change Bar Notation either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines. For example: obj-type obj-name state changed to state, caused by { Object | Operator | Service } process-name State changed from old-objstate to objstate { Operator Request. } { Unknown. } | Vertical Line. A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces.
1 Introduction to NonStop DCE This section introduces the NonStop DCE components, extensions, and limitations. NonStop DCE Components NonStop DCE provides a fully compliant, interoperable DCE product for an HP NonStop K-series, S-series, or NS-series system. Table 1-1 indicates which of the standard components are included in NonStop DCE. Table 1-1.
NonStop DCE Extensions to OSF DCE Introduction to NonStop DCE library (UL) for the TNS/R and TNS/E versions of DCE. Both libraries interoperate at all levels except for remote procedure call data-protection-level “packet privacy.” Note. For TNS/R programs consisting of position-independent code (PIC), if the application is using the DCE library along with another user library, the DCE library must be relinkable.
Introduction to NonStop DCE Unsupported Features NonStop systems can be configured with any of the following: ° ° ° One or more virtual hosts in the same DCE cell Multiple virtual hosts on multiple cells A single virtual host in each of multiple cells HP recommends that at least two virtual hosts run in each cell to provide continuous access to DCE services.
Introduction to NonStop DCE • • • ° If any value other than SCHED_FIFO is supplied in the scheduler parameter of pthread_setscheduler() or pthread_attr_setsched(), the procedures fail. If the threads exception-returning interface is used, the pthread_unimp_e exception is raised; otherwise, -1 is returned and errno is set to ENOTSUP. The default thread-scheduling policy is SCHED_FIFO (rather than SCHED_OTHER or SCHED_FG_NP).
Introduction to NonStop DCE • Unsupported Features UID (referred to as UNIX ID in DCE documentation and sometimes as user ID in OSS documentation) Instead, the dce_login utility uses the OSS HOME and SHELL environment variables. NonStop operating system user IDs are used in place of UIDs. No mechanism exists to change the operating system user ID within the dce_login utility.
Introduction to NonStop DCE Unsupported Features HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 1 -6
2 Preparing to Install NonStop DCE This section describes the HP NonStop DCE hardware and software requirements and the steps you must take before installing NonStop DCE. Hardware and Software Requirements NonStop DCE has the minimum hardware and software requirements listed in Table 2-1. For optimum recommendations, see Section 6, Recommended Usage. Table 2-1.
Preparing to Install NonStop DCE Preparing the Client Machine Virtual host cloning during installation is a process that creates links between virtual host files in the OSS file system instead of duplicating the files for each virtual host. The links allow one copy of a file to be used by more than one virtual host, which saves disk space. Cloning creates hard links to all read-only and executable files of the master host except the cdsd and convert_cds_db files.
Preparing to Install NonStop DCE Preparing the Server Machine 5. For each virtual host, enter this command at a TACL prompt: SCF INFO SUBNET $ZTCnn.* where nn corresponds to an appropriate entry in $SYSTEM.ZTCPIP.HOSTS. Verify that the LOOP-BACK subnet has an IP address of 127.0.0.1. 6. Decide the value for the DCE privuser, which is the NonStop operating system user ID that will be used to control NonStop DCE operation on this machine.
Preparing the Server Machine Preparing to Install NonStop DCE machine has write and read access to the system NonStop SQL/MP catalog. To find the system NonStop SQL/MP catalog, enter this command at a TACL prompt: SQLCI GET CATALOG OF SYSTEM; EXIT 6. If the server machine will run CDS, decide the location of the NonStop SQL/MP database that the CDS will use. This database must be on a TMF audited volume. 7. If the server machine includes a DCE security server, add this line to the Guardian file $SYSTEM.
3 Installing NonStop DCE This section describes how to install NonStop DCE. The instructions here are similar, but not identical, to those in the section about installing DCE in the OSF DCE Administration Guide. You should read that OSF document for additional installation guidance and use this guide for information specific to NonStop DCE.
Initial Installation or Complete Reinstallation Installing NonStop DCE In both cases, files are extracted from the pax archive and moved to their OSS filesystem locations. This operation is performed using the install option of the dce_config utility instead of the COPYOSS or PINSTALL utilities used to install Open System Services. (PINSTALL or pax can still be used to list the files in the pax archives.) The dce_config utility can be run either interactively or in batch mode.
Installing NonStop DCE Initial Installation or Complete Reinstallation 2. Verify that the archive files are in the NonStop DCE ISV or TSV: • • • The archive files for DCE Core Services (T8403) must be present. The archive files for one of DCE Security Core Services - Export (T8328) or DCE Security Core Services - USA (T8329) must be present. The DCE CDS Server (T8330) or the DCE Security Server (T8331) or both might be present. 3. Log on as the super ID (255,255). 4.
Installing NonStop DCE Initial Installation or Complete Reinstallation versions of DCE) open because an open library interferes with reinstallation of the library. • For a TNS virtual host, enter these commands at an OSS shell prompt: . /usr/lib/libdce[hostname].so gtacl -p FUP LISTOPENS $(gname -s $SRL) Specify hostname only if you are replacing an existing virtual host configuration. If no program has the SRL open, no output is returned by these commands.
