Localopts details
- # comment
- Treats everything from the indicated character (#) to the end of the line as a comment.
- appserver auto restart = yes|no
- Requests the
appservman
process to automatically start WebSphere Application Server Liberty Base if it is found down. The default isYes
. - appserver check interval = minutes
- Specifies the frequency in minutes that the
appservman
process is to check that WebSphere Application Server Liberty Base is still running. The default is 3 minutes. - appserver count reset interval = hours
- Specifies the time interval in hours after which the restart count is reset from the last WebSphere Application Server Liberty Base start. The default is 24 hours.
- appserver max restarts = number
- Specifies the maximum number of restarting attempts the
appservman
process can make before giving up and exiting without restarting WebSphere Application Server Liberty Base. The counter is reset if WebSphere Application Server Liberty Base runs for longer than theappserver count reset interval
value. The default is 5. - appserver min restart time = minutes
- Specifies in minutes the minimum elapsed time the
appservman
process must wait between each attempt to restart the WebSphere Application Server Liberty Base if it is down. If this value is less than theappserver check interval
, the WebSphere Application Server Liberty Base is restarted as soon as it is found down. If it is found down before this time interval (min restart time) has elapsed,appservman
exits without restarting it. The default is 2 minutes. - appserver service name = name
- Only in Windows® environments. Specifies the name of the WebSphere Application Server Liberty Base windows service if different from the standard name. This field is generally not used.
- autostart monman = yes|no
- Used in event rule management. Restarts
the monitoring engine automatically when the next production plan
is activated (on Windows® also when HCL Workload Automation is
restarted). The default is
Yes
. - bm check deadline = seconds
- Specify the minimum number of seconds Batchman waits before checking if a job has missed its deadline. The check is performed on all jobs and job streams included in the Symphony file, regardless of the workstation where the jobs and job streams are defined. Jobs and job streams with expired deadlines are marked as late in the local Symphony file. To obtain up-to-date information about the whole environment, define this option on the master domain manager. Deadlines for critical jobs are evaluated automatically, independently of the bm check deadline option. To disable the option and not check deadlines, enter a value of zero, the default value.
- bm check file = seconds
- Specify the minimum number of seconds Batchman waits before checking for the existence of a file that is used as a dependency. The default is 120 seconds.
- bm check status = seconds
- Specify the number of seconds Batchman waits between checking the status of an internetwork dependency. The default is 300 seconds.
- bm check until = seconds
- Specify the maximum number of seconds Batchman waits before reporting the expiration of an Until time for job or Job Scheduler. Specifying a value below the default setting (300) might overload the system. If it is set below the value of Local Option bm read, the value of bm read is used in its place. The default is 300 seconds.
- bm look = seconds
- Specify the minimum number of seconds Batchman waits before scanning and updating its production control file. If you install the 9.4, FP1 version as a fresh installation, the default value is automatically set to 5 for improving product performance. The previous default value was 15 seconds and is maintained if you perform a product upgrade.
- bm read = seconds
- Specify the maximum number of seconds Batchman waits for a message in
the
intercom.msg
message file. If no messages are in queue, Batchman waits until the timeout expires or until a message is written to the file. If you install the 9.4, FP1 version as a fresh installation, the default value is automatically set to 3 for improving product performance. The previous default value was 10 seconds and is maintained if you perform a product upgrade. - bm stats = on|off
- To have Batchman send its startup and shut down statistics to its standard list file, specify on. To prevent Batchman statistics from being sent to its standard list file, specify off. The default is off.
- bm verbose = on|off
- To have Batchman send all job status messages to its standard list file, specify on. To prevent the extended set of job status messages from being sent to the standard list file, specify off. The default is off.
- bm late every = minutes
- When an every job does not start at its expected start time, bm late every specifies the maximum number of minutes that elapse before HCL Workload Automation skips the job. This option applies only to jobs defined with every option together with the at time dependency, it has no impact on jobs that have only the every option.
