COSmanager FAQ
From Documentation
Revision as of 00:19, 5 July 2006 Daniels (Talk | contribs) ← Previous diff |
Revision as of 00:20, 5 July 2006 Daniels (Talk | contribs) Next diff → |
||
Line 1: | Line 1: | ||
- | == COSmanager FAQ == | + | == Scheduler (for Version 4.x Applications and Newer) == |
- | === Scheduler (for Version 4.x Applications and Newer) === | + | |
These Schedule Definitions are valid for COSmanager Framework versions 4 or newer. The Schedules for older versions of the products will still work. | These Schedule Definitions are valid for COSmanager Framework versions 4 or newer. The Schedules for older versions of the products will still work. | ||
- | ==== Schedule: Daily - except Thursday Friday ==== | + | === Schedule: Daily - except Thursday Friday === |
#Config > COSmanager configuration > Other tables > schedule | #Config > COSmanager configuration > Other tables > schedule | ||
Line 15: | Line 14: | ||
Note: the above steps can be followed for any combination of days. | Note: the above steps can be followed for any combination of days. | ||
- | === Scheduler (for Version 3.x Applications and Newer) === | + | == Scheduler (for Version 3.x Applications and Newer) == |
These Schedules are valid for all current versions of COSmanager Suite products. | These Schedules are valid for all current versions of COSmanager Suite products. | ||
- | ==== How do I define a scheduled time for the last Friday of the month? ==== | + | === How do I define a scheduled time for the last Friday of the month? === |
Set up a new scheduled time as follows: | Set up a new scheduled time as follows: | ||
Line 30: | Line 29: | ||
On some platforms the flag to tail the command may have to be... tail -4c | On some platforms the flag to tail the command may have to be... tail -4c | ||
- | ==== How do I define a scheduled time for the last working day of the month ==== | + | === How do I define a scheduled time for the last working day of the month === |
Setup new scheduled time as follows: | Setup new scheduled time as follows: | ||
Line 41: | Line 40: | ||
On some platforms the flag to the tail command may have to be ... tail -4c | On some platforms the flag to the tail command may have to be ... tail -4c | ||
- | ==== How do I define a scheduled time for once a fortnight ==== | + | === How do I define a scheduled time for once a fortnight === |
Setup new scheduled time based on the following: | Setup new scheduled time based on the following: | ||
Line 66: | Line 65: | ||
`expr $WK % 2` returns a modulo 2 number, 1 for the first week in a fortnight, and 0 for the second. | `expr $WK % 2` returns a modulo 2 number, 1 for the first week in a fortnight, and 0 for the second. | ||
- | ==== How do I define a scheduled time for the last Friday of June and December (6 monthly) ==== | + | === How do I define a scheduled time for the last Friday of June and December (6 monthly) === |
Setup new scheduled time as follows: | Setup new scheduled time as follows: | ||
Line 78: | Line 77: | ||
- | === General Questions === | + | == General Questions == |
- | ==== How does COSmanager's remote system management affect the security of remotely managed systems? (draft) ==== | + | === How does COSmanager's remote system management affect the security of remotely managed systems? (draft) === |
To answer this it is necessary to explain how COSmanager manages those systems. | To answer this it is necessary to explain how COSmanager manages those systems. | ||
Line 94: | Line 93: | ||
By ensuring that the root account on COSmanager masters is protected from unauthorised use, COSmanager does not introduce further security risks to a network. COSmanager facilitates this by enabling the use of the root account to be minimised. | By ensuring that the root account on COSmanager masters is protected from unauthorised use, COSmanager does not introduce further security risks to a network. COSmanager facilitates this by enabling the use of the root account to be minimised. | ||
- | ==== CPIO versus TAR versus DUMP (draft) ==== | + | === CPIO versus TAR versus DUMP (draft) === |
Advantages of CPIO: | Advantages of CPIO: | ||
Line 131: | Line 130: | ||
*ATT 4.3 version of ufsdump is broken | *ATT 4.3 version of ufsdump is broken | ||
- | ==== When adding a user to a hostgroup, how do I perform commands on all hosts in the hostgroup? ==== | + | === When adding a user to a hostgroup, how do I perform commands on all hosts in the hostgroup? === |
Following is the code you need in your SetupUser script. | Following is the code you need in your SetupUser script. | ||
if [ -n "$Access" ]; then | if [ -n "$Access" ]; then | ||
Line 149: | Line 148: | ||
"$Command" represents the command you wish to execute. | "$Command" represents the command you wish to execute. | ||
- | ==== How do I access COSmanager man pages on the Sequent ptx 2.x port? ==== | + | === How do I access COSmanager man pages on the Sequent ptx 2.x port? === |
The normal method to access COSmanager man pages is to alter the MANPATH environment variable. The operating system Dynix/ptx 2.x does not have or use the MANPATH environment variable. | The normal method to access COSmanager man pages is to alter the MANPATH environment variable. The operating system Dynix/ptx 2.x does not have or use the MANPATH environment variable. | ||
Revision as of 00:20, 5 July 2006
Scheduler (for Version 4.x Applications and Newer)
These Schedule Definitions are valid for COSmanager Framework versions 4 or newer. The Schedules for older versions of the products will still work.