Initial Installation or Complete Reinstallation Installing NonStop DCE 15. Execute dce_config by entering this command at the OSS shell prompt: /etc/dce_config -h hostname where hostname is the hostname to use for the new installation. The dce_config utility displays this menu: DCE Main Menu ( on hostname ) 1. 2. 3. 4. 5. 6. INSTALL CONFIGURE START STOP UNCONFIGURE REMOVE 7.
Installing NonStop DCE Initial Installation or Complete Reinstallation If an existing installation is being replaced and another virtual host shares binary and read-only files with the installation being replaced, a prompt similar to the following is displayed: Following are the clone(s) for hostname: hostname2 hostname3 ... Do you want to upgrade them [y/n]?(n) where the character shown in parentheses is the default response if you press Return. 20.
Installing NonStop DCE Initial Installation or Complete Reinstallation Installing any DCE server automatically installs the DCE client binary files. Therefore, select option 4 (DCE Client) when the machine will be configured as only a client machine. Option 5 (Application Development Environment) installs header files and the idl compiler. Select this option if you plan to compile DCE applications on this machine.
Installing NonStop DCE Partial Installation or Upgrade If a NonStop DCE TNS virtual host is already installed and you are installing another TNS virtual host, the following prompt appears: Do you want to update the file /usr/lib/libdce.so with the new SRL /G/vol/subvol/srlloc? (n) where the character shown in parentheses is the default response if you press Return. 24.
Partial Installation or Upgrade Installing NonStop DCE 3. Start an OSS shell by entering the following command at a TACL prompt: OSH 4. If dceconf is included in the update, execute this pax command at the OSS shell prompt, to install the new dce_config utility: pax -rv -p e -f /G/ISV-vol/zdce/dceconf where /G/ISV-vol/zdce is the ISV or TSV for DCE Core Services (T8403). 5.
Partial Installation or Upgrade Installing NonStop DCE processes have the SRL open and stop them. One check you can perform uses the following OSS shell command: ps -e | grep cp The output of this command reports control programs such as dcecp. • For a TNS/R virtual host, enter the following command at an OSS shell prompt to locate the user library: noft -f /opt/dcelocal.
Installing NonStop DCE Partial Installation or Upgrade The dce_config utility displays the Installation menu: DCE Installation Menu (on hostname ) 1. Security Server 2. CDS Server 3. DTS Server 4. DCE Client 5. Application Develpment Environment 6. Replica Security Server 7. Man Pages 98. Return to previous menu 99. Exit selection: The upgrade instructions indicate the options to enter.
Installing NonStop DCE Installed Files 13. Exit dce_config by selecting option 99 from the main menu. 14. Run the Pcleanup utility to remove any obsolete files (such as older reference pages) by entering these commands at an OSS shell prompt: cd /etc/install_obsolete Pcleanup -r source 15. Return to the main menu in the dce_config utility by entering this OSS shell command: dce_config -h hostname where hostname is the name of the virtual host installation being updated. 16.
Other OSS Directories Installing NonStop DCE Table 3-2. dcelocal Directories and Files Directory or File Description /opt/dcelocal.hostname/bin This directory contains DCE administration utilities and server process binary files (demons). /opt/dcelocal.hostname/etc This directory contains the dce_config script files and files used by other administrative programs. /opt/dcelocal.hostname/etc/ zoneinfo This directory contains time-zone files used by the DTS component of DCE. /opt/dcelocal.
Binary Files Installing NonStop DCE Table 3-3. OSS Directories Directory Description /etc This directory contains copies of the dce_config script files. /etc/zoneinfo This directory contains copies of some of the time-zone files from the /opt/dcelocal/etc/zoneinfo directory. /opt/dcelocal.hostname/krb5 This directory contains Kerberos configuration files and the machine keytab file v5srvtab. /usr/include/dce This directory contains DCE header files.
Installing NonStop DCE Message Catalogs Message Catalogs NonStop DCE message catalogs are placed in the directory /opt/dcelocal.hostname/nls/msg/en_US.ASCII by default. The following prompt allows another destination: Enter the directory into which message catalogs should be stored on the local machine (/usr/lib/nls/msg/en_US.ISO8859-1): Press the Return key to specify the default location (shown in parentheses) or specify an alternate location.
Installing NonStop DCE Application Development Environment (ADE) revision (SPR) identifier of the already installed library and the type (native or not native) of that library. The script then waits for you to indicate whether to overwrite that library with the new one. For example: There is a non-native library of version AAS already present. Do you want to overwrite that (n) ? If you enter y, the already installed library is overwritten.
Installing NonStop DCE Monitoring the dce_config Script If both variables are set, the hostname is taken from the value of DCEVH. If neither variable is set, the hostname is derived from the default value of TCPIP_PROCESS_NAME (that is, $ztc0). 6. Run the dce_config utility. Select option 7 (UNINSTALL) from the main menu. Note. Reference pages in /usr/share/man and some dce_config script files in /etc are not removed. 7. To exit the dce_config utility, choose option 99.
Installing NonStop DCE Monitoring the dce_config Script HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 3- 18
4 Configuring NonStop DCE This section describes how to configure a basic DCE cell using the NonStop DCE administration tool dce_config. This section is intended as a tutorial for the novice DCE cell administrator and describes both creating an initial cell and adding a machine to an existing cell. If prompts in addition to those described in this section appear while you are configuring a cell, respond with the requested information and continue with the configuration.
