IBM Books

Command and Technical Reference, Volume 2

sp_configd daemon

Purpose

sp_configd - Starts the Simple Network Management Protocol (SNMP) Proxy Agent daemon.

Syntax

sp_configd [-T] [-t secs] [-s secs] [-e secs]

Flags

-T
Specifies whether to perform internal tracing. Trace entries are placed in the /var/tmp/sp_config.log file. The default is off.

-t secs
Specifies the amount of time, data instance values that are nonconstant should be kept in cache before being considered stale. This is used to improve the performance associated with a dump of the ibmSPEMVarValuesTable (which is a series of SNMP getnext-requests). When a specific instance value from this table is requested by an SNMP get-request, the latest value is obtained from the SP Event Manager (EM) regardless of the amount of elapsed time since the last request for this data. If the -t flag is not specified, a default value of 720 seconds is used.

-s secs
Specifies the amount of elapsed time between sending requests for the SP EM to determine the set of EM variables for which a resource monitor is currently active. Current EM resource instance values can only be obtained for those EM resource which are currently being monitored. If the -s flag is not specified, a default value of 1200 seconds is used.

-e secs
Specifies the amount of elapsed time between retrying unsuccessful EM connection attempts. EM connection initialization causes requests to be sent to the System Data Repository (SDR) which may hinder performance if attempted too frequently. If the -e flag is not specified, a default value of 60 seconds is used.

Operands

None.

Description

The sp_configd daemon is an SNMP Multiplexing Protocol (SMUX) peer, or proxy agent, of the snmpd daemon on the control workstation and on each node of the SP. For more information, refer to the "Managing SP system events in a network environment" chapter in PSSP: Administration Guide.

The sp_configd daemon provides the following functions:

The snmpd daemon should be active before the sp_configd daemon is started. The following command activates the snmpd daemon:

startsrc -s snmpd

The snmpd daemon is controlled by the System Resource Controller (SRC) and activated whenever the system is initialized.

The sp_configd daemon has several sessions with the EM. These sessions are used to maintain SP EM variable instance data and information from the last trap issued associated with an SP EM event. See the haem command for information on starting the SP Event Manager.

The sp_configd daemon should be controlled using the SRC. IBM suggests that you do not enter sp_configd at the command line.

Manipulating the sp_configd Daemon with the System Resource Controller

The sp_configd daemon is a subsystem controlled by the SRC. Use the following SRC commands to manipulate the sp_configd daemon:

lssrc
Gets the status of a subsystem, group of subsystems, or a subserver. The long status form of the lssrc command is not supported.

startsrc
Starts a subsystem, group of subsystems, or a subserver. Issuing the startsrc command causes the sp_configd daemon to generate a coldStart trap. Use the -a switch to override default switch values.

stopsrc
Stops a subsystem, group of subsystems, or a subserver.

Files

/etc/services
Contains port assignments for required services. The following entry must be present in the /etc/services file if the entries are not already present:
smux 199/tcp

Notes:

  1. The SMUX port must be 199.

  2. The /etc/services file is shipped with this entry already in place.

  3. If the /etc/services file is being served from a server, this entry must be present in the server's /etc/services file.

/etc/snmpd.conf
Specifies the SMUX association configuration for the sp_configd Proxy Agent. The following entry must be present:
smux    1.3.6.1.4.1.2.6.117    sp_configd_pw    # sp_configd

These entries are created when the SP is installed.

/etc/snmpd.peers
Specifies the configuration for the sp_configd SMUX peer. The following entry must be present:
sp_configd    1.3.6.1.4.1.2.6.117    sp_configd_pw

These entries are created when the SP is installed.

Security

You must have root privilege to run this command or be a member of the AIX system group.

Location

/usr/lpp/ssp/bin/sp_configd

Examples

  1. To start the sp_configd daemon, enter a command similar to the following:
    startsrc -s sp_configd -a '-T'
    

    This command starts the sp_configd daemon and logs information to the /var/tmp/sp_configd.log file.