- can be event processor = yes|no
- Specify if this workstation can act as event processing server or not. It is set by default to yes for master domain managers and backup masters, otherwise it is set to no.
- cli gsk tls10 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.0 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli gsk tls11 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.1 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli gsk tls12 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.2 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli ssl tls10 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.0 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli ssl tls11 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.1 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli ssl tls12 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.2 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- gsk tls10 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.0 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- gsk tls11 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.1 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. f you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- gsk tls12 cipher=DFLT|cipher
- Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.2 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- ssl tls10 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.0 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- ssl tls11 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.1 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- ssl tls12 cipher=HIGH|cipher
- Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.2 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
- cli ssl certificate keystore label = string
- Only used if SSL is defined using GSKit
(
ssl fips enabled="yes"
) Supply the label which identifies the certificate in the keystore when the command-line client is using SSL authentication to communicate with the master domain manager. The default isHCL HWA 9.5 workstation
, which is the value of the certificate distributed with the product to all customers. This certificate is thus not secure and should be replaced with your own secure certificate. See Configuring the SSL connection protocol for the network. - cli ssl keystore file = file_name
- Only used if SSL is defined using GSKit (
ssl fips enabled="yes"
). Specify the name of the keystore file used for SSL authentication when the command-line client is using SSL authentication to communicate with the master domain manager. The default is TWA_home/TWS/ssl/TWSPublicKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network. - cli ssl keystore pwd = file_name
- Only used if SSL is defined using
GSKit (
ssl fips enabled="yes"
). Specify the password file of the keystore used for SSL authentication when the command-line client is using SSL authentication to communicate with the master domain manager. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network. - cli ssl cipher = cipher_class
- Only
used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify the cipher class to be used when the command-line client and the server are using SSL authentication. Use one of the common cipher classes listed in Valid encryption cipher classes. The default is MD5.If you want to use an OpenSSL cipher class not listed in the table, use the following command to determine if your required class is supported:
where class_name is the name of the class you want to use. If the command returns a cipher string, the class can be used.openssl ciphers class_name
Table 1. Valid encryption cipher classes Encryption cipher class Description SSLv3 SSL version 3.0 TLS Only for HCL Workload Automation, version 9.3. users: before enabling SSL communication, manually modify this value to TLSv1, as described in Setting local options. For users with V9.3 Fix Pack 1 or later, no manual intervention is required. The default value is TLSv1. TLSv1 TLS version 1.0 EXP Export EXPORT40 40-bit export MD5 Ciphers using the MD5 digest, digital signature, one-way encryption, hash or checksum algorithm. LOW Low strength (no export, single DES) MEDIUM Ciphers with 128 bit encryption HIGH Ciphers using Triple-DES NULL Ciphers using no encryption - cli ssl server auth = yes|no
- Only
used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify yes if server authentication is to be used in SSL communications with the command line client. The default is no. - cli ssl server certificate = file_name
- Only used if SSL is defined
using OpenSSL (
ssl fips enabled="no"
) Specify the file, including its full directory path, that contains the SSL certificate when the command-line client and the server use SSL authentication in their communication. There is no default. See Configuring the SSL connection protocol for the network. - cli ssl trusted dir = directory_name
- Only
used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify the directory that contains an SSL trusted certificate contained in files with hash naming (#) when the command-line client and the server are using SSL authentication in their communication. When the directory path contains blanks, enclose it in double quotation marks ("). There is no default. - composer prompt = prompt
- Specify the prompt for the composer command line. The prompt can be of up to 10 characters in length. The default is dash (-).
- conman prompt = prompt
- Specify the prompt for the conman command line. The prompt can be of up to 8 characters in length. The default is percent (%).
- current folder = /foldername>
- When submitting commands that involve folders from either the composer or conman command line, you can change the default folder or working directory from the root (/) to another folder path so that you can submit commands from the composer or conman command line using relative folder paths.