Configuring NonStop DCE DCE Initial Cell Configuration To interoperate within the NonStop DCE environment, a virtual host must first identify itself to the security server and cell directory service (CDS) server. This action allows a machine access to an existing cell. A machine that meets these minimum requirements is referred to as a DCE “client machine.” However, if no cell has been established, dce_config is used to set up an initial cell.
Before Configuring a DCE Cell Configuring NonStop DCE 6. Configuring DCED as Endpoint Mapper on page 4-10 7. Configuring Additional Servers on page 4-11 Before Configuring a DCE Cell 1. Verify that NonStop TCP/IP is prepared: a. Verify that conventional TCP/IP, Parallel Library TCP/IP, or NonStopTCP/IPv6 (configured in DUAL or INET mode) is configured. b. Verify that the default hostfile location, $SYSTEM.ZTCPIP.HOSTS, is used. c. Verify that separate process names are used for each virtual host.
Configuring NonStop DCE Setting Up an Initial DCE Cell h. For each virtual host, enter this command at a TACL prompt: SCF INFO SUBNET $ZTCnn.* where nn corresponds to an appropriate entry in $SYSTEM.ZTCPIP.HOSTS. Verify that the LOOP-BACK subnet has an IP address of 127.0.0.1. 2. Verify that the machine’s time is synchronized to within five minutes of the times of the other machines in the cell. 3.
Setting Up an Initial DCE Cell Configuring NonStop DCE • • • • If only DCEVH is set, the hostname is taken from that variable. If only TCP/IP_PROCESS_NAME is set, the hostname is derived from the hostname attribute of the TCP/IP process. If both variables are set, the name is taken from DCEVH. If neither variable is set, the name is derived from the hostname attribute of the default TCP/IP process (that is, $ztc0). 4. Start /etc/dce_config, which displays the main menu: DCE Main Menu ( on hostname ) 1.
Configuring NonStop DCE Configuring the Initial Security Server (pwd_strengthd), auditing server (auditd), and global time servers are not replicated. If the original configuration is for a client, the replicated configuration also provides a client. If the original configuration is for a CDS server, the replicated configuration provides an additional CDS server. The DCE Configuration menu is displayed: DCE Configuration Menu ( on hostname ) 1. Initial Cell Configuration 2.
Configuring NonStop DCE Configuring the Initial Security Server where the character shown in parentheses is the default response if you press Return. 2. Enter y only if there are previous configuration files to remove. The following prompt is displayed: Enter the name of your cell (without /.../): 3. Enter the desired cell name; for example, cellname. If the cell will communicate with other cells, use a full DNS name (for example, cellname.xyz.co). Subsequently, the name /.../cellname or the shorthand /.
Configuring NonStop DCE Configuring the Initial Cell Directory Service (CDS) Server Enable dced-admin group ACLs on dced objects? (y) where the character shown in parentheses is the default response if you press Return. 6. Enter y or n as appropriate. dce_config starts the dced demon, and this prompt is displayed: Enter keyseed for initial database master key: 7. Enter any string (without embedded blanks). You will not need to use this string again.
Configuring NonStop DCE Configuring the Initial DTS Server dce_config utility creates the NonStop SQL/MP tables on this subvolume and registers cdsd with SQL/MP. After successful completion, dce_config issues this prompt regarding multipleLAN configuration: Create LAN profile so clients and servers can be divided into profile groups for higher performance in a multi-lan cell?(n) where the character shown in parentheses is the default response if you press Return. 4. Enter y or n as appropriate.
Configuring NonStop DCE Configuring DCED as Endpoint Mapper To configure a DTS server: 1. Select dce_config option 3 (Initial DTS Server) from the Initial Cell Configuration menu. This menu is displayed: DTS Configuration Menu 1. 2. 3. 4. 5. DTS Local Server DTS Global Server (needed only in multi-LAN cells) DTS Clerk DTS Time Provider UNINSTALL -uninstall self DCE host 98. Return to previous menu 99. Exit selection: 2. Select the option for the type of demon desired.
Configuring NonStop DCE Configuring Additional Servers where the characters shown in parentheses are the default response if you press Return. 4. Enter the Guardian user ID permitted to administer NonStop DCE on this system. See Being the DCE Privuser on page 6-3 for information on which user is permitted to perform specific dce_config actions. The user ID you enter must be a member of the super group.
Configuring NonStop DCE • DCE Client Configuration New or additional instances of the CDS server (cdsd), DTS server (dtsd), and security server (secd) When you configure an additional CDS server, the last step in the process requires you to indicate whether the complete CDS namespace of an existing CDS server should be duplicated in the newly created clearinghouse: Should all directories be replicated [y/n]? (n) where the character shown in parentheses is the default response if you press Return. 3.
DCE Client Configuration Configuring NonStop DCE 4. Run /etc/dce_config to display the main menu: DCE Main Menu ( on hostname ) 1. 2. 3. 4. 5. 6. INSTALL CONFIGURE START STOP UNCONFIGURE REMOVE -install dce software -configure and start DCE daemons -re-start DCE daemons -stop DCE daemons -remove a host from CDS and SEC databases -stop DCE daemons and remove data files created by DCE daemons 99. EXIT selection: 5. Select option 2 (CONFIGURE). The DCE configuration menu appears. 6.
