Shown below is a sample configuration file.
#The Analysis Server looks for the aserver.conf file in the same directory where the server is started. A different file can be specified using command-line arguments. If changes are made to the file while the Analysis Server is running, then the server must be restarted for any changes to take effect.
# this is the configuration file for the Analysis Server
#
#
# the port for the server to run on
#
port: 1835
#
# The path where analyses are stored.
#
analysesPath: analyses
#
# levels:
#
# 0 - none
# 1 - connections only
# 2 - component start and end
# 3 - get, set
# 4 - all
#
loggingLevel: 1
#
# The user path specifies the directories to search for user
# account. The Analysis Server searches for "public_aserver"
# directories within user directories. The path is a semicolon
# separated list of names
#
#userPath: c:\windows\profiles;c:\users
#
# Allow connection by all hosts.
#
allow: *
See also the Web Based Administrator for a more convenient way to modify this file.
| Setting | Syntax | Description |
|---|---|---|
| allow | allow: user and hostname filter | default: none
New as of build 158. User-based authentication added in v2.01. This command can be used to specify hosts and users which are allowed to connect to analysis server. Hosts can be specified using a wildcard such as *.phoenix-int.com, which will allow all hosts in the phoenix-int.com domain, or as 134.23.14.*, which will allow all hosts whose ip address are on that subnet. Note, however, that using hostnames instead of IP addresses (the first format) will force a DNS lookup on all clients that try to access that directory. Depending on your network, this can have significant performance and scalability problems. You can prefix the host specification with a user or group specification by using the '@' symbol. For example 'bill@10.10.10.*' will allow the user bill from any computer in the 10.10.10. network range. Prefix groups with "group.", as in 'group.weights@*', which will allow anyone in the group called weights when connecting from anywhere. The user or group specifier must either be an exact name or the wildcard character '*', indicating all users or groups. This command can be used multiple times in the configuration file to specify a list of allowed hosts. |
| allowDirectTransfer | allowDirectTransfer: hostname filter |
This command can be used to specify hosts which you always want to attempt direct transfers from. |
| analysesPath | analysesPath: dir;dir;... | default: analyses
This is the semicolon-separated path that the Analysis Server maps to the root category. You may want to override the default value if you have a shared directory for maintaining libraries of components. Prior to build 173, this parameter was named analysesDir and could consist of only one directory If the librarianFile option is set, this option will be ignored. |
| associationsDir | associationsDir: dir | default: associations
This directory holds the associations.dat data file and the associated Jar files for each association. |
| authGuestAccount | authGuestAccount: username | default: no guest
account
Added in v2.01 In order to allow clients from pre-authentication days, you need to set the AuthGuestAccount option. This maps a default user to try and use when old clients connect. The authentication subsystem must additionally be configured to accept this account with no password. This option will have no effect on newer clients Without this option, older clients will not be able to connect when Authentication is being used. |
| authOptions | authOptions: <options> | default: no default value
Added in v2.01 This command allows you to pass configuration arguments to the Authentication sub-system. The format of this option is dependent upon the type of authentication system you are using. Currently, only plain, file based authentication is supported. The format for this is 2 filenames separated by a comma specifying first the password file and secondly the group file. Example: authOptions: passwd,group There is example password and group files delivered with the Analysis Server in the installation directory. These files set up a basic system with an administrator account, "admin", using the password "admin" and a guest account, "guest", with no password. |
| authSystem | authSystem: <specification> | default: no authentication
Added in v2.01 If this option is used, the Analysis Server will require a username and password login from clients before they can connect. This information can be used in security files to allow or disallow access based on user information. Currently "file" is the only available option, which specifies that the Analysis Server should use a file based authentication database, much like UNIX /etc/passwd and /etc/group files. See Authentication for more help on Analysis Server's Authentication features. |
| customTempDir | customTempDir: dir | default: NONE
Added in v4.2 When Analysis Server runs a wrapper that
uses run sharing, it creates temporary directories to place the files it's
dealing with. By default these directories are created inside of the
directory that contains the wrapper. If this option is set, the directories
are created in the specified directory instead. |
