1 <?xml version="1.0" encoding="UTF-8"?>
3 <title>Administering Server Machines</title>
6 <primary>server machine</primary>
8 <secondary>administering</secondary>
12 <primary>administering</primary>
14 <secondary>server machine</secondary>
17 <para>This chapter describes how to administer an AFS server machine. It describes the following configuration information and
18 administrative tasks: <itemizedlist>
20 <para>The binary and configuration files that must reside in the subdirectories of the <emphasis
21 role="bold">/usr/afs</emphasis> directory on every server machine's local disk; see <link linkend="HDRWQ83">Local Disk Files
22 on a Server Machine</link>.</para>
26 <para>The various <emphasis>roles</emphasis> or functions that an AFS server machine can perform, and how to determine which
27 machines are taking a role; see <link linkend="HDRWQ90">The Four Roles for File Server Machines</link>.</para>
31 <para>How to maintain database server machines; see <link linkend="HDRWQ101">Administering Database Server
32 Machines</link>.</para>
36 <para>How to maintain the list of database server machines in the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis>
37 file; see <link linkend="HDRWQ118">Maintaining the Server CellServDB File</link>.</para>
41 <para>How to control authorization checking on a server machine; see <link linkend="HDRWQ123">Managing Authentication and
42 Authorization Requirements</link>.</para>
46 <para>How to install new disks or partitions on a file server machine; see <link linkend="HDRWQ130">Adding or Removing Disks
47 and Partitions</link>.</para>
51 <para>How to change a server machine's IP addresses and manager VLDB server entries; see <link linkend="HDRWQ138">Managing
52 Server IP Addresses and VLDB Server Entries</link>.</para>
56 <para>How to reboot a file server machine; see <link linkend="HDRWQ139">Rebooting a Server Machine</link>.</para>
58 </itemizedlist></para>
60 <para>To learn how to install and configure a new server machine, see the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
62 <para>To learn how to administer the server processes themselves, see <link linkend="HDRWQ142">Monitoring and Controlling Server
63 Processes</link>.</para>
65 <para>To learn how to administer volumes, see <link linkend="HDRWQ174">Managing Volumes</link>.</para>
68 <title>Summary of Instructions</title>
70 <para>This chapter explains how to perform the following tasks by using the indicated commands:</para>
72 <informaltable frame="none">
74 <colspec colwidth="70*" />
76 <colspec colwidth="30*" />
80 <entry>Install new binaries</entry>
82 <entry><emphasis role="bold">bos install</emphasis></entry>
86 <entry>Examine binary check-and-restart time</entry>
88 <entry><emphasis role="bold">bos getrestart</emphasis></entry>
92 <entry>Set binary check-and-restart time</entry>
94 <entry><emphasis role="bold">bos setrestart</emphasis></entry>
98 <entry>Examine compilation dates on binary files</entry>
100 <entry><emphasis role="bold">bos getdate</emphasis></entry>
104 <entry>Restart a process to use new binaries</entry>
106 <entry><emphasis role="bold">bos restart</emphasis></entry>
110 <entry>Revert to old version of binaries</entry>
112 <entry><emphasis role="bold">bos uninstall</emphasis></entry>
116 <entry>Remove obsolete <emphasis role="bold">.BAK</emphasis> and <emphasis role="bold">.OLD</emphasis> versions</entry>
118 <entry><emphasis role="bold">bos prune</emphasis></entry>
122 <entry>List partitions on a file server machine</entry>
124 <entry><emphasis role="bold">vos listpart</emphasis></entry>
128 <entry>Shutdown AFS server processes</entry>
130 <entry><emphasis role="bold">bos shutdown</emphasis></entry>
134 <entry>List volumes on a partition</entry>
136 <entry><emphasis role="bold">vos listvldb</emphasis></entry>
140 <entry>Move read/write volumes</entry>
142 <entry><emphasis role="bold">vos move</emphasis></entry>
146 <entry>List a cell's database server machines</entry>
148 <entry><emphasis role="bold">bos listhosts</emphasis></entry>
152 <entry>Add a database server machine to server <emphasis role="bold">CellServDB</emphasis> file</entry>
154 <entry><emphasis role="bold">bos addhost</emphasis></entry>
158 <entry>Remove a database server machine from server <emphasis role="bold">CellServDB</emphasis> file</entry>
160 <entry><emphasis role="bold">bos removehost</emphasis></entry>
164 <entry>Set authorization checking requirements</entry>
166 <entry><emphasis role="bold">bos setauth</emphasis></entry>
170 <entry>Prevent authentication for <emphasis role="bold">bos</emphasis>, <emphasis role="bold">pts</emphasis>, and
171 <emphasis role="bold">vos</emphasis> commands</entry>
173 <entry>Include <emphasis role="bold">-noauth</emphasis> flag</entry>
177 <entry>Prevent authentication for kas commands</entry>
179 <entry>Include <emphasis role="bold">-noauth</emphasis> flag on some commands or issue <emphasis
180 role="bold">noauthentication</emphasis> while in interactive mode</entry>
184 <entry>Display all VLDB server entries</entry>
186 <entry><emphasis role="bold">vos listaddrs</emphasis></entry>
190 <entry>Remove a VLDB server entry</entry>
192 <entry><emphasis role="bold">vos changeaddr</emphasis></entry>
196 <entry>Reboot a server machine remotely</entry>
198 <entry><emphasis role="bold">bos exec</emphasis> <emphasis>reboot_command</emphasis></entry>
206 <title>Local Disk Files on a Server Machine</title>
208 <para>Several types of files must reside in the subdirectories of the <emphasis role="bold">/usr/afs</emphasis> directory on an
209 AFS server machine's local disk. They include binaries, configuration files, the administrative database files (on database
210 server machines), log files, and volume header files.</para>
212 <para><emphasis role="bold">Note for Windows users:</emphasis> Some files described in this document possibly do not exist on
213 machines that run a Windows operating system. Also, Windows uses a backslash (<emphasis role="bold">\</emphasis>) rather than a
214 forward slash (<emphasis role="bold">/</emphasis>) to separate the elements in a pathname.</para>
217 <primary>usr/afs/bin directory on server machines</primary>
219 <secondary>contents listed</secondary>
223 <primary>directory</primary>
225 <secondary>/usr/afs/bin on server machines</secondary>
229 <primary>server process binaries</primary>
231 <secondary>in /usr/afs/bin</secondary>
235 <title>Binaries in the /usr/afs/bin Directory</title>
237 <para>The <emphasis role="bold">/usr/afs/bin</emphasis> directory stores the AFS server process and command suite binaries
238 appropriate for the machine's system (CPU and operating system) type. If a process has both a server portion and a client
239 portion (as with the Update Server) or if it has separate components (as with the <emphasis role="bold">fs</emphasis>
