ctcasd.cfg File

Purpose

Provides operational parameters to the cluster security services daemon ctcasd.

Description

The ctcasd.cfg configuration file defines the operational parameters to the cluster security services daemon ctcasd. The ctcasd daemon reads this file when it (the daemon) initializes. The ctcasd daemon expects to find this configuration file in either the /var/ct/cfg directory (preferred) or in the /usr/sbin/rsct/cfg directory (default). System administrators can modify the contents of the file stored in the /var/ct/cfg directory, but should not modify the default version of the file in /usr/sbin/rsct/cfg unless instructed to do so by the cluster software service provider.

This file is ASCII-formatted, and can be modified using any available text editor. One attribute can be defined per line within this file. Attributes are specified as follows:
attribute=value
The following attributes are defined:
Attribute
Definition
TRACE
Indicates whether daemon tracing is activated. Acceptable values are ON and OFF. If the TRACE attribute is not listed in the ctcasd.cfg file, tracing is not activated. For coexistence with earlier versions of RSCT, TRACE= false is interpreted as TRACE= OFF.
TRACEFILE
Specifies the fully-qualified path name where daemon tracing information is to be recorded.
TRACELEVELS
Indicates the tracing granularity employed by the daemon when tracing is activated. The possible trace categories are:
_SEC:Errors
Captures error information in the trace log. Possible values are: 1, 2, 4, and 8.
_SEC:API
Tracks the entry and exit of subroutines within the daemon. Possible values are: 1 and 8.
_SEC:Perf
Captures performance-related information. Possible values are: 1, 4, and 8.
_SEC:Info
Traces the general execution progress of the daemon. Possible values are: 1, 2, 3, 4, and 7.
When setting the values of these trace categories, keep in mind that the lower the number is, the less intrusive (and less detailed) the trace will be. Multiple traces can be enabled at once. For example, if an administrator wants to enable a trace that captures basic performance data and highly-detailed error data, the specification for TRACELEVELS would be:
TRACELEVELS=_SEC:Perf=1,_SEC:Errors=8
TRACESIZE
Specifies the size of the trace file in bytes. The default value is 1 megabyte.
RQUEUESIZE
Indicates the maximum length permitted for the daemon's internal run queue. If this value is not set, a default value of 64 is used.
MAXTHREADS
The limit to the number of working threads that the daemon may create and use at any given time (the "high water mark"). If this value is not set, a default value of 10 is used.
MINTHREADS
The number of idle threads that the daemon will retain if the daemon is awaiting further work (the "low water mark"). If this value is not, set, a default value of 4 is used.
THREADSTACK
Sets the internal memory used by the daemon for thread stack space. The value is expressed in bytes. If no value is specified, the default system thread stack size is used. This value should not be modified by the administrator unless instructed to do so by IBM® Service.
HBA_USING_SSH_KEYS
Indicates whether the daemon is making use of Secured Remote Shell keys. Acceptable values are true and false. If this value is not defined, a default value of false is used. See Restrictions.
HBA_PRVKEYFILE
Provides the full path name of the file that contains the local node's private key. If this value is not set, the default location of /var/ct/cfg/ct_has.qkf is used.
HBA_PUBKEYFILE
Provides the full path name of the file that contains the local node's public key. If this value is not set, the default location of /var/ct/cfg/ct_has.pkf is used.
HBA_THLFILE
Provides the full path name of the file that contains the local node's trusted host list. If this value is not set, the default location of /var/ct/cfg/ct_has.thl is used.
HBA_KEYGEN_METHOD
Indicates the method to be used by ctcasd to generate the private and public keys of the local node if the files containing these keys do not exist. Acceptable values are those that can be provided as arguments to the ctskeygen -m command. If no value is provided for this attribute, the default value of rsa1024 is used.
SERVICES
Lists the internal cluster security services library services that the daemon supports. This entry should not be modified by system administrators unless they are explicitly instructed to do so by the cluster security software service provider.

Restrictions

Cluster security services supports only its own private and public key formats and file formats. Secured Remote Shell formats are currently unsupported. Settings for the HBA_USING_SSH_KEYS attribute are ignored.

Examples

This example shows the default contents of the configuration file:
TRACE= ON
	TRACEFILE= /var/ct/IW/log/ctsec/ctcasd/trace
	TRACELEVELS= _SEC:Info=1,_SEC:Errors=1
	TRACESIZE= 1003520
	RQUEUESIZE=
	MAXTHREADS=
	MINTHREADS=
	THREADSTACK= 131072
	HBA_USING_SSH_KEYS= false
	HBA_PRVKEYFILE=
	HBA_PUBKEYFILE=
	HBA_THLFILE=
	HBA_KEYGEN_METHOD= rsa512
	SERVICES=hba CAS
After modification, the contents of the configuration file might look like this:
TRACE= ON
	TRACEFILE= /var/ct/IW/log/ctsec/ctcasd/trace
	TRACELEVELS= _SEC:Perf=1,_SEC:Errors=8
	TRACESIZE= 1003520
        RQUEUESIZE= 64
        MAXTHREADS= 10
        MINTHREADS= 4
        THREADSTACK= 131072
	HBA_USING_SSH_KEYS= false
        HBA_PVTKEYFILE= /var/ct/cfg/qkey
        HBA_PUBKEYFILE= /var/ct/cfg/pkey
        HBA_THLFILE= /var/ct/cfg/thl
        HBA_KEYGEN_METHOD= rsa512
	SERVICES= hba CAS

Location

/var/ct/cfg/ctcasd.cfg
Contains the ctcasd.cfg file

Files

/usr/sbin/rsct/cfg/ctcasd.cfg
Default location of the ctcasd.cfg file