CMVC FREQUENTLY ASKED QUESTIONS: LICENSE MANAGEMENT WITH NETLS/IFOR Document Number TR 29.xxxx Angel Rivera CMVC/TeamConnection Development IBM Software Solutions Research Triangle Park, North Carolina Copyright (C) 1997 IBM Corp. All rights reserved. ii CMVC FAQ: NetLS ABSTRACT This technical report provides answers to frequently asked questions made by CMVC users with respect to the license manage- ment of CMVC licenses by means of iFOR (formerly known as NetLS and iFOR/LS). ITIRC KEYWORDS o CMVC o License Management o NetLS o iFOR o iFOR/LS ABSTRACT iii iv CMVC FAQ: NetLS ABOUT THE AUTHOR ANGEL RIVERA Mr. Rivera is an Advisory Software Engineer and team lead for the development of CMVC 2.3. He joined IBM in 1989 and since then has worked in the development and support of library systems. Mr. Rivera has an M.S. in Electrical Engineering from The Univer- sity of Texas at Austin, and B.S. in Electronic Systems Engi- neering from the Instituto Tecnologico y de Estudios Superiores de Monterrey, Mexico. ABOUT THE AUTHOR v vi CMVC FAQ: NetLS CONTENTS ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . III ITIRC KEYWORDS . . . . . . . . . . . . . . . . . . . . . iii ABOUT THE AUTHOR . . . . . . . . . . . . . . . . . . . . . . V Angel Rivera . . . . . . . . . . . . . . . . . . . . . . . v 1.0 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . 1 2.0 HOW CMVC AND IFOR WORK TOGETHER . . . . . . . . . . . . 3 2.1 Overview of iFOR . . . . . . . . . . . . . . . . . . . 3 2.2 Network Computing System (NCS) . . . . . . . . . . . . 4 2.2.1 Location broker daemons . . . . . . . . . . . . . . 4 2.2.2 NCS Commands and Configuration Files . . . . . . . 4 2.3 iFOR Terminology . . . . . . . . . . . . . . . . . . . 5 2.3.1 Sample password for NetLS . . . . . . . . . . . . . 7 2.4 Interaction of the CMVC client and the iFOR server . . 8 2.4.1 Details on how a CMVC line command gets a license 9 3.0 FREQUENTLY ASKED QUESTIONS: MAIN TOPICS . . . . . . . 13 3.1 What are the main pre-installation considerations? . 13 3.2 How to install and configure an iFOR server? . . . . 13 3.3 What to do after installing the NetLS runtime software? . . . . . . . . . . . . . . . . . . . . . . . . 14 3.4 What to do when the performance seems to degrade over time? . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.5 How to debug iFOR problems when using CMVC licenses? 16 3.6 If all licenses are taken, why a new request has to wait 15 minutes? . . . . . . . . . . . . . . . . . . . . 17 3.7 Are all distributed licenses available if one server goes down? . . . . . . . . . . . . . . . . . . . . . . . 17 3.8 Should I use kill -9 or kill -15 to terminate a netlsd daemon? . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.9 Can I reuse the same password in different iFOR server hosts? . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.10 Can I use any startup shell to handle the iFOR daemons? . . . . . . . . . . . . . . . . . . . . . . . . 18 3.11 How to reinstall the NetLS Software? . . . . . . . 19 3.12 Which NetLS software should I use in HP-UX 9? . . . 20 3.13 What are the most common NetLS commands? . . . . . 20 3.14 When using ls_admin: "product password/vendor not valid" . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.15 What to do to ensure a swift recovery when an iFOR server goes down? . . . . . . . . . . . . . . . . . . . . 22 3.16 Should I get a new password when installing another CMVC version? . . . . . . . . . . . . . . . . . . . . . . 23 4.0 FREQUENTLY ASKED QUESTIONS: ADVANCED TOPICS . . . . . 25 4.1 Why would I choose the default cell? . . . . . . . . 25 Contents vii 4.2 How to configure several iFOR servers in the same subnet . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.3 How to configure several iFOR servers in different subnets . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.4 No one else can communicate with an alternate cell, why? . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.5 How can I get the glb to replicate? . . . . . . . . 28 4.6 How can my clients that have no NCS get a token? . . 28 4.7 Can services be shared between cells? . . . . . . . 29 4.8 What is a glb_obj.txt file? . . . . . . . . . . . . 29 4.9 When do I need a glb_site.txt file? . . . . . . . . 30 4.10 How can I tell what configuration was used during setup? . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.11 Trying to start netlsd when it is already configured 31 4.12 How do I get rid of invalid entries in ls_stat or ls_admin? . . . . . . . . . . . . . . . . . . . . . . . . 32 4.13 What is NCK? . . . . . . . . . . . . . . . . . . . 32 4.14 Can I allow/disallow a group of users from getting CMVC licenses? . . . . . . . . . . . . . . . . . . . . . 32 4.15 Should the nrglbd daemon be used with CMVC? . . . . 33 APPENDIX A. BIBLIOGRAPHY . . . . . . . . . . . . . . . . . 35 A.1 Bibliography for CMVC . . . . . . . . . . . . . . . 35 A.2 Bibliography for iFOR . . . . . . . . . . . . . . . 35 A.3 How to get electronic copies of manuals and TRs . . 36 A.3.1 IBM Intranet . . . . . . . . . . . . . . . . . . 36 A.3.2 Internet . . . . . . . . . . . . . . . . . . . . 37 APPENDIX B. COPYRIGHTS, TRADEMARKS AND SERVICE MARKS . . . 39 viii CMVC FAQ: NetLS 1.0 INTRODUCTION This technical report (TR) provides answers to frequently asked questions made by CMVC users with respect to the license manage- ment of CMVC licenses by means of iFOR (formerly known as NetLS and iFOR/LS). The CMVC line commands for UNIX need to get a license from an iFOR license server before they can proceed to contact the CMVC family server. The CMVC line commands from OS/2 and Windows, do not need to get a license and they contact directly the CMVC family server. This TR contains material that is based on the following articles that appeared in "IBM AIX CASE Newsletter", May 1994, Volume 3, Number 1, IBM Publication Number GC09-1842-01: * The Nuts and Bolts of iFOR/LS (also known as NetLS) * How do I get a License for my Licensed Product? * A look at commonly asked iFOR/LS questions Introduction 1 2 CMVC FAQ: NetLS 2.0 HOW CMVC AND IFOR WORK TOGETHER The licensing of CMVC for UNIX clients is managed by the iFOR (formerly NetLS) license management system. 