DCE Client Configuration Configuring NonStop DCE dce_config now prompts for the master security server location by displaying this prompt: What is the name of the Security Server for this cell? 10. Enter the machine name of the system where the initial security server is configured. If you do not know the name, issue one of these commands from an OSS shell prompt on any configured machine within the cell: DCE Version Command 1.1 dcecp -c object show /.
DCE Client Configuration Configuring NonStop DCE Time on server: 1995-12-04-14:06:55.602-08:00I0.101 Do you wish to sync the clock of this machine? (y) where the value shown in parentheses is the default response if you press Return. Enter y if you want to synchronize the clocks. If you answer y, dce_config sets the time on the client machine. 13. In response to the prompt, enter the cell_admin principal name and password.
Configuring NonStop DCE DCE Client Configuration (Default is DTS Clerk) (clerk, local, global, none) 16. Enter one of the words shown within the parentheses. The machine is now a DCE client machine and can interoperate within the cell.
5 Recommended Cell Configuration This section provides recommendations for configuring a DCE cell on a NonStop node. The current maximum configuration values appear in Table 5-1 on page 5-2. Recommendations for Configuring a Cell • • • • • • • Allocate at least two processors to each virtual host. Configure each virtual host so that it uses processors not used by other virtual hosts. Run at least two virtual hosts in each cell. Duplicate all mission-critical application servers in both virtual hosts.
Maximum Configuration Values Recommended Cell Configuration Maximum Configuration Values The maximum configuration values for NonStop DCE are listed in Table 5-1. Table 5-1.
6 Recommended Usage This section describes the recommended usage of NonStop DCE. For more information see the DCE Application Programming Guide for application design recommendations. Cell Directory Service (CDS) Server The CDS server database cannot be moved between platforms, as described in the OSF DCE Administration Guide. The database can be moved between NonStop systems using the Guardian utilities BACKUP and RESTORE.
Recommended Usage Managing the cdsadv and cdsclerk Processes 8. Issue this cdscp command for each directory listed in Step 7: create replica /.:/dir_name clearinghouse /.:/sys_ch 9. Enter this cdscp command for each directory: set dir /.:/dir_name to new epoch master /.:/sys_ch readonly /.:/old_ch Note. Do not change the epochs in the order listed by the command in Step 7. Change the epochs of all subdirectories before changing the epoch of a directory itself.
Using the acl_edit_tdm Utility Recommended Usage Using the acl_edit_tdm Utility For better performance, dce_config uses the utility program acl_edit_tdm to set access control list (ACL) security permissions within a virtual host. acl_edit_tdm issues multiple acl_edit commands in a single invocation. However, acl_edit_tdm can communicate with only one ACL manager during each invocation. To initiate continuation mode, execute acl_edit_tdm without input parameters.
Recommended Usage Starting and Stopping DCE Services Starting and Stopping DCE Services After a virtual host has been configured as part of a DCE cell, DCE services on that machine can be started by either: • • Using the dce_config utility. Running dce_config scripts directly. This action is described in the section on managing DCE configurations in the OSF DCE Administration Guide Introduction. Use the DCE privuser user ID to start NonStop DCE. Therefore, if the /etc/rc.dce.
Recommended Usage Local Time Example 1 setting the TZ environment variable in the shell that starts dtscp. For example, to show U.S. Pacific standard time, enter: export TZ="PST8PDT" This assignment can be automated for the OSS shell by assigning the environment variable in the .profile file. Alternatively, copy the appropriate binary time-zone file to /etc/zoneinfo/localtime. For example: cp /opt/dcelocal.
Recommended Usage Local Time Example 3 Local Time Example 3 If you are in the United Kingdom and do not want to rely on the TZ environment variable to cause NonStop DCE to display time in, for example, British Summer Time, you can copy the binary time-zone file for Great Britain to /etc/zoneinfo/localtime. The OSS shell date command does not read the localtime file, so this action does not affect how date displays the time. /etc/zoneinfo: mv localtime localtime.save /etc/zoneinfo: cp /opt/dcelocal.
7 Managing a DCE Cell This section describes DCE cell management and provides general troubleshooting suggestions. General Maintenance Encourage users to remove their credentials by using the kdestroy utility before logging off. A user's DCE credential files are not automatically purged by exiting an OSS shell, logoff, or expiration. The use of kdestroy avoids unnecessary disk usage and decreases the opportunity for malicious users to gain access to credentials.
Troubleshooting a DCE Cell Managing a DCE Cell Troubleshooting a DCE Cell Use these procedures when troubleshooting a DCE cell. • • • • • • • Problem Prevention on page 7-2 When a Cell Component Does Not Restart on page 7-4 Verifying That dced Is Responding Properly on page 7-5 Troubleshooting the Security Server on page 7-5 Troubleshooting the CDS Server: on page 7-6 Verifying DTS Server Operation on page 7-7 When All Else Fails on page 7-8 Problem Prevention To troubleshoot a DCE cell: 1.
Managing a DCE Cell Problem Prevention 3. Verify that the DCE cell has been started by executing the commands cell ping and cell show from a dcecp prompt. For example, the se commands indicate that this cell is behaving normally: cell ping DCE services available cell show {secservers /.../dce_cell.domain.company.com/subsys/dce/sec/master} {cdsservers /.../dce_cell.domain.company.com/hosts/hostname} {dtsservers /.../dce_cell.domain.company.com/hosts/hostname} {hosts /.../dce_cell.domain.company.
