1CONMAN.CONF(5) ConMan: The Console Manager CONMAN.CONF(5)
2
3
4
6 conman.conf - ConMan daemon configuration file
7
8
10 The conman.conf configuration file is used to specify the consoles
11 being managed by conmand.
12
13 Comments are introduced by a hash sign (#), and continue until the end
14 of the line. Blank lines and white-space are ignored. Directives are
15 terminated by a newline, but may span multiple lines by escaping it
16 (i.e., immediately preceding the newline with a backslash). Strings
17 may be either single-quoted or double-quoted, but they may not contain
18 newlines. Keywords are case-insensitive.
19
20
22 These directives begin with the SERVER keyword followed by one of the
23 following key/value pairs:
24
25 coredump = (on|off)
26 Specifies whether the daemon should generate a core dump file.
27 This file will be created in the current working directory (or
28 '/' when running in the background) unless you also set core‐
29 dumpdir. The default is off.
30
31 coredumpdir = "directory"
32 Specifies the directory where the daemon tries to write core
33 dump files. The default is empty, meaning the current working
34 directory (or '/' when running in the background) will be used.
35
36 execpath = "dir1:dir2:dir3..."
37 Specifies a colon-separated list of directories in which to
38 search for external process-based console executables that are
39 not defined by an absolute or relative pathname. The default is
40 empty.
41
42 keepalive = (on|off)
43 Specifies whether the daemon will use TCP keep-alives for
44 detecting dead connections. The default is on.
45
46 logdir = "directory"
47 Specifies a directory prefix for log files that are not defined
48 via an absolute pathname. This affects the server logfile,
49 global log, and console log directives.
50
51 logfile = "file[,priority]"
52 Specifies the file to which log messages are appended if the
53 daemon is not running in the foreground. This string undergoes
54 conversion specifier expansion (cf., CONVERSION SPECIFICATIONS)
55 each time the file is opened. If an absolute pathname is not
56 given, the file's location is relative to either logdir (if
57 defined) or the current working directory. Intermediate direc‐
58 tories will be created as needed. The filename may optionally
59 be followed by a comma and a minimum priority at which messages
60 will be logged. Refer to syslog.conf(5) for a list of priori‐
61 ties. The default priority is info. If this keyword is used in
62 conjunction with the syslog keyword, messages will be sent to
63 both locations.
64
65 loopback = (on|off)
66 Specifies whether the daemon will bind its socket to the loop‐
67 back address, thereby only accepting local client connections
68 directed to that address (127.0.0.1). The default is on.
69
70 nofile = integer
71 Specifies the maximum number of open files for the daemon. If
72 set to 0, use the current (soft) limit. If set to -1, use the
73 the maximum (hard) limit. The default is 0.
74
75 pidfile = "file"
76 Specifies the file to which the daemon's PID is written. Inter‐
77 mediate directories will be created as needed. The use of a
78 pidfile is recommended if you want to use the daemon's '-k',
79 '-q', or '-r' options.
80
81 port = integer
82 Specifies the port on which the daemon will listen for client
83 connections.
84
85 resetcmd = "string"
86 Specifies a command string to be invoked by a subshell upon
87 receipt of the client's "reset" escape. Multiple commands
88 within a string may be separated with semicolons. This string
89 undergoes conversion specifier expansion (cf., CONVERSION SPECI‐
90 FICATIONS) and will be invoked multiple times if the client is
91 connected to multiple consoles.
92
93 syslog = "facility"
94 Specifies that log messages are to be sent to the system logger
95 (syslogd) at the given facility. Refer to syslog.conf(5) for a
96 list of facilities. If this keyword is used in conjunction with
97 the logfile keyword, messages will be sent to both locations.
98
99 tcpwrappers = (on|off)
100 Specifies whether the daemon will use TCP-Wrappers when accept‐
101 ing client connections. Support for this feature must be
102 enabled at compile-time (via configure's "--with-tcp-wrappers"
103 option). Refer to hosts_access(5) and hosts_options(5) for more
104 details. The default is off.
