nuxwdog(1)

1NUXWDOG(1)                         PKI Tools                        NUXWDOG(1)
2
3
4

NAME

6       nuxwdog - Provides a simple watchdog process that can be used to start,
7       stop, monitor, or reconfigure a server process.
8

SYNOPSIS

10       nuxwdog -f configuration_file [-i]
11

DESCRIPTION

13       nuxwdog is a watchdog daemon that builds on the uxwdog service that is
14       part of the Netscape Enterprise Server (NES).  nuxwdog can start, stop,
15       monitor, and reconfigure server programs, depending on the parameters
16       passed to it in its configuration file.  nuxwdog opens a Unix domain
17       socket to accept requests from any server process it is managing.
18       Optionally, nuxwdog can be configured to communicate only with clients
19       that are descendants of the nuxwdog process, limiting an avenue of
20       potential access to any servers managed by the watchdog.
21
22       Some servers require a high-level of security to protect their data or
23       operations, which means (for example) that they cannot store plaintext
24       passwords in a password file to allow the server to be started
25       automatically.  nuxwdog can be configured to prompt for server
26       passwords when a server first starts and then caches those passwords so
27       that nuxwdog can restart the server without intervention if the server
28       crashes.
29
30       To make it easy for clients to communicate with nuxwdog, a C/C++ shared
31       library is provided with the nuxwdog source code (libnuxwdog.so).
32       Additionally, nuxwdog provides JNI interfaces and Perl bindings to the
33       libnuxwdog.so library, so that calls can be made from Java and Perl
34       programs. For more information on this library and the client
35       interfaces, see https://fedorahosted.org/nuxwdog/wiki/HOWTO.
36
37       nuxwdog is used by Dogtag PKI to monitor and manage the subsystem
38       server processes for Java, Tomcat, and Apache servers.
39

OPTIONS

41       -f configuration_file
42           Passes the configuration file for the service which runs the
43           subsystem.  With Dogtag PKI.  For the CA, OCSP, TKS, and DRM, this
44           is for the Java process. For the TPS, this is for the Apache
45           process.
46
47       -i
48           Runs the nuxwdog process in interactive mode and keeps nuxwdog open
49           in the foreground instead of running it as a daemon in the
50           background.
51

CONFIGURATION FILE PARAMETERS AND EXAMPLES

53       ExeFile
54           Gives the full path to the executable to be started.
55
56       ExeArgs
57           Passes any arguments to the executable. The first argument must be
58           the full path to the executable (the same as the value in ExeFile).
59
60       TmpDir
61           Gives the full path to the executable to be started.
62
63       ChildSecurity
64           Sets whether the child server process should only allow requests
65           from a parent (where nuxwdog is the parent).  nuxwdog checks the
66           process ID for any client which sends a request to the Unix domain
67           socket and drops any message where the client is not a descendant
68           of the nuxwdog process. To allow any request, set this to 0; to
69           allow only parent or ancestor requests, sets this to 1.
70
71       ExeOut
72           Gives the file to write stdout for the server to be started.
73
74       ExeErr
75           Gives the file to write stderr for the server to be started.
76
77       ExeBackground
78           Sets whether to run the server and the nuxwdog processes in the
79           background in daemon mode after the watchdog is initialized.
80           Setting this to 1 enables daemon mode, while 0 keeps this in the
81           foreground.
82
83       PidFile
84           Gives the PID file to use to store the nuxwdog PID.
85
86       ChildPidFile
87           Gives the PID file to use to store the PID of the server process
88           managed by nuxwdog.
89
90       ExeContext
91           Sets the SELinux context in which to start the server process.
92
93       nuxwdog can be used to manage many types of server processes. For
94       Dogtag PKI, it manages Java, Tomcat, and Apache servers. For the Dogtag
95       PKI Certificate Authority, a Java-based subsystem with a Tomcat web
96       service, the configuration file identifies the appropriate JRE and
97       class paths, along with setting the output, error, and PID files. (The
98       ExeArgs argument should be all on one line.)
99
100           ExeFile /usr/lib/jvm/jre/bin/java
101           ExeArgs /usr/lib/jvm/jre/bin/java
102                   -Djava.endorsed.dirs=/usr/share/tomcat5/common/endorsed
103                   -classpath :/usr/lib/jvm/jre/lib/rt.jar
104                      :/usr/share/java/commons-collections.jar
105                      :/usr/share/tomcat5/bin/bootstrap.jar
106                      :/usr/share/tomcat5/bin/commons-logging-api.jar
107                      :/usr/share/java/mx4j/mx4j-impl.jar
108                      :/usr/share/java/mx4j/mx4j-jmx.jar
109                      :/usr/share/tomcat5/common/lib/nuxwdog.jar
110                   -Dcatalina.base=/var/lib/pki-ca2
111                   -Dcatalina.home=/usr/share/tomcat5
112                   -Djava.io.tmpdir=/usr/share/tomcat5/temp org.apache.catalina.startup.Bootstrap
113                   start
114           TmpDir /var/lib/pki-ca2/logs/pids
115           ChildSecurity 1
116           ExeOut /var/lib/pki-ca2/logs/catalina.out
117           ExeErr /var/lib/pki-ca2/logs/catalina.out
118           ExeBackground 1
119           PidFile /var/lib/pki-ca2/logs/wd-pki-ca2.pid
120           ChildPidFile /var/run/pki-ca2.pid
121
122       For Dogtag PKI, the Token (smart card) Processing System uses an
123       Apache-based server. This example also sets the SELinux context,
124       pki_tps_t, used by the TPS subsystem processes.
125
126           ExeFile /usr/sbin/httpd.worker
127           ExeArgs /usr/sbin/httpd.worker -f /etc/pki-tps1/httpd.conf
128           TmpDir /var/lib/pki-tps1/logs/pids
129           PidFile /var/lib/pki-tps1/logs/wd-pki-tps1.pid
130           ExeContext pki_tps_t
131

ADDITIONAL RESOURCES

133       There is a more detailed how-to article, including information on
134       available client calls for nuxwdog, at
135       https://fedorahosted.org/nuxwdog/wiki/HOWTO.
136
137       The nuxwdog server works in conjunction with the Dogtag PKI subsystems.
138       The Dogtag PKI project wiki is at http://pki.fedoraproject.org/wiki/.
139
140       For information specifically about nuxwdog, the nuxwdog project wiki is
141       located at https://fedorahosted.org/nuxwdog/wiki/[1]. The nuxwdog
142       relates directly to nuxwdog code changes and releases, rather than all
143       PKI-related updates.
144
145       Mailing lists: pki-devel@redhat.com and pki-users@redhat.com
146
147       IRC: Freenode at #dogtag-pki
148

AUTHORS

150       The PKI tools were written and maintained by developers with Netscape
151       and now with Red Hat.
152
153       Authors: Ade Lee <alee@redhat.com>, Deon Lackey <dlackey@redhat.com>.
154

COPYRIGHT

156       (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version
157       2.
158

NOTES

160        1. https://fedorahosted.org/nuxwdog/wiki/
161           https://fedorahosted.org/nuxwdog/wiki
162
163
164
165nuxwdog 1                      November 29, 2010                    NUXWDOG(1)