2.1 OVERVIEW OF IFOR The iFOR (formerly known as NetLS and iFOR/LS) system is a soft- ware license management system that allows UNIX products to operate in compliance with the terms and conditions of its licensing agreement. iFOR/LS is a runtime license management product based on a client-server model. In this system, a logical license database controlled by a license server contains encrypted keys (or licenses) that describe the software rights granted to a CMVC customer. The client component of a licensed product requests a license during its initial stages of activation to verify that the cus- tomer has indeed purchased the right to use the software. If a license that matches the parameters in the client license request is found in the database by the iFOR server, the client continues to run. However, if no license is found, an error message is returned to the client and the client refuses to run. iFOR license management does not prevent customers from making backup copies of the products. iFOR only assists in restricting the runtime behavior of the products. The type of licenses used by CMVC are called "concurrent use", in which the licensing mechanism allows the licenses for the soft- ware to "float" in the network. These licenses require an iFOR server to be active in the network. One or more license servers may contain product licenses which satisfy license requests from software applications. In iFOR, the license servers have partitioned databases. The total number of licenses available is the sum of the licenses found in all the individual license servers. The license servers are autonomous and do not communicate with each other. There- fore, when a license server fails, its licenses are temporarily unavailable in the network. Similar problems arise when a network is partitioned. How CMVC and iFOR work together 3 2.2 NETWORK COMPUTING SYSTEM (NCS) The iFOR system uses the services provided by the Network Com- puting System (NCS). 2.2.1 Location broker daemons ______________________________ NCS consists of the following location broker daemons: o Local Location Broker daemon (llbd) A daemon that maintain information about NCS-based server programs running on the local host. NetLS is an example of this NCS-based server program. The llbd daemon must be started before netlsd on each of the host which will run netlsd. o Global Location Broker daemon (glbd) A daemon that helps NCS clients to locate servers on a network or intranet. The CMVC client is a good example of this NCS client. The glbd maintains and provides access to a global location database that stores the locations (that is, the network address and port numbers) where server processes are running. You can run glbd on multiple hosts to replicate the global location database and increase its availability. In an intranet, at least one glbd must run in each network. Each glbd replica keeps a list of all the other replicas. The drm_admin tool administers the replication of the global location database and the replication list. 2.2.2 NCS Commands and Configuration Files ___________________________________________ The following NCS commands are documented in the "Managing NCS Software" and "NetLS Quick Start Guide" manuals. The actual program resides in the /etc/ncs directory for HP-UX machines and in the /usr/lib/ncs/bin directory in the other platforms. o drm_admin: It can inspect or modify replica lists, merge databases to force convergence among replicas, stop servers and delete replicas. The role of drm_admin is to administer the replication of databases, not to change the data they contain. 4 CMVC FAQ: NetLS o glbd: It starts the global location broker daemon. o lb_admin: It can look up information, add new entries and delete existing entries in a specific database. The lb_admin tool is useful for inspecting the contents of the Location Broker databases and correcting database errors. For example, if a server terminates abnormally without unreg- istering itself, you can use lb_admin to manually remove its entry from the GLB database. o llbd: It starts the local location broker daemon. The following configuration files when created should be put under /etc/ncs directory. o glb_obj.txt: This file is needed when you want to create several disjoint GLB database. In most networks, there is only one GLB data- base (possibly replicated) and the hosts do not need to have a glb_obj.txt file. o glb_site.txt: This file lists the network address of hosts where a Global Location Broker (GLB) daemon may be running. For hosts that cannot contact locate a GLB via broadcast, the glb_site.txt file provides a list of addresses where the host can try to directly contact a GLB. 2.3 IFOR TERMINOLOGY o concurrent license: A type of license administrated by the license server that can be used by different users at any node that is connected to a license server node. Concurrent access licenses allow as many users to use a software product concurrently as there are licenses. This is the only type of license supported by CMVC. o license annotation: How CMVC and iFOR work together 5 A string that modifies the use of a license in a manner defined by the vendor of the software product. CMVC does not use license annotation. o license database: The database of licenses maintained by a license server. The license database file - LIC_DB - resides in the ___________ /usr/lib/netls/conf directory. o license server daemon: A software program that administrates licenses for software products, invoked with the command netlsd. The netlsd command can be found in the /usr/lib/netls/bin directory. o log_file: The text file - LOG_FILE - that records messages and errors ____________ from the license server, and sometimes from licensed products as well; it resides in the /usr/lib/netls/conf directory. Use ls_rpt command to retrieve the log. o product password: A string encoded with license information for a software product. It is based on the targetid for the host. o targetid: A numeric or alphanumeric string which is returned when the ls_targetid command is issued by the userid 'root' on the desired host. It represents the "signature" of the machine which will be used to run the license server daemons (netlsd). o user file: A text file that specifies the users who may (or may not) use the licensed software products. o vendor ID: The identifier of a vendor of licensed products. By means of vendor IDs, license servers can distinguish among any number of vendors established in a network. Vendor IDs are a NetLS specific usage of Network Computing System Universal Unique Identifiers (UUIDs). For CMVC, the vendor id is: 5e1d4ffe2f74.02.09.15.11.06.00.00.00 6 CMVC FAQ: NetLS o vendor password: A string encoded with information about a vendor that, together with a vendor ID, establishes the vendor of a licensed product in a license database. 2.3.1 Sample password for NetLS ________________________________ The following is a sample password for NetLS licenses for CMVC: --------------------- N L S P A S S --------------------- Vendor Password 2532wiijbspwk built as vendor name : CASE vendor id : 5e1d4ffe2f74.02.09.15.11.06.00.00.00 target : 7235a1a5 ls_admin -a -v "CASE" 5e1d4ffe2f74.02.09.15.11.06.00.00.00 2532wiijxxxxx Product Passwords built as name : CMVC id : 1234 version : 2.1.0 license type : Concurrent Access Product password for 0x7235a1a5 server : at27ufz6xdg3ursudpdn7amg6xxx built as start date : 04/30/97 duration : 10001 expiration : 09/15/24 number : 10 multi usage rules : Same user group node. target type : Sun target : 7235a1a5 ls_admin -a -p "CASE" "CMVC" at27ufz6xdg3ursudpdn7amg6xxxxxx "2.1.0" Figure 1. Sample NetLS password for CMVC licenses NOTE: For CMVC: 1. license type MUST be concurrent 2. multi usage rules MUST be same user group node 3. target type MUST be either AIX, SunOS or HP-UX. 4. product name must be "CMVC" and not "CMVC/6000" or other var- iations. How CMVC and iFOR work together 7 5. product id must be "1234" 6. product version must be "2.1.0" and not "2.2.0" or "2.3.0" or other variations. 