Introducing the Administration Features of the ChorusOS System

Key Commands

An actor is the unit of encapsulation of resources with regard to the ChorusOS microkernel. The special actor called C_INIT is dedicated to administrative commands. The commands contained within C_INIT can be accessed either locally in console mode or remotely from the host, using a remote shell as rsh. See "C_INIT Actor". For more information on rsh, see "Communicating with the Target Using rsh" .

Application actors can either be loaded at boot time, as described in the "ChorusOS Actors" in ChorusOS 5.0 Application Developer's Guide, or dynamically using the C_INIT loading facility. Dynamic loading of actors is also described in further detail in "Execution Environment of Actors and Processes" in ChorusOS 5.0 Application Developer's Guide.

The conf/sysadm.ini file, which is embedded in the system image, is used to specify system initialization commands. The file is read from the /image/sys_bank directory. Each entry of this file is a command to be executed by C_INIT during the microkernel boot. Typical operations in sysadm.ini are network configuration, device initialization and file system mount.

The sysadm.ini file is not accessed remotely at boot time but is included in the system image. Further information on how sysadm.ini is used at start-up is described in "System Start-up".

See also sysadm.ini(4CC) for more information.

C_INIT Actor

The C_INIT actor provides administrative commands for the following:

• file system management, such as partitioning a disk and mounting a file system. This is described in Chapter 3, Introduction to ChorusOS File System Administration.

• network configuration, such as defining IP addresses and initializing network interfaces. This is described in Part III.

• device management, such as binding a high level service (file system, networking, tty management) to an actual device driver. This is described in "Special Device Driver Files".

Here are the most frequently used C_INIT commands:

• mknod: defines special device files.

• mkdev: binds high level services to an instance of a device driver.

• mount, umount: mounts and unmounts file systems.

• arun: launches executables.

• ifconfig: defines IP addresses.

• route, rarp, netstat, ppp, ping: miscellaneous networking commands.

• memstat, chorusStat: prints system statistics.

• setenv, unsetenv, echo, help, sleep, reboot, shutdown: miscellaneous system commands.

• rshd, console, source: specifies the device from which commands can be accepted:

  • rshd: from a host through rsh.

  • console: from system console.

  • source: from a file.

See C_INIT(1M) for a complete description.

These commands are invoked at system start-up, described in the following section, and later during the life of the system. During the life of the system, the C_INIT actor executes commands from the system console, or from a remote host through rsh.

Communicating with the Target Using rsh

For the ChorusOS operating system, commands that would in conventional UNIX systems be run through a shell are in fact run through rsh. The rsh command executes a command on a remote host, passing its input and receiving its output. When the ChorusOS 5.0 operating system image including the rsh feature is booted on the target machine, the C_INIT actor interprets the commands sent from the host through rsh. (See the rshd man page on your host). To see the list of the options available, type:

% rsh target help

where target is the target name or IP address.

The following information is displayed by the C_INIT actor:

C_INIT ChorusOS 5.0.0- valid commands that deal with:

File Systems:
        mount [[-t nfs|ufs|msdosfs|pdevfs] host:pathname|special_file 
	[mount_point]]
        umount [-v|-F|-f|-a|-t nfs|ufs|msdosfs|pdevfs] [special_file]
        swapon [mount_point]

Actors:
        arun [-g rgid] [-S | -U] [-k] [-T] [-d] [-q]
	 [-D] [-Z] [-xip] path [args]
        akill [-s site] {-g rgid | [-c] pid }
        aps 
        umask [mode]
        ulimit [-HSafn] [limit]

Environment variables:
        setenv var value
        unsetenv var
        env 

Networks:
        route 
        netstat 
        ping host
        ifconfig 
        ifwait ifname [timeout, default infinite]
        rarp ethernet_interface_name
        pppd 
        pppclose device
        pppstop 
        ethIpcStackAttach [dtreepath]
        ftpd 
        tftpd

Devices:
        mknod name [b | c] major minor
        dtree 
        mkdev name unit [dtreepath]

This Target:
        reboot 
        restart 
        memstat 
         
This shell:
        echo string
        source filename
        sleep [time in seconds, default=1s]
        help 
        console 
        rshd 
         chorusStat 
        shutdown -i 0|1|2|3

For details of these commands, see C_INIT(1M).

