Universal Command Manager for UNIX
Overview
This page provides information on Universal Command (UCMD) Manager specific to the UNIX operating system.
UCMD Manager provides a command line interface to remote computers running the UCMD Server component. The UCMD Manager executes remote commands as they would be if you entered the command directly on the remote command line.
On the command line, you must specify a command to execute and a remote Universal Broker. Additional input to each execution of the UCMD Manager command is made via configuration options, which control product behavior and resource allocation for that execution.
Remote standard input and output files are redirected to the UCMD Manager's standard input and output files.
UCMD Manager registers with a locally running Universal Broker. Consequentially, a Universal Broker must be running in order for a UCMD Manager to execute.
Usage
This section describes the command input, configuration and configuration options, and command line syntax of UCMD Manager for UNIX.
Standard Input
The UCMD Manager command is executed from an interactive UNIX shell or as a shell script. The ucmd command reads from standard input and writes it to the UCMD Server for the remote command to read as its standard input.
When the UCMD Manager is executed from an interactive shell, standard input is allocated to the terminal. Any characters typed in the terminal are read as standard input by ucmd and transmitted to the UCMD Server. If ucmd is executing a remote command that is reading standard input, it will read the characters being typed in the terminal until it receives an end-of-file indicator. To enter end?of?file in an interactive shell, press <Ctrl+D*>* at the start of a new line.
The allocation of standard input can be changed with a shell redirection operator. The redirection operators instruct the shell to change the allocation of the standard files. To change the allocation of standard input, use the < operator. The shell can redirect to a special file referred to as /dev/null. The /dev/null file is always empty if read from and never full if written to (all data written to /dev/null is never saved on disk or in memory).
To allocate standard input to /dev/null, the command syntax is as follows:
ucmd [OPTIONS...] < /dev/null
If ucmd is executed as a background job (using the & operator), it will receive the SIGTTIN signal when ucmd tries to read from standard input. Background jobs cannot read their standard input from the terminal since the foreground job (or the shell) has it allocated. The ucmd job is stopped until it is brought to the foreground.
To run a ucmd job that does not require terminal input in the background, redirect its standard input from /dev/null.
Configuration
Configuration consists of:
Setting default options and preferences for all executions of UCMD Manager.
Setting options and preferences for a single execution of UCMD Manager.
UCMD Manager for UNIX configuration options are read from the following sources:
- Command line
- Command file
- Environment variables
- Configuration file
The order of precedence is the same as the list above; command line being the highest, and configuration file being the lowest. That is, options specified via a command line override options specified via a command file, and so on.
For detailed information on these methods of configuration, see Configuration Management.
Configuration File
The configuration file, ucmd.conf, provides the simplest method of specifying configuration options whose values you do not want changed with each command invocation. These default values are used if the options are not read from one or more other sources.
Some options only can be specified in the configuration file; they have no corresponding command line equivalent. Other options cannot be specified in the configuration file; they must be specified via one or more other sources for a single execution of UCMD Manager.
Configuration Options
This section describes the configuration options used to execute UCMD Manager for UNIX.
Configuration Options Categories
The following table categorizes the configuration options into logical areas of application. Each Option Name in those tables is a link to detailed information about that option.
