Difference between revisions of "CCyc Administrator Handbook/Network Service Parameters"

From Public Domain Knowledge Bank
Jump to: navigation, search
(Created page with "<includeonly> ===== Network Service Parameters ===== </includeonly> <noinclude> ==== Prev: Cyc Administrator Handbo...")
 
 
(7 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
</includeonly>
 
</includeonly>
 
<noinclude>
 
<noinclude>
==== Prev: [[Cyc Administrator Handbook/Cyc Browser Parameters|Cyc Browser Parameters]] Up: [[Cyc Administrator Handbook/Server Configuration|Server Configuration]] Up2: [[Cyc Administrator Handbook/Setup and Operation|Setup and Operation]] Home:[[Cyc Administrator Handbook]] Next: [[Cyc Administrator Handbook/XML-Based Parameter Configuration|XML-Based Parameter Configuration]] ====
+
===== Prev: [[Cyc Administrator Handbook/Cyc Browser Parameters|Cyc Browser Parameters]] Up: [[Cyc Administrator Handbook/Server Configuration|Server Configuration]] Up2: [[Cyc Administrator Handbook/Setup and Operation|Setup and Operation]] Home:[[Cyc Administrator Handbook]] Next: [[Cyc Administrator Handbook/XML-Based Parameter Configuration|XML-Based Parameter Configuration]] =====
 