- date format = 0|1|2|3
- Specify
the value that corresponds to the date format you require. The values
can be:
- 0 corresponds to yy/mm/dd
- 1 corresponds to mm/dd/yy
- 2 corresponds to dd/mm/yy
- 3 indicates usage of Native Language Support variables
The default is 1.
- followlocation
- Set this property to true to enable the HTTP protocol. You cannot enable the HTTP protocol from the command line. This property instructs the composer command to follow any 'Location: header' that the server sends as part of the HTTP header in a 3xx response. The 'Location: header' can specify a relative or an absolute URL to follow.
- defaultws = manager_workstation
- The default workstation when you are accessing using a command line client. Specify the domain manager workstation.
- DownloadDir = directory_name
- Defines
the name of the directory where the fix pack installation package
or upgrade eImage is downloaded during the centralized agent update
process. If not specified, the following default directory is used:
- On Windows operating systems:
- TWA_home\TWS\stdlist\JM\download
- On UNIX operating systems:
- TWA_home/TWS/stdlist/JM/download
- er load = yes|no
- For UNIX and Linux operating systems only. If set to yes, specifies that the HCL user profile should be loaded when running a GenericAction EventRule. The default value is no.
- host = hostname_or_IP_address
- The name or IP address of the host when accessing using a command line client. For Agents, the host or ip address of the master is used. For Backup Master Domain Manager the value is the default: 127.0.0.1
- is remote cli = yes|no
- Specify if this instance of HCL Workload Automation is installed as a command line client (yes).
- jm interactive old = yes|no
- Only
for Windows operating systems starting from Vista and later versions.
To comply with security restrictions introduced with the Vista version
of Windows operating systems, only for fault-tolerant agents, HCL Workload Automation runs
interactive jobs only if the
streamlogon
user has a valid, interactive session. Specify yes to allow jobman to start interactive jobs even if there are no active sessions for thestreamlogon
user. Specify no to allow jobman to start interactive jobs only if there are active sessions for thestreamlogon
user. The default is no. - jm job table size = entries
- Specify the size, in number of entries, of the job table used by Jobman. The default is 1024 entries.
- jm load user profile = on|off
- Only on Windows operating systems. Specify if the jobman process loads the user profile and its environment variables for the user specified in the logon field of each job, before starting the job on the workstation. Specify on to load the user profile on the workstation before running jobs for the logon user; otherwise specify off. Roaming profiles are not supported. The default is on.
- jm look = seconds
- Specify the minimum number of seconds Jobman waits before looking for completed jobs and performing general job management tasks. The default is 300 seconds.
- jm nice = nice_value
- For UNIX® and Linux® operating
systems only, specify the nice value to be applied to jobs
launched by Jobman to change their priority in the kernel's scheduler.
The default is zero.
The nice boundary values vary depending upon each specific platform, but generally lower values correspond to higher priority levels and vice versa. The default depends upon the operating system.
Applies to jobs scheduled by the root user only. Jobs submitted by any other user inherit the same nice value of the Jobman process.
See also jm promoted nice.
- jm file no root = yes|no
- For UNIX® and Linux® operating systems only, specify yes to prevent Jobman from executing commands in file dependencies as root. Specify no to allow Jobman to execute commands in file dependencies as root. The default is no.
- jm no root = yes|no
- For UNIX® and Linux® operating systems only, specify yes to prevent Jobman from launching root jobs. Specify no to allow Jobman to launch root jobs. The default is yes.
- jm promoted nice = nice_value
- Used
in workload service assurance. For UNIX® and Linux® operating
systems only, assigns the priority value to a critical job that needs
to be promoted so that the operating system processes it before others.
Applies to critical jobs or predecessors that need to be promoted
so that they can start at their critical start time.
Boundary values vary depending upon each specific platform, but generally lower values correspond to higher priority levels and vice versa. The default is -1.
Be aware that:- The promotion process is effective with negative values only. If you set a positive value, the system runs it with the -1 default value and logs a warning message every time Jobman starts.
