System Configuration Files
There are a number of system configuration files used as input to a system generation and output by the process of system generation of a RVU.
| Caution | The RVU is the collection of compatible revisions of NonStop Kernel operating system software products, identified by a RVU ID such as Release Version Update G06.18, and supported as a unit. The RVU is distributed to customers via Site Update Tapes (SUTs). SUTs may include the complete RVU or only selected products. |
| Caution | A Site Update Tape (SUT) is unique to a customer and a system. The tape(s) contain the products purchased by the customer for the target system. The tape(s) include the softdoc and all the necessary files for each product purchased. A SUT can be ordered each time a new release of the system software is made available. |
A full SUT contains the current RVU of the operating system and all ordered products.
A partial SUT contains a specific subset of products for the current RVU of the operating system.
The system manger generates the operating system image using the DSM/SCM subsystem or SYSGENR directly.
RISK Normally there is limited risk in allowing the general user READ access to the configuration files.
AP-ADVICE-SYSCNFG-01 WRITE and PURGE access to system configuration files should be controlled.
The files that supply input to SYSGENR are:
CONFAUX file
CONFTEXT
Preexisting files, such as interim product modifications (IPMs) or user application files, loaded from a SUT during the Install process
The files that are output or generated by SYSGENR are:
CONFALT
CONFBASE
CONFLIST
OSCONFIG
The files that are copied as part of the function of SYSGENR are:
CIIN
CUSTFILE
RLSEID
CONFALT File
The CONFALT file stores the active system configuration as generated by the last SYSGENR and possibly modified by COUP. The CONFALT file is used in cold loading the system and maintaining the current configuration.
RISK This file is generated and maintained by the system and should not be modified manually in any manner.
CONFAUX File
The CONFAUX file is an EDIT file provided on HP SUT tapes. It contains a series of statements that define the locations of operating system programs, library codes, and microcode files that are used by the CONFTEXT file to build the new operating- system files during SYSGENs.
This file is initially created by DSM/SCM and contains information supplied by HP. It is rarely necessary to edit the file. However, if SYSGENR is run outside of DSM/SCM, the CONFAUX file must be created manually
RISK HP recommends that no changes be made to the CONFAUX file because the continuity of the configuration may be in question.
CONFBASE File
The CONFBASE file is placed on the target SYSnn subvolume specified in DSM/SCM. It contains the minimal configuration to load the system. Generally it would be used in disaster recovery situations or very special circumstances.
$SYSTEM.SYSnn.CONFBASE only configures:
$SYSTEM disk volume
$ZZKRN Kernel subsystem manager
$ZZSTO storage subsystem manager
$ZHOME reliable home-terminal process
RISK Changing the CONFBASE file could negate its ability to perform in a disaster situation.
AP-ADVICE-CONFBASE-01 Needing to load the system from the CONF- BASE file is unlikely . However, if the current configuration file has become corrupted and there is no other configuration file from which to load the system, it may be necessary to use this method. Only extremely knowledgeable personnel should have access to this file.
CONFLIST File
The CONFLIST file is created by SYSGENR. As SYSGENR processes the CONFTEXT file, it writes actions taken, including error and warning messages. The CONFLIST is the equivalent of a language compiler output listing.
AP-ADVICE-CONFLIST-01 HP recommends that no changes be made to the CONFLIST file because the continuity of the configuration may be in question.
CONFTEXT File
The CONFTEXT configuration file is an EDIT file provided on HP SUT tapes which is used as input to the SYSGENR function. It contains a series of statements defining the hardware and software components of the target system. The file is used to create the operating system image (OSIMAGE file) in the new $SYSTEM.SYSnn sub- volume. The file defines the following items:
The hardware configuration of the system, including the number of processors, controllers, devices, and their connecting paths.
The system library, system code, microcode, and other operating system files needed by the system.
The relationship of the system to other systems in a network.
The contents of the CONFTEXT file depend on the architecture of the HP NonStop server. The following categories are included in the CONFTEXT File. CISC-only paragraphs are noted.
| CONFTEXT File Categories | |
|---|---|
| Paragraph | Contents |
| DEFINEs | (optional) Alphanumeric character string and associated macro name. This feature allows specification of a common configuration statement once, which can be referred to thereafter with a macro name . |
| MULTIFUNCTION CONTROLLERS (CISC only) | Identification of all system names , product numbers , primary and backup processors, and subchannel addresses for each multifunction controller supporting a communications subsystem logical device. |
| CONTROLLERS (CISC only) | Identification of each controller name in the system and specification of each controller, primary and backup processor, and subchannel address. |
| PATHS (CISC only) | The path name and controller name for each 3650 CSS. |
| MICROCODE_FILES (CISC only) | Names of all processor and controller microcode files. |
| PERIPHERALS (CISC only) | Identification of each I/O device and communications line in the system and specification of the logical device name and controller name and unit number, or path name and LIU number, macro name, and modifiers. |
| SYSTEM_PROCESS_MODIFIERS (CISC only) | (optional) Parameters for system processes such as $0. |
| ALLPROCESSORS | Parameters that define the operating-system image for all processors in the system. |
| PROCESSORS (CISC only) | (optional) Parameters that define the operating-system image for each specific processor in the system. |
Typically, there is no need to change the CONFTEXT file on a G-series system.