240 process), each component resides in a separate file.</para>
242 <para>To ensure predictable system performance, all file server machines must run the same AFS build version of a given
243 process. To maintain consistency easily, use the Update Server process to distribute binaries from a binary distribution
244 machine of each system type, as described further in <link linkend="HDRWQ93">Binary Distribution Machines</link>.</para>
246 <para>It is best to keep the binaries for all processes in the <emphasis role="bold">/usr/afs/bin</emphasis> directory, even
247 if you do not run the process actively on the machine. It simplifies the process of reconfiguring machines (for example,
248 adding database server functionality to an existing file server machine). Similarly, it is best to keep the command suite
249 binaries in the directory, even if you do not often issue commands while working on the server machine. It enables you to
250 issue commands during recovery from server and machine outages.</para>
252 <para>The following lists the binary files in the <emphasis role="bold">/usr/afs/bin</emphasis> directory that are directly
253 related to the AFS server processes or command suites. Other binaries (for example, for the <emphasis
254 role="bold">klog</emphasis> command) sometimes appear in this directory on a particular file server machine's disk or in an
255 AFS distribution. <variablelist>
257 <primary>files</primary>
259 <secondary>backup command binary</secondary>
263 <primary>backup commands</primary>
265 <secondary>binary in /usr/afs/bin</secondary>
269 <term><emphasis role="bold">backup</emphasis></term>
272 <para>The command suite for the AFS Backup System (the binary for the Backup Server is <emphasis
273 role="bold">buserver</emphasis>).</para>
276 <primary>files</primary>
278 <secondary>bos command binary</secondary>
282 <primary>bos commands</primary>
284 <secondary>binary in /usr/afs/bin</secondary>
290 <term><emphasis role="bold">bos</emphasis></term>
293 <para>The command suite for communicating with the Basic OverSeer (BOS) Server (the binary for the BOS Server is
294 <emphasis role="bold">bosserver</emphasis>).</para>
297 <primary>bosserver</primary>
299 <secondary>binary in /usr/afs/bin</secondary>
303 <primary>bosserver</primary>
305 <secondary></secondary>
307 <see>BOS Server</see>
311 <primary>files</primary>
313 <secondary>bosserver binary</secondary>
317 <primary>programs</primary>
319 <secondary>bosserver</secondary>
323 <primary>processes</primary>
325 <secondary>BOS Server, binary in /usr/afs/bin</secondary>
329 <primary>BOS Server</primary>
331 <secondary>binary in /usr/afs/bin</secondary>
337 <term><emphasis role="bold">bosserver</emphasis></term>
340 <para>The binary for the Basic OverSeer (BOS) Server process.</para>
343 <primary>buserver</primary>
345 <secondary>binary in /usr/afs/bin</secondary>
349 <primary>buserver</primary>
351 <secondary></secondary>
353 <see>Backup Server</see>
357 <primary>files</primary>
359 <secondary>buserver</secondary>
363 <primary>programs</primary>
365 <secondary>buserver</secondary>
369 <primary>processes</primary>
371 <secondary>Backup Server, binary in /usr/afs/bin</secondary>
375 <primary>Backup Server</primary>
377 <secondary>binary in /usr/afs/bin</secondary>
383 <term><emphasis role="bold">buserver</emphasis></term>
386 <para>The binary for the Backup Server process.</para>
389 <primary>fileserver</primary>
391 <secondary>binary in /usr/afs/bin</secondary>
395 <primary>fileserver</primary>
397 <secondary></secondary>
399 <see>File Server</see>
403 <primary>files</primary>
405 <secondary>fileserver</secondary>
409 <primary>programs</primary>
411 <secondary>fileserver</secondary>
415 <primary>processes</primary>
417 <secondary>File Server, binary in /usr/afs/bin</secondary>
421 <primary>File Server</primary>
423 <secondary>binary in /usr/afs/bin</secondary>
429 <term><emphasis role="bold">fileserver</emphasis></term>
432 <para>The binary for the File Server component of the <emphasis role="bold">fs</emphasis> process.</para>
435 <primary>files</primary>
437 <secondary>kas command binary</secondary>
441 <primary>kas commands</primary>
443 <secondary>binary in /usr/afs/bin</secondary>
449 <term><emphasis role="bold">kas</emphasis></term>
452 <para>The command suite for communicating with the Authentication Server (the binary for the Authentication Server is
453 <emphasis role="bold">kaserver</emphasis>).</para>
456 <primary>kaserver process</primary>
458 <secondary>binary in /usr/afs/bin</secondary>
462 <primary>kaserver process</primary>
464 <secondary></secondary>
466 <see>Authentication Server</see>
470 <primary>files</primary>
472 <secondary>kaserver binary file</secondary>
476 <primary>programs</primary>
478 <secondary>kaserver</secondary>
482 <primary>processes</primary>
484 <secondary>Authentication Server, binary in /usr/afs/bin</secondary>
488 <primary>Authentication Server</primary>
490 <secondary>binary in /usr/afs/bin</secondary>
496 <term><emphasis role="bold">kaserver</emphasis></term>
499 <para>The binary for the Authentication Server process.</para>
502 <primary>ntpd</primary>
504 <secondary>binary in /usr/afs/bin</secondary>
508 <primary>files</primary>
510 <secondary>ntpd</secondary>
514 <primary>programs</primary>
516 <secondary>ntpd</secondary>
520 <primary>processes</primary>
522 <secondary>NTPD, binary in /usr/afs/bin</secondary>
526 <primary>NTPD</primary>
530 <primary>Network Time Protocol Daemon</primary>
532 <secondary></secondary>
540 <term><emphasis role="bold">ntpd</emphasis></term>
543 <para>The binary for the Network Time Protocol Daemon (NTPD). AFS redistributes this binary and uses the <emphasis
544 role="bold">runntp</emphasis> program to configure and initialize the NTPD process.</para>
547 <primary>ntpdc</primary>
549 <secondary>binary in /usr/afs/bin</secondary>
553 <primary>files</primary>
555 <secondary>ntpdc</secondary>
559 <primary>programs</primary>
561 <secondary>ntpdc</secondary>
567 <term><emphasis role="bold">ntpdc</emphasis></term>
570 <para>A debugging utility furnished with the <emphasis role="bold">ntpd</emphasis> program.</para>
573 <primary>files</primary>
575 <secondary>pts command binary</secondary>
579 <primary>pts commands</primary>
581 <secondary>binary in /usr/afs/bin</secondary>
587 <term><emphasis role="bold">pts</emphasis></term>
590 <para>The command suite for communicating with the Protection Server process (the binary for the Protection Server is
591 <emphasis role="bold">ptserver</emphasis>).</para>
594 <primary>ptserver process</primary>
596 <secondary>binary in /usr/afs/bin</secondary>
600 <primary>ptserver process</primary>
602 <secondary></secondary>
604 <see>Protection Server</see>
608 <primary>files</primary>
610 <secondary>ptserver binary</secondary>