  2. To stop the sp_configd daemon normally, enter:
    stopsrc -s sp_configd
    

    This command stops the daemon. The -s flag specifies the subsystem that follows to be stopped.

  3. To get short status from the sp_configd daemon, enter:
    lssrc -s sp_configd
    

    This command returns the daemon name, process ID, and state (active or inactive).

sp_configdctrl

Purpose

sp_configdctrl - A control script that is used to manage the installation of the SP Simple Network Management Protocol (SNMP) Proxy Agent subsystem.

Syntax

sp_configdctrl {-a | -s | -k | -d | -c | -t | -o | -r | -h}

Flags

-a
Adds the subsystem.

-s
Starts the subsystem.

-k
Stops the subsystem.

-d
Deletes the subsystem.

-c
Cleans the subsystem, that is, deletes it.

-t
Turns tracing on for the subsystem.

-o
Turns tracing off for the subsystem.

-r
Refreshes the subsystem.

-h
Displays usage information.

Operands

None.

Description

Use this command to install or remove the SP SNMP Proxy Agent daemon. This command can be issued only by a user with root privileges or by a member of the system group.

The sp_configdctrl control script controls the operation of the SP SNMP Proxy Agent subsystem. The subsystem is under the control of the System Resource Controller (SRC). The subsystem is called sp_configd.

An instance of the SP SNMP Proxy Agent subsystem executes on the control workstation and on every node of a system partition. Because the information about SP nodes and Event Manager (EM) variables exists in system partitions, it is said to be system partition-sensitive. This control script operates in a manner similar to the control scripts of other system partition-sensitive subsystems. It can be issued from either the control workstation or any of the system partition's nodes.

From an operational point of view, the SP SNMP Proxy Agent subsystem group is organized as follows:

Subsystem
SP SNMP Proxy Agent

Subsystem Group
None

SRC Subsystem Name
sp_configd

The sp_configd subsystem is associated with the sp_configd daemon.

The subsystem name on the nodes and the control workstation is sp_configd. There is one daemon per node and control workstation.

Daemons
sp_configd

The sp_configd daemon provides the SP SNMP Proxy Agent function.

The sp_configdctrl script is not normally executed from the command line. It is normally called by the syspar_ctrl command during installation of the system, and partitioning or repartitioning of the system.

The sp_configdctrl script provides a variety of controls for operating the SP SNMP Proxy Agent subsystem:

Adding the Subsystem

When the -a flag is specified, the control script uses the mkssys command to add the SP SNMP Proxy Agent subsystem to the SRC. The control script operates as follows:

  1. It makes sure that the sp_configd daemon is stopped.
  2. It removes the sp_configd subsystem from the SRC (just in case it is still there).
  3. It adds the sp_configd subsystem to the SRC.
  4. It adds an entry for the sp_configd subsystem to the /etc/inittab file. The entry ensures that the subsystem is started during boot.
  5. It adds a smux entry to the /etc/snmpd.conf file and a password entry to the /etc/snmpd.peers file for the sp_configd Proxy Agent if they do not currently exist.
  6. It appends the ibmSP MIB definitions to the /etc/mib.defs file if they do not currently exist.
  7. It issues a refresh -s snmpd command so that snmpd processes the new entries placed in the /etc/snmpd.conf and /etc/snmpd.peers files.
  8. It adds an errnotify stanza for the snmp_trap_gen function to the Object Data Manager (ODM). This function notifies the SP SNMP Proxy Agent when an entry is written to the AIX errlog which has a template specifying Alert = true.

Starting the Subsystem

When the -s flag is specified, the control script uses the startsrc command to start the SP SNMP Proxy Agent subsystem, sp_configd.

Stopping the Subsystem

When the -k flag is specified, the control script uses the stopsrc command to stop the SP SNMP Proxy Agent subsystem, sp_configd.