- An out of range value (for example -200), prompts the operating system to automatically promote the jobs with the lowest allowed nice value. Note that in this case no warning is logged.
- Overusing the promotion mechanism (that is, defining an exceedingly high number of jobs as mission critical and setting the highest priority value here) might overload the operating system, negatively impacting the overall performance of the workstation.
You can use this and the jm nice options together. If you do, remember that, while jm nice applies only to jobs submitted by the root user, jm promoted nice applies only to jobs that have a critical start time. When a job matches both conditions, the values set for the two options add up. For example, if on a particular agent the local options file has:
when a critical job submitted by the root user needs to be promoted, it is assigned a cumulative priority value of -6.jm nice= -2 jm promoted nice= -4
- jm promoted priority = value
- Used
in workload service assurance. For Windows® operating
systems only, sets to this value the priority by which the operating
system processes a critical job when it is promoted.
Applies to critical jobs or predecessors that need to be promoted so that they can start at their critical start time.
The possible values are:High
AboveNormal
(the default)Normal
BelowNormal
Low
orIdle
Note that if you a set a lower priority value than the one non-critical jobs might be assigned, no warning is given and no mechanism like the one available for jm promoted nice sets it back to the default.
- jm read = seconds
- Specify
the maximum number of seconds Jobman waits for a message in the
courier.msg
message file. The default is 10 seconds. - local was = yes|no
- For master domain managers and backup masters connected to the HCL Workload Automation database. If set to yes, it improves the performance of Job Scheduler and job submission from the database The default is no.
- merge stdlists = yes|no
- Specify yes to have all of the HCL Workload Automation control processes, except Netman, send their console messages to a single standard list file. The file is given the name TWSmerge. Specify no to have the processes send messages to separate standard list files. The default is yes.
- mm cache mailbox = yes|no
- Use this option to enable Mailman to use a reading cache for incoming messages. In this case, only messages considered essential for network consistency are cached. The default is yes.
- mm cache size = messages
- Specify this option if you also use mm cache mailbox. The maximum value (default) is 512.
- mm planoffset = HHMM
- HHMM is an amount of time in the
format hours and minutes. When HCL Workload Automation starts, this amount of
time is used as an offset to check the Symphony plan validity according to this formula:
If the result is true, that is, the current time is earlier than the Symphony planned end time minus the offset, the Symphony plan is considered valid and HCL Workload Automation starts. If the result is false, HCL Workload Automation does not start and an error is logged. The default for this optional attribute is an empty value; in this case, no check is performed by HCL Workload Automation on the validity of the plan. This check might be necessary when a domain manager stops because of an unplanned outage and restarts later, when a new domain manager has been started in the meanwhile, because not all the correct recovery procedures were run to exclude it from the HCL Workload Automation network. As a consequence, there are two domain managers running at the same time on the same fault-tolerant agent creating scheduling issues on all the fault-tolerant agents.current_timestamp < (Symphony_end_timestamp - HHMM)
- mm read = seconds
- Specify the maximum number of seconds Mailman waits for a connection with a remote workstation. The default is 15 seconds.
- mm resolve master = yes|no
- When set to yes the $MASTER variable is resolved at the beginning of the production day. The host of any extended agent is switched after the next JnextPlan (long term switch). When it is set to no, the $MASTER variable is not resolved at JnextPlan and the host of any extended agent can be switched after a conman switchmgr command (short- and long-term switch). Starting from Version 9.5 Fix Pack 2, the default is no (for previous releases, it was set to yes. When you switch a master domain manager and the original has mm resolve master set to no and the backup has mm resolve master set to yes, after the switch any extended agent that is hosted by $MASTER switches to the backup master domain manager. When the backup master domain manager restarts, the keyword $MASTER is locally expanded by Mailman. You should keep the mm resolve master value the same for master domain managers and backup domain managers.
- mm response = seconds
- Specify the maximum number of seconds Mailman waits for a response before reporting that a workstation is not responding. The minimum wait time for a response is 90 seconds. The default is 600 seconds.
