Difference between revisions of "CCyc Administrator Handbook/Network Service Parameters"
From Public Domain Knowledge Bank
DavidWhitten (talk | contribs) (→Background Information) |
DavidWhitten (talk | contribs) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
</includeonly> | </includeonly> | ||
<noinclude> | <noinclude> | ||
− | ==== Prev: [[Cyc Administrator Handbook/Cyc Browser Parameters|Cyc Browser Parameters]] Up: [[Cyc Administrator Handbook/Server Configuration|Server Configuration]] Up2: [[Cyc Administrator Handbook/Setup and Operation|Setup and Operation]] Home:[[Cyc Administrator Handbook]] Next: [[Cyc Administrator Handbook/XML-Based Parameter Configuration|XML-Based Parameter Configuration]] ==== | + | ===== Prev: [[Cyc Administrator Handbook/Cyc Browser Parameters|Cyc Browser Parameters]] Up: [[Cyc Administrator Handbook/Server Configuration|Server Configuration]] Up2: [[Cyc Administrator Handbook/Setup and Operation|Setup and Operation]] Home:[[Cyc Administrator Handbook]] Next: [[Cyc Administrator Handbook/XML-Based Parameter Configuration|XML-Based Parameter Configuration]] ===== |
{{:Cyc Administrator Handbook/Header}} | {{:Cyc Administrator Handbook/Header}} | ||
Line 10: | Line 10: | ||
==== Background Information ==== | ==== Background Information ==== | ||
Cyc ships with five possible network service ports, which can be configured and enabled separately. These services are: | Cyc ships with five possible network service ports, which can be configured and enabled separately. These services are: | ||
− | : | + | :1) The HTML service port, which allows browser access to the Cyc image through the indirection of an external web server, such as Apache 2, and CGI scripts. |
− | : | + | :2) The HTTP service port, which allows browser access to the Cyc image through a Cyc-internal HTTP server that requires no external administration. |
− | : | + | :3) The Cyc-API service port, which allows the evaluation of ASCII SubL expressions through standard text-based networking tools such as telnet or the Cyc Perl module’s API. |
− | : | + | :4) The CFASL service port, which allows the evaluation of binary SubL expressions through programmatic APIs such as theOpenCyc Java API. |
− | : | + | :5) The SPARQL service port, which allows the execution of queries written in SPARQL and the modification of the KB through the SPARQL Update member submission. |
There is currently no way to multiplex several of these services over one port. | There is currently no way to multiplex several of these services over one port. | ||
Line 57: | Line 57: | ||
Controlling network services is handled via the.the ENABLE-TCP-SERVICE and DISABLE-TCP-SERVICE API methods, which are typically invoked in the init/release-specific-init.lisp file (for [[OpenCyc]] and [[Commercial Cyc]]) or the init/port-init.lispfile (for [[ResearchCyc]]). | Controlling network services is handled via the.the ENABLE-TCP-SERVICE and DISABLE-TCP-SERVICE API methods, which are typically invoked in the init/release-specific-init.lisp file (for [[OpenCyc]] and [[Commercial Cyc]]) or the init/port-init.lispfile (for [[ResearchCyc]]). | ||
+ | ==== ENABLE-TCP-SERVICE ==== | ||
ENABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service, and a network port in the range of 0 and 65535. If the network port is available, then a thread will be launched to service that network port. Accepted connections will be handled by separate threads. | ENABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service, and a network port in the range of 0 and 65535. If the network port is available, then a thread will be launched to service that network port. Accepted connections will be handled by separate threads. | ||
Line 64: | Line 65: | ||
The information indicates that this is a socket server thread that is accepting connections on the network port 3662 (e.g. base port of 3660 with a HTTP offset of 2). | The information indicates that this is a socket server thread that is accepting connections on the network port 3662 (e.g. base port of 3660 with a HTTP offset of 2). | ||
− | + | ||
+ | ==== DISABLE-TCP-SERVICE ==== | ||
DISABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service. The call will shut down the network port and then the server thread. Any remaining connections that are still being serviced are permitted to run to completion. | DISABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service. The call will shut down the network port and then the server thread. Any remaining connections that are still being serviced are permitted to run to completion. | ||
Access to the underlying network port configuration parameters is provided via per-service methods that return the result of the base plus offset computation. The following table gives the association between network service, as described above, service descriptor and API call for computing the configured port. | Access to the underlying network port configuration parameters is provided via per-service methods that return the result of the base plus offset computation. The following table gives the association between network service, as described above, service descriptor and API call for computing the configured port. | ||
+ | ==== STANDARD PORTS ==== | ||
{| | {| | ||
− | + | ! Network Service Name !! Service Descriptor !! API for Computing Port | |
− | ! Network Service Name | ||
− | ! | ||
− | ! Service Descriptor | ||
− | ! | ||
− | ! API for Computing Port | ||
|- | |- | ||
| HTML || :html ||(html-port) | | HTML || :html ||(html-port) | ||
Line 95: | Line 93: | ||
==== *PERMIT-API-HOST-ACCESS* ==== | ==== *PERMIT-API-HOST-ACCESS* ==== | ||
− | Possible values for this parameter are T and NIL. | + | Possible values for this parameter are T and NIL. |
+ | : If this parameter is set to T, then API functions can access host services including the file system and outbound TCP/IP connections. | ||
+ | : The most secure configuration sets this parameter to NIL. | ||
==== *TCP-LOCALHOST-ONLY?* ==== | ==== *TCP-LOCALHOST-ONLY?* ==== |
Latest revision as of 17:12, 29 May 2019
Contents
- 1 Prev: Cyc Browser Parameters Up: Server Configuration Up2: Setup and Operation Home:Cyc Administrator Handbook Next: XML-Based Parameter Configuration
- 2 The following parameters control the network ports that provide access to the Cyc server.
