friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatl_5.4.0.1/rzatladvstartup.htm

350 lines
21 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Advanced startup options for the cimconfig command" />
<meta name="abstract" content="You can change the advanced startup options for the CIM server with the cimconfig command." />
<meta name="description" content="You can change the advanced startup options for the CIM server with the cimconfig command." />
<meta name="DC.Relation" scheme="URI" content="rzatlconfigparms.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlssltrustmgr.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlsslenable.htm" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzatladvstartup" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Advanced startup options for the cimconfig command</title>
</head>
<body id="rzatladvstartup"><a name="rzatladvstartup"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Advanced startup options for the cimconfig command</h1>
<div><p><span>You can change the advanced startup options for the CIM server
with the cimconfig command.</span></p>
<p><img src="./delta.gif" alt="Start of change" />The following list describes the advanced startup options
for the cimconfig command, their default values, and whether they can be changed
dynamically.<img src="./deltaend.gif" alt="End of change" /></p>
<div class="note"><span class="notetitle">Note:</span> The shutdownTimeout, logLevel, traceLevel, traceComponents and traceFilePath
settings can be changed dynamically. The others cannot. For all the other
properties, you must use the <span class="parmname">-p</span> parameter to indicate
your change. You must then stop and restart the CIM Server for the change
to take effect.</div>
<div class="important"><span class="importanttitle">Important:</span> These are options are intended to be used only by advanced
users.</div>
<dl><dt class="dlterm">messageDir</dt>
<dd>The default directory to search for the message bundles. The default value
points to the shipped message bundles.<dl><dt class="dlterm">Default value</dt>
<dd>/QIBM/ProdData/OS400/CIM/msg </dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">logLevel</dt>
<dd>Sets the level of data logged. Set to TRACE, INFORMATION, SEVERE, FATAL.
The log data is saved in the QYCMCIMOM job log.<dl><dt class="dlterm">Default value</dt>
<dd>INFORMATION</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />Yes<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableNormalization </dt>
<dd>If set to true, ensures objects delivered from providers are complete
and accurate. The default is false. Do not normalize objects from trusted
entities. Objects from the repository, control providers, IBM<sup>®</sup> shipped providers
and certain vendor providers known to reliably produce valid objects should
not be normalized. Only objects from 3rd party providers added to a distribution
should be normalized. The values are true or false.<dl><dt class="dlterm">Default value</dt>
<dd>false</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">excludeModulesFromNormalization </dt>
<dd>Disables normalization for objects from specific provider modules. If
enableNormalization is set to true, all provider objects will be normalized
except for those on this exclusion list.<dl><dt class="dlterm">Default value</dt>
<dd>“”</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm"><img src="./delta.gif" alt="Start of change" />repositoryIsDefaultInstanceProvider<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><p>Enables the repository component of the CIM server to provide CIM object
instances by default. <dfn class="term">Default</dfn> means that if there is no provider
to service the client request for the CIM instance, then the CIM server repository
is used. This includes both creating and retrieving instances. If the value
of the repositoryIsDefaultInstanceProvider option is changed to false, the <span class="keyword">i5/OS™</span> providers that implement CIM
metric classes will no longer function properly. The values are true or false.</p>
<dl><dt class="dlterm">Default value</dt>
<dd>true</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableAuthentication </dt>
<dd><p>If set to true, performs authentication before any request is allowed
into the CIM server for processing. The default is true. Setting this property
to false will allow unauthenticated access to the CIM server.</p>
<p>Set enableAuthentication
to false only if you are certain your environment is secure and if you have
a very good reason.</p>
<p> The values are true or false.</p>
<dl><dt class="dlterm">Default value</dt>
<dd>true</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">sslCertificateFilePath </dt>
<dd><p>Path to the CIM servers certificate file.</p>
<p>This property must
be set to a valid certificate if enableHttpsConnection or enableSSLExportClientVerification
