Configuration Agent

The Configuration Agent is part of the apoc package. When you install the corresponding RPM, the files that are required for this API are installed and registered with inetd. You can install the RPM manually or through the Java Desktop System installation.

Bootstrap Information

To access the remote configuration data, the Configuration Agent must be provided with the location of the LDAP server. You can add this location through the YaST2 configuration tool, autoYaST, or by manually editing the policymgr.properties properties file in the /opt/apoc/lib directory. In YaST2, you can add this data in the Network/Advanced section.

Figure 51 Java Desktop System Configuration Agent in YaST

The following information is required to run the Configuration Agent:

Associated property file keys are indicated in parentheses, where appropriate.

• Host Name (Server): host name of the LDAP server.

• Port (Port): port number of the LDAP server.

• Metaconfiguration Access User Name (AuthDn): full DN of a user with read and search access rights on the repository.

  ---

  Note

  If anonymous access is enabled in the directory, this setting can be left blank.

  ---

• Metaconfigurator Access Password (Password): password of a registered LDAP user.

  ---

  Note

  If anonymous access is enabled in the directory, this setting can be left blank.

  ---

• Policy Data Access Authentication Mechanism (AuthType): can be anonymous or GSSAPI, depending on how the LDAP server authenticates users.

• Root Location (BaseDn): base DN of the LDAP repository.

• Host Identifier (HostIdentifier): can be HostName or IPAddress and must be set to match the contents of the LDAP attribute that is used to identify hosts. This attribute is defined in the mapping files as Host/UniqueIdAttribute.

• Connect Timeout (Connect Timeout): this indicates the number of seconds, after which attempts to connect to the LDAP server will time out. The default value is 1 second.

Whenever you change the bootstrap and operational settings, the Configuration Agent must be restarted.

To restart the Configuration Agent on the Desktop, ensure that none of the related client applications are running, log in as root, and type the command /opt/apoc/bin/apocd restart.

Operational Settings

You can configure the operational settings of the Configuration Agent locally or remotely. To configure the settings locally, edit the apocd.properties file in the /opt/apoc/lib directory. To configure the settings remotely, use the Configuration Agent policy in the Configuration Manager. The following settings can be configured in the properties file:

• DaemonPort: port where the Configuration Agent listens for communication from its clients on the desktop

• MaxClientThreads: maximum number of client requests that can be simultaneously processed

• MaxClientConnections: maximum number of client connections

• MaxRequestSize: maximum size of client requests

• DaemonChangeDetectionInterval: interval in minutes between the change detection cycles for this list of configuration settings

• ChangeDetectionInterval: interval in minutes between the change detection cycles for the client configuration data

• GarbageCollectionInterval: interval in minutes between the garbage collection cycles in the local configuration database

• TimeToLive: interval in minutes that non-offline configuration data remains in the local database

• LogLevel: level of detail in the agent log files

The DaemonPort setting can only be modified locally and requires a restart of the agent for the changes to take effect. All other settings take effect at the next change detection cycle for the agent configuration. The logging level that is specified in LogLevel must be a value that is consistent with the Java Logger levels. In order of decreasing severity, these levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER and FINEST.

Propagating Configuration Data Changes

You can use the ChangeDetectionInterval setting that is described in Operational Settings to tune the propagation of remote configuration data changes to client side applications. The value that you provide for this setting is the maximum length of time in minutes that elapses before changes that are made remotely are reflected in the client applications. Smaller values for the ChangeDetectionInterval result in increased Configuration Agent and LDAP server activity. As a result, use caution when you adjust the value of the setting. For example, in an initial deployment phase, you can set this value to one minute so that you can easily test the impact of remote configuration on client applications. After you complete the testing, return this setting to the initial value.

Configuration Agent Port Information

The Configuration Agent uses two ports:

• The daemon port (default is 38900), which is used by the daemon to communicate with client applications.

• The daemon admin port (default is 38901), which is used by the daemon controller program, apocdct1, when communicating with the daemon.

Changing the daemon port:

To change the daemon port, you must modify the DaemonPort property in the daemon's apocd.properties file and the apocd entries in /etc/services and /etc/inetd.conf. Afterward, restart the daemon and reload inetd.

Changing the daemon admin port:

To change the daemon admin port, you must modify the DaemonAdminPort property in the daemon's apocd.properties file. Afterward, restart the daemon.