| deny | deny: hostname filter | default: none New as of build 158. User-based authentication added in v2.01. This command can be used to specify hosts and users which are not allowed to connect to analysis server. Hosts can be specified using a wildcard such as *.phoenix-int.com, which will deny all hosts in the phoenix-int.com domain, or as 134.23.14.*, which will deny all hosts whose ip address are on that subnet. Note, however, that using hostnames instead of IP addresses (the first format) will force a DNS lookup on all clients that try to access that directory. Depending on your network, this can have significant performance and scalability problems. You can prefix the host specification with a user or group specification by using the '@' symbol. For example 'bill@10.10.10.*' will deny the user bill from any computer in the 10.10.10. network range. Prefix groups with "group.", as in 'group.weights@*', which will deny anyone in the group called weights when connecting from anywhere. The user or group specifier must either be an exact name or the wildcard character '*', indicating all users or groups. This command can be used multiple times in the configuration file to specify a list of denied hosts. |
| denyAccessByDefault | denyAccessByDefault: true|false | default: false
New as of build 158. This setting controls whether Analysis Server security should deny access to analyses whose security file does not explicitly allow or deny a client trying to access those files. |
| denyDirectTransfer | denyDirectTransfer: hostname filter |
This command can be used to specify hosts which you do not want to attempt direct file transfers from. |
| denyDirectTransferByDefault | denyDirectTransferByDefault: true|false | default: true
Added in v4.2 Does this Analysis Server, by default, allow receiving file variables via direct connections from other Analysis Servers? |
| dftModule | dftModule: moduleName | default: NONE
Added in v5.1 The name of a custom class to use for direct file transfer. If this parameter is non-existant or blank, the standard direct file transfer mechanism provided by Analysis Server is used. |
| dftConfigFile | dftConfigFile: fileName | default: NONE
Added in v5.1 When using a custom class to use for direct file transfer, this setting states the configuration file associated with the module. |
| directTransferTimeout | directTransferTimeout: ### | default: 60
Added in v4.2 The connection timeout to use when conducting a direct transfer of a file before reporting an error. |
| enableBasicServices | enableBasicServices: true|false | default: true
Controls whether the basic services are started or not. This is what allows traditional clients connect and run codes. You may wish to turn this off in favor of the SSL Service in a secure environment. |
| enableHTTPServices | enableHTTPServices: true|false | default: true
Controls whether the HTTP services are started or not. If enabled, a web browser can be used to connect to the Analysis Server to configure and run components. |
| enableSSLServices | enableSSLServices: true|false | default: false
Controls whether the Secure Socket Layer (SSL) encryption services are started or not. If enabled, an encryption enabled client can be used to connect to the Analysis Server and run components securely. |
| executablesFile | executablesFile: fileName | default: executables.txt
Added in v4.2 This command determines where the executable location
file is stored. This file allows the locations of various
executables to be specified at the Analysis Server level and then
be referenced in various wrappers without needing to specify the exact
location in each wrapper. This file is in
Java Properties format.
An example of the contents of such a file would be:
|
| fileVarsDirectTransfer | fileVarsDirectTransfer: true|false | default: true
Added in v4.2 Specifies whether the Analysis Server supports sending file variables via direct connections to other Analysis Servers. |
| HTTPPort | HTTPPort: ### | default: 8080
The HTTP port variable controls which port the embedded HTTP server runs on. You may want to change this setting if you are already running a web server on the same machine you intend to run the Analysis Server on. |
| jobSubmission | jobSubmission: command | default: NONE (LSF default: "bsub -I")
If this setting is used, the following command will preface all textual run commands in wrappers. This is used to be able to submit all wrapper commands to a load balancing system. |
| jobIdRegex | jobIdRegex: regex | default: NONE (LSF default: "Job <(.*)> is submitted")
When used in conjunction with the load balancing command, jobSubmission, this setting specifies how to obtain the job id from the standard output stream of the load balancing software after job submittal. |
| jobNodeRegex | jobNodeRegex: regex | default: NONE (LSF default: "<<Starting on (.*)>>")
When used in conjunction with the load balancing command, jobSubmission, this setting specifies how to obtain the job node from the standard output stream of the load balancing software after job submittal. |
| librarianFile | librarianFile: fileName | default: NONE
New as of v3.0. Specifies a file which configures the available librarians used to publish codes on the Analysis Server. SeeConfiguring Archiving and Versioning for more information about librarians and how to use them. NOTE: If this option is set, 'analysesPath', 'userPath', and 'smartUserScan' options will be ignored. |