is set to true. Note that an expired certificate is considered valid when
it is loaded by the CIM server.</p>
<p><img src="./delta.gif" alt="Start of change" />If sslKeyFilePath is not
specified then the CIM server will attempt to load the private key from the
certificate file.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Default value</dt>
<dd>ssl/keystore/servercert.pem </dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">sslKeyFilePath</dt>
<dd><img src="./delta.gif" alt="Start of change" /><p>Path to the CIM servers private key file. This property
is not required to be set if the certificate specified in sslCertificateKeyPath
contains the private key. </p>
<p><img src="./delta.gif" alt="Start of change" />This file is not protected by
a pass phrase and must be kept in a protected directory. The value that is
specified in the default value is a protected directory.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Default value</dt>
<dd>ssl/keystore/serverkey.pem</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
<img src="./deltaend.gif" alt="End of change" /></dd>
</dl>
<dl><dt class="dlterm">sslTrustStore </dt>
<dd><p>Path to the directory or file containing the trusted certificates for
CIM Operation requests. The truststore can include CA certificates.</p>
<p>This
property must be set if sslClientVerificationMode is set to required.</p>
<p>If
sslClientVerificationMode is set to optional, then this property may be set
to empty. In this case no certificates are trusted.</p>
<p>If this property
is set to an empty directory, or an empty file, then no certificates are trusted.</p>
<p>If
sslClientVerificationMode is set to disabled, this property is not used. </p>
<dl><dt class="dlterm">Default value</dt>
<dd>ssl/truststore/</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">exportSSLTrustStore </dt>
<dd><p>Path to the directory or file containing the trusted certificates for
CIM Export requests. The truststore can include CA certificates.</p>
<p>This
property must be set if enableSSLExportClientVerificationMode is set to true.</p>
<p>If
this property is set to an empty directory, or an empty file, then no export
certificates are trusted.</p>
<p>This property only takes effect if enableSSLExportClientVerification
is set to true.</p>
<dl><dt class="dlterm">Default value</dt>
<dd>ssl/exporttruststore/</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">crlStore </dt>
<dd><p>Path to the directory or file containing the certificate revocation
lists.</p>
<p>If this property is not set, set to an empty directory, or set
to an empty file, then no CRLs are loaded.</p>
<p>This property only takes
effect if sslClientVerificationMode is set to required or optional, or enableSSLExportClientVerification
is set to true.</p>
<dl><dt class="dlterm">Default value</dt>
<dd>ssl/crlstore/</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">sslClientVerificationMode </dt>
<dd><p>Sets the mode of SSL client certificate verification.</p>
<p>Set to
required, optional, or disabled.</p>
<p>If set to required, the CIM server
always requires verification of a client certificate on the HTTPS port and
rejects the request if the client certificate is not trusted. The httpAuthType
property is not used.</p>
<p>Optional means the CIM server will verify a client
certificate if available, otherwise the CIM server will use the httpAuthType
setting for client verification.</p>
<p>Disabled means the CIM server will
always use the httpAuthType setting for client verification.</p>
<p>This property
is only effective if enableHttpsConnection is set to true.</p>
<dl><dt class="dlterm">Default value</dt>
<dd><img src="./delta.gif" alt="Start of change" />optional<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">sslTrustStoreUserName </dt>
<dd><p>Identifies the username that is to be user context for the CIM Operation
request when certificate authentication is used, and a username cannot be
associated with a specific certificate file. The user context is the <span class="keyword">i5/OS</span> user profile under which the
provider is invoked to perform the CIM request. This property must be set
to a valid user profile on <span class="keyword">i5/OS</span>.</p>
<p>If
sslClientVerificationMode is set to disabled, this property has no effect.</p>
<p><img src="./delta.gif" alt="Start of change" />If sslTrustStore is set to a directory, then this property has
no effect. The username associated with the certificate file in the directory
is the user context for the CIM operation request. The default setting for
sslTrustStore is a directory.<img src="./deltaend.gif" alt="End of change" /></p>
<p><img src="./delta.gif" alt="Start of change" />If sslTrustStore is set to
a single file, then this property must be set to a username, otherwise the
CIM server will log an error and not start. In this case, ALL certificates
included in the file are assigned to the username specified by sslTrustStoreUserName.
