4 stap\-server \- systemtap server management
33 A systemtap compile server listens for connections from stap clients
34 on a secure SSL network port and accepts requests to run the
36 front end. Each server advertises its presence and configuration on the local
37 network using mDNS (\fIavahi\fR) allowing for automatic detection by clients.
40 The stap\-server script aims to provide:
42 management of systemtap compile servers as a service.
44 convenient control over configured servers and individual (ad\-hoc) servers.
47 One of the actions below must be specified:
50 Start servers. The specified servers are started.
51 If no server is specified, the configured servers are started. If no servers
52 are configured, a server for the kernel release and architecture of the host
54 If a specified server is
55 already started, this action will
56 be ignored for that server. If a server fails to start, this action fails.
60 Stop server(s). The specified servers are stopped.
61 If no server is specified, all currently running servers are stopped.
62 If a specified server is
63 not running, this action
64 will be successful for that server. If a server fails to stop, this action
69 Stop and restart servers. The specified servers are stopped and restarted.
70 If no server is specified, all currently running servers are stopped and
71 restarted. If no servers are running, this action behaves like \fIstart\fR.
75 Stop and restart servers. The specified servers are stopped and restarted.
76 If a specified server is not running, it is not started. If no server is
77 specified, all currently running servers are stopped and restarted. If no
78 servers are running, none will be started.
82 This action is identical to \fIcondrestart\fR.
86 Stop all running servers, reload config files and restart the service as if
92 Print information about running servers. Information about the specified
93 server(s) will be printed. If no server is specified, information about all
94 running servers will be printed.
97 The following options are used to provide additional configuration and
98 to specify servers to be managed:
101 \fB\-c\fR \fIconfigfile\fR
102 This option specifies a global configuration file in addition to the default
103 global configuration file described
104 below. This file will be processed after the default global
105 configuration file. If the \fB\-c\fR option is specified more than once, the
107 configuration file specified will be used.
110 \fB\-a\fR \fIarchitecture\fR
111 This option specifies the target architecture of the server and is
112 analogous to the \fB\-a\fR option of \fIstap\fR. See the
114 manual page for more details.
115 The default architecture is the architecture of the host.
118 \fB\-r\fR \fIkernel\-release\fR
119 This option specifies the target kernel release of the server and is
120 analogous to the \fB\-r\fR option of \fIstap\fR. See the
122 manual page for more details.
123 The default release is that of the currently running kernel.
127 This option specifies an additional path to be searched by the server(s) for
128 tapsets and is analogous to the \fB\-I\fR option of \fIstap\fR.
131 manual page for more details.
135 This option specifies the location of the systemtap runtime to be used by the
136 server(s) and is analogous to the \fB\-R\fR option of \fIstap\fR.
139 manual page for more details.
142 \fB\-B\fR \fIoptions\fR
143 This option specifies options to be passed to \fImake\fR when building systemtap
144 modules and is analogous to the \fB\-B\fR option of \fIstap\fR.
147 manual page for more details.
151 This option is a shortcut which specifies one server for each kernel
152 release installed in \fI/lib/modules/\fR. Previous
153 \fB\-I\fR, \fB\-R\fR, \fB\-B\fR and \fB\-u\fR options will be
154 applied to each server, however previous \fB\-a\fR options will be ignored and
155 the default architecture will be used.
158 \fB\-n\fR \fInickname\fR
159 This option allows the specification of a server configuration by nickname.
160 When \fB\-n\fR is specified, a currently running server with the given nickname
161 will be searched for. If no currently running server with the given nickname is
162 found, a server configuration with the given nickname will be searched for in
163 \fI@prefix@/etc/stap\-server/conf.d/*.conf\fR, or the path configured in
164 \fI@prefix@/etc/sysconfig/stap\-server\fR or the config file specified by the
165 \fB\-c\fR option. If a server configuration for the given
166 nickname is found, the
167 \fB\-a\fR, \fB\-r\fR, \fB\-I\fR, \fB\-R\fR, \fB\-B\fR and \fB\-u\fR options for
168 that server will be used as if they were specified on the command line. If no
169 configuration with the given nickname is found, and the action is
171 (or an action behaving like \fIstart\fR
172 (see \fBARGUMENTS\fR), the server will be started with the given nickname.