Deleting the Subsystem

When the -d flag is specified, the control script uses the rmssys command to remove the SP SNMP Proxy Agent subsystem from the SRC. The control script operates as follows:

  1. It makes sure that the sp_configd daemon is stopped.
  2. It removes the sp_configd subsystem from the SRC using the rmssys command.
  3. It removes the entry for the sp_configd subsystem from the /etc/inittab file.
  4. It removes entries from /etc/snmpd.conf and /etc/snmpd.peers and removes ibmSP MIB definitions from /etc/mib.defs.

Cleaning Up the Subsystem

When the -c flag is specified, the control script stops and removes the SP SNMP Proxy Agent subsystem from the SRC. The control script operates as follows:

  1. It stops the subsystem using the stopsrc -s sp_configd command.
  2. It removes the subsystem from the SRC using the rmssys command.
  3. It removes the entry for the sp_configd subsystem from the /etc/inittab file.
  4. It removes entries from /etc/snmpd.conf and /etc/snmpd.peers and removes ibmSP MIB definitions from /etc/mib.defs.

Turning Tracing On

When the -t flag is specified, the control script turns tracing on for the sp_configd daemon, by stopping the daemon and restarting it with the -T option.

Turning Tracing Off

When the -o flag is specified, the control script turns tracing off for the sp_configd daemon, by stopping the daemon and restarting it without the -T option.

Refreshing the Subsystem

The -r flag has no effect for this subsystem.

Files

/etc/snmpd.peers
Contains password entries.

/etc/snmpd.conf
Contains smux entries.

/etc/mib.defs
Contains the ibmSP MIB definitions.

Standard Error

This command writes error messages (as necessary) to standard error.

Exit Values

0
Indicates the successful completion of the command.

1
Indicates that an error occurred.

Security

You must have root privilege to run this command.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Prerequisite Information

AIX Commands Reference

Information about the System Resource Controller (SRC) in AIX General Programming Concepts: Writing and Debugging Programs

Location

/usr/lpp/ssp/bin/sp_configdctrl

Related Information

Commands: sp_configd

Examples

  1. To add the SP SNMP Proxy Agent subsystem to the SRC, enter:
    sp_configdctrl -a
    
  2. To start the SP SNMP Proxy Agent subsystem, enter:
    sp_configdctrl -s
    
  3. To stop the SP SNMP Proxy Agent subsystem, enter:
    sp_configdctrl -k
    
  4. To delete the SP SNMP Proxy Agent subsystem from the SRC, enter:
    sp_configdctrl -d
    
  5. To clean up the SP SNMP Proxy Agent subsystem, enter:
    sp_configdctrl -c
    
  6. To turn tracing on for the sp_configd daemon in the current system partition, set the SP_NAME environment variable to the appropriate system partition name, enter:
    sp_configdctrl -t
    
  7. To turn tracing off for the sp_configd daemon in the current system partition, set the SP_NAME environment variable to the appropriate system partition name, enter:
    sp_configdctrl -o
    
  8. To display the status of the SP SNMP Proxy Agent subsystem on a node or the control workstation, enter:
    lssrc -s sp_configd
    

spacctnd

Purpose

spacctnd - Enters accounting data into the System Data Repository for a node or group of nodes.

Syntax

spacctnd
{[-c acct_class_id] | [-e {true | false | default}]
 
[-j acct_job_charge] [-x {true | false}]}
 
{start_frame start_slot {node_count | rest} | -N node_group |
 
-l node_list}

Flags

-c acct_class_id
Indicates that the accounting class identifier attribute of each specified node should be changed to the value of acct_class_id . The accounting class identifier is an arbitrary string. All nodes with the same string value constitute a class for purposes of grouping and merging accounting data.