- 3 Network Service Port Configuration
- 4 Network Service Enablement
- 5 Network Service Security Configuration
Prev: Cyc Browser Parameters Up: Server Configuration Up2: Setup and Operation Home:Cyc Administrator Handbook Next: XML-Based Parameter Configuration
This page is based on the original document Enterprise Cyc Administrator Handbook at https://www.cyc.com/documentation/enterprise-cyc-administrator-handbook/ There is no intent to infringe on Cycorp's Copyright. It is Copyright (c) Cycorp 2019 Cycorp's address is 7718 Wood Hollow Drive Suite 250 Austin, TX 78731 USA mailto:info@cyc.com Main Phone: 512.342.4000
The following parameters control the network ports that provide access to the Cyc server.
Background Information
Cyc ships with five possible network service ports, which can be configured and enabled separately. These services are:
- 1) The HTML service port, which allows browser access to the Cyc image through the indirection of an external web server, such as Apache 2, and CGI scripts.
- 2) The HTTP service port, which allows browser access to the Cyc image through a Cyc-internal HTTP server that requires no external administration.
- 3) The Cyc-API service port, which allows the evaluation of ASCII SubL expressions through standard text-based networking tools such as telnet or the Cyc Perl module’s API.
- 4) The CFASL service port, which allows the evaluation of binary SubL expressions through programmatic APIs such as theOpenCyc Java API.
- 5) The SPARQL service port, which allows the execution of queries written in SPARQL and the modification of the KB through the SPARQL Update member submission.
There is currently no way to multiplex several of these services over one port.
Network Service Port Configuration
The configuration of the network service ports enumerated above is configured through the combination of a base port value and a set of per-service offset values. Whenever a network service port is enabled (see below), the port-specific offset is added to the base port value to compute the actual port for the server socket. The base port value and the per-service offset values are configured in the init/parameters.lisp file.
*BASE-TCP-PORT*
An integer between 0 and 65535. This parameter must be specified if any of the network services are to be used. Cyc ships with the value set to a default of 3600. Changes to this value after start-up require all of the desired network services to be re-enabled; see below.
*HTML-PORT-OFFSET*
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the HTML service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 0. Changes to this value after start-up require the HTML network service to be re-enabled; see below.
*FI-PORT-OFFSET*
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the Cyc-API service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 1. Changes to this value after start-up require the Cyc-API network service to be re-enabled; see below.
*HTTP-PORT-OFFSET*
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the HTTP service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 2. Changes to this value after start-up require the HTTP network service to be re-enabled; see below.
*CFASL-PORT-OFFSET*
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the CFASL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 14. Changes to this value after start-up require the CFASL network service to be re-enabled; see below.
*SPARQL-PORT-OFFSET*
An integer such that the sum of this parameter and the base port value is in the range of 0 and 65535. This parameter must be specified if the SPARQL service as described above will be enabled for the Cyc image. Cyc ships with the offset value set to the default of 15. Changes to this value after start-up require the SPARQL network service to be re-enabled; see below.
Network Service Enablement
Controlling network services is handled via the.the ENABLE-TCP-SERVICE and DISABLE-TCP-SERVICE API methods, which are typically invoked in the init/release-specific-init.lisp file (for OpenCyc and Commercial Cyc) or the init/port-init.lispfile (for ResearchCyc).
ENABLE-TCP-SERVICE
ENABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service, and a network port in the range of 0 and 65535. If the network port is available, then a thread will be launched to service that network port. Accepted connections will be handled by separate threads. In the Cyc system’s list of threads, such a thread will appears as follows: Socket Server (port: 3662 handler: HTTP-SERVER-HANDLER) “RUN” Run The information indicates that this is a socket server thread that is accepting connections on the network port 3662 (e.g. base port of 3660 with a HTTP offset of 2).
DISABLE-TCP-SERVICE
DISABLE-TCP-SERVICE takes a service descriptor, a symbolic token that represents the service. The call will shut down the network port and then the server thread. Any remaining connections that are still being serviced are permitted to run to completion. Access to the underlying network port configuration parameters is provided via per-service methods that return the result of the base plus offset computation. The following table gives the association between network service, as described above, service descriptor and API call for computing the configured port.
STANDARD PORTS
Network Service Name | Service Descriptor | API for Computing Port | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
HTML | :html | (html-port) | Cyc-API | :cyc-api | (api-port) | HTTP | :http | (http-port) | CFASL | :cfasl | (cfasl-port) | SPARQL | :sparql | (sparql-port) |
Notice that service descriptors are case-insensitive and start with the : (colon) character.
Network Service Security Configuration
The security of access to the network services can be controlled with the following parameters, which are configured in init/parameters.lisp. Notice that there is currently no way to restrict the IP addresses (other than to localhost only, see below) from which connections are accepted, be it by subnets, domains or explicit black-listing. Notice that there is currently no way to limit the number of concurrent connections that any network server port can accept or spawn threads for.
*PERMIT-API-HOST-ACCESS*
Possible values for this parameter are T and NIL.
- If this parameter is set to T, then API functions can access host services including the file system and outbound TCP/IP connections.
- The most secure configuration sets this parameter to NIL.
*TCP-LOCALHOST-ONLY?*
Possible values for this parameter are T and NIL. If this parameter is set to T, then remote TCP/IP clients can connect to Cyc, otherwise no remote connections are allowed. The most secure configuration leaves this parameter at NIL, and uses a web server with strong security credentials such as Apache 2 to redirect HTTP requests to Cyc via the HTML network service.