614 <primary>programs</primary>
616 <secondary>ptserver</secondary>
620 <primary>processes</primary>
622 <secondary>Protection Server, binary in /usr/afs/bin</secondary>
626 <primary>Protection Server</primary>
628 <secondary>binary in /usr/afs/bin</secondary>
634 <term><emphasis role="bold">ptserver</emphasis></term>
637 <para>The binary for the Protection Server process.</para>
640 <primary>runntp</primary>
642 <secondary>binary in /usr/afs/bin</secondary>
646 <primary>runntp</primary>
648 <secondary></secondary>
654 <primary>files</primary>
656 <secondary>runntp</secondary>
660 <primary>programs</primary>
662 <secondary>runntp</secondary>
668 <term><emphasis role="bold">runntp</emphasis></term>
671 <para>The binary for the program used to configure NTPD most appropriately for use with AFS.</para>
674 <primary>Salvager</primary>
676 <secondary>binary in /usr/afs/bin</secondary>
680 <primary>Salvager</primary>
682 <secondary></secondary>
688 <primary>files</primary>
690 <secondary>salvager</secondary>
694 <primary>programs</primary>
696 <secondary>salvager</secondary>
700 <primary>processes</primary>
702 <secondary>Salvager, binary in /usr/afs/bin</secondary>
708 <term><emphasis role="bold">salvager</emphasis></term>
711 <para>The binary for the Salvager component of the <emphasis role="bold">fs</emphasis> process.</para>
714 <primary>udebug</primary>
716 <secondary>binary in /usr/afs/bin</secondary>
720 <primary>files</primary>
722 <secondary>udebug</secondary>
726 <primary>commands</primary>
728 <secondary>udebug</secondary>
732 <primary>programs</primary>
734 <secondary>udebug</secondary>
740 <term><emphasis role="bold">udebug</emphasis></term>
743 <para>The binary for a program that reports the status of AFS's distributed database technology, Ubik.</para>
746 <primary>upclient</primary>
748 <secondary>binary in /usr/afs/bin</secondary>
752 <primary>upclient</primary>
754 <secondary></secondary>
756 <see>Update Server</see>
760 <primary>files</primary>
762 <secondary>upclient</secondary>
766 <primary>programs</primary>
768 <secondary>upclient</secondary>
772 <primary>processes</primary>
774 <secondary>Update Server, binaries in /usr/afs/bin</secondary>
778 <primary>Update Server</primary>
780 <secondary>binaries in /usr/afs/bin</secondary>
786 <term><emphasis role="bold">upclient</emphasis></term>
789 <para>The binary for the client portion of the Update Server process.</para>
792 <primary>upserver</primary>
794 <secondary>binary in /usr/afs/bin</secondary>
798 <primary>upserver</primary>
800 <secondary></secondary>
802 <see>Update Server</see>
806 <primary>files</primary>
808 <secondary>upserver</secondary>
812 <primary>programs</primary>
814 <secondary>upserver</secondary>
820 <term><emphasis role="bold">upserver</emphasis></term>
823 <para>The binary for the server portion of the Update Server process.</para>
826 <primary>vlserver</primary>
828 <secondary>binary in /usr/afs/bin</secondary>
832 <primary>vlserver</primary>
834 <secondary></secondary>
840 <primary>files</primary>
842 <secondary>vlserver</secondary>
846 <primary>programs</primary>
848 <secondary>vlserver</secondary>
852 <primary>processes</primary>
854 <secondary>VL Server, binary in /usr/afs/bin</secondary>
858 <primary>VL Server</primary>
860 <secondary>binary in /usr/afs/bin</secondary>
864 <primary>Volume Location Server</primary>
866 <secondary></secondary>
874 <term><emphasis role="bold">vlserver</emphasis></term>
877 <para>The binary for the Volume Location (VL) Server process.</para>
880 <primary>volserver</primary>
882 <secondary>binary in /usr/afs/bin</secondary>
886 <primary>volserver</primary>
888 <secondary></secondary>
890 <see>Volume Server</see>
894 <primary>files</primary>
896 <secondary>volserver</secondary>
900 <primary>programs</primary>
902 <secondary>volserver</secondary>
906 <primary>processes</primary>
908 <secondary>Volume Server, binary in /usr/afs/bin</secondary>
912 <primary>Volume Server</primary>
914 <secondary>binary in /usr/afs/bin</secondary>
920 <term><emphasis role="bold">volserver</emphasis></term>
923 <para>The binary for the Volume Server component of the <emphasis role="bold">fs</emphasis> process.</para>
926 <primary>files</primary>
928 <secondary>vos command binary</secondary>
932 <primary>vos commands</primary>
934 <secondary>binary in /usr/afs/bin</secondary>
940 <term><emphasis role="bold">vos</emphasis></term>
943 <para>The command suite for communicating with the Volume and VL Server processes (the binaries for the servers are
944 <emphasis role="bold">volserver</emphasis> and <emphasis role="bold">vlserver</emphasis>, respectively).</para>
947 </variablelist></para>
950 <primary>usr/afs/etc directory on server machines</primary>
952 <secondary>contents listed</secondary>
956 <primary>directory</primary>
958 <secondary>/usr/afs/etc</secondary>
962 <primary>files</primary>
964 <secondary>server configuration, in /usr/afs/etc directory</secondary>
968 <primary>common configuration files (server)</primary>
972 <primary>server machine</primary>
974 <secondary>configuration files in /usr/afs/etc</secondary>
979 <title>Common Configuration Files in the /usr/afs/etc Directory</title>
981 <para>The directory <emphasis role="bold">/usr/afs/etc</emphasis> on every file server machine's local disk contains
982 configuration files in ASCII and machine-independent binary format. For predictable AFS performance throughout a cell, all
983 server machines must have the same version of each configuration file: <itemizedlist>
985 <primary>Update Server</primary>
987 <secondary>distributing server configuration files</secondary>
991 <para>Cells that run the United States edition of AFS conventionally use the Update Server to distribute a common
992 version of each file from the cell's system control machine to other server machines (for more on the system control
993 machine, see <link linkend="HDRWQ94">The System Control Machine</link>). Run the Update Server's server portion on the
994 system control machine, and the client portion on all other server machines. Update the files on the system control
995 machine only, except as directed by instructions for dealing with emergencies.</para>
999 <para>Cells that run the international edition of AFS must not use the Update Server to distribute the contents of the
1000 <emphasis role="bold">/usr/afs/etc</emphasis> directory. Due to United States government regulations, the data
1001 encryption routines that AFS uses to protect the files in this directory as they cross the network are not available to
1002 the Update Server in the international edition of AFS. You must instead update the files on each server machine
1003 individually, taking extra care to issue exactly the same <emphasis role="bold">bos</emphasis> command for each machine.