2.3.1.1 Adding the password for CMVC into the NetLS server Once the system administrator receives the password, then the following steps must be taken in order to add the password for CMVC into the NetLS server: 1. Login as root 2. Change the directory to: /usr/lib/netls/bin 3. Enter the vendor information. This is the "ls_admin" command that is shown below the Vendor section (top portion) of the password: ls_admin -a -v "CASE" 5e1d4ffe2f74.02.09.15.11.06.00.00.00 2532wiijxxxxx 4. Enter the password for CMVC. This is the "ls_admin" command that is shown below the Product section (bottom portion) of the password: ls_admin -a -p "CASE" "CMVC" at27ufz6xdg3ursudpdn7amg6xxxxxx "2.1.0" 2.4 INTERACTION OF THE CMVC CLIENT AND THE IFOR SERVER The interaction between CMVC and the iFOR server that has the CMVC licenses is shown in Figure 2 on page 9. The numbers in the figure indicate the interactions between the components. 1. The CMVC GUI gathers information from the user and invokes a CMVC line command. The CMVC GUI does not interact directly with the iFOR server nor with the CMVC family server. 2. The CMVC line command requests a valid license for CMVC from the iFOR server in order to interact with the CMVC family server. The CMVC line command waits for the iFOR server to respond. If there are problems with the network and/or the iFOR server is not available, then the CMVC line command will "hang". 3. The iFOR server processes the request from the CMVC line command. 8 CMVC FAQ: NetLS If there are valid licenses for CMVC, then it will assign one to the CMVC client. If there are no valid licenses for CMVC, then it will send an error message. 4. If the CMVC line command receives a valid license, then it will interact with the CMVC server -------------- | CMVC | | GUI | -------------- | | 1 | -------------- -------------- | CMVC | 2 | iFOR | | line | --------------------->| server | | command | <---------------------| | -------------- 3 -------------- | | 4 | -------------- | CMVC | | server | -------------- Figure 2. Interaction of CMVC client and iFOR server NOTE: The CMVC family server does not interact at all with the iFOR server. 2.4.1 Details on how a CMVC line command gets a license ________________________________________________________ Here are the steps done by the CMVC client to get an iFOR license; also, the NetLS/NCS components that are involved in the process are identified: 1. Each iFOR license server registers itself and all installed vendors with the location broker of NCS when it starts up. 2. The CMVC user invokes the CMVC line command which needs a license. The CMVC line command issues a netls_init call which prepares a request for a license by finding all the possible iFOR servers that have CMVC licenses installed. How CMVC and iFOR work together 9 3. The netls_init call gets a list of the iFOR servers from the NCS location brokers: A broadcast message is sent out to a well-known port that all local location broker daemons (llbd) are listening on. This message is "Are there any iFOR servers with licenses that match my vendor ID?". Each llbd that receives the message will check if there is a global location broker daemon (glbd) running on that machine and will forward the request to the glbd. The glbd looks up the iFOR servers and sends a reply to the CMVC line command indicating the places where it can try to get a license. Then the CMVC line command rearranges the list of servers into a random order. By doing this, the license requests will be spread among the servers, so the first server in the list does not get tried first every time. 4. The CMVC line command requests one license from the iFOR server. 5. The iFOR server checks the access rights of the user and checks the license database. 6. The iFOR server returns the status of the license request to the CMVC line command. 7. If the status is successful, then the CMVC line command is allowed to interact with the CMVC server. 8. If the status is unsuccessful and there are more servers to try, the application goes on and tries the next iFOR server. 9. If all the iFOR servers that have entries for CMVC licenses return unsuccessful status saying that all license for CMVC are busy, then the CMVC line command will do the following: o In CMVC versions prior to 2.3.0.0 (such as 2.1, 2.2), if all the CMVC licenses were busy, then the CMVC line command will not wait for a license to be made available and will refuse to run. This is called "hard-stop". o In CMVC version 2.3.0.0 to avoid the "hard stop", a queueing was implemented in which the CMVC line command will wait for a short while before attempting to contact the iFOR server to find out if a license has become available. Due to technical restrictions with the CMVC line command, the end user is not notified that it is waiting for a license to be freed up and thus, the end user thinks that the line command has failed and it is hanging. 10 CMVC FAQ: NetLS Because most of the CMVC transactions have a short dura- tion, in order to avoid the overhead associated with getting a license for each CMVC transaction, the iFOR server will hold a CMVC license for a CMVC client for a certain period of time. Thus, if there are several CMVC transactions from the same CMVC client during this time frame, then the iFOR server does not have to free up and assign a license for that CMVC client. The default time period is 15 minutes, however the end user may specify a larger time period. o In CMVC 2.3.0.22 the method "soft stop" was implemented, in which there is no queueing if all the valid licenses are busy. In this case, the CMVC line command will not wait for a license to be released and instead, the line command will proceed to contact the CMVC server. The CMVC line command will log a warning message into the iFOR server to indicate this situation. How CMVC and iFOR work together 11 12 CMVC FAQ: NetLS 3.0 FREQUENTLY ASKED QUESTIONS: MAIN TOPICS 3.1 WHAT ARE THE MAIN PRE-INSTALLATION CONSIDERATIONS? QUESTION: What are the main pre-installation considerations? ANSWER: o Understand the network configuration. o Decide on how many machines will be used to run the NetLS server. o Select the machines with controlled down time. o Select the machines which are "close" to the CMVC client machines, because only the CMVC clients will request tokens (in contrast, the the CMVC server is not aware that a licensing mechanism exists). 