chndaf Command

Purpose

Changes the configuration of the AIX® Network Data Administration Facility (NDAF).

Syntax

/usr/sbin/chndaf [ -I | -B | -N ] [ parameter=value ]

Description

The chndaf command modifies the parameters used by the dms and the dmadm daemons. Depending on the flags that you specify, the changes take place at different times. You can save the changes in the /etc/rc.ndaf startup script for subsequent restarts.

Flags

Item Description
-B Temporarily stops the daemons currently running on the system, modifies the /etc/rc.ndaf startup script with the new parameters, and restarts the daemons with the indicated parameters. This flag is the default.
-I Modifies the /etc/rc.ndaf script so that the specified parameters run when the daemons restart.
-N Temporarily stops the daemons currently running on the system and restarts the daemons with the indicated parameters.

Parameters

You can specify one or more of the following optional parameter values:

Item Description
-admin_serv=yes | no
yes
Specifies an NDAF administration server. Both the dms and dmadm daemons are started.
no
Specifies an NDAF data server. Only the dms daemon is started.
-rpc_timeout=val Sets the timeout for an RPC connect or call. The default value is 300 seconds.
-log_level=val Sets the level of logging for the log files. The default value is notice. You can specify the following values:
  • critical
  • error
  • warning
  • notice
  • information
-security=val Sets the type of security method that is used. The default value is krb5. You can specify the following values:
auth_sys
User ID and group ID (UID/GID) authentication
krb5
Kerberos authentication
krb5i
Kerberos integrity authentication
krb5p
Kerberos privacy authentication
-krb5_principal=val Sets the Kerberos principal that is used for the kinit command, with which you can renew your credentials.
-admin_port=val Sets the dmadm port waiting for the dmf remote procedure call (RPC). The default value is 28000.
-serv_port=val Sets the dms port waiting for the dmadm RPC. The default value is 28001.
-admin_cb_port=val Sets the dmadm port waiting for the dms RPC callbacks. The default value is 28002.
-serv_serv_port=val Sets the dms port waiting for the dms RPC. The default value is 28003.
-ndaf_dir=val Sets the base directory for NDAF. By default, it contains databases, logs and also the data sets and replicas that are created with no specific path. If you do not specify the -ndaf_dataset_default value, data sets are placed here by default. If you do not specify the -ndaf_replica_default value, replicas are placed here by default. The following subdirectories are created:
${ndaf_dir}/dsets
If you do not specify the -ndaf_dataset_default parameter, the base directory contains data sets that are created without a path where they must be placed.
${ndaf_dir}/replicas
If you do not specify the -ndaf_replica_default parameter is not specified, the base directory contains replicas that are created without a path where they must be placed.
${ndaf_dir}/log
If you do not specify the -ndaf_log_dir parameter, the base directory contains log files for the dms and the dmadm daemons.
${ndaf_dir}/admin
The base directory contains the administration databases.
${ndaf_dir}/server
The base directory contains the data server databases.

Requirement: You must specify the -ndaf_dataset_default and -ndaf_replica_default parameters or you must specify the -ndaf_dir parameter. You must have previously enabled the creation of cells, data sets, and replicas, using the dms_enable_fs command, on the file systems containing the specified directories to store the data sets and replicas.
-ndaf_dataset_default=val Sets the default directory for data sets. The default is ${ndaf_dir}/dsets.

Requirement: You must specify the -ndaf_dataset_default and -ndaf_replica_default parameters or you must specify the -ndaf_dir parameter. You must have previously enabled the creation of cells, data sets, and replicas, using the dms_enable_fs command, on the file systems containing the specified directories to store the data sets and replicas.
-ndaf_replica_default=val Sets the default directory for replicas. The default is ${ndaf_dir}/replicas.

Requirement: You must specify the -ndaf_dataset_default and -ndaf_replica_default parameters or you must specify the -ndaf_dir parameter. You must have previously enabled the creation of cells, data sets, and replicas, using the dms_enable_fs command, on the file systems containing the specified directories to store the data sets and replicas.
-ndaf_log_dir=val Sets the directory for log files. The default is ${ndaf_dir}/log.
-krb5_keytab=val Indicates the Kerberos keytab path. If you do not specify the parameter and the system resource controller (SRC) is not in use, the keytab is defined either by the KRB5_KTNAME environment variable, or by the default as specified in the /etc/krb5/krb5.conf file (when the KRB5_KTNAME variable is not set). If you do not specify the parameter but the SRC is in use, the keytab is always the default as specified in the /etc/krb5/krb5.conf file.
-nfs_args=val Specifies arguments to be used when data sets are exported by NDAF using NFS. The NFS arguments are formatted exactly as they are for the exportfs command.

Examples

  1. To configure this system as an NDAF administration server, use the following command:

    chndaf -admin_serv=yes -ndaf_dir=/var/dmf \
-ndaf_dataset_default=/ndafpool/dset \
-ndaf_replica_default=/ndafpool/replica -I

    This change is made for the restart of the next daemons.

  2. To restrict exports to krb5p only, use the following command: 
    chndaf -nfs_args=sec=krb5p
    If you specify the NFS version number in the vers=stanza form, you must include version 4; otherwise, NDAF does not work correctly. If you do not specify the version number, the file systems are exported for NFSv4 only. To export for versions 3 and 4, use the following command: 
    chndaf -nfs_args=vers=3:4
    .

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.