{{:Cyc Administrator Handbook/Header}}
 
{{:Cyc Administrator Handbook/Header}}
 +
 +
=== The following parameters control the network ports that provide access to the Cyc server. ===
 +
 +
==== Background Information ====
 +
Cyc ships with five possible network service ports, which can be configured and enabled separately. These services are:
 +
:1) The HTML service port, which allows browser access to the Cyc image through the indirection of an external web server, such as Apache 2, and CGI scripts.
 +
:2) The HTTP service port, which allows browser access to the Cyc image through a Cyc-internal HTTP server that requires no external administration.
 +
:3) The Cyc-API service port, which allows the evaluation of ASCII SubL expressions through standard text-based networking tools such as telnet or the Cyc Perl module’s API.
 +
:4) The CFASL service port, which allows the evaluation of binary SubL expressions through programmatic APIs such as theOpenCyc Java API.
 +
:5) The SPARQL service port, which allows the execution of queries written in SPARQL and the modification of the KB through the SPARQL Update member submission.
 +
 +
There is currently no way to multiplex several of these services over one port.
 +
 +
=== Network Service Port Configuration ===
 +
The configuration of the network service ports enumerated above is configured through the combination of a base port value and a set of per-service offset values.
 +
Whenever a network service port is enabled (see below), the port-specific offset is added to the base port value to compute the actual port for the server socket.
 +
The base port value and the per-service offset values are configured in the init/parameters.lisp file.
 +
 +
==== *BASE-TCP-PORT* ====
 +
An integer between 0 and 65535. This parameter must be specified if any of the network services are to be used.
 +
Cyc ships with the value set to a default of 3600.
 +
Changes to this value after start-up require all of the desired network services to be re-enabled; see below.
 +
 +
==== *HTML-PORT-OFFSET* ====
 +
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
 +
This parameter must be specified if the HTML service as described above will be enabled for the Cyc image.
 +
Cyc ships with the offset value set to the default of 0.
 +
Changes to this value after start-up require the HTML network service to be re-enabled; see below.
 +
 +
==== *FI-PORT-OFFSET* ====
 +
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
 +
This parameter must be specified if the Cyc-API service as described above will be enabled for the Cyc image.
 +
Cyc ships with the offset value set to the default of 1.
 +
Changes to this value after start-up require the Cyc-API network service to be re-enabled; see below.
 +
 +
==== *HTTP-PORT-OFFSET* ====
 +
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
 +
This parameter must be specified if the HTTP service as described above will be enabled for the Cyc image.
 +
Cyc ships with the offset value set to the default of 2.
 +
Changes to this value after start-up require the HTTP network service to be re-enabled; see below.
 +
 +
==== *CFASL-PORT-OFFSET* ====
 +
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the CFASL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 14. Changes to this value after start-up require the CFASL network service to be re-enabled; see below.
 +
 +
==== *SPARQL-PORT-OFFSET* ====
 +
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the SPARQL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 15.
 +
 +
Changes to this value after start-up require the SPARQL network service to be re-enabled; see below.
 +
 +
=== Network Service Enablement ===
 +
Controlling network services is handled via the.the ENABLE-TCP-SERVICE and DISABLE-TCP-SERVICE API methods, which are typically invoked in the init/release-specific-init.lisp file (for [[OpenCyc]] and [[Commercial Cyc]]) or the init/port-init.lispfile (for [[ResearchCyc]]).
 +
 +
==== ENABLE-TCP-SERVICE ====
 +
ENABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service, and a network port in the range of 0 and 65535. If the network port is available, then a thread will be launched to service that network port. Accepted connections will be handled by separate threads.
 +
 +
In the Cyc system’s list of threads, such a thread will appears as follows:
 +
 +
Socket Server (port: 3662 handler: HTTP-SERVER-HANDLER) “RUN” Run
 +
 +
The information indicates that this is a socket server thread that is accepting connections on the network port 3662 (e.g. base port of 3660 with a HTTP offset of 2).
 +
 +
==== DISABLE-TCP-SERVICE ====
 +
DISABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service. The call will shut down the network port and then the server thread. Any remaining connections that are still being serviced are permitted to run to completion.
 +
 +
Access to the underlying network port configuration parameters is provided via per-service methods that return the result of the base plus offset computation. The following table gives the association between network service, as described above, service descriptor and API call for computing the configured port.
 +
 +
==== STANDARD PORTS ====
 +
{|
 +
! Network Service Name !! Service Descriptor !! API for Computing Port
 +
|-
 +
| HTML || :html ||(html-port)
 +
|+
 +
| Cyc-API || :cyc-api || (api-port)
 +
|+
 +
| HTTP || :http || (http-port)
 +
|+
 +
| CFASL || :cfasl || (cfasl-port)
 +
|+
 +
| SPARQL || :sparql || (sparql-port)
 +
|}
 +
Notice that service descriptors are case-insensitive and start with the : (colon) character.
 +
 +
=== Network Service Security Configuration ===
 +
The security of access to the network services can be controlled with the following parameters, which are configured in init/parameters.lisp.
 +
Notice that there is currently no way to restrict the IP addresses (other than to localhost only, see below) from which connections are accepted, be it by subnets, domains or explicit black-listing.
 +
Notice that there is currently no way to limit the number of concurrent connections that any network server port can accept or spawn threads for.
 +
 +
==== *PERMIT-API-HOST-ACCESS* ====
 +
Possible values for this parameter are T and NIL.
 +
: If this parameter is set to T, then API functions can access host services including the file system and outbound TCP/IP connections.
 +
: The most secure configuration sets this parameter to NIL.
 +
 +
==== *TCP-LOCALHOST-ONLY?* ====
 +
Possible values for this parameter are T and NIL.  If this parameter is set to T, then remote TCP/IP clients can connect to Cyc, otherwise no remote connections are allowed. The most secure configuration leaves this parameter at NIL, and uses a web server with strong security credentials such as Apache 2 to redirect HTTP requests to Cyc via the HTML network service.
  
 
</noinclude>
 
</noinclude>

Latest revision as of 17:12, 29 May 2019


Prev: Cyc Browser Parameters Up: Server Configuration Up2: Setup and Operation Home:Cyc Administrator Handbook Next: XML-Based Parameter Configuration
This page is based on the original document Enterprise Cyc Administrator Handbook at https://www.cyc.com/documentation/enterprise-cyc-administrator-handbook/ There is no intent to infringe on Cycorp's Copyright.
It is Copyright (c) Cycorp 2019
Cycorp's address is 7718 Wood Hollow Drive Suite 250 Austin, TX 78731 USA
mailto:info@cyc.com   Main Phone: 512.342.4000

The following parameters control the network ports that provide access to the Cyc server.

Background Information

Cyc ships with five possible network service ports, which can be configured and enabled separately. These services are:
1) The HTML service port, which allows browser access to the Cyc image through the indirection of an external web server, such as Apache 2, and CGI scripts.
2) The HTTP service port, which allows browser access to the Cyc image through a Cyc-internal HTTP server that requires no external administration.
3) The Cyc-API service port, which allows the evaluation of ASCII SubL expressions through standard text-based networking tools such as telnet or the Cyc Perl module’s API.
4) The CFASL service port, which allows the evaluation of binary SubL expressions through programmatic APIs such as theOpenCyc Java API.
5) The SPARQL service port, which allows the execution of queries written in SPARQL and the modification of the KB through the SPARQL Update member submission.
There is currently no way to multiplex several of these services over one port.