173 If no configuration with the given nickname is found, and the action is not
175 (or an action behaving like \fIstart\fR), it is an error. If a nickname is
176 not specified for a server which is being started, its nickname will be its
181 This option allows the specification of a server configuration by process id.
182 When \fB\-p\fR is specified, a currently running server with the given process
183 id will be searched for. If no such server is found, it is an error. If a server
184 with the given procss id is found, the
185 \fB\-a\fR, \fB\-r\fR, \fB\-I\fR, \fB\-R\fR, \fB\-B\fR and \fB\-u\fR options for
186 that server will be used as if they were specified on the command line.
189 \fB\-u\fR \fIuser\-name\fR
190 Each systemtap compile server is normally run by the user name
191 \fistap\-server\fR (for the initscript) or as the user invoking
193 unless otherwise configured (see \fBFILES\fR). This option
194 specifies the user name used to run the server(s). The user name specified
195 must be a member of the group \fIstap\-server\fR.
199 Configuration files allow us to:
201 specify global configuration of logging, server configuration files, status
202 files and other global parameters.
204 specify which servers are to be started by default.
206 .SH Global Configuration
208 The Global Configuration file (\fI@prefix@/etc/sysconfig/stap\-server\fR) contains
209 variable assignments used to configure the overall operation of the service.
210 Each line beginning with a '#' character is ignored. All other lines must be
211 of the form \fIVARIABLE=VALUE\fR. This is not a shell script. The entire
212 contents of the line after the = will be assigned as\-is to the variable.
214 The following variables may be assigned:
218 Specifies the absolute path of the directory containing the default server
220 (default: \fI@prefix@/etc/stap\-server/conf.d\fR).
224 Specifies the absolute path of the running server status directory
225 (default: \fI@prefix@/var/run/stap\-server\fR).
229 Specifies the absolute path of the log file
230 (default: \fI@prefix@/var/log/stap\-server.log\fR).
234 Specifies the userid which will be used to run the server(s)
235 (default: for the initscript \fIstap\-server\fR, otherwise the user running
238 .SH Individual Server Configuration
240 Each server configuration file configures a server to be started when no
241 server is specified for the \fIstart\fR action, or an action behaving like the
242 \fIstart\fR action (see \fIARGUMENTS\fR). Each configuration file contains
243 variable assignments used to configure an individual server.
245 Each line beginning with a '#' character is ignored. All other lines must be
246 of the form \fIVARIABLE=VALUE\fR. This is not a shell script. The entire
247 contents of the line after the = will be assigned as\-is to the variable.
249 Each configuration file must have a
250 filename suffix of \fI.conf\fR. The default
251 location of these files is \fI@prefix@/etc/stap\-server/conf.d/\fR, but this can be
252 overridden in the global configuration file using the \fB\-c\fR option
255 The following variables may be assigned:
258 Specifies the target architecture for this server and corresponds to the
259 \fB\-a\fR option (see \fIOPTIONS\fR). If \fBARCH\fR is not set, the
260 architecture of the host will be used.
264 Specifies the kernel release for this server
265 and corresponds to the
266 \fB\-r\fR option (see \fIOPTIONS\fR). If \fBRELEASE\fR is not set, the
268 of the kernel running on the host will be used.
272 Specifies options to be passed to the \fImake\fR process used by
273 \fIsystemtap\fR to build kernel modules.
274 This an array variable with each element corresponding to a
275 \fB\-B\fR option (see \fIOPTIONS\fR). Using the form \fBBUILD=STRING\fR clears
276 the array and sets the first element to \fBSTRING\fR. Using the form
277 \fBBUILD+=STRING\fR adds \fBSTRING\fR as an additional element to the array.
281 Specifies a list of directories to be searched by the server for tapsets.
282 This an array variable with each element corresponding to an
283 \fB\-I\fR option (see \fIOPTIONS\fR). Using the form \fBINCLUDE=PATH\fR clears
284 the array and sets the first element to \fBPATH\fR. Using the form
285 \fBINCLUDE+=PATH\fR adds \fBPATH\fR as an additional element to the array.