| licenseFile | licenseFile: fileName | default: aserverLicense.lic
New as of build 211. Specifies the location to look for the license file. |
| loggingLevel | loggingLevel: ### | default: 0
This setting controls how much information is logged about each connection to the Analysis Server. Logging levels include:
|
| logsDir | logsDir: dir | default: logs
This is the directory where the Analysis Server will write log files. The Analysis Server creates the following log files:
|
| port | port: ### | default: 1835
The port variable controls which port server runs on. You may want to change this setting if port 1835 is already in use by another application, or if you want to run multiple copies of the Analysis Server on the same machine. |
| publishServices | publishServices: [true|false] | default: true
New as of v2.11 If this option is true, Analysis Server will publish itself to the local network so that clients such as ModelCenter can automatically "know" about servers on the network. You may want to turn this option off if you are in an environment where security is important, such as on the internet. This feature uses multicast sockets to function. If your network does not provide multicast capability, or if you are not on the same sub-net as the Analysis Server, it may not function anyhow. As of v2.11, Analysis Server will no longer publish itself to clients which are disallowed based on the authentication settings. See the allow and deny statements for more information. |
| rootDir | rootDir: dir | default: . (the directory where the server was started)
The root directory specifies the base directory from which other directories are specified. For example, if the root directory is set to "/home/aserver" and the logs directory is set to "logs", then the logs directory is actually mapped to "/home/aserver/logs". Note that if you fully specify a path for one of the other directories, it will ignore the root directory value. |
| runShareInUserDir | runShareInUserDir: true|false | default: false
Added in v4.2 When Analysis Server runs a wrapper that uses run sharing, it creates temporary directories to place the files it's dealing with. By default these directories are created inside of the directory that contains the wrapper. If this option is set, the directories are created in the users' home directories instead of where the wrappers are located. The username that is used is based on the user that started Analysis Server not who is logged into the Analysis Server using the Authentication feature. This means that this option is probably only useful for when you are using SSH connections to launch Analysis Server as a particular user. NOTE: This option overrides the customTempDir option |
| smartUserScan | smartUserScan: true|false | default: false
This option is used to have the Analysis Server attempt to automatically scan for user directories. This setting applies only to UNIX systems. If the values is set to true, the Analysis Server will automatically scan the /etc/passwd file and build a list of directories where users directories are stored. These directories will then be searched for "public_aserver" directories. If the librarianFile option is set, this option will be ignored. |
|
sslCertificateExceptionListFile |
sslCertificateExceptionListFile: file.xml |
As of v7.0, this option is used to specify location of a file that has a list of trusted PHX AnalysisLibrary servers. SSL certificate exceptions will be ignored servers in the file. This is used to allow Analysis Server to download class files for object variables from servers with misconfigured SSL setup such as self-signed SSL certificate. |
|
SSLKeyFile |
SSLKeyFile: file.key |
As of v2.1, this is the file which contains both the private key and the public certificate that the SSL service of the Analysis Server will use if enabled. This file must either be in Sun's proprietary JKS format, or in the standard PKCS12 format. The key within the file must have the alias 'aserver' assigned to it. |
|
SSLKeyFormat |
SSLKeyFormat: <pkcs12|jks> |
As of v2.1, defines what file format the SSLKeyFile is stored in. |
|
SSLKeyPassword |
SSLKeyPassword: password |
As of v2.1, the password used to encrypt the SSLKeyFile. |
|
SSLPort |
SSLPort: ### |
default: 1836
The SSL port variable controls which port the SSL Encryption service runs on. |
| userPath | userPath: dir;dir;... | default: the userPath is empty by
default
This value specifies the directories that the Analysis Server should search to look for user directories that have "public_aserver" directories in them. Typical values include "/usr/home" or "/home/people". If you have a "public_aserver" directory maintained as "/usr/home/woyak/public_aserver", then you want to set the user path to "/usr/home", not "/usr/home/woyak". The Analysis Server will map a category to each user it finds a "public_aserver" directory stored in their home directory. For example, in the above example, the Analysis Server would create a category named "~woyak". If the librarianFile option is set, this option will be ignored. |
See also Analysis Server| Installing and Configuring the Analysis Server