Schedule: Daily - except Thursday Friday
- Config > COSmanager configuration > Other tables > schedule
- select "70 Daily - except Thursday" > Maintain > Clone
- change Order to 75
- change Schedule name to "Daily - except Thursday Friday"
- press choose on Day(s) and use Ctrl-click to select all days EXCEPT Thursday and Friday
- press Accept
Note: the above steps can be followed for any combination of days.
Scheduler (for Version 3.x Applications and Newer)
These Schedules are valid for all current versions of COSmanager Suite products.
How do I define a scheduled time for the last Friday of the month?
Set up a new scheduled time as follows:
Ord:nnn When:Monthly - last Friday Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -d$D2-$D1 -w5 $Today $Start Crontab string:* * 5 Check cron:yes
On some platforms the flag to tail the command may have to be... tail -4c
How do I define a scheduled time for the last working day of the month
Setup new scheduled time as follows:
Ord:nnn When:Monthly - last working day Schedule Cmd:day=`cal | tail -c4` ; last="`date +%Y%m$day`" ; [ "`db_date`" -eq "`db_datemat -p -b -w1-5 $last`" ] Crontab string:* * * Check cron:yes
On some platforms the flag to the tail command may have to be ... tail -4c
How do I define a scheduled time for once a fortnight
Setup new scheduled time based on the following:
Example: schedule time for the first Monday each fortnight:
Ord:nnn When:Fortnightly - 1st Monday Schedule Cmd:WK=`date +%U` db_datemat -w1 && [ 1 -eq `expr $WK % 2` ] Crontab string:* * 1 Check cron:yes
Example: schedule time for the second Wednesday each fortnight:
Ord:nnn When:Fortnightly - 2nd Wednesday Schedule Cmd:WK=`date +%U` db_datemat -w3 && [ 0 -eq `expr $WK % 2` ] Crontab string:* * 3 Check cron:yes
Explanation of example Schedule Commands above:
WK=`date +%U` gets the week number for today. db_datemat -w3 returns true if today is Wednesday. -w0 is Sunday, -w6 is Saturday. `expr $WK % 2` returns a modulo 2 number, 1 for the first week in a fortnight, and 0 for the second.
How do I define a scheduled time for the last Friday of June and December (6 monthly)
Setup new scheduled time as follows:
Ord:nnn When:June, Dec - last Friday Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -m6,12 -d$D2-$D1 -w5 $Today $Start Crontab string:* * 5 Check cron:yes
On some platforms the flag to the tail command may have to be ... tail -4c
General Questions
How does COSmanager's remote system management affect the security of remotely managed systems? (draft)
To answer this it is necessary to explain how COSmanager manages those systems.
For the purpose of system management, COSmanager defines a host as either a Master, a Remote or a Slave. A Slave system can only administer itself. A Master can administer and any other host marked as Remote or Slave. A Remote system is another Master on the same network. This enables arbitary management domains to be defined.
To administer a Slave, a Master executes commands through a local program called FSremote. This program looks up a communication method, in the comm_meth table, and uses this to execute the command via the FSadmin command on the Slave.