- mm retrylink = seconds
- Specify the maximum number of seconds Mailman waits after unlinking from a non-responding workstation before it attempts to link to the workstation again. The default is 600 seconds. The tomserver optional mailman servers do not unlink non-responding agents. The link is repetitively checked every 60 seconds, which is the default retrylink for these servers.
- mm sound off = yes|no
- Specify how Mailman responds to a conman tellop ? command. Specify yes to have Mailman display information about every task it is performing. Specify no to have Mailman send only its own status. The default is no.
- mm symphony download timeout = seconds
- Specify the maximum number of minutes Mailman waits after attempting to initialize a workstation on a slow network. If the timeout expires without the workstation being initialized successfully, Mailman initializes the next workstation in the sequence. The default is no timeout (0).
- mm unlink = seconds
- Specify the maximum number of seconds Mailman waits before unlinking from a workstation that is not responding. The wait time should not be less than the response time specified for the Local Option nm response. The default is 960 seconds.
- nm mortal = yes|no
- Specify yes to have Netman quit when all of its child processes have stopped. Specify no to have Netman keep running even after its child processes have stopped. The default is no.
- nm port = port
- Specify the TCP port number that Netman responds to on the local
computer. This must match the TCP/IP port in the computers workstation definition. It must be
an unsigned 16-bit value in the range 1- 65535 (values between 0 and 1023 are reserved for
services such as, FTP, TELNET, HTTP, and so on). The default is the value supplied during the
product installation.
If you run event-driven workload automation and you have a security firewall, make sure this port is open for incoming and outgoing connections.
- nm read = seconds
- Specify the maximum number of seconds Netman waits for a connection request before checking its message queue for stop and start commands. The default is 10 seconds.
- nm retry = seconds
- Specify the maximum number of seconds Netman waits before retrying a connection that failed. The default is 800 seconds.
- nm ssl full port = port
- The port used to listen for incoming SSL connections when full SSL is
configured by setting global option
enSSLFullConnection
toyes
(see Configuring full SSL security for more details). This value must match the one defined in the secureaddr attribute in the workstation definition in the database. It must be different from the nm port local option that defines the port used for normal communication.Note:There is no default.- If you install multiple instances of HCL Workload Automation on the same computer, set all SSL ports to different values.
- If you plan not to use SSL, set the value to 0.
- nm ssl port = port
- The port used to listen for incoming SSL connections, when full
SSL is not configured (see Configuring full SSL security for more details). This value must match the
one defined in the secureaddr attribute in the workstation definition in the database.
It must be different from the nm port local option that defines the port used for normal
communication. Note:
- If you install multiple instances of HCL Workload Automation on the same computer, set all SSL ports to different values.
- If you plan not to use SSL, set the value to 0.
- port = port
- The TCP/IP port number of the protocol used when accessing using a command line client. The default is 31116.
- protocol = http|https
- The protocol used to connect to the host when accessing using a command line client.
- proxy = proxy_server_hostname_or_IP_address
- The name of the proxy server used when accessing using a command line client.
- proxy port = proxy_server_port
- The TCP/IP port number of the proxy server used when accessing using a command line client.
- restricted stdlists = yes|no
- Use
this option to set a higher degree of security to the
stdlist
directory (and to its subdirectories) allowing only selected users to create, modify, or read files.This option is available for UNIX workstations only. After you define it, make sure you erase your current
stdlist
directory (and subdirectories) and that you restart HCL Workload Automation. The default isno
.If the option is not present or if it is set tono
, the newly createdstdlist
directory and its subdirectories are unaffected and their rights are as follows:drwxrwxr-x 22 twsmdm staff 4096 Nov 09 12:12 drwxrwxr-x 2 twsmdm staff 256 Nov 09 11:40 2009.11.09 drwxrwxr-x 2 twsmdm staff 4096 Nov 09 11:40 logs drwxr-xr-x 2 twsmdm staff 4096 Nov 09 11:40 traces
If the option is set toyes
, these directories have the following rights:drwxr-x--x 5 twsmdm staff 256 Nov 13 18:15 rwxr-x--x 2 twsmdm staff 256 Nov 13 18:15 2009.11.13 rwxr-x--x 2 twsmdm staff 256 Nov 13 18:15 logs rwxr-x--x 2 twsmdm staff 256 Nov 13 18:15 traces
Do the following to define and activate this option:- Change the line
restricted stdlists = no
torestricted stdlists = yes
in your local options file. - Stop HCL Workload Automation.