System Start-up

At system start-up, the C_INIT actor executes these steps:

1. Sets up an initial virtual file system.

2. Executes commands from the configuration file sysadm.ini.

3. Executes commands from /etc/rc.chorus when a root file system is mounted (see C_INIT(1M)).

   ---

   Note -

   If the target has a valid IPv4 address, the file /etc/rc.chorus.<ip_address> is selected, if it exists, instead of /etc/rc.chorus. This must be written in the usual dot notation, for example: 192.82.231.1 for IPv4 addresses. IPv6 addresses will be selected arbitrarily by the system; see IPv6 (7P) for further details.

   ---

The initial virtual file system in step 1 contains only two directories, /dev and /image/sys_bank. The /dev directory, initially empty, is used for the definition of special devices, like /dev/tty01. The /image/sys_bank directory contains all the components in the boot image:

• system actors such as C_INIT and drivers.

• system configuration files (sysadm.ini).

• user-defined configuration files and executables.

All of these components can be accessed like the files in an ordinary file system, using their path, for example: /image/sys_bank/sysadm.ini.

The relationship between the conf/sysadmin.ini in the build directory and the /image/sys_bank in the target pseduo filesystem is that conf/sysadmin.ini is used to specify system initialization commands. This file is embedded in the system image during the build and stored in the /image/sys_bank directory.

To access /dev and /image directories on the virtual file system, dev and image directories must be present on your root file system, and this root file system must be mounted.

In step 2, the C_INIT actor executes commands from the configuration file called sysadm.ini. This file contains all the commands needed for the initial administration of the system, including networking, file system management and device management.

The sysadm.ini file can be customized. On the host, it is located in the conf subdirectory of the ChorusOS build directory. This file is automatically embedded in the boot image, in the /image/sys_bank/sysadm.ini file of the initial file system. This allows you to configure embedded targets that do not have access to a local or remote file system.

Security and Password Management

The C_INIT actor authenticates users issuing commands from the host.

The ChorusOS operating system can be configured in secure mode, where remote host access is checked through the /etc/security administration file, located on the target root file system (see security(4CC)). In addition, users' credentials may be specified in this file, overriding default C_INIT configuration values.

If an /etc/security file exists, it must have read permissions for everybody to allow C_INIT to read it with the default credentials (user identifier 0 and group identifier 0). Secure mode is then activated. In this mode, C_INIT authenticates every command it receives from the host. Authentication can fail for two reasons:

• The user name of the remote user which issued the rsh command is not found in the security file.

• The remote host, from which the rsh command came, is not in the remote host's list of users.

In this case, a permission denied message is sent back to the host and the command is aborted.

If the authentication procedure succeeds, the user's privilege credentials (user identifier or uid, group identifier or gid and additional groups) are read from the security file. Trusted users have access to the full set of C_INIT commands.

The ChorusOS operating system also features the ability to manage users' passwords through its password management feature. Related files are located in /etc/master.passwd and /etc/group. The introduction of these files to the ChorusOS operating system enables more flexible security management, in addition to the standard /etc/security file. You can choose to enable the password management feature by running pwd_mkdb.

The C_INIT daemon can run in non-secure mode, in secure mode or in password mode. If C_INIT is running in password mode the login name of the user is first identified in /etc/spwd.db, and then in /etc/security for additional information, such as remote host access permission. If the latter file does not exist, default values apply. If C_INIT is running in secure mode, the login name of the user is identified only in /etc/security.