Category | Description |
Certificates | X.509 certificate related options. |
Command | Command or script to execute on the remote system. If a script is being executed, the script may reside on the local host on which the Manager is running or the remote host on which the Server is running. It also includes options to control the process environment in which the command executes. |
Events | Options used to define event generation. |
Installation | Options that specify installation requirements, such as directory locations. |
Local | Options required for local broker registration. |
Messages | Universal Command message options. |
Miscellaneous | Options use to display command help and program versions. |
Network | Processing options for all the data transferred between the remote and local systems. |
Options | Alternative methods to specify command options. |
Remote | Network address of the remote system and connection options. |
Standard File | Processing options for the standard files transferred between the remote and local systems. The STDFILE options are specified differently then the other options. There are three types of standard files: stderr, stdin, and stdout. Each standard file can have a different set of options applied. In order to distinguish between the standard files, the options must start with a standard file specification option (STDERR_SPEC, STDIN_SPEC, or STDOUT_SPEC). The standard file options (names starting with SIO_) follow the standard file specification option. |
User | User account the command executes with on the remote system. |
Certificate Category Options
Option Name | Description |
Location of PEM-formatted trusted CA X.509 certificates | |
Location of Manager's PEM-formatted X.509 certificate. | |
Number of days prior to certificate expiration to begin issuing informational messages about the expiration. | |
Location of Manager's PEM-formatted CRL. | |
Location of Manager's PEM-formatted RSA private key. | |
Password for the Manager's PRIVATE_KEY. | |
Specification for whether or not the Broker's X.509 certificate host name field must be verified. | |
Specification for whether or not the Broker's X.509 certificate serial number field must be verified. |
Command Category Options
Option Name | Description |
Remote command to execute. | |
Unique command ID associated the unit of work. | |
Type of command specified with option COMMAND. | |
Allows exit codes from the user process executed by UCMD Server to be translated (mapped) to a corresponding exit code for UCMD Manager. | |
Specification for whether or not the command runs in a login environment. | |
Specification for whether or not manager fault tolerance is used. | |
Local script file to execute on the remote system. | |
Command line options passed to the script file. | |
Type of script file specified by option SCRIPT_FILE. |
Events Category Options
Option Name | Description |
Specification for whether or not product activity monitoring events are generated. | |
Events to be generated as persistent events. |
Installation Category Options
Option Name | Description |
Directory in which UCMD Manager is installed. |
Local Category Options
Option Name | Description |
Broker Interface File (BIF) directory where the Universal Broker interface file is located. | |
Program Lock File (PLF) directory where the program lock files are located. |
Messages Category Options
Option Name | Description |
Language of messages written. | |
Level of messages written. | |
List of message IDs representing Universal messages to be suppressed. | |
Location of UMC and UTT files | |
Maximum number of lines written to a trace file before it wraps around. | |
Memory trace table specification. |
Miscellaneous Category Options
Option Name | Description |
User-defined string. | |
Write command option help. | |
Write program version. |
Network Category Options
Option Name | Description |
Code page used for text translation. | |
SSL/TLS cipher list for the control session. | |
Specification for whether or not data integrity checks are performed on all standard I/O files. | |
Specification for whether or not data is compressed on all standard I/O files. | |
Specification for whether or not data is encrypted on all standard I/O files. | |
SSL/TLS cipher list for the data sessions. | |
Default SSL/TLS cipher used for data sessions. | |
Forces a manager fault tolerant server in a PENDING communication state to COMPLETED state without retrieving the spooled data. | |
Length of time that a Server waits for a reconnect after the user process completes. | |
Minimum SSL/TLS protocol level that will be negotiated and used for communications channels. | |
Maximum number of seconds considered acceptable to wait for data communications. | |
Specification for whether or not the network fault tolerant protocol is used. | |
Maximum number of network fault tolerant reconnect attempts. | |
Number of seconds between network fault tolerant reconnect attempts. | |
Specification for whether or not the manager is requesting restart. |
Options Category Options
Option Name | Description |
