ctcasd.cfg File

Purpose

Provides operational parameters to the cluster security services daemon ctcasd.

Description

The ctcasd.cfg configuration file defines the operational parameters to the cluster security services daemon ctcasd. The ctcasd daemon reads this file when it (the daemon) initializes. The ctcasd daemon expects to find this configuration file in either the /var/ct/cfg directory (preferred) or in the /opt/rsct/cfg directory (default). System administrators can modify the contents of the file stored in the /var/ct/cfg directory, but should not modify the default version of the file in /opt/rsct/cfg unless instructed to do so by the cluster software service provider.

This file is ASCII-formatted, and can be modified using any available text editor. One attribute can be defined per line within this file. Attributes are specified as follows:

attribute=value

The following attributes are defined:

Attribute

Definition

TRACE

Indicates whether daemon tracing is activated. Acceptable values are ON and OFF. If the TRACE attribute is not listed in the ctcasd.cfg file, tracing is not activated. For coexistence with earlier versions of RSCT, TRACE= false is interpreted as TRACE= OFF.

TRACEFILE

Specifies the fully-qualified path name where daemon tracing information is to be recorded.

TRACELEVELS

Indicates the tracing granularity employed by the daemon when tracing is activated. The possible trace categories are:

_SEC:Errors: Captures error information in the trace log. Possible values are: 1, 2, 4, and 8.
_SEC:API: Tracks the entry and exit of subroutines within the daemon. Possible values are: 1 and 8.
_SEC:Perf: Captures performance-related information. Possible values are: 1, 4, and 8.
_SEC:Info: Traces the general execution progress of the daemon. Possible values are: 1, 2, 3, 4, and 7.

When setting the values of these trace categories, keep in mind that the lower the number is, the less intrusive (and less detailed) the trace will be. Multiple traces can be enabled at once. For example, if an administrator wants to enable a trace that captures basic performance data and highly-detailed error data, the specification for TRACELEVELS would be:

TRACELEVELS=_SEC:Perf=1,_SEC:Errors=8

TRACESIZE

Specifies the size of the trace file in bytes. The default value is 1 megabyte.

RQUEUESIZE

Indicates the maximum length permitted for the daemon's internal run queue. If this value is not set, a default value of 64 is used.

MAXTHREADS

The limit to the number of working threads that the daemon may create and use at any given time (the "high water mark"). If this value is not set, a default value of 10 is used.

MINTHREADS

The number of idle threads that the daemon will retain if the daemon is awaiting further work (the "low water mark"). If this value is not, set, a default value of 4 is used.

THREADSTACK

Sets the internal memory used by the daemon for thread stack space. The value is expressed in bytes. If no value is specified, the default system thread stack size is used. This value should not be modified by the administrator unless instructed to do so by IBM® Service.

HBA_USING_SSH_KEYS

Indicates whether the daemon is making use of Secured Remote Shell keys. Acceptable values are true and false. If this value is not defined, a default value of false is used. See Restrictions.

HBA_PRVKEYFILE

Provides the full path name of the file that contains the local node's private key. If this value is not set, the default location of /var/ct/cfg/ct_has.qkf is used.

HBA_PUBKEYFILE

Provides the full path name of the file that contains the local node's public key. If this value is not set, the default location of /var/ct/cfg/ct_has.pkf is used.

HBA_THLFILE

Provides the full path name of the file that contains the local node's trusted host list. If this value is not set, the default location of /var/ct/cfg/ct_has.thl is used.

HBA_KEYGEN_METHOD

Indicates the method to be used by ctcasd to generate the private and public keys of the local node if the files containing these keys do not exist. Acceptable values are those that can be provided as arguments to the ctskeygen -m command. If no value is provided for this attribute, the default value of rsa1024 is used.

SERVICES

Lists the internal cluster security services library services that the daemon supports. This entry should not be modified by system administrators unless they are explicitly instructed to do so by the cluster security software service provider.

Restrictions

Cluster security services supports only its own private and public key formats and file formats. Secured Remote Shell formats are currently unsupported. Settings for the HBA_USING_SSH_KEYS attribute are ignored.

Examples

This example shows the default contents of the configuration file:

TRACE= ON
	TRACEFILE= /var/ct/IW/log/ctsec/ctcasd/trace
	TRACELEVELS= _SEC:Info=1,_SEC:Errors=1
	TRACESIZE= 1003520
	RQUEUESIZE=
	MAXTHREADS=
	MINTHREADS=
	THREADSTACK= 131072
	HBA_USING_SSH_KEYS= false
	HBA_PRVKEYFILE=
	HBA_PUBKEYFILE=
	HBA_THLFILE=
	HBA_KEYGEN_METHOD= rsa512
	SERVICES=hba CAS

After modification, the contents of the configuration file might look like this:

TRACE= ON
	TRACEFILE= /var/ct/IW/log/ctsec/ctcasd/trace
	TRACELEVELS= _SEC:Perf=1,_SEC:Errors=8
	TRACESIZE= 1003520
        RQUEUESIZE= 64
        MAXTHREADS= 10
        MINTHREADS= 4
        THREADSTACK= 131072
	HBA_USING_SSH_KEYS= false
        HBA_PVTKEYFILE= /var/ct/cfg/qkey
        HBA_PUBKEYFILE= /var/ct/cfg/pkey
        HBA_THLFILE= /var/ct/cfg/thl
        HBA_KEYGEN_METHOD= rsa512
	SERVICES= hba CAS

Location

/var/ct/cfg/ctcasd.cfg: Contains the ctcasd.cfg file

Files

/opt/rsct/cfg/ctcasd.cfg: Default location of the ctcasd.cfg file