Files Used in the UDS Environment
4 UDS$$FOR 5 UDS$$F
2.2.2. Audit Control Files
This subsection describes the required audit control files used in an integrated recovery environment.
Files SYS$h*AT$trail-idLn (1−9) SYS$h*ATtrail-idLn (10−16) SYS$h*AUDIT$nn
where:
h is the host-id (A through H), for concurrent application groups; for local or switchable application groups, this is not part of the file name.
trail-id is the unique audit trail in the range 1 to 16.
n is the leg number; 1 for leg 1 of a duplex audit trail or simplex, 2 for duplex leg 2.
nn is the application group number (01 to 16).
If concurrent application groups are used, the host-id h must be specified after SYS$ in the file name. Host-id h is A through H.
Examples of File Names
This example indicates an audit control file for leg 1 of a duplex audit trail in application group 3:
Files Used by the Exec
This example indicates an audit control file for leg 1 of a duplex audit trail in application group 16:
SYS$*AT16L1
This example indicates an audit control file of a tape audit trail on application group 1:
SYS$*AUDIT$01
STD# or SHARED# is placed before SYS$ as a directory-id for MHFS systems.
Assigned To the Exec (usually exclusively) whenever the application group is in use (the audit trail file is OPEN). Reassigned during autoboot recovery procedures. If the step control recovery procedures (PANIC or REBUILD) fail, the Exec frees the file and IRU assigns it to reconstruct the queues for step control (short recovery). IRU also assigns it during recovery procedures and during collect, move, verify, and FSAH processing.
Cataloged by Next F-cycle of a mass storage audit trail cataloged each time it is opened or swapped. If it is a tape file, it is never cataloged but temporarily assigned.
Deleted Generally, never. An occurrence of the file is usually deleted, however, when backing up one of its F-cycles (the default on the IRU MOVE command). F-cycle wraparound occurs with a mass storage audit trail. If the maximum number of cataloged F-cycles is reached (system default is 32), the system console operator is prompted to either allow the next F-cycle to be cataloged or not. Accepting F- cycle wraparound destroys the oldest cataloged F-cycle, therefore deleting audit data. Use the IRU MOVE command to archive the audit trail to tape before permitting any wraparound.
Freed (1) Whenever audit control swaps to a new cycle as a result of filling the file or swap keyin; (2) whenever the audit trail is closed or down; (3) by IRU, following recovery procedures and collect, move, verify, and FSAH processing.
Restored UDS recovery and auditing are not performed because this file is under Exec control.
Exec audit control catalogs an Exec audit trail file for each application group, either on mass storage or on tape.
The audit trail file is a log of the recoverable processing events occurring within an application group. This log of events is used to restore the database for the application group and to requeue any messages active at the time of system failure.
Exec audit control continuously records entries made by components of the integrated recovery application group (for example, Exec step control, FCSS, and UDS Control). IRU reads the file during recovery procedures and during collect, move, verify, and FSAH processing.
Files Used by the Exec
tape (IRU MOVE), it does not have to be brought back to mass storage. IRU can use the tape to perform recovery.
Entries on the audit trail file include the following information:
• Periodic savefile summary records that define a recovery point
• Step control state change records or sentinels that record program progress for recovery purposes
• User program log entries
• Database after-looks that record a snapshot of a database page after the update is applied by the database control software
• Database recovered after-looks, snapshots that indicate how the database page must look after recovery is applied
• Audit control record sentinels that indicate the point of failure and reboot start/completion
• Data Capture records when the DMS Data Capture feature is configured Mass storage audit trail files do not have expiration date protection and cannot be hardware write-protected. The following file protections are provided:
• The current mass storage audit file F-cycle assigned to audit control is assigned with the X and G options, as well as other appropriate options.
• READ/WRITE keys of application-name/application-name are used when cataloging the ACI file and the mass storage audit files, which have a corresponding step control application.
• If security is configured in the Exec, mass storage audit files and the ACI file created by audit control have the following security attributes:
− Clearance level 63
− Compartment set ALL (Security Option 2 or 3)
IRU, or any other program requiring access to mass storage audit trail files, must have clearance level 63 (the most restrictive) with a compartment set of ALL. Once
established, a privileged run can replace the default security attributes with an access control record (ACR).
Files SYS$*ACI$n
SHARED#SYS$h*ACI$n
where:
n is the audit trail in the range 1 to 16.
h is the host-id (A through H).
Files Used by the Exec
Assigned by Exec audit control when the audit trail is opened. IRU when accessing the file.
Cataloged by Exec audit control when the audit trail is opened and the file does not exist. The Exec catalogs a new F-cycle and reinitializes if a FACILITIES REJECT error occurs or if an I/O error is encountered on the ACI file.
Deleted Must not be deleted.
Freed by Exec audit control when the audit trail is closed. IRU following processing that reads the ACI file.
Restored Does not have to be dumped or reloaded.
This audit control interface (ACI) file records all audit trail file changes that occur. Whenever a media change occurs for a leg of an audit trail, an entry is made in this file. Thus, entries are made whenever a leg is opened, switched (swap for tape, F-cycle for mass storage), or closed.
Step control also uses this file during audit-only recovery processing.
An ACI file exists for cooperative use by audit control and IRU for each application group.