-e
Indicates that the accounting enabled attribute of each specified node should be changed. The accounting enabled attribute is an indicator of whether accounting is enabled for the node. The possible values are:

true
Accounting is enabled

false
Accounting is disabled

default
Accounting is enabled based on the value of the SP accounting enabled attribute

-j acct_job_charge
Indicates that the accounting job charge value of each specified node should be changed to the value of acct_job_charge . The job charge value is used to determine the number of charge fee units to charge a user for exclusive use of the node. Its value is in units of seconds per charge fee unit. This value must be expressed as a float value with one or more digits followed by a decimal point which is followed by one or more digits.

-x
Indicates whether accounting start and end job records and thus chargefee records are generated for jobs having exclusive use of the node. A value of true specifies that exclusive use accounting is enabled and start and end job records are generated. A value of false specifies that exclusive use accounting is not enabled and start and end job records are not generated.

-N node_group
Specifies a node group to be used for this operation. This node group must be bound to the current system partition.

-l node_list
Specifies a list of nodes to be used for this operation. Either specify a comma-delimited list of node numbers, or a file containing one line of data which is a comma-delimited list of node numbers. The file can also contain comment lines (preceded by a #) and lines that are all white space. If you use the node_list field, do not use the start_frame, start_slot, or node_count fields. (This is lowercase l, as in list.)

Operands

start_frame
Indicates which frame is the starting frame for the range of nodes in this operation. If you use the start_frame, start_slot, and node_count fields, do not use the node_list field. Select a value from 1 through 128.

start_slot
Indicates which slot is the starting slot for the range of nodes in this operation. The slot is the position in the rack that a node occupies. For example, for a thin node which is the second node in a rack that has a wide node in the first slot, the slot number is 3. If you use start_frame, start_slot, and node_count, do not use the node_list field. Specify the start slot as a number from 1 through 16.
Note:
The start_frame and start_slot must resolve to a node in the current system partition.
|

|node_count
|Indicates which nodes are to be used for the range of nodes in this |operation. If the combination of start_slot and |node_count goes past the nodes in a frame, the next sequential frame |is used for the operation. If you use start_frame, |start_slot, and node_count, do not use the |node_list field. Specify a value from 1 through 512. If |rest is specified, all the nodes from start_frame |start_slot to the end of your system are used.
|Note:
The node_count is considered to be within the current system |partition. |

Description

Run this command during installation of the SP or later to set the accounting class identifier, the accounting enabled attribute, job charge value or the exclusive use accounting enabled attribute of a node or set of nodes.

You can use the System Management Interface Tool (SMIT) to run the spacctnd command. To use SMIT, enter:

smit node_data

and select the Accounting Information option.

Note:
This command should be run only on the control workstation. You must be logged into the control workstation as root to execute this command.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |

|For example, if you want to run spacctnd using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

You must have root privilege and write access to the SDR to run this command.

|When restricted root access (RRA) is enabled, this command can only |be run from the control workstation.

Location

/usr/lpp/ssp/bin/spacctnd

Examples

The following example adds accounting SDR information for a system with 2 frames and 32 nodes. Accounting and exclusive use accounting is to be enabled for each node and 60 seconds of exclusive use by a user is to constitute one charge fee unit.

spacctnd -e true -j 60.0 -x true 1 1 32

spacl

Purpose

spacl - Manages DCE access control lists (ACLs) for one or multiple instances of SP trusted service objects.

Syntax

spacl
-a add -s service_name -o object_name -e entry_info -p permissions
 
[-G] [-n | -N node_group | -l node_list | -r start_frame start_slot node_count] [-x] [-v]

spacl
-a change -s service_name -o object_name -e entry_info
 
-p new_permissions [-G] [ -n | -N node_group | -l node_list |
 
-r start_frame start_slot node_count] [ -x] [-v]

spacl
-a check -s service_name -o object_name [-G]
 
[-n | -N node_group | -l node_list |]
 
-r start_frame start_slot node_count] [ -x] [-v]

spacl
-a perm[issions] -s service_name -o object_name [-x ] [-v]

spacl
-a remove -s service_name -o object_name -e entry_info
 
[-G] [-n | -N node_group | -l node_list | -r start_frame start_slot node_count] [-x] [-v]

spacl
-a show [-s service_name [ -o object_name]] [-G]
 
[-n | -N node_group | -l node_list |]
 
-r start_frame start_slot node_count] [ -x] [-v]

spacl
-h

Flags

-G
Allows the operation to be performed on instances of the object residing outside the current partition. If this flag is not specified, the operation is performed on instances of the object in the current partition.