289 Specifies the directory which contains the systemtap runtime code to be used
291 and corresponds to the
292 \fB\-R\fR option (see \fIOPTIONS\fR).
296 Specifies the user name to be used to run this server
297 and corresponds to the
298 \fB\-u\fR option (see \fIOPTIONS\fR).
302 Specifies the nickname to be used to refer to this server
303 and corresponds to the
304 \fB\-n\fR option (see \fIOPTIONS\fR).
306 .SH SERVER AUTHENTICAION
307 The security of the SSL network connection between the client and server
308 depends on the proper
309 management of server certificates.
312 The trustworthiness of a given systemtap server can not be determined
313 automatically without a trusted certificate authority issuing systemtap server
314 certificates. This is
315 not practical in everyday use and so, clients must authenticate servers
316 against their own database of trusted server certificates. In this context,
317 establishing a given server as trusted by a given client means adding
318 that server\[aq]s certificate to the
319 client\[aq]s database of trusted servers.
322 For the \fIstap\-server\fR initscript, on the local host, this is handled
324 When the \fIsystemtap\-server\fR package is installed, the server\[aq]s
325 certificate for the default user (\fIstap\-server\fR) is automatically
326 generated and installed. This means that servers started by the
327 \fIstap\-server\fR initscript,
328 with the default user, are automatically trusted by clients on the local
332 In order to use a server running on another host, that server\[aq]s certificate
333 must be installed on the client\[aq]s host.
334 See the \fI\-\-trust\-servers\fR option in the
336 manual page for more details.
341 manual page for a collection of sample \fIsystemtap\fR scripts.
343 To start the configured servers, or the default server, if none are configured:
345 .B \& $ [ service ] stap\-server start
347 To start a server for each kernel installed in /lib/modules:
349 .B \& $ [ service ] stap\-server start \-i
351 To obtain information about the running server(s):
353 .B \& $ [ service ] stap\-server status
355 To start a server like another one, except targeting a different architecture,
356 by referencing the first server\[aq]s nickname:
358 .B \& $ [ service ] stap\-server start \-n \fINICKNAME\fR \-a \fIARCH\fR
360 To stop one of the servers by referencing its process id (obtained by running
361 \fBstap\-server status\fR):
363 .B \& $ [ service ] stap\-server stop \-p \fIPID\fR
365 To stop all running servers:
367 .B \& $ [ service ] stap\-server stop
369 .SH SAFETY AND SECURITY
370 Systemtap is an administrative tool. It exposes kernel internal data
371 structures and potentially private user information. See the
373 manual page for additional information on safety and security.
376 As a network server, stap-server should be activated with care in
377 order to limit the potential effects of bugs or mischevious users.
378 Consider the following prophylactic measures.
381 Run stap-server as an unprivileged user, never as root.
384 Run stap-server with resource limits that impose maximum
385 cpu time, file size, memory consumption, in order to bound
386 the effects of processing excessively large or bogus inputs.
389 Run stap-server with a $TMPDIR environment variable that
390 points to a separate and/or quota-enforced directory, in
391 order to prevent filling up of important filesystems.
394 Activate network firewalls to limit stap client connections
395 to relatively trustworthy networks.
398 The systemtap server and its related utilities use the Secure Socket Layer
399 (SSL) as implemented by Network Security Services (NSS)
400 for network security. The NSS tool
402 is used for the generation of certificates. The related
403 certificate databases must be protected in order to maintain the security of
405 Use of the utilities provided will help to ensure that the proper protection
406 is maintained. The systemtap client will check for proper
407 access permissions before making use of any certificate database.
411 @prefix@/etc/sysconfig/stap\-server/
412 Global configuration file.
415 @prefix@/etc/stap\-server/conf.d/*.conf
416 Configuration files for default servers.
419 @prefix@/var/run/stap\-server/
420 Default location of status files for running servers.
423 @prefix@/var/log/stap\-server.log
428 Location of installed kernels.
433 .IR stapprobes (3stap),
434 .IR stapfuncs (3stap),
442 Use the Bugzilla link of the project web page or our mailing list.
444 .BR http://sources.redhat.com/systemtap/ ", " <systemtap@sources.redhat.com> .