3.2 HOW TO INSTALL AND CONFIGURE AN IFOR SERVER? QUESTION: How do I get started? How to install and configure an iFOR server? ANSWER: As userid 'root', run /usr/lib/netls/conf/netls_config as described below in order to gather configuration information which is then placed automatically in /usr/lib/netls/conf/netls_first_time. Regardless of what platform you may have, the system adminis- trator who is doing the installation must answer the following questions. A decision should already have been made on how the network will be configured, that is, if you want to have several iFOR servers and distribute the CMVC licenses among them; in this way, if one iFOR server is down, there will be other iFOR servers that can handle the licenses. When you run /usr/lib/netls/conf/netls_config, you will have these options: Frequently asked questions: main topics 13 1. Continue with installation without choosing a Cell Name. 2. Use the default for the system Cell Name. 3. Create a new alternate cell for the system Cell Name. 4. Choose an existing alternate cell for the system Cell Name. If you are unfamiliar with the concept of cells, you should prob- ably initially join the default cell (option #2). Also, if your configuration is more sophisticated, you should consult the manuals for iFOR/LS (NetLS). iFOR/LS will not run if you do not execute netls_config and join a cell. 3.3 WHAT TO DO AFTER INSTALLING THE NETLS RUNTIME SOFTWARE? QUESTION: What to do after I install the NetLS runtime software? ANSWER: You must invoke the following scripts after installing the NetLS runtime software. The installation procedures will NOT invoke them automatically. o Shell script name: netls_config This shell script, which is located in the directory /usr/lib/netls/conf, will do the following: - It will assume that the llbd, glbd or nrglbd daemons are not running in your machine. - It will configure both the NCS** and NetLS system in your machine. - It will create another shell script called netls_first_time. o Shell script name: netls_first_time This shell script, which is located in the directory /usr/lib/netls/conf and created by the netls_config shell script, will do the following: - It can be used to start up the three NCS/NetLS daemons, llbd, glbd and netlsd for the first time. In order for the ls_admin tool to work properly, it is neces- sary to run the shell script netls_first_time in step 3, page 14 CMVC FAQ: NetLS 19 of the Chapter 4 "The NetLS Software", section "Installing the NetLS software on the Server" from the CMVC Server manual, version 2.3. 3.4 WHAT TO DO WHEN THE PERFORMANCE SEEMS TO DEGRADE OVER TIME? QUESTION: The performance of the CMVC line commands and GUI seems to degrade over time, even after doing a reorganization and opti- mization of the CMVC database. ANSWER: To stop the degradation of the performance and to improve the performance, it is necessary to resync periodically the NCS and the NetLS daemons, which are involved when the CMVC line commands request a license from the NetLS server. If you had a hardware failure on your NetLS server machine or if for any other reason you had an ungraceful shutdown, it might be possible that the NCS location brokers (glbd and llbd) are out of sync between them. This situation causes a lot of unnecessary network traffic that is degrading the overall performance of the NetLS components; this in turn affects the performance of the CMVC line commands, which in turn is reflected in the CMVC GUI. When the CMVC user experiences a slow thruput when using the CMVC GUI or the CMVC line commands due to a degraded performance of the NetLS components, then the user will tend to jump to the incorrect conclusion that the CMVC family server is performing poorly. ACTION: 1. As root, bring down the following daemons in this order: a. netlsd b. glbd c. llbd 2. Clean up the location brokers as follows (you must be root) and answer yes to all questions: # /etc/ncs/lb_admin lb_admin: use global lb_admin: clean lb_admin: use local lb_admin: clean lb_admin: quit Frequently asked questions: main topics 15 3. Bring up the daemons in this order (the reverse when bringing them down): a. llbd b. glbd c. netlsd Ensure that all the daemons are running. You could accom- plish these tasks by rebooting the machine. 3.5 HOW TO DEBUG IFOR PROBLEMS WHEN USING CMVC LICENSES? QUESTION: How to debug iFOR problems when using CMVC licenses? ANSWER: In some instances, if the iFOR configuration is not correct, the CMVC line commands may fail to execute properly because they cannot reach the iFOR server or they cannot obtain a valid license. Starting with CMVC 2.3.0.21, to help with the diagnostics and the debugging of these iFOR configuration problems, the following executable files are provided which can be used to contact the iFOR server and request a token for CMVC. Each program uses the same logic as a normal CMVC line command, but it will display a lot of information that will allow the user to better diagnose the problem with the iFOR configuration. Each program does not use the message catalog from CMVC, and thus, it is an independent program which in reality does not require that CMVC should be installed at all. The testing NetLS programs in /usr/lpp/cmvc/bin (Client code) are: o Program name: test.netls.with.queues This program uses the NetLS processing done by CMVC in 2.2, 2.3.0.0 up to 2.3.0.20, in which queueing is involved. o Program name: test.netls.no.queues This program uses the NetLS processing done by CMVC since 2.3.0.21, in which the previous waiting approach for NetLS was replaced by "soft stop". That is, if all the licenses for CMVC are taken, the next user to request a license is not 16 CMVC FAQ: NetLS placed in a queue, instead, a token is given and an entry is added into the NetLS server log to indicate this situation. 3.6 IF ALL LICENSES ARE TAKEN, WHY A NEW REQUEST HAS TO WAIT 15 MINUTES? QUESTION: If I have 5 tokens and 5 different users use the CMVC line command then a 6th user cannot access CMVC for at least 15 minutes? ANSWER: This should not be a problem with CMVC 2.3.0.21 or later. However, for previous versions of CMVC, if your site has only 5 licenses for CMVC, and user1, user2, user3, user4, and user5 issue at 8:00 am only one CMVC command and nothing more, and then user6 issues one CMVC command at 8:05am, then all the requests for users 1 thru 5 will be honored, but the request for user6 is put into a queue by the NetLS server and the request will be honored until after 8:15 am because the minimum time for holding a token is 15 minutes (this assumes that users 1 thru 5 did not increase this value). By the way, this queueing mechanism was added in CMVC 2.3. Prior to this version the NetLS server issued an error message saying that there were no more licenses available. 