1004 The necessary data encryption routines are available to the <emphasis role="bold">bos</emphasis> commands, so
1005 information is safe as it crosses the network from the machine where the <emphasis role="bold">bos</emphasis> command is
1006 issued to the server machines.</para>
1008 </itemizedlist></para>
1010 <para>Never directly edit any of the files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory, except as directed
1011 by instructions for dealing with emergencies. In normal circumstances, use the appropriate <emphasis
1012 role="bold">bos</emphasis> commands to change the files. The following list includes pointers to instructions.</para>
1014 <para>The files in this directory include: <variablelist>
1016 <primary>CellServDB file (server)</primary>
1018 <secondary>about</secondary>
1022 <primary>files</primary>
1024 <secondary>CellServDB (server)</secondary>
1028 <term><emphasis role="bold">CellServDB</emphasis></term>
1031 <para>An ASCII file that names the cell's database server machines, which run the Authentication, Backup, Protection,
1032 and VL Server processes. You create the initial version of this file by issuing the <emphasis role="bold">bos
1033 setcellname</emphasis> command while installing your cell's first server machine. It is very important to update this
1034 file when you change the identity of your cell's database server machines.</para>
1036 <para>The server <emphasis role="bold">CellServDB</emphasis> file is not the same as the <emphasis
1037 role="bold">CellServDB</emphasis> file stored in the <emphasis role="bold">/usr/vice/etc</emphasis> directory on
1038 client machines. The client version lists the database server machines for every AFS cell that you choose to make
1039 accessible from the client machine. The server <emphasis role="bold">CellServDB</emphasis> file lists only the local
1040 cell's database server machines, because server processes never contact processes in other cells.</para>
1042 <para>For instructions on maintaining this file, see <link linkend="HDRWQ118">Maintaining the Server CellServDB
1046 <primary>KeyFile file</primary>
1048 <secondary>function of</secondary>
1052 <primary>files</primary>
1054 <secondary>KeyFile</secondary>
1058 <primary>server encryption key</primary>
1064 <term><emphasis role="bold">KeyFile</emphasis></term>
1067 <para>A machine-independent, binary-format file that lists the server encryption keys the AFS server processes use to
1068 encrypt and decrypt tickets. The information in this file is the basis for secure communication in the cell, and so is
1069 extremely sensitive. The file is specially protected so that only privileged users can read or change it.</para>
1071 <para>For instructions on maintaining this file, see <link linkend="HDRWQ355">Managing Server Encryption
1075 <primary>ThisCell file (server)</primary>
1079 <primary>files</primary>
1081 <secondary>ThisCell (server)</secondary>
1087 <term><emphasis role="bold">ThisCell</emphasis></term>
1090 <para>An ASCII file that consists of a single line defining the complete Internet domain-style name of the cell (such
1091 as <computeroutput>abc.com</computeroutput>). You create this file with the <emphasis role="bold">bos
1092 setcellname</emphasis> command during the installation of your cell's first file server machine, as instructed in the
1093 <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
1095 <para>Note that changing this file is only one step in changing your cell's name. For discussion, see <link
1096 linkend="HDRWQ34">Choosing a Cell Name</link>.</para>
1099 <primary>UserList file</primary>
1103 <primary>files</primary>
1105 <secondary>UserList</secondary>
1111 <term><emphasis role="bold">UserList</emphasis></term>
1114 <para>An ASCII file that lists the usernames of the system administrators authorized to issue privileged <emphasis
1115 role="bold">bos</emphasis>, <emphasis role="bold">vos</emphasis>, and <emphasis role="bold">backup</emphasis>
1116 commands. For instructions on maintaining the file, see <link linkend="HDRWQ592">Administering the UserList
1120 </variablelist></para>
1123 <primary>usr/afs/local directory on server machines</primary>
1125 <secondary>contents listed</secondary>
1129 <primary>directory</primary>
1131 <secondary>/usr/afs/local on server machines</secondary>
1135 <primary>local configuration files (server)</primary>
1139 <primary>file server machine</primary>
1141 <secondary>configuration files in /usr/afs/local</secondary>
1145 <sect2 id="HDRWQ86">
1146 <title>Local Configuration Files in the /usr/afs/local Directory</title>
1148 <para>The directory <emphasis role="bold">/usr/afs/local</emphasis> contains configuration files that are different for each
1149 file server machine in a cell. Thus, they are not updated automatically from a central source like the files in <emphasis
1150 role="bold">/usr/afs/bin</emphasis> and <emphasis role="bold">/usr/afs/etc</emphasis> directories. The most important file is
1151 the <emphasis role="bold">BosConfig</emphasis> file; it defines which server processes are to run on that machine.</para>
1153 <para>As with the common configuration files in <emphasis role="bold">/usr/afs/etc</emphasis>, you must not edit these files
1154 directly. Use commands from the <emphasis role="bold">bos</emphasis> command suite where appropriate; some files never need to
1157 <para>The files in this directory include the following: <variablelist>
1159 <primary>BosConfig file</primary>
1163 <primary>files</primary>
1165 <secondary>BosConfig</secondary>
1169 <term><emphasis role="bold">BosConfig</emphasis></term>
1172 <para>This file lists the server processes to run on the server machine, by defining which processes the BOS Server
1173 monitors and what it does if the process fails. It also defines the times at which the BOS Server automatically
1174 restarts processes for maintenance purposes.</para>
1176 <para>As you create server processes during a file server machine's installation, their entries are defined in this
1177 file automatically. The <emphasis>IBM AFS Quick Beginnings</emphasis> outlines the <emphasis
1178 role="bold">bos</emphasis> commands to use. For a more complete description of the file, and instructions for
1179 controlling process status by editing the file with commands from the <emphasis role="bold">bos</emphasis> suite, see
1180 <link linkend="HDRWQ142">Monitoring and Controlling Server Processes</link>.</para>
1183 <primary>NetInfo file (server version)</primary>
1187 <primary>files</primary>
1189 <secondary>NetInfo (server version)</secondary>
1195 <term><emphasis role="bold">NetInfo</emphasis></term>
1198 <para>This optional ASCII file lists one or more of the network interface addresses on the server machine. If it
1199 exists when the File Server initializes, the File Server uses it as the basis for the list of interfaces that it
1200 registers in its Volume Location Database (VLDB) server entry. See <link linkend="HDRWQ138">Managing Server IP
1201 Addresses and VLDB Server Entries</link>.</para>