Specification for whether or not UCMD Server assigns child processes to a single Windows job object. | |
Encrypted command file. | |
Plain text command file. | |
Overrides the UCMD Server ELEVATE_USER_TOKEN configuration option that determines whether a Windows process executes with highest available privileges. This option allows a process to obtain a user access token that is not subject to User Account Control (UAC) restrictions. | |
Encryption key used to decrypt an encrypted command file specified by option COMMAND_FILE_ENCRYPTED. | |
UCMD Server options that can be overridden by UCMD Managers. | |
Character code page that Universal Command Manager uses to translate characters within a command file that has been encrypted with the Universal Encrypt utility. | |
Location of the code page specified by the UENCRYPTED_CODEPAGE option. |
Remote Category Options
Option Name | Description |
Number of times a UCMD Manager will attempt to establish a connection with a remote Universal Broker. | |
Number of seconds between failed attempts to establish a connection with a remote Universal Broker. | |
Amount of time that a UCMD Manager will wait for a connection to a remote Universal Broker to complete. | |
Number of IP addresses returned to UCMD Manager following a DNS query issued to resolve a host name. | |
Host in the REMOTE_HOST list that the UCMD Manager will choose to begin its attempts to connect to a remote Universal Broker. | |
Number of times that UCMD will attempt to resolve the host name of a specified Universal Broker before it ends with a connect error. | |
Situations in which more than one host may be specified in the REMOTE_HOST list when manager fault tolerance (MFT) is enabled. | |
Host or IP address to use for all outgoing IP connections. | |
List of one or more hosts upon which a command may run. | |
TCP/IP port number of the remote Broker. |
Standard File Category Options
Option Name | Description |
Specification for whether or not data integrity checks are performed on a standard file. | |
Specification for whether or not data is compressed on a standard file (and if so, how). | |
Specification for whether or not data is encrypted on a standard file. | |
Code page used for local text translation on a standard file. | |
Local file used for a standard file instead of the default. | |
Translation mode of a standard file. | |
Code page used for remote text translation on a standard file. | |
Start of standard error file specification options. | |
Start of standard input file specification options. | |
Start of standard output file specification options. |
User Category Options
Option Name | Description |
User ID or account with which to execute the remote command. | |
Password associated with USER_ID. |
Command Line Syntax
The following figure illustrates the command line syntax – using the command line, long form of the configuration options – of UCMD Manager for UNIX.
ucmd { -cmd command [-cmd_type {cmdref|shell|stc} ] | -script file [-options options] [-script_type type] } [-host hostlist [-connect_retry_count number] [-connect_retry_interval seconds] [-connect_timeout seconds] [-dns_expand {yes|no} ] [-host_selection {sequential|random} ] [-mft_safe_mode {yes|no} ] [-file file | -encryptedfile ddname [-key key] ] * [-port port] [-userid user [-pwd pwd] ] [-hostname_retry_count count] [-outboundip host]
[-bif_directory directory ]
[-plf_directory directory ] [-server options] [-uencrypted_codepage codepage]
[-uencrypted_codepage_path codepage] [-elevate_user_token {yes|no} ] [-assign_process_to_job option] [-managerft {yes|no} ] [-cmdid id] [-login {yes|no} ] [-lang language ] [-level {trace|audit|info|warn|error}[,{time|notime} ] [-msg_suppression_list list ] [-tracefilelines lines] [-trace_table size,{error|always|never} ] [-ssl_implementation {openssl|system} ] [-ca_certs file [-verify_host_name {yes|no|hostname} ] [-verify_serial_number number] ] [-cert file -private_key ddname [-private_key_pwd password] ] [-days number] [-crl file] [-ctl_ssl_cipher_list cipherlist] [-data_ssl_cipher_list cipherlist] [-default_cipher cipher] [-forcecomplete {yes|no} ] [-job_retention seconds]
[-delay seconds] [-min_ssl_protocol option] [-networkft {yes|no} ] [-retry_count number] [-retry_interval seconds] [-restart {yes|no|auto} [-managerft {yes|no} [-cmdid id] ] ] [-codepage codepage] [-compress {yes|no}[,{zlib|hasp} ] ] [-encrypt {yes|no} ] [-authenticate {yes|no} ] [-stdin | -stdout | -stderr] [-codepage codepage] [-compress {yes|no}[,{zlib|hasp} ] ] [-encrypt {yes|no} ] [-authenticate {yes|no} ] [-localfile ddname] [-mode {text|binary}[,{ucs|direct} ] [-remotecodepage codepage] [-exit_code_map map] [-comment text] ucmd { -help | -version }
* The command file (-file or -encryptedfile) can contain some or all required and/or optional configuration options, including -cmd (or -script) and -host.
If a command file is specified on the command line, and it contains the required -cmd (or -script) and -host options, those options do not have to be specified additionally on the command line.