AP-ADVICE-SYSGENR-01 Do not modify the CONFTEXT file in the SYSnn subvolume; it is the only record of the system configuration within the OSIMAGE file. Instead, make a copy of it in the same subvolume as the INSTALL program and then edit the copy. This ensures that a working CONF- TEXT file can be put back in place in case of difficulties during the SYSGEN or SYSGENR.
If there are several versions of the operating system on the system, the current version of the CONFTEXT file will be in the subvolume where the OSIMAGE file is open .
Command Interpreter Input File (CIIN)
The CIIN is a command file provided on the SUT tape. The CIIN file is initially configured by HP as $DSMSCM.SYS.CIIN. At the customer site, DSM/SCM will automatically copy the CIIN file from the initial location into each SYSnn subvolume created.
The CIIN file contains a limited set of commands that reload the remaining processors and start a TACL process pair on the system console. If a CIIN file is present and enabled, it is automatically invoked by the initial TACL process after the first processor is loaded.
The name of the CIIN file is specified in the INITIAL_COMMAND_FILE entry of the ALLPROCESSORS paragraph of the CONFTEXT configuration file.
RISK If erroneous commands are added or modified in the CIIN file, the system may fail to be able to be loaded, in which case it would be impossible to fix the CIIN file to correct the problem.
AP-FILE-SYSCONF-01 Even if a CIIN file is not used during coldloads, the system manager should create a ' dummy ' CIIN file so that another user can't create one with malicious contents.
AP-FILE-SYSCONF-01 Many companies modify the RELOAD command in the CIIN file to reload only a minimal set of processors (such as processor 1) in order to test for successful startup of a minimal system environment before bringing up the entire system.
HP recommends that only a limited set of commands be included in the CIIN file because adding commands to bring up other devices or processes can cause the startup sequence to fail if any device should malfunction. The system should be brought up in stages that can be verified before moving on to the next stage. This makes it easier to recover should any step fail.
CUSTFILE File
The CUSTFILE is an edit file included on every Release Version Update (RVU). The file will be located on $SYSTEM in a subvolume named "A<nnnnnn>" where <nnnnnn> is the NonStop server's serial number. The system serial number is stored in the RLSEID file on $SYSTEM.SYSnn. The CUSTFILE contains information on the software products on the SUT, their related files, and the destination and use of each file. The CUSTFILE is customized for each customer's system.
 |
$SYSTEM.A064421
| |
In Example 1 , the system number is A064421 and the CUSTFILE resides in $SYSTEM.A064421.
The first part of the CUSTFILE, the lines with the number one (1) in the first column, lists all the products purchased by the customer and included on the SUT.
| |
1 A043421 SITE'S SPECIFIC FILES 021213 1 R0021G05 TAPEPROCESS 861016 1 R0039G03 WAN 3270 020312 1 R0051G02 CSSLAPB-X21 DRIVER 020611 1 R0058G05 MEASURE GUI 990222
| |
Example 2 shows several lines from the first part of the CUSTFILE. Each line corresponds to a product.
The second part of the file, lines with the number two (2) in the first column, lists the files on the SUT, labeled by subsystem and showing the use of the file and its destination subvolume. These lines also indicate which object files must be LICENSED. This is shown by the 'L' in column 62. See Appendix A for instructions on creating a listing of just those object files that should be licensed.
| |
2 A043421 RLSEID CONFIG SYSGEN COPY SYSNN 021213090128 2 R0010G02 T0010G02 SOFTDOC DOCPRINT 021106154305 2 R0010G02 ZLDSTMPL ZTEMPL SYSGEN TEMPLATE 021104225512 2 R0021G05 A0CINFO ZPHICNFG CONFIG 021106154423 2 R0021G05 DTAPEDEF ZGUARD INSTALL 861016191034 2 R0021G05 OTPPROCP ZGUARD SYSGEN COPY SYSNN 020930161355 2 R0021G05 STAPTMPL ZTEMPL USER 010625114321 2 R0222G06 DUSL ZGUARD SYSGEN COPY SYSNN L 981103122248 2 R0039G03 C0039P00 ZWAN3270 SYSGEN MCODE CSSNN 020123041035
| |
Example 3 shows several lines from the second part of the CUSTFILE. The DUSL program in the ZGUARD subsystem should be licensed. The OTPPROCP program will be copied to the new SYSnn subvolume. The C003P00 macro will be copied to the new CSSnn subvolume. The SYSGEN and INSTALL notations show whether the program is SYSGENed or installed outside of SYSGEN.