1204 <primary>NetRestrict file (server version)</primary>
1208 <primary>files</primary>
1210 <secondary>NetRestrict (server version)</secondary>
1216 <term><emphasis role="bold">NetRestrict</emphasis></term>
1219 <para>This optional ASCII file lists one or more network interface addresses. If it exists when the File Server
1220 initializes, the File Server removes the specified addresses from the list of interfaces that it registers in its VLDB
1221 server entry. See <link linkend="HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</link>.</para>
1224 <primary>NoAuth file</primary>
1228 <primary>files</primary>
1230 <secondary>NoAuth</secondary>
1236 <term><emphasis role="bold">NoAuth</emphasis></term>
1239 <para>This zero-length file instructs all AFS server processes running on the machine not to perform authorization
1240 checking. Thus, they perform any action for any user, even <emphasis role="bold">anonymous</emphasis>. This very
1241 insecure state is useful only in rare instances, mainly during the installation of the machine.</para>
1243 <para>The file is created automatically when you start the initial <emphasis role="bold">bosserver</emphasis> process
1244 with the <emphasis role="bold">-noauth</emphasis> flag, or issue the <emphasis role="bold">bos setauth</emphasis>
1245 command to turn off authentication requirements. When you use the <emphasis role="bold">bos setauth</emphasis> command
1246 to turn on authentication, the BOS Server removes this file. For more information, see <link
1247 linkend="HDRWQ123">Managing Authentication and Authorization Requirements</link>.</para>
1250 <primary>SALVAGE.fs file</primary>
1254 <primary>files</primary>
1256 <secondary>SALVAGE.fs</secondary>
1262 <term><emphasis role="bold">SALVAGE.fs</emphasis></term>
1265 <para>This zero-length file controls how the BOS Server handles a crash of the File Server component of the <emphasis
1266 role="bold">fs</emphasis> process. The BOS Server creates this file each time it starts or restarts the <emphasis
1267 role="bold">fs</emphasis> process. If the file is present when the File Server crashes, then the BOS Server runs the
1268 Salvager before restarting the File Server and Volume Server again. When the File Server exits normally, the BOS
1269 Server removes the file so that the Salvager does not run.</para>
1271 <para>Do not create or remove this file yourself; the BOS Server does so automatically. If necessary, you can salvage
1272 a volume or partition by using the <emphasis role="bold">bos salvage</emphasis> command; see <link
1273 linkend="HDRWQ232">Salvaging Volumes</link>.</para>
1276 <primary>salvage.lock file</primary>
1280 <primary>files</primary>
1282 <secondary>salvage.lock</secondary>
1288 <term><emphasis role="bold">salvage.lock</emphasis></term>
1291 <para>This file guarantees that only one Salvager process runs on a file server machine at a time (the single process
1292 can fork multiple subprocesses to salvage multiple partitions in parallel). As the Salvager initiates (when invoked by
1293 the BOS Server or by issue of the <emphasis role="bold">bos salvage</emphasis> command), it creates this zero-length
1294 file and issues the <emphasis role="bold">flock</emphasis> system call on it. It removes the file when it completes
1295 the salvage operation. Because the Salvager must lock the file in order to run, only one Salvager can run at a
1299 <primary>sysid file</primary>
1303 <primary>files</primary>
1305 <secondary>sysid</secondary>
1309 <primary>File Server</primary>
1311 <secondary>interfaces registered in VLDB</secondary>
1313 <tertiary>listed in sysid file</tertiary>
1317 <primary>VLDB</primary>
1319 <secondary>server machine interfaces registered</secondary>
1321 <tertiary>listed in sysid file</tertiary>
1327 <term><emphasis role="bold">sysid</emphasis></term>
1330 <para>This file records the network interface addresses that the File Server (<emphasis
1331 role="bold">fileserver</emphasis> process) registers in its VLDB server entry. When the Cache Manager requests volume
1332 location information, the Volume Location (VL) Server provides all of the interfaces registered for each server
1333 machine that houses the volume. This enables the Cache Manager to make use of multiple addresses when accessing AFS
1334 data stored on a multihomed file server machine. For further information, see <link linkend="HDRWQ138">Managing Server
1335 IP Addresses and VLDB Server Entries</link>.</para>
1338 </variablelist></para>
1341 <primary>usr/afs/db directory on server machines</primary>
1343 <secondary>contents listed</secondary>
1347 <primary>directory</primary>
1349 <secondary>/usr/afs/db on server machines</secondary>
1353 <primary>database files</primary>
1357 <primary>replicated database files</primary>
1361 <primary>log files</primary>
1363 <secondary>for replicated databases</secondary>
1367 <primary>file server machine</primary>
1369 <secondary>database files in /usr/afs/db</secondary>
1373 <sect2 id="HDRWQ87">
1374 <title>Replicated Database Files in the /usr/afs/db Directory</title>
1376 <para>The directory <emphasis role="bold">/usr/afs/db</emphasis> contains two types of files pertaining to the four replicated
1377 databases in the cell--the Authentication Database, Backup Database, Protection Database, and Volume Location Database (VLDB):
1380 <para>A file that contains each database, with a <emphasis role="bold">.DB0</emphasis> extension.</para>
1384 <para>A log file for each database, with a <emphasis role="bold">.DBSYS1</emphasis> extension. The database server
1385 process logs each database operation in this file before performing it. If the operation is interrupted, the process
1386 consults this file to learn how to finish it.</para>
1388 </itemizedlist></para>
1390 <para>Each database server process (Authentication, Backup, Protection, or VL Server) maintains its own database and log
1391 files. The database files are in binary format, so you must always access or alter them using commands from the <emphasis
1392 role="bold">kas</emphasis> suite (for the Authentication Database), <emphasis role="bold">backup</emphasis> suite (for the
1393 Backup Database), <emphasis role="bold">pts</emphasis> suite (for the Protection Database), or <emphasis
1394 role="bold">vos</emphasis> suite (for the VLDB).</para>
1396 <para>If a cell runs more than one database server machine, each database server process keeps its own copy of its database on
1397 its machine's hard disk. However, it is important that all the copies of a given database are the same. To synchronize them,
1398 the database server processes call on AFS's distributed database technology, Ubik, as described in <link
1399 linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>.</para>
1401 <para>The files listed here appear in this directory only on database server machines. On non-database server machines, this
1402 directory is empty. <variablelist>
1404 <primary>files</primary>
1406 <secondary>bdb.DB0</secondary>
1410 <primary>bdb.DB0 file</primary>
1414 <term><emphasis role="bold">bdb.DB0</emphasis></term>