3.7 ARE ALL DISTRIBUTED LICENSES AVAILABLE IF ONE SERVER GOES DOWN? QUESTION: I have three servers with 50 licenses each. One server goes down; do I still retain the total of 150 licenses? ANSWER: No, if the server goes down you only retain the 100 licenses on the servers that are currently up. Frequently asked questions: main topics 17 3.8 SHOULD I USE KILL -9 OR KILL -15 TO TERMINATE A NETLSD DAEMON? QUESTION: Should I use kill -9 or kill -15 to terminate a netlsd daemon? ANSWER: Do not use kill -9 to stop the NetLS server netlsd. Instead, use kill -15 so that netlsd can terminate gracefully. If netlsd is not terminated gracefully, then the CMVC line commands might not function properly. To fix the problem, you can isolate netlsd using the lb_admin command under the /usr/lib/ncs/bin or /etc/ncs directory as follows and answer "y" to the questions related to the bad netlsd. lb_admin lb_admin: use_broker global lb_admin: clean 3.9 CAN I REUSE THE SAME PASSWORD IN DIFFERENT IFOR SERVER HOSTS? QUESTION: Can I reuse the same password in different iFOR server hosts? ANSWER: You can use more than one machine to run the NetLS server (netlsd) and distribute the CMVC licenses among these machines. This will prevent a complete 'lock out' when the only machine running netlsd is down. However, the CMVC password is generated using the unique target ID associated with each host, therefore, a unique password is required for each host. 3.10 CAN I USE ANY STARTUP SHELL TO HANDLE THE IFOR DAEMONS? QUESTION: Can I use any startup shell to handle the iFOR daemons? ANSWER: 18 CMVC FAQ: NetLS The machine which you will use for the NetLS server should use the Korn Shell as its startup shell. If it does not, then you will need to bring up the llbd, glbd and netlsd daemons manually because they will not be started automatically. 3.11 HOW TO REINSTALL THE NETLS SOFTWARE? QUESTION: How to reinstall the NetLS Software? ANSWER: Do the following to install the NetLS software for use with CMVC. 1. Determine the computers to use as NetLS license servers. 2. If you have not already installed the NetLS code from the distribution media, for example, CD-ROM or tape, refer to Chapter 3, "Installing the CMVC Servers". 3. If you are using HP-UX, you will need to do the following in order to use the code from Gradient instead of the code from HP-UX: mv /etc/netlsrc /etc/netlsrc.hpux cp /usr/lib/netls/conf/netlsrc /etc/netlsrc 4. Start the NetLS system by running the /usr/lib/netls/conf/netls_config shell script or by following the manual instructions in the NetLS Quick Start Guide. For netlsd options, refer to Managing Software Products with the Network License System. Because CMVC uses the concurrent license scheme, refer to the concurrent scheme sections in the NetLS documentation. 5. Then run the new shell script created in the previous step: /usr/lib/netls/conf/netls_first_time 6. Verify that /etc/netlsrc has the following values; if not then edit the file and change the values: FORCE_GRADIENT_NETLSD=1 START_NETLSD=1 7. Obtain the target ID of each computer that will act as a NetLS license server by running the ls_targetid program. By default, the ls_targetid program is in the /usr/lib/netls/bin directory after installation. Frequently asked questions: main topics 19 8. If you are running more than one NetLS license server, you must determine the number of tokens you want to have avail- able on each license server. 9. Contact IBM to receive your NetLS passwords. A NetLS password is unique and is based on the planar ID of each computer that will act as the NetLS license server, the product and version number, and the number of concurrent licenses purchased. Run the license administration program, ls_admin, to install the NetLS licenses. By default, the ls_admin program is in the /usr/lib/netls/bin directory after installation. 3.12 WHICH NETLS SOFTWARE SHOULD I USE IN HP-UX 9? QUESTION: Which NetLS software should I use in HP-UX 9? ANSWER: The HP-UX V9.0 operating system contains an old version of the NetLS software as part of the base operating system. The files are found in the /etc/netls directory. In order to prevent compatibility problems, use the NetLS soft- ware shipped with CMVC. For more information on the workaround, see 3.14, "When using ls_admin: "product password/vendor not valid"" on page 21. 3.13 WHAT ARE THE MOST COMMON NETLS COMMANDS? QUESTION: What are the most common NetLS commands? ANSWER: The following NetLS commands are documented in the "Managing Software Products with the Network License System" manual and are the most commonly used ones. They reside in the /usr/lib/netls/bin directory. o netlsd: Starts the license server daemon. 20 CMVC FAQ: NetLS o ls_admin: Allows you to edit and examine the license database. For example, add licenses to a product. o ls_rpt: Generates reports on license server events. o ls_stat: Displays status information on licenses. For example, how many active tokens available etc. 3.14 WHEN USING LS_ADMIN: "PRODUCT PASSWORD/VENDOR NOT VALID" QUESTION: When using ls_admin: "product password/vendor not valid" This error was received from ls_admin when trying to enter a password for CMVC. ANSWER: In CMVC V2, we failed to include important files for NetLS which were provided from Gradient. Because these files were not included, when the ones provided by HP-UX are executed (but which are not compatible with the rest of the code provided by CMVC from Gradient) they cause some non-usual behavior, such as the error message on the version id for the product when using ls_admin. The missing files are now included starting with CMVC 2.3.0.14. In case you have a CMVC version prior to 2.3.0.14, then you can do the following workaround: Install the NetLS tar file from CMVC and follow the instructions in Chapter 4 of the CMVC Server manual. Check which NetLS version you are running, you should not run with the HP-UX version of llbd, glbd and netlsd. Doing a 'what' against lldb and glbd will show if it the version is from Gra- dient or from HP. While netlsd is running, you can issue "ls_tv -i" to determine the version of netlsd. In all cases the version number should be something like: (GRx.x.x). If the wrong versions are running, you must delete the Vendor information for the "CASE" (by using the GUI version of ls_admin), stop the daemons, the start the correct ones. Frequently asked questions: main topics 21 After starting the daemons then the vendor and product informa- tion can be re-entered using the ls_admin with the vendor pass- word and the product password. After every thing is up and going, you need to do the following with /etc/netlsrc to make sure it points to the correct version