Global section - connect_cdc_sqdata - 4.1

Connect CDC (SQData) Secure communications components

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (SQData)
Version
4.1
Language
English
Product name
Connect CDC (SQData)
Title
Connect CDC (SQData) Secure communications components
Topic type
How Do I
Installation
Copyright
2024
First publish date
2000
ft:lastEdition
2024-02-07
ft:lastPublication
2024-02-07T13:29:14.268926

The Global section contains parameters and variables specific to the Controller Daemon, sqdaemon.

Global section - not identified by a section header and must be specified first.

Syntax
acl=<path_to/acl.cfg>
authorized_keys=<path_to/nacl_auth_keys>
identity=<path_to/id_nacl>
message_level=<0-8>
message_file=../logs/daemon.log
service=<port_num>
Keyword and Parameter Descriptions
Keyword Description
acl=<path_to/acl.cfg>

Location, fully qualified path to the working directory) and name of the acl configuration file to be used by the Controller Daemon. While the actual name of this file is user defined, we strongly recommend using the file name acl.cfg.

authorized_keys=<path_to/nacl_auth_keys> (Non-z/OS only)

Location of the authorized_keys file to be used by the Controller Daemon. On z/OS platforms, specified at runtime by DD statement.

identity=<path_to/id_nacl> - (Non-z/OS only)

Local file system path and file name or AKV url for the NaCl private key to be used by the Controller Daemon. On z/OS platforms both Public and Private Key files are specified at runtime by DD statements.

message_level=<0-8> Level of verbosity for the Controller Daemon messages. This is a numeric value from 0 to 8. Default is 4.
message_file=../logs/daemon.log

Location of the file that will accumulate the Controller Daemon messages. If no file is specified, either in the config file or from the command line, then messages are send to the syslog.

service=<port_num>

Number of the port or service to be used by the Controller Daemon to listen for incoming service requests. Service can be defined using the SQDPARM DD on z/OS, on the command line starting sqdaemon, in the config file described in this section or, on some platforms, as the environment variable SQDAEMON_SERVICE, in that order of priority. Absent any specification, the default is 2626. If for any reason a second Controller Daemon is run on the same platform they must each have a unique port specified.

  • Directories and paths specified must exist before being referenced. Relative names may be included and are relative to the working directory of the sqdaemon "-d" parameter or as specified in the file itself.
  • While message_file is not a required parameter we generally recommend its use or all messages, including authentication and connection errors, will go to the system log. On z/OS however the system log may be preferable since other management tools used to monitor the system, use the log as their source of information.
  • Azure Key Vault (AKV) based secrets in Connect (CDC) SQData are supported only on Linux platforms.
  • AKV requires an Azure Active Directory (AAD) token to be presented to retrieve secrets. SQData retrieves AAD tokens from Azure differently when running on on-prem Linux machines and when running on Azure Linux VM.
  • When running on-prem, to retrieve AAD, tenant_id, client_id and client_secret have to be specified in the sqdata_cloud.conf file located in the working directory.
  • When running on Azure VM, AAD will retrieved from managed identity. Two types of managed identities are supported:
    • If client_id is specified in sqdata_cloud.conf file, then AAD token is retrieved from user managed identity
    • If none of tenant_id, client_id and client_secret is specified, then AAD token is retrieved from system managed identity.