AP-ADVICE-CUSTFILE-01 The CUSTFILE provides a record of installed products and, for integrity purposes, should be secured from inadvertent alteration or deletion. It should be secured against WRITE and PURGE access by general users.
The CUSTFILE is usually available for READ access to general users.
RLSEID File
An edit file included on every SUT and placed on the system as $SYSTEM.SYSnn. The system serial number is stored in the RLSEID the current O/S release level.
| |
fup copy $system.sys01.RLSEID R24 045422 G06.18
| |
In Example 1 , the RLSEID contains the system number '045422", the software release number is G06.18. In this case the CUSTFILE resides in $SYSTEM.A045422.
The CUSTFILE and RLSEID files are output files only. They are references for the subsystems installed on the system and may be of interest to system managers, developers and users in general.
RISK Security risk for READ access is minimal.
RISK The CUSTFILE and RLSEID files should be secured from inadvertent alteration or deletion. Security risk for READ access is minimal.
AP-ADVICE-RLSEID-01 The RLSEID file provides a record of installed products and, for integrity purposes, should be secured from inadvertent alteration or deletion. It should be secured against WRITE and PURGE access by general users.
OSCONFIG File
In D-series RVUs, the Configuration Utility Program (COUP) is used for on-line configuration of system components. COUP configuration records are stored in the OSCONFIG file.
In G-series RVUs, the OSCONFIG configuration file built by SYSGENR contains only Software Problem Isolation and Fix Facility (SPIFF) and Software Identification (SWID) tool records.
Securing the SYSTEM CONFIGURATION Files
BP-FILE-SYSCNF-01 CONFALT should be secured "NUUU".
BP-OPSYS-OWNER-01 CONFALT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CONFALT must reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-02 CONFAUX should be secured "NUUU".
BP-OPSYS-OWNER-01 CONFAUX should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CONFAUX must reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-03 CONFBASE should be secured "NUUU".
BP-OPSYS-OWNER-01 CONFBASE should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CONFBASE must reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-04 CONFLIST should be secured "NUUU".
BP-OPSYS-OWNER-01 CONFLIST should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CONFLIST must reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-05 CONFTEXT should be secured "NUUU".
BP-OPSYS-OWNER-01 CONFTEXT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CONFTEXT must reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-06 CIIN should be secured "NUUU".
BP-OPSYS-OWNER-01 CIIN should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 CIIN can reside in $SYSTEM.SYSnn.
BP-FILE-SYSCNF-07 CUSTFILE should be secured "NUUU".
BP-OPSYS-OWNER-03 CUSTFILE should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-03 CUSTFILE resides in $SYSTEM.A<nnnnnn>.
BP-FILE-SYSCNF-08 RLSEID should be secured "NUUU".
BP-OPSYS-OWNER-01 RLSEID should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 RLSEID must reside in $SYSTEM.SYSnn
BP-FILE-SYSCNF-09 OSCONFIG should be secured "NUUU".
BP-OPSYS-OWNER-01 OSCONFIG should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 OSCONFIG must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant access to the Configuration Files to necessary personnel, and deny access to all others.
BP-SAFE-SYSCNF “01 to 09 Add Safeguard Protection Records to grant appropriate access to the configuration files.
| Discovery Questions | Look here: | |
|---|---|---|
| OPSYS-OWNER-01 | Who owns the CONFALT file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the CONFAUX file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the CONFBASE file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the CONFLIST file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the CONFTEXT file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the CIIN file? | Fileinfo |
| OPSYS-OWNER-03 | Who owns the CUSTFILE file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the RLSEID file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the OSCONFIG file? | Fileinfo |
| FILE-SYSCNF-01 | Is the CONFALT file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-02 | Is the CONFAUX file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-03 | Is the CONFBASE file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-04 | Is the CONFLIST file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-05 | Is the CONFTEXT file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-06 | Is the CIIN file correctly secured with Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-07 | Is the CUSTFILE file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-08 | Is the RLSEID file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SYSCNF-09 | Is the OSCONFIG file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
Related Topics
Operating System
DSM/SCM