of netlsd: 1. login as root 2. mv /etc/netlsrc /etc/netlsrc.hpux 3. cp /usr/lib/netls/conf/netlsrc /etc/netlsrc 4. edit the file and change the following variables to 1: FORCE_GRADIENT_NETLSD=1 START_NETLSD=1 3.15 WHAT TO DO TO ENSURE A SWIFT RECOVERY WHEN AN IFOR SERVER GOES DOWN? QUESTION: What could/should a customer do to ensure a swift recovery for the license server if the machine on which the license server is installed has problems. In other words, is it possible to have a "backup" license machine (is this from a license/key perspective possible)? ANSWER: We do not have additional practical information on the use of a backup host for the license server. However, it is suggested to consult the latest iFOR documentation for more details on how to configure the license server. It is recommended that in large networks, the customers should split the number of licenses among different license servers. For example, you may have 2 license servers, and you may get one half of the CMVC licenses for one, and the other half for the other; in this example, for each license server it would be nec- essary to create a password for CMVC which is linked to the ls_targetid of each license server. The password is targeted for a specific host and cannot be moved from one host to another. 22 CMVC FAQ: NetLS 3.16 SHOULD I GET A NEW PASSWORD WHEN INSTALLING ANOTHER CMVC VERSION? QUESTION: I installed CMVC 2.3.0.0 and I got the appropriate NetLS password for some licenses. Should I get a new NetLS password when installing another CMVC version? ANSWER: CMVC version 2 was designed to be upward and backward compatible with respect to the NetLS licenses. Even though the NetLS pass- word that you get says that the produce version is "CMVC 2.1.0", this is the version number that all CMVC V2 clients use to commu- nicate with the NetLS server. This version number is for internal use and there is no relationship with the actual CMVC version. The end result is that you can have a CMVC 2.1 client using a CMVC 2.3 server and vice versa. Furthermore, because the platform name is not actually encoded in the license, it is possible to use the same pool of CMVC licenses between clients from different platforms. For exampe, if you have 10 licenses, in the morning you can have 6 CMVC HP-UX users and 4 AIX users, but in the afternoon you could have all 10 AIX users. The information about the platform that you see in the note tells you the NetLS password is for information only and it is not used by the CMVC clients when requesting a license. Thus, there is NO need to do anything for the NetLS server or for the CMVC licenses that you have already, if you are simply migrating to 2.3. However, if you change the host that has the NetLS server or if you want to buy more licenses, then you should contact the IBM Registration center in Boulder. Frequently asked questions: main topics 23 24 CMVC FAQ: NetLS 4.0 FREQUENTLY ASKED QUESTIONS: ADVANCED TOPICS 4.1 WHY WOULD I CHOOSE THE DEFAULT CELL? QUESTION: Why would I choose the default cell? ANSWER: When you use the default for the system cell, it does not create a glb_obj.txt file. In most cases this is what you would do if you want all servers to communicate freely. Here is what happens when you choose the default cell. The first time you setup NCS on your system, (that is, no brokers are running on the system), when you answer the default cell "for the first time", a startup script is created and is called "netls_first_time" which contains the llbd, glbd and netlsd. Since this is the "first_time", it is necessary to establish the first glbd, which would be the following: Example syntax: glbd -create -first -family ip & On AIX: startsrc -s glbd -a "-create -first -family -ip" The first time glbd is started on a host, the -create option must be used. This creates the GLB database on this host. After the GLB database has been created, glbd must be started with no options. This is taken care of automatically at boot time from the /etc/rc boot file. A UUID is created, such as "333b91c50000.0d.00.00.87.84.00.00.00" and is a character-string representation. The first three characters "333" refers to the default cell. If you start the daemons by hand (this is not recommended) you must be root. The utility netls_first_time should only run once. It can, however be executed again, if Netls_config is run again. If a broker is already running somewhere on your network, and you choose the default cell again, behind the scenes iFOR runs lb_find, then runs grep for the first word of "default" and establishes the second glbd. Example syntax: glbd -create -from ip:otherserver. On AIX: startsrc -s glbd -a "-create -from ip:otherserver" Frequently asked questions: advanced topics 25 iFOR runs grep for the first glbd that lb_find finds, since it established the connection the fastest and the most reliably. You then run "netls_first_time" and your llbd, glbd and netlsd will start. During the installation, iFOR modifies your system boot file in /etc/rc. Because the GLB database is now created, the next time the system is booted, glbd will start automatically with no options. The files created from netls_config option #2 are: /etc/ncs/glb_log Log File /etc/ncs/glb.e Entries in the GLB /etc/ncs/glb.p Propagation queue 4.2 HOW TO CONFIGURE SEVERAL IFOR SERVERS IN THE SAME SUBNET QUESTION: I am on the same subnet and I want to have three servers with 50 licenses each. What is the best way to configure and setup my network? ANSWER: All three servers should have llbd, glbd and netlsd running. Each glbd is in the default cell. Running several glbds allows for load sharing, higher avail- ability, and a complex network topology. 4.3 HOW TO CONFIGURE SEVERAL IFOR SERVERS IN DIFFERENT SUBNETS QUESTION: I am on two different subnets, and I want to have three servers each with 50 licenses. What is the best way to configure and setup my network? ANSWER: You need to determine which subnet will be running two netlsd daemons and which one will be running one. The subnet that is running two servers needs to have the fol- lowing: o Both machines should have the llbd, glbd and netlsd all running. 26 CMVC FAQ: NetLS o Both machines should also be in the default cell. On the subnet running the third server: o If you already tried to bring up the servers and failed, make sure you take down the llbd, glbd and possibly netlsd before continuing. o Before running netls_config, set up a glb_site.txt file that points to one of the default cells that is running on the other subnet. Run netls_config, and if a database already exists do not use it. You should see that lb_find actually broadcasts to the cell that was in the glb_site.txt file. Select option "2 Use the default for the system Cell Name". Then run netls_first_time. o You have the option of keeping the glb_site.txt file or removing it. Once you have established that the system is actually running correctly, you should remove this file to avoid confusion in the future. 