1417 <para>The Backup Database file.</para>
1420 <primary>files</primary>
1422 <secondary>bdb.DBSYS1</secondary>
1426 <primary>bdb.DBSYS1 file</primary>
1432 <term><emphasis role="bold">bdb.DBSYS1</emphasis></term>
1435 <para>The Backup Database log file.</para>
1438 <primary>files</primary>
1440 <secondary>kaserver.DB0</secondary>
1444 <primary>kaserver.DB0 file</primary>
1450 <term><emphasis role="bold">kaserver.DB0</emphasis></term>
1453 <para>The Authentication Database file.</para>
1456 <primary>files</primary>
1458 <secondary>kaserver.DBSYS1</secondary>
1462 <primary>kaserver.DBSYS1 file</primary>
1468 <term><emphasis role="bold">kaserver.DBSYS1</emphasis></term>
1471 <para>The Authentication Database log file.</para>
1474 <primary>files</primary>
1476 <secondary>prdb.DB0</secondary>
1480 <primary>prdb.DB0 file</primary>
1486 <term><emphasis role="bold">prdb.DB0</emphasis></term>
1489 <para>The Protection Database file.</para>
1492 <primary>files</primary>
1494 <secondary>prdb.DBSYS1</secondary>
1498 <primary>prdb.DBSYS1 file</primary>
1504 <term><emphasis role="bold">prdb.DBSYS1</emphasis></term>
1507 <para>The Protection Database log file.</para>
1510 <primary>files</primary>
1512 <secondary>vldb.DB0</secondary>
1516 <primary>vldb.DB0 file</primary>
1522 <term><emphasis role="bold">vldb.DB0</emphasis></term>
1525 <para>The Volume Location Database file.</para>
1528 <primary>files</primary>
1530 <secondary>vldb.DBSYS1</secondary>
1534 <primary>vldb.DBSYS1 file</primary>
1540 <term><emphasis role="bold">vldb.DBSYS1</emphasis></term>
1543 <para>The Volume Location Database log file.</para>
1546 </variablelist></para>
1549 <primary>usr/afs/logs directory on server machines</primary>
1551 <secondary>contents listed</secondary>
1555 <primary>directory</primary>
1557 <secondary>/usr/afs/logs on server machines</secondary>
1561 <primary>file server machine</primary>
1563 <secondary>core files in /usr/afs/logs</secondary>
1567 <primary>file server machine</primary>
1569 <secondary>log files in /usr/afs/logs</secondary>
1573 <primary>log files</primary>
1575 <secondary>for server processes</secondary>
1579 <primary>core files</primary>
1581 <secondary>for server processes</secondary>
1585 <sect2 id="HDRWQ88">
1586 <title>Log Files in the /usr/afs/logs Directory</title>
1588 <para>The <emphasis role="bold">/usr/afs/logs</emphasis> directory contains log files from various server processes. The files
1589 detail interesting events that occur during normal operations. For instance, the Volume Server can record volume moves in the
1590 <emphasis role="bold">VolserLog</emphasis> file. Events are recorded at completion, so the server processes do not use these
1591 files to reconstruct failed operations unlike the ones in the <emphasis role="bold">/usr/afs/db</emphasis> directory.</para>
1593 <para>The information in log files can be very useful as you evaluate process failures and other problems. For instance, if
1594 you receive a timeout message when you try to access a volume, checking the <emphasis role="bold">FileLog</emphasis> file
1595 possibly provides an explanation, showing that the File Server was unable to attach the volume. To examine a log file
1596 remotely, use the <emphasis role="bold">bos getlog</emphasis> command as described in <link linkend="HDRWQ173">Displaying
1597 Server Process Log Files</link>.</para>
1599 <para>This directory also contains the core image files generated if a process being monitored by the BOS Server crashes. The
1600 BOS Server attempts to add an extension to the standard <emphasis role="bold">core</emphasis> name to indicate which process
1601 generated the core file (for example, naming a core file generated by the Protection Server <emphasis
1602 role="bold">core.ptserver</emphasis>). The BOS Server cannot always assign the correct extension if two processes fail at
1603 about the same time, so it is not guaranteed to be correct.</para>
1605 <para>The directory contains the following files: <variablelist>
1607 <primary>AuthLog file</primary>
1611 <primary>files</primary>
1613 <secondary>AuthLog</secondary>
1617 <term><emphasis role="bold">AuthLog</emphasis></term>
1620 <para>The Authentication Server's log file.</para>
1623 <primary>BackupLog file</primary>
1627 <primary>files</primary>
1629 <secondary>BackupLog</secondary>
1635 <term><emphasis role="bold">BackupLog</emphasis></term>
1638 <para>The Backup Server's log file.</para>
1641 <primary>BosLog file</primary>
1645 <primary>files</primary>
1647 <secondary>BosLog</secondary>
1653 <term><emphasis role="bold">BosLog</emphasis></term>
1656 <para>The BOS Server's log file.</para>
1659 <primary>files</primary>
1661 <secondary>FileLog</secondary>
1665 <primary>FileLog file</primary>
1671 <term><emphasis role="bold">FileLog</emphasis></term>
1674 <para>The File Server's log file.</para>
1677 <primary>files</primary>
1679 <secondary>SalvageLog</secondary>
1683 <primary>SalvageLog file</primary>
1689 <term><emphasis role="bold">SalvageLog</emphasis></term>
1692 <para>The Salvager's log file.</para>
1695 <primary>VLLog file</primary>
1699 <primary>files</primary>
1701 <secondary>VLLog</secondary>
1707 <term><emphasis role="bold">VLLog</emphasis></term>
1710 <para>The Volume Location (VL) Server's log file.</para>
1713 <primary>VolserLog file</primary>
1717 <primary>files</primary>
1719 <secondary>VolserLog</secondary>
1725 <term><emphasis role="bold">VolserLog</emphasis></term>
1728 <para>The Volume Server's log file.</para>
1733 <term><emphasis role="bold">core.process</emphasis></term>
1736 <para>If present, a core image file produced as an AFS server process on the machine crashed (probably the process
1737 named by process).</para>
1740 </variablelist></para>
1743 <para>To prevent log files from growing unmanageably large, restart the server processes periodically, particularly the
1744 database server processes. To avoid restarting the processes, use the UNIX <emphasis role="bold">rm</emphasis> command to
1745 remove the file as the process runs; it re-creates it automatically.</para>
1749 <primary>vicep directory on server machines</primary>
1751 <secondary>contents listed</secondary>
1755 <primary>directory</primary>
1757 <secondary>/vicep on server machines</secondary>
1761 <primary>volume header</primary>
1763 <secondary>in /vicep directories</secondary>
1767 <primary>partition</primary>
1769 <secondary>housing AFS volumes</secondary>
1773 <primary>file server machine</primary>
1775 <secondary>partitions, naming</secondary>
1779 <sect2 id="HDRWQ89">
1780 <title>Volume Headers on Server Partitions</title>
1782 <para>A partition that houses AFS volumes must be mounted at a subdirectory of the machine's root ( / ) directory (not, for
1783 instance under the <emphasis role="bold">/usr</emphasis> directory). The file server machine's file system registry file
1784 (<emphasis role="bold">/etc/fstab</emphasis> or equivalent) must correctly map the directory name and the partition's device