Network Service Port Configuration

The configuration of the network service ports enumerated above is configured through the combination of a base port value and a set of per-service offset values.
Whenever a network service port is enabled (see below), the port-specific offset is added to the base port value to compute the actual port for the server socket.
The base port value and the per-service offset values are configured in the init/parameters.lisp file.

*BASE-TCP-PORT*

An integer between 0 and 65535. This parameter must be specified if any of the network services are to be used.
Cyc ships with the value set to a default of 3600.
Changes to this value after start-up require all of the desired network services to be re-enabled; see below.

*HTML-PORT-OFFSET*

An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
This parameter must be specified if the HTML service as described above will be enabled for the Cyc image.
Cyc ships with the offset value set to the default of 0.
Changes to this value after start-up require the HTML network service to be re-enabled; see below.

*FI-PORT-OFFSET*

An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
This parameter must be specified if the Cyc-API service as described above will be enabled for the Cyc image.
Cyc ships with the offset value set to the default of 1.
Changes to this value after start-up require the Cyc-API network service to be re-enabled; see below.

*HTTP-PORT-OFFSET*

An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535.
This parameter must be specified if the HTTP service as described above will be enabled for the Cyc image.
Cyc ships with the offset value set to the default of 2.
Changes to this value after start-up require the HTTP network service to be re-enabled; see below.

*CFASL-PORT-OFFSET*

An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the CFASL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 14. Changes to this value after start-up require the CFASL network service to be re-enabled; see below.

*SPARQL-PORT-OFFSET*

An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the SPARQL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 15.

Changes to this value after start-up require the SPARQL network service to be re-enabled; see below.

Network Service Enablement

Controlling network services is handled via the.the ENABLE-TCP-SERVICE and DISABLE-TCP-SERVICE API methods, which are typically invoked in the init/release-specific-init.lisp file (for OpenCyc and Commercial Cyc) or the init/port-init.lispfile (for ResearchCyc).

ENABLE-TCP-SERVICE

ENABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service, and a network port in the range of 0 and 65535. If the network port is available, then a thread will be launched to service that network port. Accepted connections will be handled by separate threads.

In the Cyc system’s list of threads, such a thread will appears as follows:

Socket Server (port: 3662 handler: HTTP-SERVER-HANDLER) “RUN” Run

The information indicates that this is a socket server thread that is accepting connections on the network port 3662 (e.g. base port of 3660 with a HTTP offset of 2).

DISABLE-TCP-SERVICE

DISABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service. The call will shut down the network port and then the server thread. Any remaining connections that are still being serviced are permitted to run to completion.

Access to the underlying network port configuration parameters is provided via per-service methods that return the result of the base plus offset computation. The following table gives the association between network service, as described above, service descriptor and API call for computing the configured port.

STANDARD PORTS

Network Service Name Service Descriptor API for Computing Port
HTML  :html (html-port)
Cyc-API  :cyc-api (api-port)
HTTP  :http (http-port)
CFASL  :cfasl (cfasl-port)
SPARQL  :sparql (sparql-port)
Notice that service descriptors are case-insensitive and start with the : (colon) character.

Network Service Security Configuration

The security of access to the network services can be controlled with the following parameters, which are configured in init/parameters.lisp.
Notice that there is currently no way to restrict the IP addresses (other than to localhost only, see below) from which connections are accepted, be it by subnets, domains or explicit black-listing.
Notice that there is currently no way to limit the number of concurrent connections that any network server port can accept or spawn threads for.

*PERMIT-API-HOST-ACCESS*

Possible values for this parameter are T and NIL.
If this parameter is set to T, then API functions can access host services including the file system and outbound TCP/IP connections.
The most secure configuration sets this parameter to NIL.

*TCP-LOCALHOST-ONLY?*

Possible values for this parameter are T and NIL.  If this parameter is set to T, then remote TCP/IP clients can connect to Cyc, otherwise no remote connections are allowed. The most secure configuration leaves this parameter at NIL, and uses a web server with strong security credentials such as Apache 2 to redirect HTTP requests to Cyc via the HTML network service.