4.4 NO ONE ELSE CAN COMMUNICATE WITH AN ALTERNATE CELL, WHY? QUESTION: I created an alternate cell, but no one else can communicate with an alternate cell, why? ANSWER: The reason is that you have isolated this system from all other systems on the network, so it now has its own cell. If you want your client machines to access this alternate cell, they must do the following: 1. Create a directory in /etc/ncs. 2. Copy the glb_obj.txt file from the alternate cell to the client workstations. 3. You may need to have a glb_site.txt file that points to the server. In most cases, you will not need this file. Suppose you have two servers each using the default cell and you decided to create a additional alternate cell. Each server has 10 licenses. You now have two choices to make (you cannot do both): o The client machine can either get licenses from the server that are using the default cell (for a total of 20 available licenses). Frequently asked questions: advanced topics 27 o The client can use the alternate cell (and have only 10 available licenses). 4.5 HOW CAN I GET THE GLB TO REPLICATE? QUESTION: I have a glb already running on one subnet and I installed iFOR on another subnet, but I cannot see the glb; how can I get the glb to replicate? ANSWER: Because you already have glb running on one subnet, then you need to exit out of netls_config option #1. In /etc/ncs, create a glb_site.txt and point to the machine that is running the glbd. Make sure everything is down and run netls_config again. If there is an existing database, answer no. The utility lb_find should find the glb and you can then answer "2) Use the default for the system Cell Name". Then run Netls_first_time. Once you have replicated the glb, you can remove the glb_site.txt to avoid confusion later. 4.6 HOW CAN MY CLIENTS THAT HAVE NO NCS GET A TOKEN? QUESTION: I have NCS installed on the server machine but my clients do not have NCS. How can my clients get a token? ANSWER: 1. Ensure that there must be at least one llbd, one glbd and one netlsd running on the network. 2. On the client machine, start the CMVC line command without doing any additional setup. You should be able to get a license. 3. If you cannot get a license, it is possible that the broad- casting is not working correctly or that you have created an alternate cell and did not copy the glb_obj.txt file over from the server to the client, or the server is on a separate network and a glb_site.txt file is needed. 4. Login as root to the client machine. 28 CMVC FAQ: NetLS 5. On your client machine, create a directory /etc/ncs. 6. Create a file called glb_site.txt. If an alternate cell was set up, then you also need to copy the gb_obj.txt file. 7. Edit the file and enter the address family of the machine or machines running the servers. The following are sample glb_site.txt files for the IP and DDS address families: ip:ren ip:#192.9.8.5 dds://stimpy dds:#135f.132a Now run the CMVC line command. You should be able to get a token, provided that you added the CMVC licenses to the server. 4.7 CAN SERVICES BE SHARED BETWEEN CELLS? QUESTION: Can services be shared between cells? ANSWER: No, there is no mechanism in NCS to share services between cells. A host in any cell (default or an alternate) can only communicate with servers in the same cell. Cells were designed to isolate a group of servers and clients. 4.8 WHAT IS A GLB_OBJ.TXT FILE? QUESTION: What is a glb_obj.txt file? ANSWER: The glb_obj.txt file is a file that specifies the object UUID of the Global Location Broker. The glb_obj.txt file allows you to override the default value by specifying a different GLB object UUID for a particular host. The glb_obj.txt file is used only in special configurations that require several disjointed GLB databases (each of which is pos- sibly replicated, thereby establishing separate cells). Frequently asked questions: advanced topics 29 In most networks and intranets there is only one GLB database (possibly replicated), and hosts do not need to have a glb_obj.txt file. If a host has a glb_obj.txt file, the UUID in the file identifies the GLB object to which that host will direct lookups and updates. You would only have a glb_obj.txt file if you created an alternate cell or if you chose an existing alter- nate cell for the system cell name. 4.9 WHEN DO I NEED A GLB_SITE.TXT FILE? QUESTION: When do I need a glb_site.txt file? ANSWER: In most cases you do not need to have a glb_site.txt file. If your networks do not support broadcast addresses (that is, cannot broadcast), you must have a glb_site.txt file on every machine in the cell. The glb_site.txt may point to other machines running glbd, but they must all be in the same cell (that is, the con- tents of glb_obj.txt must be identical). There is no provision for bridging between cells. If you have multiple machines running glbd, you can have multiple host entries in the glb_site.txt file. Ordinarily, programs contact a GLB by broadcasting on the local network. However, some systems do not support broadcasting. Also, in certain intranet configurations, not every network can have a GLB. This typically occurs in intranets that use nrglbd, the Non-Replicatable Global Location Broker daemon, but it can also occur in an intranet that uses glbd if not all networks include a host that can run a glbd. For hosts that cannot locate a GLB via broadcast, the glb_site.txt file provides a list of addresses where the host can try to directly contact a GLB. Each line in glb_site.txt contains a network address where a glbd may be running. Hosts that have a glb_site.txt file will try each address in turn. Each address has the following form: family:host The family is the name of an address family, and the host is the name of the host system. A leading # can be used to indicate that the host name is in the standard numeric form (such as #192.9.8.7 or #515c.111g). Blank lines are ignored. The glb_site.txt file does not override the cell boundaries. It is useful only in located glbd servers that have the same value in the glb_obj.txt file, but that might not reside on the same physical network. 30 CMVC FAQ: NetLS The glb_site.txt file must be located in the /etc/ncs directory. 