1785 name. The directory name is of the form <emphasis role="bold">/vicep</emphasis>index, where each index is one or two lowercase
1786 letters. By convention, the first AFS partition on a machine is mounted at <emphasis role="bold">/vicepa</emphasis>, the
1787 second at <emphasis role="bold">/vicepb</emphasis>, and so on. If there are more than 26 partitions, continue with <emphasis
1788 role="bold">/vicepaa</emphasis>, <emphasis role="bold">/vicepab</emphasis> and so on. The <emphasis>IBM AFS Release
1789 Notes</emphasis> specifies the number of supported partitions per server machine.</para>
1791 <para>Do not store non-AFS files on AFS partitions. The File Server and Volume Server expect to have available all of the
1792 space on the partition.</para>
1794 <para>The <emphasis role="bold">/vicep</emphasis> directories contain two types of files: <variablelist>
1796 <primary>V.<emphasis>vol_ID</emphasis>.vol file</primary>
1800 <primary>files</primary>
1802 <secondary>V.<emphasis>vol_ID</emphasis>.vol</secondary>
1806 <term><emphasis role="bold">Vvol_ID.vol</emphasis></term>
1809 <para>Each such file is a volume header. The vol_ID corresponds to the volume ID number displayed in the output from
1810 the <emphasis role="bold">vos examine</emphasis>, <emphasis role="bold">vos listvldb</emphasis>, and <emphasis
1811 role="bold">vos listvol</emphasis> commands.</para>
1814 <primary>FORCESALVAGE file</primary>
1818 <primary>files</primary>
1820 <secondary>FORCESALVAGE</secondary>
1826 <term><emphasis role="bold">FORCESALVAGE</emphasis></term>
1829 <para>This zero-length file triggers the Salvager to salvage the entire partition. The AFS-modified version of the
1830 <emphasis role="bold">fsck</emphasis> program creates this file if it discovers corruption.</para>
1833 </variablelist></para>
1836 <para>For most system types, it is important never to run the standard <emphasis role="bold">fsck</emphasis> program
1837 provided with the operating system on an AFS file server machine. It removes all AFS volume data from server partitions
1838 because it does not recognize their format.</para>
1842 <primary>roles for server machine</primary>
1846 <primary>server machine</primary>
1848 <secondary>roles summarized</secondary>
1853 <sect1 id="HDRWQ90">
1854 <title>The Four Roles for File Server Machines</title>
1856 <para>In cells that have more than one server machine, not all server machines have to perform exactly the same functions. The
1857 are four possible <emphasis>roles</emphasis> a machine can assume, determined by which server processes it is running. A machine
1858 can assume more than one role by running all of the relevant processes. The following list summarizes the four roles, which are
1859 described more completely in subsequent sections. <itemizedlist>
1861 <para>A <emphasis>simple file server</emphasis> machine runs only the processes that store and deliver AFS files to client
1862 machines. You can run as many simple file server machines as you need to satisfy your cell's performance and disk space
1863 requirements.</para>
1867 <para>A <emphasis>database server machine</emphasis> runs the four database server processes that maintain AFS's
1868 replicated administrative databases: the Authentication, Backup, Protection, and Volume Location (VL) Server
1873 <para>A <emphasis>binary distribution machine</emphasis> distributes the AFS server binaries for its system type to all
1874 other server machines of that system type.</para>
1878 <para>The single <emphasis>system control machine</emphasis> distributes common server configuration files to all other
1879 server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international
1880 edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the
1881 time synchronization source for the cell, adjusting its clock according to a time source outside the cell.</para>
1883 </itemizedlist></para>
1885 <para>If a cell has a single server machine, it assumes the simple file server and database server roles. The instructions in
1886 the <emphasis>IBM AFS Quick Beginnings</emphasis> also have you configure it as the system control machine and binary
1887 distribution machine for its system type, but it does not actually perform those functions until you install another server
1890 <para>It is best to keep the binaries for all of the AFS server processes in the <emphasis role="bold">/usr/afs/bin</emphasis>
1891 directory, even if not all processes are running. You can then change which roles a machine assumes simply by starting or
1892 stopping the processes that define the role.</para>
1895 <primary>simple file server machine</primary>
1899 <primary>server machine</primary>
1901 <secondary>simple file server role</secondary>
1904 <sect2 id="HDRWQ91">
1905 <title>Simple File Server Machines</title>
1907 <para>A <emphasis>simple file server machine</emphasis> runs only the server processes that store and deliver AFS files to
1908 client machines, monitor process status, and pick up binaries and configuration files from the cell's binary distribution and
1909 system control machines.</para>
1911 <para>In general, only cells with more than three server machines need to run simple file server machines. In cells with three
1912 or fewer machines, all of them are usually database server machines (to benefit from replicating the administrative
1913 databases); see <link linkend="HDRWQ92">Database Server Machines</link>.</para>
1915 <para>The following processes run on a simple file server machine: <itemizedlist>
1917 <para>The BOS Server (<emphasis role="bold">bosserver</emphasis> process)</para>
1921 <para>The <emphasis role="bold">fs</emphasis> process, which combines the File Server, Volume Server, and Salvager
1922 processes so that they can coordinate their operations on the data in volumes and avoid the inconsistencies that can
1923 result from multiple simultaneous operations on the same data</para>
1927 <para>The NTP coordinator (<emphasis role="bold">runntp</emphasis> process), which helps keep the machine's clock
1928 synchronized with the clocks on the other server machines in the cell</para>
1932 <para>A client portion of the Update Server that picks up binary files from the binary distribution machine of its AFS
1933 system type (the <emphasis role="bold">upclientbin</emphasis> process)</para>
1937 <para>A client portion of the Update Server that picks up common configuration files from the system control machine, in
1938 cells running the United States edition of AFS (the <emphasis role="bold">upclientetc</emphasis> process)</para>
1940 </itemizedlist></para>
1943 <primary>database server machine</primary>
1945 <secondary>defined</secondary>
1949 <primary>server machine</primary>
1951 <secondary>database server role</secondary>
1955 <primary>Backup Server</primary>
1957 <secondary>runs on database server machine</secondary>
1961 <primary>Authentication Server</primary>
1963 <secondary>runs on database server machine</secondary>
1967 <primary>Protection Server</primary>
1969 <secondary>runs on database server machine</secondary>
1973 <primary>VL Server</primary>