The ACI file is cataloged with read and write keys as follows:
read-key Step control application group name, if configured, or TIPWRD, if TIP is configured. If neither TIP nor step control is configured, a read key is not used.
write-key Step control application group name, if configured, or TIPWRD, if TIP is configured. If neither TIP nor step control is configured, a write key is not used.
The ACI file does not have expiration date protection and cannot be hardware write-protected. The following file protection is provided:
• The current F-cycle assigned to the ACI file is assigned with the G option, as well as other appropriate options.
• If security is configured in the Exec, the ACI file created by audit control has the following security attributes:
− Clearance level 63
− Compartment set ALL (Security Option 2 or 3)
IRU, or any other program needing to access the ACI file, must therefore have clearance level 63 (the most restrictive) with a compartment set of ALL. Once established, a privileged run can replace the default security attributes with an ACR.
Files Used by the Exec
Files SYS$*ARF$nn SYS$h*ARF$nn
where:
n is the audit trail in the range 1 to 16.
h is the host-id (A through H).
A leading zero is present for audit trails 1 to 9.
Assigned by Exec audit control when the application or audit trail is initialized or recovered.
Cataloged by Exec audit control when the application or audit trail is initialized or recovered.
Deleted by Exec audit control if it is found to be corrupt. It is immediately recataloged.
Freed by Exec audit control when the application and audit trail is deferred. Restored Does not have to be dumped or reloaded. Repopulated from Exec audit
trail configuration when file is recataloged.
The audit recovery file (ARF) defines the structure and maintains the state of the audit trail. If the system stops or fails, audit control uses the ARF to recover the state of the audit trail. Audit control automatically updates the ARF when the audit-trail
environment changes (for example, an audit trail changes from open to closed or an audit trail swap occurs).
For an application group audit trail, the ARF also contains information used for the Exec and IRU short and medium database recovery coordination, and information about XPC or XPC-L.
File rollback-page-file
Assigned Exclusively to the Exec following Exec registration as a TIP file. Also reassigned to the Exec following system failure as part of the autorecovery bootstrap process.
Cataloged Must be cataloged by the site and registered with the Exec as a TIP file before initializing the application group.
Deleted Never
Freed Never
Restored UDS recovery and auditing are not performed because this file is under Exec control. A dump is not required, and the file does not have to be reloaded.
The rollback page file must be a TIP file. You must specify its file code on a STEPCONTROL ROLLBACK SGS. You need this file only if you use TIP file control superstructure (FCSS) recoverable files.
Files Used by the Exec
This file is used for TIP FCSS rollback recovery; it can also affect the ability of IRU to recover a UDS application group. If you do not configure the rollback page file for the application group, you do not have to create it.
This file is available when the application is active and user programs are accessing FCSS files. It is also used during the short recovery process by FCSS to recover FCSS file updates.
This file can be cataloged as word- or sector-addressable. Its size in words is equal to
n1 times n2 plus 1,120, where n1 is the number of words per page and n2 is the
number of file pages available to roll back. The additional 1,120 words allow enough space for TIP file control information.
The following runstream uses TIP number 301 and other information to register and assign a duplex TIP rollback page file. You must possess the appropriate security privileges to execute the TIP utilities used in the runstream. The FCSS file name in this runstream must be the file name used in the Exec configuration STEPCONTROL n ROLLBACK PAGEFILE ID IS SGS. @cat,p qual*Exec-file1. @cat,p qual*Exec-file2. @free qual*Exec-file1. @free qual*Exec-file2. @asg,a TIP-absolute-file. @use t,TIP-absolute-file @t.freips,ux treg qual*Exec-file1.,fix treg qual*Exec-file2.,fix res 301,202,896,FCSS-file,Exec-file1/Exec-file2 @eof
The reserve format in the FREIPS utility is
RES,options TIP-file-number,number-of-records,record-length, TIP-file,Exec-file-leg1/Exec-file-leg2
Reserve enough space for the extra 1,120 words used by TIP file control. In this example, two extra records of 89 words each were added to the 200 mass storage pages required resulting in 202 records being reserved by FREIPS.
If you attempt IRU short recovery with a rollback page file configured in the Exec configuration but not registered and assigned to TIP, the following error message appears:
*ERROR* 5808 SHORT RECOVER ER MQF$ function xx status 025
Files Used by IRU
2.3.
Files Used by IRU
To perform offline recovery of databases (files managed by UDS or FCSS) or
messages, IRU requires several files to be present on the system. Two of these files, the audit trail file and the ACI file, as already discussed, belong to the Exec audit control component. Although these files are managed by audit control, they are also read offline by IRU.
IRU directs offline and background-related functions to
• Rebuild step control queue items and coordinate other short recovery activity
• Reconstruct a database (files, selected records or pages) from the dump tapes and the audit trail
• Reconstruct the Message Control Bank (MCB) message retention files (MRF) from the audit trail
• Restore global transaction information in the TIP rollback page file and the UDS retention files from the audit trail
• Archive F-cycles of a mass storage audit trail file to tape, allowing the mass storage file space to be reused
• Enable (UP/CLEAR), disable (DOWN/SET), dump, and reload database files
IRU uses two categories of files internally: files used for all application groups and files unique to an application group (that is, files that have separate copies for each
application group).