Managing a DCE Cell When a Cell Component Does Not Restart location, and if some application programs using the DCE library have not been replaced by this reinstallation, link those programs to the new library location: • For a TNS virtual host, enter commands similar to the following example for the program file /bin/dce_usr_program, at an OSS shell or dcecp prompt: gtacl -p bind @select filesys oss @change library $vol.zdce.
Managing a DCE Cell Verifying That dced Is Responding Properly The solution to this problem is to stop the offending dcecp before restarting dced. If the desired serviceability routing is not in effect, modify it as described in DCE Serviceability Messages on page 7-9. 2. Check the EMS log to see whether the NonStop system has any problems that could affect NonStop DCE operations, such as TMF problems. 3.
Managing a DCE Cell Troubleshooting the CDS Server: Troubleshooting the CDS Server: 1. Issue a directory show /.:/ command to dcecp to verify that CDS is functioning correctly. For example, this output shows that CDS is functioning correctly: {RC_ClassVersion {01 00}} {CDS_CTS 1995-11-20-17:49:14.934044100/08-00-83-00-21-d7} {CDS_UTS 1995-11-20-17:50:53.
Verifying DTS Server Operation Managing a DCE Cell 4. Verify that the cached clearinghouse information is correct by entering this command from a dcecp prompt: cdscache dump 5. If the cached clearinghouse information is not correct: a. Stop the CDS components and remove the cached data with this OSS shell command: rm /opt/dcelocal.hostname/var/adm/directory/cds/cds_cache* b. If the CDS cache is removed, CDS client machines must reissue a cdscp define cached server servername command.
Managing a DCE Cell When All Else Fails 2. If dtsd is on this host, verify that DTS is functioning correctly by entering this command at a dcecp prompt: dts show This output shows that DTS is functioning correctly: {checkinterval +0-01:30:00.000I-----} {epoch 0} {tolerance +0-00:05:00.000I-----} {tdf -0-08:00:00.000I-----} {maxinaccuracy +0-00:00:00.100I-----} {minservers 3} {queryattempts 3} {localtimeout +0-00:00:05.000I-----} {globaltimeout +0-00:05:15.000I-----} {syncinterval +0-00:02:00.
Managing a DCE Cell DCE Serviceability Messages 4. In the file /opt/dcelocal./etc/security/pe_site, replace the current IP address with the new IP address. 5. Stop the DCE host. 6. Export the environment variable BIND_PE_SITE to 1. 7. Restart the DCE host. During the restart, the error rpc_ns_binding_export is reported (this error will be fixed later). 8. Attempt to login to the cell using dce_login.
DCE Serviceability Messages Managing a DCE Cell Table 7-1. Serviceability Message Severity Levels Name Meaning FATAL Fatal error exit. An unrecoverable error (such as database corruption) has occurred and will probably require manual intervention to be corrected. The program usually terminates immediately after such an error. ERROR Error detected. An unexpected event that is either not terminal (such as a timeout) or correctable by human intervention has occurred.
Managing a DCE Cell Event Management Service (EMS) In the previous output, the keyword FILE indicates that the output format of messages is human-readable text. Users can read these files with standard OSS shell utilities such as more or tail. For example: tail fatal.log 1995-10-25-09:09:40.392-07:00I----- dced FATAL dhd general main.
Managing a DCE Cell Event Management Service (EMS) EMS provides its own log configuration control. See the dce_svc_ems(5) reference page online for a more detailed explanation.
A Migration Guide This appendix describes compatibility and migration for: • • • Migrating From DCE Version 1.0.3 on page A-1 Migrating From the D31 Product Version on page A-2 Migrating From a TNS Version to a TNS/R Version on page A-3 Migrating From DCE Version 1.0.3 NonStop DCE version 1.1 is not compatible with the previously released DCE version 1.0.3-based Software Development Kit (SDK) in these areas: • CDS database format The CDS database format changed.
Migration Guide • Migrating From the D31 Product Version TCP/IP configuration Beginning with the D30.00 RVU, the standard version of NonStop TCP/IP uses the QIO subsystem. This default TCP/IP configuration supports 100 sockets. If your site needs a larger configuration, you must reconfigure NonStop TCP/IP and the QIO subsystem to provide additional memory. Refer to the QIO Configuration and Management Manual for details.
Migration Guide Migrating From a TNS Version to a TNS/R Version already exists, you are prompted to update that file with the new library. If you reply with y, the new file replaces the old one. Migrating From a TNS Version to a TNS/R Version The G06 product version of NonStop DCE 1.1 provides TNS/R native virtual hosts that can interoperate with D48 product version TNS virtual hosts. To upgrade from a D31 or earlier product version of NonStop DCE, you must first upgrade to the D48 product version.