This user name becomes the user context for the CIM Operation request.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Default value</dt>
<dd><img src="./delta.gif" alt="Start of change" />""<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableSubscriptionsForNonprivilegedUsers </dt>
<dd>Set to true or false. The default is false. False means that only a user
with *IOSYSCFG and *ALLOBJ authorities will be allowed to create Indication
Subscriptions.<dl><dt class="dlterm">Default value</dt>
<dd>false</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableSSLExportClientVerification </dt>
<dd><div class="p">Set to true or false. If true, allows export clients to connect using
HTTPS on the port specified by the service name wbem-exp-https. Only CIM Export
requests are allowed on this port. <div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />If the wbem-exp-https
port is not defined in the systems TCP/IP services table, then the CIM server
will log an error and not start. Since wbem-exp-https is an IANA standard
service, it will be in the i5/OS services table by default.<img src="./deltaend.gif" alt="End of change" /></div>
</div>
<p>If false,
then no requests are allowed on the wbem-exp-https port.</p>
<dl><dt class="dlterm">Default value</dt>
<dd>true</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">shutdownTimeout</dt>
<dd><p><img src="./delta.gif" alt="Start of change" />Set to a number of seconds. When an ENDTCPSVR *CIMOM command
is issued, the timeout is the maximum number of seconds allowed for the CIM
server to complete outstanding CIM operation requests before shutting down.
If the specified timeout period expires, the CIM server will shut down, even
if there are still CIM operations in progress. Minimum value is 2 seconds.
Default value is 10 seconds.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Default value</dt>
<dd>10</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />Yes<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">traceLevel </dt>
<dd><p><img src="./delta.gif" alt="Start of change" />Level of debug trace. Range is 1 to 4. A traceLevel of
1 only traces function exits, the minimum trace. A trace level of 4 is the
maximum trace.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Default value</dt>
<dd>1</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />Yes<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">traceFilePath </dt>
<dd>Path to the trace file.<dl><dt class="dlterm">Default value</dt>
<dd>/qibm/userdata/os400/cim/cimserver.trc </dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />Yes<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">traceComponents </dt>
<dd> Components of Pegasus to trace. The valid settings are listed in <a href="rzatltraceoptions.htm#rzatltraceoptions">Settings for the traceComponents option</a>.<dl><dt class="dlterm">Default value</dt>
<dd>empty</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />Yes<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableAssociationTraversal </dt>
<dd>Set to true or false. The default is true. True means association traversal
is enabled. False will disable association traversal.<dl><dt class="dlterm">Default value</dt>
<dd>true</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">enableIndicationService</dt>
<dd>Set to true or false. The default is true. True means the indication service
is enabled. False will disable the indication service.<dl><dt class="dlterm">Default value</dt>
<dd>true</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
<dl><dt class="dlterm">tempLocalAuthDir</dt>
<dd>The directory where the Pegasus server writes temporary files that it
uses during local authentication.<dl><dt class="dlterm">Default value</dt>
<dd>/tmp</dd>
<dt class="dlterm"><img src="./delta.gif" alt="Start of change" />Dynamic<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><span><img src="./delta.gif" alt="Start of change" />No<img src="./deltaend.gif" alt="End of change" /></span></dd>
</dl>
</dd>
</dl>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlconfigparms.htm" title="Before starting the CIM server, you should set several configuration properties using the cimconfig command.">Set the required configuration parameters</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzatlssltrustmgr.htm" title="This command provides a command-line interface to manage X.509 certificates in a trust store or a Certificate Revocation List (CRL).">ssltrustmgr usage information</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzatlsslenable.htm" title="For Pegasus to run in Secure Sockets Layer (SSL) mode, a private key and certificate are required. Pegasus checks for its private key and certificate during startup. If those files do not exist, Pegasus creates its private key and a self-signed 365-day certificate. You can also create a private key and certificate with this information.">Create an SSL key and certificate for Pegasus</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>
Reference in New Issue View Git Blame Copy Permalink