xref: /titanic_50/usr/src/man/man1m/dcs.1m (revision 174bc6499d233e329ecd3d98a880a7b07df16bfa)
te
Copyright 2005 (c), Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
DCS 1M "Apr 25, 2006"
NAME
dcs - domain configuration server
SYNOPSIS

/usr/lib/dcs [-s sessions]
 [ [-a auth] [-e encr] [-u esp_auth] ] [-l]
DESCRIPTION

The Domain Configuration Server (DCS) is a daemon process that runs on Sun servers that support remote Dynamic Reconfiguration (DR) clients. It is started by the Service Management Facility (see smf(5)) when the first DR request is received from a client connecting to the network service sun-dr. After the DCS accepts a DR request, it uses the libcfgadm(3LIB) interface to execute the DR operation. After the operation is performed, the results are returned to the client.

The DCS listens on the network service labeled sun-dr. Its underlying protocol is TCP. It is invoked as a server program by the SMF using the TCP transport. The fault management resource identifier (FMRI) for DCS is:

svc:/platform/sun4u/dcs:default

If you disable this service, DR operations initiated from a remote host fail. There is no negative impact on the server.

Security for the DCS connection is provided differently based upon the architecture of the system. The SMF specifies the correct options when invoking the DCS daemon, based upon the current architecture. For all architectures, security is provided on a per-connection basis.

The DCS daemon has no security options that are applicable when used on a Sun Enterprise 10000 system. So there are no options applicable to that architecture.

The security options for Sun Fire high-end systems are based on IPsec options defined as SMF properties. These options include the -a auth, -e encr, and -u esp_auth options, and can be set using the svccfg(1M) command. These options must match the IPsec policies defined for DCS on the system controller. Refer to the kmd(1M) man page in the System Management Services (SMS) Reference Manual. The kmd(1M) man page is not part of the SunOS man page collection.

Security on SPARC Enterprise Servers is not configurable. The DCS daemon uses a platform-specific library to configure its security options when running on such systems. The -l option is provided by the SMF when invoking the DCS daemon on SPARC Enterprise Servers. No other security options to the DCS daemon should be used on SPARC Enterprise Servers.

OPTIONS

The following options are supported: -a auth

Controls the IPsec Authentication Header (AH) algorithm. auth can be one of none, md5, or sha1.

-e encr

Controls the IPsec Encapsulating Security Payload (ESP) encryption algorithm. encr can be one of none, des, or 3des.

-l

Enables the use of platform-specific security options on SPARC Enterprise Servers.

-s sessions

Sets the number of active sessions that the DCS allows at any one time. When the limit is reached, the DCS stops accepting connections until active sessions complete the execution of their DR operation. If this option is not specified, a default value of 128 is used.

-u esp_auth

Controls the IPsec Encapsulating Security Payload (ESP) authentication algorithm. esp_auth can be one of none, md5, or sha1.

EXAMPLES

Example 1 Setting an IPSec Option

The following command sets the Authentication Header algorithm for the DCS daemon to use the HMAC-MD5 authentication algorithm. These settings are only applicable for using the DCS daemon on a Sun Fire high-end system.

# svccfg -s svc:/platform/sun4u/dcs setprop dcs/ah_auth = "md5"
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_encr = "none"
# svccfg -s svc:/platform/sun4u/dcs setprop dcs/esp_auth = "none"
# svcadm refresh svc:/platform/sun4u/dcs
ERRORS

The DCS uses syslog(3C) to report status and error messages. All of the messages are logged with the LOG_DAEMON facility. Error messages are logged with the LOG_ERR and LOG_NOTICE priorities, and informational messages are logged with the LOG_INFO priority. The default entries in the /etc/syslog.conf file log all of the DCS error messages to the /var/adm/messages log.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

svcs(1), cfgadm_sbd(1M), svcadm(1M), svccfg(1M), syslog(3C), config_admin(3CFGADM), libcfgadm(3LIB), syslog.conf(4), attributes(5), smf(5), dr(7D)

NOTES

The dcs service is managed by the service management facility, smf(5), under the fault management resource identifier (FMRI):

svc:/platform/sun4u/dcs:default

Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The service's status can be queried using the svcs(1) command.