If C_INIT is runing in non-secure mode, every user is treated as a trusted user and inherits the C_INIT default credentials , uid 0 and gid 0. These are by default zero.

In this case, if the host machine has exported the file system to be mounted with the default mapping of root to nobody, it is necessary that read and execute permissions for the target executable files be given to everybody. Otherwise C_INIT will not have the right to execute the application binaries.

To override the default credentials uid 0 and gid 0, you can use environment variables; these enable you to modify the system dynamically. To modify the deafult credentials:

$ rsh target setenv CINIT_DEFAULTUID some_value
$ rsh target setenv CINIT_DEFAULTGID some_value

Another way to circumvent the problem of C_INIT not having the right to execute the application binaries is by inhibiting the mapping of root to nobody on the host.

The /etc/ldap.conf file contains information about the location of the LDAP server for password management. Information about this file is contained in ldap.conf(4CC).

Further information on password management and how it affects various secure operations in this version of the ChorusOS operating system can be found in these man pages: getpwnam(3STDC), getgrent(3STDC), ,passwd(1M), pwd_mkdb(1M). group(4CC), rshd(1M), ftpd(1M), telnetd(1M).

System Crash and the SYSTEM_DUMP Utility

This feature requires to you to have the HOT_RESTART and BLACKBOX features set to true. You must also have a TFTP daemon running on the host server.

If a microkernel crash occurs in the ChorusOS operating system, the SYSTEM_DUMP feature enables you to read blackbox information. If the microkernel raises an exception, the SYSTEM_DUMP panic handler saves specific information. This is dumped into a persistent memory area, allocated at boot time. The feature then forces a hot reboot to reset the microkernel to a stable state. After reboot, a special actor called the system dump actor uses TFTP to dump an ASCII file on your predetermined host. This ASCII file contains the information contained in the BLACKBOX facility.

The iom.wdt.sysdump tunable is common to both system dump and watchdog timer. The value of iom.wdt.sysdump is set to 0 by default.

If the value of this tunable is set to 1, SYSTEM_DUMP is true and the watchdog timer feature, (feature name: WDT) is true, a system dump is triggered on the host server when the watchdog timer expires.

For more information, consult SYSTEM_DUMP(5FEA).

Management Utilities

The essential management utilities offered by the ChorusOS operating system include:

• Netboot: Boots the ChorusOS operating system remotely using TFTP, when the target does not provide an embedded boot facility.

• Default Console: Directs all console I/O to a local display or to a remote host via a serial line.

• Remote Shell: Executes commands remotely on the target from the host. In particular, this feature allows applications to be loaded dynamically.

• Resource Status: Lists the current status of all operating system resources, for example, actors, threads and memory.

• Logging (Feature name:LOG): Logs operating system events as they occur on the target.

• Monitoring (Feature name:MON). Monitors operating system objects, so that user defined routines are called when certain operations are performed on specified objects.

• Profiling : Runs profiling sessions on system applications.

• Benchmarking: Benchmarks the operating system.

• Watchdog Timer: Monitors the ChorusOS operating system and, should a crash occur, the timer expires. Diagnostic information is then collected, if possible, as described in the "System Crash and the SYSTEM_DUMP Utility". This implementation of the WDT API supports a maximum of one watchdog timer.

• Black Box: Comprises a set of microkernel ring buffers to provide real time collection and storage of historical event information leading up to a system failure.

Input/Output Management

When actors use the ChorusOS Console Input/Output Application Programming Interface, (API), all I/O operations (such as printf() and scanf()) are directed to the system console of the target. Other APIs available include the Microkernel API, the Private Data API and the Standard-C API. These are described in "ChorusOS APIs" in ChorusOS 5.0 Application Developer's Guide.

If an application uses the ChorusOS POSIX Input/Output API and is spawned from the host with rsh, the standard input and output of the application will be inherited from the rsh program and sent to the terminal emulator on the host on which the rsh command was issued.