The standard communication method used by COSmanager is rsh. To use this method a .rhosts file is created for the user fsadmin on the Slave systems that allow root or fsadmin access from the Master. In itself, this .rhosts file does not represent a security threat. In version 2.5.2 the fsadmin account is not privileged and users remotely logging in are captured by a .profile and securely put into COSmanager.
The command, FSadmin, is a set UID root program used to either start COSmanager or execute a command passed as a parameter. Running the command CM results in the execution of FSadmin which starts COSmanager. Under normal usage, the FSadmin command performs security checks to validate the user ID and check that they are authorised to use COSmanager. If the FSadmin command is invoked by root or fsadmin and passed a command to execute the normal security checks are bypassed and the command is run as root. This is the case when it is executed by FSremote to manage a remote system.
Normally the slave FSadmin is executed as a request from a COSmanager Master. This ensures that the user on the Master is allowed to run that administration task. However, if the user on the Master can get an fsadmin or a root shell, then they can remotely execute any command on any slave as root. This is possible because the slave does not authenticate that the commands were sent by COSmanager. This means that root on the Master system has root privilages on all the remote systems. Most products currently available on the market do not perform authentication,and so are susceptable to the same problem.
By ensuring that the root account on COSmanager masters is protected from unauthorised use, COSmanager does not introduce further security risks to a network. COSmanager facilitates this by enabling the use of the root account to be minimised.
CPIO versus TAR versus DUMP (draft)
Advantages of CPIO:
- allows file/pathnames of up to 1024 characters
- streaming, ie. non-blocked, output is good for non-blocking devices (networks, disk files, some tape drives)
- uses wildcards to match filenames upon restore
- can interactively rename files during restore
- reads list of filenames to backup from stdin; this allows for precise control of files backed up, but can be an inconvenience as well since more thought has to go into using the command
- flexible use at the beginning or end of a shell pipeline, or as a filter (read filenames from stdin, send archive to stdout, or vice versa)
- preserves hard links and symbolic links, as selected by options
- SVR4 (and Solaris) support multiple volumes
- backup and restore special device files
- supports incremental backups
Disadvantages of CPIO:
- recovering files from a damaged archive can prove difficult if the archive contains other cpio archives, since the embedded archive trailer will cause recovery to become out-of-sync
- somewhat less portable than tar, although afio is freely available as source code
- somewhat obnoxious options dealing with directory creation during a restore operation
- filesystems being backed up *must* be mounted; a file could be modified while being written to media
- no built-in method for incrementals (must use "find -mtime" technique, which has crude granularity)
- format is not portable from SVR4 to SVR3
Disadvantages of TAR:
- does not handle long filenames
Advantages of DUMP:
- maintains an index on the tape
- supports backup of unmounted filesystems
Disadvantages of DUMP:
- does not read through the filesystem, but reads the raw device. Therefore dump backups can be out of sync with the in memory copy of the filesystem
- filesystems should be unmounted before performing a dump backup
- restore will not work remotely because it opens /dev/tty
- format not portable across all platforms
- not available on AIX 3.2
- ATT 4.3 version of ufsdump is broken
When adding a user to a hostgroup, how do I perform commands on all hosts in the hostgroup?
Following is the code you need in your SetupUser script.
if [ -n "$Access" ]; then AccessListAll=`db_sel -h acchost "Hostgroup == \"$Access\"" Hostname` fi for host in $AccessListAll# execute on each host in access list do if [ "$ADMINHOST" = "$host" ] then $Command else FSremote $host "$Command" fi done
"$Command" represents the command you wish to execute.
How do I access COSmanager man pages on the Sequent ptx 2.x port?
The normal method to access COSmanager man pages is to alter the MANPATH environment variable. The operating system Dynix/ptx 2.x does not have or use the MANPATH environment variable.
For ptx, third party software man pages need to be preprocessed (using nroff(1)), packed (using pack(1)) and linked to the standard man page directory. Following is a list of commands to do this for you:
cd $Fshome/man/man1 for MP in `echo *.1`; do nroff -man $MP > $MP.tmp pack $MP.tmp mv $MP.tmp.z $MP.z ln -s $MP.z /usr/catman/man1/$MP.z done
$FShome/man/man1 contains COSmanager application related man pages. $FShome/man/manp contain Functional Toolset related man pages