105
106 timestamp = integer (m|h|d)
107 Specifies the interval between timestamps written to the indi‐
108 vidual console log files. The interval is an integer that may
109 be followed by a single-character modifier; 'm' for minutes (the
110 default), 'h' for hours, or 'd' for days. The default is 0
111 (i.e., no timestamps).
112
113
115 These directives begin with the GLOBAL keyword followed by one of the
116 following key/value pairs:
117
118 log = "file"
119 Specifies the default log file to use for each console direc‐
120 tive. This string undergoes conversion specifier expansion
121 (cf., CONVERSION SPECIFICATIONS) each time the file is opened;
122 it must contain either '%N' or '%D'. If an absolute pathname is
123 not given, the file's location is relative to either logdir (if
124 defined) or the current working directory. Intermediate direc‐
125 tories will be created as needed.
126
127 logopts = "(lock|nolock),(sanitize|nosanitize),(timestamp|notimestamp)"
128 Specifies global options for the console log files. These
129 options can be overridden on a per-console basis by specifying
130 the CONSOLE logopts keyword. Note that options affecting the
131 output of the console's logfile also affect the output of the
132 console's log-replay escape. The valid logopts include the fol‐
133 lowing:
134
135 lock or nolock - locked logs are protected with a write lock.
136
137 sanitize or nosanitize - sanitized logs convert non-printable
138 characters into 7-bit printable characters.
139
140 timestamp or notimestamp - timestamped logs prepend each line of
141 console output with a timestamp in "YYYY-MM-DD HH:MM:SS" format.
142 This timestamp is generated when the first character following
143 the line break is output.
144
145 The default is "lock,nosanitize,notimestamp".
146
147 seropts = "bps[,databits[parity[stopbits]]]"
148 Specifies global options for local serial devices. These
149 options can be overridden on a per-console basis by specifying
150 the CONSOLE seropts keyword.
151
152 bps is an integer specifying the baud rate in bits-per-second.
153 If this exact value is not supported by the system, it will be
154 rounded down to the next supported value.
155
156 databits is an integer from 5-8.
157
158 parity is a single case-insensitive character: 'n' for none, 'o'
159 for odd, and 'e' for even.
160
161 stopbits is an integer from 1-2.
162
163 The default is "9600,8n1" for 9600 bps, 8 data bits, no parity,
164 and 1 stop bit.
165
166 ipmiopts = "U:str,P:str,K:str,C:int,L:str,W:flag"
167 Specifies global options for IPMI Serial-Over-LAN devices.
168 These options can be overridden on a per-console basis by speci‐
169 fying the CONSOLE IPMIOPTS keyword. This directive is only
170 available if configured using the "--with-freeipmi" option.
171
172 The IPMIOPTS string is parsed into comma-delimited substrings
173 where each substring is of the form "X:VALUE". "X" is a single-
174 character case-insensitive key specifying the option type, and
175 "VALUE" is its corresponding value. The IPMI default will be
176 used if either "VALUE" is omitted from the substring ("X:") or
177 the substring is omitted altogether. Note that since the
178 IPMIOPTS string is delimited by commas, substring values cannot
179 contain commas.
180
181 The valid IPMIOPTS substrings include the following (in any
182 order):
183
184 U:username - a string of at most 16 bytes for the username.
185
186 P:password - a string of at most 20 bytes for the password.
187
188 K:K_g - a string of at most 20 bytes for the K_g key.
189
190 C:cipher_suite - an integer for the IPMI cipher suite ID. Refer
191 to ipmiconsole(8) for a list of supported IDs.
192
193 L:privilege_level - the string "user", "op", or "admin".
194
195 W:workaround_flag - a string or integer for an IPMI workaround.
196 The following strings are recognized: "authcap", "intel20",
197 "supermicro20", "sun20", "opensesspriv", "integritycheckvalue",
198 "solpayloadsize", "solport", and "solstatus". Refer to ipmicon‐
199 sole(8) for more information on these workarounds. This sub‐
200 string may be repeated in order to specify multiple workarounds.