4.10 HOW CAN I TELL WHAT CONFIGURATION WAS USED DURING SETUP? QUESTION: I am taking over for the system administrator, but I have no idea who did the installation for the product before. How can I tell what type of configuration was used during the setup? ANSWER: 1. Run lb_find on the system to determine if the glbd is repli- cated or not. You should see a GLB broker type, the server's host's network address, a cell name either default or alter- nate, and the cells UUID. You can also run lb_find -q. 2. If nothing is running, you can check to see if a glb_obj.txt file exists in /etc/ncs. If it does then it is most likely an alternate cell. 4.11 TRYING TO START NETLSD WHEN IT IS ALREADY CONFIGURED QUESTION: I have multiple licensed products running and during the instal- lation of another licensed product the netlsd tries to start. Will this produce a problem? ANSWER: It should not. The netlsd will detect that an existing license server is already running on this machine; if this is the case the new server will exit gracefully and will never start a process. If the user tries to run another llbd, the user would receive the error and nothing should happen: "LLBD: Unable to obtain any sockets: No process will start. If the user tries to run another glbd, the user would receive the error (GLB) cannot open log file." Frequently asked questions: advanced topics 31 4.12 HOW DO I GET RID OF INVALID ENTRIES IN LS_STAT OR LS_ADMIN? QUESTION: I use ls_tv and it shows two servers, but I use ls_stat or ls_admin and it shows three. I only know of two of them, and only two are working. How do I get rid of the third invalid entry? ANSWER: The reason that ls_tv shows two servers is that it only reports on servers that are responding. The utilities ls_stat and ls_admin show all the entries for the servers, whether they are good or bad. To get rid of the invalid entry, run the following and answer yes to all questions: # /etc/ncs/lb_admin lb_admin: use global lb_admin: clean lb_admin: use local lb_admin: clean lb_admin: quit 4.13 WHAT IS NCK? QUESTION: What is NCK? ANSWER: The NetLS product runs on top of the Network Computing Kernel (NCK). NCK services are provided through location brokers. There are two types of location brokers, local and global. For more information on NCK, refer to the "Managing NCS Software" manual. 4.14 CAN I ALLOW/DISALLOW A GROUP OF USERS FROM GETTING CMVC LICENSES? QUESTION: Can I allow/disallow a group of users from getting CMVC licenses? ANSWER: 32 CMVC FAQ: NetLS You can use the "User File" function of iFOR to allow/disallow a group of users accessing the CMVC clients. For more information, refer to the "Managing Software Products with the Network License System" manual. 4.15 SHOULD THE NRGLBD DAEMON BE USED WITH CMVC? QUESTION: Should the nrglbd daemon be used with CMVC? ANSWER: We recommend that you do not run the nrglbd daemon from NCS with CMVC. Frequently asked questions: advanced topics 33 34 CMVC FAQ: NetLS APPENDIX A. BIBLIOGRAPHY A.1 BIBLIOGRAPHY FOR CMVC For more information on how to use CMVC, you can consult the fol- lowing manuals and publications: SC09-1596-01 IBM CMVC Client Installation and Configuration SC09-1597-01 IBM CMVC User's Reference SC09-1631-02 IBM CMVC Server Administration and Installation SC09-1633-00 IBM CMVC Concepts SC09-1635-01 IBM CMVC Commands Reference The following Redbooks offer practical advice on CMVC: GG24-4178-00 Did you say CMVC? GG24-4345 CMVC: Customer's Perspective The following technical reports describe in detail useful hints on using CMVC: 29.2130 Diagnosing and solving Release -extract problems with CMVC 29.2169 How to use CMVC with National Language Support (NLS) and Double-Byte Character Sets (DBCS) 29.2180 How to do routine tasks in the OEM Platforms for CMVC 29.2183 Using CMVC for Products with Multiple National Language Versions (NLVs) 29.2232 How to do migration tasks with CMVC 29.2244 How to build and package the CMVC client for Windows 3.1 29.2245 How to build and package the CMVC client for OS/2 29.2253 Comparison between CMVC 2.3 and TeamConnection 2 29.2254 Migrating from CMVC 2.3 to TeamConnection 2 29.2268 CMVC frequently asked questions: license management with NetLS/iFOR 29.2269 How to build and package the CMVC server/Client for UNIX A.2 BIBLIOGRAPHY FOR IFOR o AIX Version 4.1, iFOR/LS System Management Guide, SC23-2665. This manual is not shipped with the CMVC products. o AIX Version 4.1, iFOR/LS Tips and Techniques, SC23-2666. This manual is not shipped with the CMVC products. Appendix A. Bibliography 35 o NetLS Quick Start Guide, SC09-1661. o Managing Software Products with the Network License System, SC09-1660. o Managing NCS Software, SC09-1834. In case you need to contact Gradient Technologies, then you can use the internet URL: http://www.gradient.com A.3 HOW TO GET ELECTRONIC COPIES OF MANUALS AND TRS Many of the manuals and technical reports mentioned in this docu- ment can be downloaded as follows: o From the IBM intranet (only for IBM employees). o From the Internet (open to everyone). A.3.1 IBM Intranet ___________________ A.3.1.1 Web Home Page You can access the CMVC Service/Development Home Page at: http://keithp.raleigh.ibm.com/&tilde.cmvcsupt From the index at the top of the page, select: o Technical Reports and related tools o Copies of ALL the archived versions for the forums CMVC and CMVC6000 o Documentation in PostScript files o Documentation in ASCII text files 36 CMVC FAQ: NetLS A.3.1.2 FTP You can download the code from our internal FTP site, by doing: 1. ftp keithp.raleigh.ibm.com 2. login as 'anonymous' and for password give your email address. 3. cd pub/cmvc/doc 4. binary 5. get fileName 6. quit A.3.2 Internet _______________ A.3.2.1 Web Home Page Not available. A.3.2.2 FTP You can download the code from our external FTP site, by doing: 1. ftp ftp.software.ibm.com 2. login as 'anonymous' and for password give your email address. 3. cd ps/products/cmvc/doc 4. binary 5. get fileName 6. quit Appendix A. Bibliography 37 38 CMVC FAQ: NetLS APPENDIX B. COPYRIGHTS, TRADEMARKS AND SERVICE MARKS The following terms used in this technical report, are trademarks or service marks of the indicated companies: +---------------------+-------------------------------------------+ | TRADEMARK, | COMPANY | | REGISTERED | | | TRADEMARK OR | | | SERVICE MARK | | +---------------------+-------------------------------------------+ | IBM | IBM Corporation | | OS/2, | | | AIX, | | | CMVC, | | | TeamConnection | | +---------------------+-------------------------------------------+ | NCS | Apollo Computer, Inc. | | NCK | | +---------------------+-------------------------------------------+ | NetLS, | Gradient Technologies, Inc. | | iForLS, iFor | | +---------------------+-------------------------------------------+ | HP-UX, | Hewlett-Packard Company | +---------------------+-------------------------------------------+ | Microsoft, | Microsoft Corporation | | Windows, | | +---------------------+-------------------------------------------+ | UNIX | X/Open Co., Ltd. | +---------------------+-------------------------------------------+ | PostScript | Adobe Systems Incorporated | +---------------------+-------------------------------------------+ END OF DOCUMENT Appendix B. Copyrights, Trademarks and Service marks 39