Migration Guide Migrating From a TNS Version to a TNS/R Version HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 A- 4
B dce_config(8) Reference Page This appendix contains the dce_config(8) reference page. You can also access this reference page online using the OSS shell man command. DCE dce_config(8) NAME dce_config - Installs, configures, and starts up DCE SYNOPSIS dce_config [ -e environment_file ] [ -c command_file ] [ -h hostname ] FLAGS -e environment_file Specifies the OSS pathname of an environment file. The -e flag causes dce_config to read the specified environment file at startup.
dce_config(8) Reference Page -h hostname Specifies the name of the virtual host to be configured. The specified name must be the value of the hostname attribute for the TCP/IP stack used by the virtual host. If you omit the -h flag, dce_config uses the environment variables DCEVH or TCPIP_PROCESS_NAME, as appropriate. Refer to the table under The DCE Environment Variables in DESCRIPTION for more information on the use of these variables.
dce_config(8) Reference Page client DCE client/Endpoint Mapper binary files sec-replica Security replica server binary files appdev IDL compiler and header files for use in DCE application development man-pages DCE reference pages modified by HP The component specified is ignored if CLONING_REQUIRED is set to “y” in the environment file specified by the -e flag. If CLONING_REQUIRED is set to “y” and component is empty (null), cloning is still performed.
dce_config(8) Reference Page The Environment File The environment file assigns values to the DCE environment variables. The file entries are in the form: variable=value A sample command file, config.env, is provided by HP with the DCE distribution. You can copy the file and use it as supplied, or you can use it as a guide to create your own environment file. The sample file is copied to /opt/dcelocal.hostname/usr/examples/dce_config during DCE installation.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 2 of 9) Variable Value CELL_NAME Specifies the name of the cell (without the /../) on which the configuration is being performed. Used during security server configuration. check_time Specifies whether to check client and server clock synchronization. (All lowercase characters is correct.) The value y indicates the time will be checked; n indicates it will not. The default value is y.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 3 of 9) Variable Value DCE_PRIVUSER Specifies the NonStop OS user ID permitted to perform privileged operations such as configuring servers using dce_config. This user ID must be a member of the super group. The default value is the user ID (255,255). DCE_PROCESS_PREFIX Specifies one alphabetic character to be used as the prefix for virtual host process names. All processes started for a virtual host use this prefix.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 4 of 9) Variable Value DCED_ADMIN Specifies whether the administrative group dced-admin should have permission to access and modify the access control lists that protect dced objects. The value y allows the administrative group to access and modify local dced objects. If you use the value y, a privileged network user such as cell_admin is allowed local privileged access to the machine.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 5 of 9) Variable Value DIR_REPLICATE Controls the replication of CDS directories when an additional CDS server is being created at DCE configuration time. The value y causes dce_config to prompt for more directories to replicate; n suppresses further replication. The default value is n. DISPLAY_THRESHOLD Specifies the messages to write to the standard output file.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 6 of 9) Variable Value HOST_NAME_IP Specifies the IP address of the virtual host on which dce_config is running. KEYSEED Specifies the character string used to seed the random key generator to create the master key for the master database and each slave database. Each database has its own master key and keyseed. Used in security server configuration.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 7 of 9) Variable Value REMOVE_PREV_INSTALL Indicates whether to remove all remnants of previous DCE installations before performing the new install. The value y indicates remove all remnants; n indicates do not remove remnants. The default value is n. If you set this variable to y, dce_config automatically removes all installed components each time you install any component, and you must reinstall them all.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 8 of 9) Variable Value SYNC_CLOCKS Indicates whether to synchronize all client clocks with the security server clock. The value y indicates that client and server clocks will be synchronized; n indicates they will not be synchronized. The default value is y.
dce_config(8) Reference Page Table B-1. dce_config Environment Variables (page 9 of 9) Variable Value TOLERANCE_SEC Specifies the number of seconds a client system clock can differ from the security server system clock before either the user is prompted to synchronize clocks or the clocks are synchronized automatically. The default is 120 seconds. Both the security service and the CDS service require that there be no more than a 5-minute difference between the clocks on any two nodes in a cell.
dce_config(8) Reference Page Component Scripts The dce_config script calls component scripts that reside in the /etc directory. In a custom configuration script, you can call the component scripts directly and supply the required input through the environment variables. The names and functions of the component scripts are: dce_shutdown Shuts down all DCE server processes (auditd, cdsadv, cdsd, dced, dtsd, gdad, pwd_strengthd, and secd) by using the dcecp utility or other control programs.
dce_config(8) Reference Page EXIT VALUES In case of an error, this command repeats requests for correct input. The user can exit the program from any menu. RELATED INFORMATION Books: OSF DCE Administration Guide.
C Noninteractive Use of dce_config You can use dce_config to configure a DCE cell without having to respond to queries. To do so, specify an environment file using the -e flag and a command file using the -c flag. If NonStop DCE will be installed or configured several times, it is helpful to create both these files. The environment file sets values for NonStop DCE variables that specify responses to user prompts.
Noninteractive Use of dce_config Example C-1. Sample Environment File dce_config_all.env (page 1 of 3) # General config values # DCEVH=# The name of the VH being worked on. # NSA General note: # 1.This variable would take precedence over TCPIP_PROCESS_NAME (if supplied through this file). # 2.DCEVH mentioned through "-h" option of dce_config # would override both this variable and # TCPIP_PROCESS_NAME (if any) in this file.
Noninteractive Use of dce_config Example C-1. Sample Environment File dce_config_all.env (page 2 of 3) # # General config variables # REMOVE_PREV_CONFIG=y# y/n Remove previous config before configuring # anything CELL_NAME=""# Name of cell to configure DCE_PRIVUSER="super.super"# DCE privuser should be in SUPER group. TCPIP_PROCESS_NAME="/G/ZTC0" # tcpip process name for DCE # # # # DCE_PROCESS_PREFIX="Z"# The prefix for the DCE demon processes. This should not exceed one charecter.