- Stop WebSphere Application Server Liberty Base if present.
- Remove the
stdlist
directory (or at least its files and subdirectories). - Start HCL Workload Automation.
- Start WebSphere Application Server Liberty Base if present.
- Change the line
- ssl auth mode = caonly|string|cpu
- The behavior of HCL Workload Automation during
an SSL handshake is based on the value of the SSL authentication mode
option as follows:
- caonly
- HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. Information contained in the certificate is not examined. The default value.
- string
- HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. It also verifies that the Common Name (CN) of the Certificate Subject matches the string specified into the SSL auth string option. See ssl auth string = string.
- cpu
- HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. It also verifies that the Common Name (CN) of the Certificate Subject matches the name of the workstation that requested the service.
- ssl auth string = string
- Used in conjunction with the SSL auth mode option when the "string" value is specified. The SSL auth string (ranges from 1 - 64 characters) is used to verify the certificate validity. The default string is "tws".
- ssl ca certificate = file_name
- Only used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify the name of the file containing the trusted certification authority (CA) certificates required for SSL authentication. The CAs in this file are also used to build the list of acceptable client CAs passed to the client when the server side of the connection requests a client certificate. This file is the concatenation, in order of preference, of the various PEM-encoded CA certificate files.The default is TWA_home/TWS/ssl/TWSTrustedCA.crt. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl certificate = file_name
- Only used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify the name of the local certificate file used in SSL communication.The default is TWA_home/TWS/ssl/TWSPublicKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl certificate keystore label = string
- Only used if SSL is defined using GSKit (
ssl fips enabled="yes"
) Supply the label which identifies the certificate in the keystore when using SSL authentication.The default is
HCL HWA 9.5 workstation
, which is the value of the certificate distributed with the product to all customers. This certificate is thus not secure and should be replaced with your own secure certificate. See Configuring the SSL connection protocol for the network. - ssl encryption cipher = cipher_class
- Only used if SSL is defined using OpenSSL
(
ssl fips enabled="no"
) Define the ciphers that the workstation supports during an SSL connection.Use one of the common cipher classes listed in Valid encryption cipher classes. The default value is TLSv1. No manual intervention is required. If you want to use an OpenSSL cipher class not listed in the table, use the following command to determine if your required class is supported:
where class_name is the name of the class you want to use. If the command returns a cipher string, the class can be used.openssl ciphers class_name
- ssl fips enabled = yes|no
- Determines whether
your entire HCL Workload Automation
network is enabled for FIPS (Federal Information Processing Standards) compliance. FIPS
compliance requires the use of GSKit instead of the default OpenSSL for secure communications.
If you enable FIPS (ssl fips enabled="yes") the values for all the SSL
attributes that apply to GSKit are automatically applied by HCL Workload Automation. If you do not enable FIPS
(ssl fips enabled="no"), the values for all the SSL attributes that apply to OpenSSL
are automatically applied by HCL Workload Automation. The default is no.
Note: In versions 9.5 and 10.1, FIPS compliance is not complete, because you cannot configure WebSphere Application Server Liberty Base for FIPS compliance. However, you can enable FIPS compliance for your HCL Workload Automation static network.