-N
Specifies that the operation is to be performed on instances of the object residing on nodes belonging to node_group.

-a
Specifies which SP ACL Management action is to be performed.

-e
Indicates that the next operand is entry information (entry_info).

-l
Specifies that the operation is to be performed on instances of the object residing on nodes belonging to node_list.

-n
Specifies that the the operation is not to be performed on instances of the object residing on any node.

-o
Indicates that the next operand is the object's name (object_name).

-p
Indicates that the next operand is access permissions (permissions or new_permissions).

-r
Specifies that the operation is to be performed on instances of the object residing on nodes belonging to the range specified by start_frame start_slot node_count.

-s
Indicates that the next operand is the trusted service's name ( service_name).

-v
Specifies that verbose mode is active, indicating informational messages are to be displayed to standard output. These messages include an echo of the spacl command issued, as well as the specific dcecp command or commands that are formulated and issued. If this flag is not used, informational messages are suppressed.

-x
Specifies that the operation is to exclude the instance of the object residing on the control workstation

-h
Displays the command syntax.

Operands

service_name
Specifies the particular SP trusted service for which the object instances are associated. Valid values are found in the spsec_defaults file, located in /usr/lpp/ssp/config/spsec_defaults. If there is an overriding name in the spsec_overrides file, then use that name for this operand.

object_name
Specifies the name of the object upon which the operation will occur. Valid object names are given by the SP trusted services. These can be listed using the show operation of spacl.

entry_info
Specifies that the ACL entry be either added, removed, or changed on the object instances. It is specified by a concatenation of the ACL entry type information with the ACL entry key information, separated by a colon. Its form is:
type:key

For more information see the ACL Syntax section in DCE AIX: Administrative Guide, provided in the DCE online documentation.

new_permissions
Specifies the string of permission accesses to replace the permissions part of an existing ACL entry for the object instances.

permissions
Specifies the string of permission accesses used to specify a new ACL entry for the object instances.

node_group
Specifies the name of a predefined node group. If -G is supplied, a global node group is assumed; otherwise a partition-bound node group is assumed.

node_list
Specifies a list of nodes. Specify either a comma delimited list of node numbers, or a file containing one line of data which is a comma delimited list of node numbers. The file can also contain comment lines (preceded by a #) and lines that are all white space. |

|start_frame
|Specifies the frame number of the first node to be used for this |operation. Specify a value between 1 and 128 inclusive. |

|start_slot
|Specifies a slot number of the first node to be used for this |operation. Specify a value between 1 and 16 inclusive. |

|node_count
|Specifies the number of nodes to be used for this operation. The |node information is added for successive nodes within a frame, and when the |node count exceeds the nodes in a frame, for nodes in the next sequential |frame. Specify a value between 1 and 512 inclusive.

Description

This command enables management of DCE Access Control Lists (ACLs) for multiple instances of SP trusted service objects from anywhere on the SP. To use it, specify the SP security objects on which to operate and the type of operation you wish to perform.

To operate on a particular partition, set the environment variable SP_NAME to the particular partition name prior to issuing spacl.

Object identification information includes the name of the SP trusted service and the name of the object. If not all instances are to be operated on, you need to specify which instances by indicating where they reside. You can do this either by a node group name, a list, or a range of nodes. The ssp/hardmon service only has one instance of each object and that instance is on the control workstation. Any flags that are used to specify object instances on nodes for ssp/hardmon are ignored.