Noninteractive Use of dce_config Example C-1. Sample Environment File dce_config_all.env (page 3 of 3) # Default values are provided, for PWD_MGMT_SVR and PWD_MGMT_SVR_OPTIONS.
Noninteractive Use of dce_config Example C-2. Sample Command File dce_config_all.cmd (page 1 of 2) # This file is an example of what you can pass to dce_config # via the -c switch. It it sourced in to dce_config, and # can contain shell script commands if you wish. # # install commands # #----------------------------------------------------# # install # := sec appdev sec-replica # cds dts client man-pages # NSA Note: is immaterial if CLONING_REQUIRED is set to "y" # in the file config.
Noninteractive Use of dce_config Example C-2. Sample Command File dce_config_all.cmd (page 2 of 2) #config copy_from_host# See NSA note above #config client# Same as: # config sec client # config cds client # config dts $DTS_CONFIG # #DCED as Endpoint Mapper # # If this option is selected DO NOT select other server configurations. #config dced epmapper # # Security # # Can only pick one, server implies client.
D Event Messages This appendix describes the event messages logged by the security demon (secd) through the Event Management Service (EMS). AS_REQ AS_REQ [authtime] [error-code-or-message,] host, requesting-client-and-server-information authtime specifies the authentication timestamp (optional). error-code-or-message provides the error code or error message (if any). host specifies the host address. requesting-client-and-server-information provides information about the requesting client and server.
Event Messages TGS_REQ specifies the host address. requesting-client-and-server-information provides information about the requesting client and server. Cause. This event is logged by the ticket-granting server (TGS) to indicate that one of the following errors (detailed in the log) occurred while a request was being processed: • • When TGS processes a request from a client for a ticket to a particular service, it verifies whether the server principal in the ticket belongs to the local realm.
Event Messages Effect. Security demon processing continues. Recovery. No operator action is possible.
Event Messages HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 D- 4 TGS_REQ
Glossary agent. A simplified type of DCE server that contains a single call thread and receives all incoming calls from a distributor. See also distributor. API. See application program interface (API). application program interface (API). A set of services (such as programming language functions or procedures) that are called by an application program to communicate with other software components.
Glossary dcecp dcecp. See DCE control program (dcecp). dced. See DCE demon (dced). DCE demon (dced). The process that enables complete remote administration of DCE services and other applications, as well as their configuration parameters. This administration includes startup, shutdown, and status queries, as well as secure remote management of per-host security data and cell configuration information.
HP NonStop Transaction Management Facility (TMF) subsystem Glossary HP NonStop Transaction Management Facility (TMF) subsystem. The product that protects databases in online transaction processing environments. Kerberos. The authentication protocol implemented by DCE shared-secret authentication. LAN. Local area network. namespace. A complete set of cell directory service (CDS) names (which can include directories, object entries, and soft links) that one or more CDS servers look up, manage, and share.
TCP/IP Glossary TCP/IP. See Transmission Control Protocol/Internet Protocol (TCP/IP). thread. A sequential flow of control within a process. TMF. See UTC. TNS shared run-time library (TNS SRL). A shared run-time library (SRL) available to TNS processes in the Open System Services (OSS) environment. A TNS process can have only one TNS SRL. A TNS SRL is implemented as a special user library that allows shared global data. TNS/E library. A TNS/E native-mode library.
Index Numbers 88/udp entry in services file 4-3 A acl_edit utility 6-3 acl_edit_tdm utility 6-3 Application Development Environment (ADE) option 3-7 auditd server 4-6, 4-11 Auditing server 4-6, 4-11 B BACKUP utility (Guardian) 6-1 Binary files 3-12, 3-14 C CACHE_CDS_SERVER environment variable B-4 CACHE_CDS_SERVER_IP environment variable B-4 CANCEL_OFF state parameter 1-4 Capacity limits 5-2 CDS database 6-1 desciption of 1-2 server 4-2 configuration 4-8 recommendations 5-1 troubleshooting 7-6 usage 6-1
D Index CLONING_REQUIRED environment variable B-5 Command file B-1, C-1 Configuration See also dce_config utility additional server 4-11 client 4-12/4-16 initial CDS server 4-8 cell 4-2/4-6 DTS server 4-9 security server 4-6/4-8 multiple-cell 5-1 recommendations 5-1 Configuration state file 3-12 convert_cds_db file, exception when cloning 2-2 convert_cds_db utility, migrating the database with A-1 Coordinated Universal Time (UTC) 4-9, 6-4 COPYOSS utility 3-2 COPY_CONFIG_HOST environment variable B-5 COPY_