- ssl key = file_name
- Only used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) The name of the private key file.The default is TWA_home/TWS/ssl/TWSPrivateKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl key pwd = file_name
- Only used if SSL is defined using OpenSSL
(
ssl fips enabled="no"
) The name of the file containing the password for the stashed key.The default is TWA_home/TWS/ssl/TWSPrivateKeyFile.sth. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl keystore file = file_name
- Only used if SSL is defined using GSKit (
ssl fips enabled="yes"
). Specify the name of the keystore file used for SSL authentication.The default is TWA_home/TWS/ssl/TWSKeyRing.kdb. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl keystore pwd = file_name
- Only used if SSL is defined using GSKit
(
ssl fips enabled="yes"
). Specify the name of the keystore password file used for SSL authentication.The default is TWA_home/TWS/ssl/TWSKeyRing.sth. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- ssl random seed = file_name
- Only used if SSL is defined using OpenSSL (
ssl fips enabled="no"
) Specify the pseudo random number file used by OpenSSL on some operating systems. Without this file, SSL authentication might not work correctly.The default is TWA_home/TWS/ssl/TWS.rnd. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
- stdlist width = columns
- Specify the maximum width of the HCL Workload Automation console messages. You can specify a column number in the range 1 to 255. Lines are wrapped at or before the specified column, depending on the presence of imbedded carriage control characters. Specify a negative number or zero to ignore line width. On UNIX® and Linux® operating systems, you should ignore line width if you enable system logging with the syslog local option. The default is 0 columns.
- switch sym prompt = prompt
- Specify a prompt for the conman command line after you have selected a different Symphony file with the setsym command. The maximum length is 8 characters. The default is n%.
- sync level = low|medium|high
- Specify the rate at which HCL Workload Automation synchronizes
information written to disk. This option affects all mailbox agents
and is applicable to UNIX® and Linux® operating
systems only. Values can be:
- low
- Allows the operating system to handle it.
- medium
- Flushes the updates to disk after a transaction has completed.
- high
- Flushes the updates to disk every time data is entered.
- syslog local = value
- Enables or disables HCL Workload Automation system logging for UNIX® and Linux® operating systems only. Specify -1 to turn off system logging for HCL Workload Automation. Specify a number from 0 to 7 to turn on system logging and have HCL Workload Automation use the corresponding local facility (LOCAL0 through LOCAL7) for its messages. Specify any other number to turn on system logging and have HCL Workload Automation use the USER facility for its messages. The default is -1. See HCL Workload Automation console messages and prompts.
- tcp connect timeout = seconds
- Specify the maximum number of seconds that can be waited to establish a connection through non-blocking socket. The default is 15 seconds.
- tcp timeout = seconds
- Specify the maximum number of seconds that can be waited for the completion of a request on a connected workstation that is not responding. The default is 300 seconds.
- this cpu = workstation_name
- The unique identifier of the workstation. Even when the workstation is subsequently moved to a different folder, the unique identifier remains the same. The name can be a maximum of 16 alphanumeric characters in length and must start with a letter. When a switch is made between the master domain manager and a backup domain manager, using the switchmgr command, the Symphony header value for this cpu is overwritten by the this cpu value in the localopts file. The default is the host name of the computer.
- timeout = seconds
- The timeout in seconds to await for the server operation completion was reached. The command continues to run on the server until its completion. The default value is 3600 seconds.
- unison network directory = directory_name
- This
parameter applies only to versions of HCL Workload Automation prior
to version 8.3. Defines the name of the Unison network directory.
The default is
TWA_home>/../unison/network
. - useropts = file_name
- If you have multiple instances of HCL Workload Automation on a system, use this to identify the useropts file that is to be used to store the connection parameters for the instance in which this localops file is found. See Multiple product instances for more details.
- wr enable compression = yes|no
- Use this option on fault-tolerant agents. Specify if the fault-tolerant agent can receive the Symphony file in compressed form from the master domain manager. The default is no.
- wr read = seconds
- Specify the number of seconds the Writer process waits for an incoming message before checking for a termination request from Netman. The default is 600 seconds.
- wr unlink = seconds
- Specify the number of seconds the Writer process waits before exiting if no incoming messages are received. The minimum is 120 seconds. The default is 180 seconds.