201
202 Both the password and K_g values can be specified in either
203 ASCII or hexadecimal; in the latter case, the string should
204 begin with "0x" and contain at most 40 hexadecimal digits. A
205 K_g key entered in hexadecimal may contain embedded null charac‐
206 ters, but any characters following the first null character in
207 the password key will be ignored.
208
209
211 This directive defines an individual console being managed by the dae‐
212 mon. The CONSOLE keyword is followed by one or more of the following
213 key/value pairs:
214
215 name = "string"
216 Specifies the name used by clients to refer to the console.
217 This keyword is required.
218
219 dev = "string"
220 Specifies the type and location of the device. This keyword is
221 required.
222
223 A local serial port connection is defined by the pathname of the
224 character device file.
225
226 A remote terminal server connection using the telnet protocol is
227 defined by the "host:port" format (where host is the remote
228 hostname or IPv4 address, and port is the remote port number).
229
230 An external process-based connection is defined by the "path
231 args" format (where path is the pathname to an executable
232 file/script, and any additional args are space-delimited); the
233 /usr/lib/conman/exec directory contains scripts for various con‐
234 sole types.
235
236 A local Unix domain socket connection is defined by the
237 "unix:path" format (where "unix:" is the literal character
238 string prefix and path is the pathname of the local socket).
239
240 An IPMI Serial-Over-LAN connection is defined by the "ipmi:host"
241 format (where "ipmi:" is the literal string and host is a host‐
242 name or IPv4 address).
243
244 The '%N' character sequence will be replaced by the console
245 name.
246
247 log = "file"
248 Specifies the file where console output is logged. This string
249 undergoes conversion specifier expansion (cf., CONVERSION SPECI‐
250 FICATIONS) each time the file is opened. If an absolute path‐
251 name is not given, the file's location is relative to either
252 logdir (if defined) or the current working directory. Interme‐
253 diate directories will be created as needed. An empty log
254 string (i.e., log="") disables logging, overriding the global
255 log name.
256
257 logopts = "string"
258 This keyword is optional (cf., GLOBAL DIRECTIVES).
259
260 seropts = "string"
261 This keyword is optional (cf., GLOBAL DIRECTIVES).
262
263 ipmiopts = "string"
264 This keyword is optional (cf., GLOBAL DIRECTIVES).
265
266
268 A conversion specifier is a two-character sequence beginning with a '%'
269 character. The second character in the sequence specifies the type of
270 conversion to be applied. The following specifiers are supported:
271
272 %N The console name (from the name string).
273
274 %D The console device basename (from the dev string), with leading
275 directory components removed.
276
277 %P The daemon's process identifier.
278
279 %Y The year as a 4-digit number with the century.
280
281 %y The year as a 2-digit number without the century.
282
283 %m The month as a 2-digit number (01-12).
284
285 %d The day of the month as a 2-digit number (01-31).
286
287 %H The hour as a 2-digit number using a 24-hour clock (00-23).
288
289 %M The minute as a 2-digit number (00-59).
290
291 %S The seconds as a 2-digit number (00-61).
292
293 %s The number of seconds since the Epoch.
294
295 %% A literal '%' character.
296
297 The console name (%N) and device (%D) specifiers are "sanitized" in
298 that non-printable characters and the forward-slash (/) character are
299 replaced with underscores.
300
301 Conversion specifiers within console log filenames are evaluated when
302 the file is opened; this occurs when conmand first starts and whenever
303 it receives a SIGHUP.
304
305
307 /etc/conman.conf
308
309
311 Chris Dunlap <cdunlap@llnl.gov>
312
313
315 Copyright (C) 2007-2016 Lawrence Livermore National Security, LLC.
316 Copyright (C) 2001-2007 The Regents of the University of California.
317
318
320 ConMan is free software: you can redistribute it and/or modify it under
321 the terms of the GNU General Public License as published by the Free
322 Software Foundation, either version 3 of the License, or (at your
323 option) any later version.
324
325
327 conman(1), conmand(8).
328
329 https://dun.github.io/conman/
330
331
332
333conman-0.2.8 2016-11-22 CONMAN.CONF(5)