Operations to perform on SP trusted service objects include:

add
Adds the specified ACL entry to the object instances.

change
Replaces the permissions of an ACL entry in the object instances with a new set of permissions.

check
Displays the invoker's ACL permissions in reference to the specified object instances.

permissions
Returns the permission set defined by the ACL manager of the specified object.

remove
Removes the specified ACL entry from the object instances.

show
Shows the ACL entries for the object instances.

ACLs are composed of ACL entries. The string syntax of an ACL entry is type:key:permissions. Access to ACL objects relies solely on the ACL manager for that object. To find out what this permission set is, use the permission operation. You need any one of the permissions set to perform this permissions operation. In order to check the permissions you currently have, you need "t" permission. In order to modify an ACL, you need "c" permission. You need any one of the permissions set to perform the show operation.

Files

If the operand node_list is used, and the node numbers are not specified after the -l flag, the command expects a filename following -l as input to this command.

Standard Output

The -h flag displays the command syntax.

The following is summarized by operation:

add
If an ACL entry is added to an object's ACL and that exact entry already exists in the ACL, the entry is not duplicated, there are no errors, and an informational message is sent to standard output if the verbose flag is used. If an ACL entry is added to an object's ACL and the type and key already exists as an entry in the ACL, but with different permissions, the permissions are changed, there are no errors, and an informational message is sent to standard output if the verbose flag is used.

If an ACL entry is added to an object's ACL and the type and key already exist as an entry in the ACL, but with different permissions, the permissions will be changed, there are no errors, and an informational message is sent to standard output if the verbose flag is used.

change
If you try to change permissions for an instance that does not have an entry for the designated type and key, you will get an error.

check
Displays a list of permissions that the invoker has on the specified objects.

permissions
Displays the set of permissions that are associated with the specified SP trusted service's ACL manager. For example, Sysctl permissions:
{a {access: permission to access Sysctl resources}}
{c {control: permission to modify this acl}}
{t {test: permission to check access rights}}

remove
If an ACL entry is removed from an object's ACL, and that entry does not exist in the ACL, the ACL remains unchanged, there are no errors, and an informational message is sent to standard output if the verbose flag is used.

show
Displays each specified object instance followed by a list of its ACL entries. For example:
/.:/subsys/ssp/s1n01.xyz.com/sysctl/etc/sysctl.acl
{group spsec-admin -c-}
{group spsec-user a-t}
/.:/subsys/ssp/s1n02.xyz.com/sysctl/etc/sysctl.acl
{group spsec-admin -c-}
{group spsec-user a-t}
/.:/subsys/ssp/s1n03.xyz.com/sysctl/etc/sysctl.acl
{group spsec-admin -c-}
{group spsec-user a-t} 

Standard Error

Exit Values

0
Indicates successful completion of the command.

1
Indicates that an error occurred.

2
Indicates that a warning occurred.

Security

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Prerequisite Information

Section on DCE ACL Management for SP Trusted Services in IBM RS/6000 Scalable POWERparallel Systems: Administrative Guide.

Section on ACLs in DCE for AIX: Administrative Guide provided in the DCE online documentation.

Location

/usr/lpp/ssp/bin/spacl

Related Information

Files: spsec_overrides

Examples

  1. To query whether you can change an ACL for service "sysctl" with object "etc/sysctl.acl" on the control workstation, enter:
    spacl -a check -s ssp/sysctl -o etc/sysctl.acl -n
    
  2. To check what types of permissions the above object can have, enter:

    spacl -a permissions -s ssp/sysctl -o etc/sysctl.acl
    
  3. To give the "sysctl-access" group access to the sysctl object "etc/sysctl.acl" for the control workstation and all nodes on the SP, and to allow the group to check permissions, enter:
    spacl -a add -s ssp/sysctl -o etc/sysctl.acl \
    -e group:sysctl-access -p at -G
    


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]