E Index dce_login utility (continued) registry attributes not used by 1-4 using to get new ticket 7-3 DCE_PRIVUSER environment variable B-6 DCE_PROCESS_PREFIX environment variable B-6 DCE_SCP_PROCESS_NAME environment variable B-6 DCE_SOCKET_REUSE environment variable B-6 DEBUG value for LOG_THRESHOLD 3-17 Directories, OSS 3-13 DIR_REPLIC ATE environment variable B-8 DISPLAY_THRESHOLD environment variable 3-17, B-8 Distributed Computing Environment (DCE) See entries beginning with DCE Distributed time serv
F Index Environment variables (continued) TANDEM_INSTALL_DIR B-11 TCPIP_PROCESS_NAME B-11 TIME_SERVER B-11 TOLERANCE_SEC B-12 TOTAL_CLERKS 4-2, 6-2, B-12 TZ 6-4, 6-5 UNCONFIG_HOST_PRESET B-12 UPDATE_ALL_CLONES B-12 UPDATE_DEFAULT_LIBDCESO B-12 USE_DEF_MSG_PATH B-12 Epochs 6-2 Event Management Service (EMS) 3-1, 7-5, 7-11, D-1 Event messages D-1 exit command (OSS) 4-7, 4-11, 4-13 EXIT_ON_ERROR environment variable B-8 Extensions 1-2 F Features, unsupported 1-3/1-5 Files binary 3-12, 3-14 credential 7-1 DC
I Index I idl command 3-14 IDL compiler 1-3 INSTALL phase of installation 3-1 Installation files 3-2 initial 3-2 partial 3-8 preparation 2-1/2-4 reinstallation 3-8 Installation state file 3-12 Installation subvolume (ISV) 3-1, 3-2, 3-3, 3-5 Installed files 3-12 Internationalization 1-5 ISV See Installation subvolume (ISV) 3-1 J Local time, setting 6-4 Local time-zone examples 6-5/6-6 Localtime file 6-4 login shell 1-4 LOG_THRESHOLD environment variable 3-17, B-9 LOOP-BACK subnet 2-3, 4-4 M Maintenance,
R Index pax command (OSS) 3-3, 3-9 pax utility 3-2, 3-9 Pcleanup utility (OSS) 3-8, 3-12 PINSTALL utility (Guardian) 3-2 Preemptive scheduling 1-3 Privuser 2-3, 4-4, 4-7, 4-11, 4-13, 6-3, 6-4 Protocol sequences 5-1 ps command (OSS) 3-4, 3-10, 7-7 pthread_attr_setsched() function 1-4 pthread_setasynccancel() function 1-4 pthread_setscheduler() function 1-4 pthread_unimp_e exception 1-4 PWD_MGMT_SVR environment variable B-9 PWD_MGMT_SVR_OPTIONS environment variable B-9 pwd_strengthd server 4-6, 4-11 R rc.
T Index Shared run-time library (SRL, TNS DCE) (continued) installed location of 3-12 keeping in a user-specified location 3-15 linking to a new location 7-3 portion of core services 1-1 User library (TNS/R and TNS/E DCE) DCE core services 1-2 SHELL environment variable 1-5 Software requirements 2-1 SQL/MP See HP NonStop SQL/MP SRL See Shared run-time library (SRL) svcdumplog utility 7-11 SYNC_CLOCKS environment variable B-11 System generation phase of INSTALL 3-1 T TANDEM_ALT_SRL environment variable 3-
Special Characters Index Variables, environment See Environment variables VERBOSE value for LOG_THRESHOLD 3-17 Virtual host contents of 1-2 number within a cell 4-1 processor assignment for 4-1 recommendation for cell 1-3 separate TCP/IP process name for 2-2 updating shared run-time library for 3-8 Special Characters $0 7-11 $SYSTEM.sysnn.OSIMAGE 3-4, 3-9, 3-10 $SYSTEM.ZDCE.LDCE 4-4 $SYSTEM.ZTCPIP.
Content Feedback First Name: __________________ Phone: _____________________ Company: ___________________ Last Name: _________________ e-mail address: ______________ (All contact information fields are required.) If you’re reporting an error or omission, is your issue: Minor: I can continue to work, but eventual resolution is requested. Major: I can continue to work, but prompt resolution is requested. Critical: I cannot continue to work without immediate response.
What’s New in This Guide What’s New in This Guide v Guide Information v New and Changed Information v About This Guide vii Audience vii Organization vii Further Reading viii Notation Conventions ix The CRE has many new message types and some new message type codes for old message types. In the CRE, the message type SYSTEM includes all messages except LOGICAL-CLOSE and LOGICAL-OPEN. xii 1.
5. Recommended Cell Configuration Using the dce_config Utility 4-1 DCE Initial Cell Configuration 4-2 Before Configuring a DCE Cell 4-3 Setting Up an Initial DCE Cell 4-4 Configuring the Initial Security Server 4-6 Configuring the Initial Cell Directory Service (CDS) Server Configuring the Initial DTS Server 4-9 Configuring DCED as Endpoint Mapper 4-10 Configuring Additional Servers 4-11 DCE Client Configuration 4-12 4-8 5.
A. Migration Guide Event Management Service (EMS) 7-11 A. Migration Guide Migrating From DCE Version 1.0.3 A-1 Migrating From the D31 Product Version A-2 Retaining an Existing Configuration A-2 Migrating From a TNS Version to a TNS/R Version A-3 B. dce_config(8) Reference Page C. Noninteractive Use of dce_config D.
Index HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 4
Examples Examples Example C-1. Example C-2. Sample Environment File dce_config_all.env C-2 Sample Command File dce_config_all.
Examples HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 2
Figures Figures HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 1
Figures HP NonStop DCE Installation, Configuration, and Management Guide —429552-005 2
Tables Tables Table 1-1. Table 2-1. Table 3-1. Table 3-2. Table 3-3. Table 5-1. Table 6-1. Table 7-1. Table B-1.