1975 <secondary>runs on database server machine</secondary>
1979 <sect2 id="HDRWQ92">
1980 <title>Database Server Machines</title>
1982 <para>A <emphasis>database server machine</emphasis> runs the four processes that maintain the AFS replicated administrative
1983 databases: the Authentication Server, Backup Server, Protection Server, and Volume Location (VL) Server, which maintain the
1984 Authentication Database, Backup Database, Protection Database, and Volume Location Database (VLDB), respectively. To review
1985 the functions of these server processes and their databases, see <link linkend="HDRWQ17">AFS Server Processes and the Cache
1986 Manager</link>.</para>
1988 <para>If a cell has more than one server machine, it is best to run more than one database server machine, but more than three
1989 are rarely necessary. Replicating the databases in this way yields the same benefits as replicating volumes: increased
1990 availability and reliability of information. If one database server machine or process goes down, the information in the
1991 database is still available from others. The load of requests for database information is spread across multiple machines,
1992 preventing any one from becoming overloaded.</para>
1994 <para>Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands
1995 that all copies of the database always be identical, so it is not possible to record changes in only some of them. To
1996 synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See <link
1997 linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>.</para>
1999 <para>It is critical that the AFS server processes on every server machine in a cell know which machines are the database
2000 server machines. The database server processes in particular must maintain constant contact with their peers in order to
2001 coordinate the copies of the database. The other server processes often need information from the databases. Every file server
2002 machine keeps a list of its cell's database server machines in its local <emphasis
2003 role="bold">/usr/afs/etc/CellServDB</emphasis> file. Cells that use the States edition of AFS can use the system control
2004 machine to distribute this file (see <link linkend="HDRWQ94">The System Control Machine</link>).</para>
2006 <para>The following processes define a database server machine: <itemizedlist>
2008 <para>The Authentication Server (<emphasis role="bold">kaserver</emphasis> process)</para>
2012 <para>The Backup Server (<emphasis role="bold">buserver</emphasis> process)</para>
2016 <para>The Protection Server (<emphasis role="bold">ptserver</emphasis> process)</para>
2020 <para>The VL Server (<emphasis role="bold">vlserver</emphasis> process)</para>
2022 </itemizedlist></para>
2024 <para>Database server machines can also run the processes that define a simple file server machine, as listed in <link
2025 linkend="HDRWQ91">Simple File Server Machines</link>. One database server machine can act as the cell's system control
2026 machine, and any database server machine can serve as the binary distribution machine for its system type; see <link
2027 linkend="HDRWQ94">The System Control Machine</link> and <link linkend="HDRWQ93">Binary Distribution Machines</link>.</para>
2030 <primary>binary distribution machine</primary>
2032 <secondary>defined</secondary>
2036 <primary>server machine</primary>
2038 <secondary>binary distribution role</secondary>
2042 <primary>Update Server</primary>
2044 <secondary>server portion</secondary>
2046 <tertiary>on binary distribution machine</tertiary>
2050 <primary>Update Server</primary>
2052 <secondary>client portion</secondary>
2054 <tertiary>for binaries</tertiary>
2058 <sect2 id="HDRWQ93">
2059 <title>Binary Distribution Machines</title>
2061 <para>A <emphasis>binary distribution machine</emphasis> stores and distributes the binary files for the AFS processes and
2062 command suites to all other server machines of its system type. Each file server machine keeps its own copy of AFS server
2063 process binaries on its local disk, by convention in the <emphasis role="bold">/usr/afs/bin</emphasis> directory. For
2064 consistent system performance, however, all server machines must run the same version (build level) of a process. For
2065 instructions for checking a binary's build level, see <link linkend="HDRWQ117">Displaying A Binary File's Build Level</link>.
2066 The easiest way to keep the binaries consistent is to have a binary distribution machine of each system type distribute them
2067 to its system-type peers.</para>
2069 <para>The process that defines a binary distribution machine is the server portion of the Update Server (<emphasis
2070 role="bold">upserver</emphasis> process). The client portion of the Update Server (<emphasis
2071 role="bold">upclientbin</emphasis> process) runs on the other server machines of that system type and references the binary
2072 distribution machine.</para>
2074 <para>Binary distribution machines usually also run the processes that define a simple file server machine, as listed in <link
2075 linkend="HDRWQ91">Simple File Server Machines</link>. One binary distribution machine can act as the cell's system control
2076 machine, and any binary distribution machine can serve as a database server machine; see <link linkend="HDRWQ94">The System
2077 Control Machine</link> and <link linkend="HDRWQ92">Database Server Machines</link>.</para>
2080 <primary>system control machine</primary>
2084 <primary>configuration files</primary>
2086 <secondary>server machine, common</secondary>
2090 <primary>server machine</primary>
2092 <secondary>system control role</secondary>
2096 <sect2 id="HDRWQ94">
2097 <title>The System Control Machine</title>
2099 <para>In cells that run the United States edition of AFS, the <emphasis>system control machine</emphasis> stores and
2100 distributes system configuration files shared by all of the server machines in the cell. Each file server machine keeps its
2101 own copy of the configuration files on its local disk, by convention in the <emphasis role="bold">/usr/afs/etc</emphasis>
2102 directory. For consistent system performance, however, all server machines must use the same files. The easiest way to keep
2103 the files consistent is to have the system control machine distribute them. You make changes only to the copy stored on the
2104 system control machine, as directed by the instructions in this document. The United States edition of AFS is available to
2105 cells in the United States and Canada and to selected institutions in other countries, as determined by United States
2106 government regulations.</para>
2108 <para>Cells that run the international version of AFS do not use the system control machine to distribute system configuration
2109 files. Some of the files contain information that is too sensitive to cross the network unencrypted, and United States
2110 government regulations forbid the export of the necessary encryption routines in the form that the Update Server uses. You
2111 must instead update the configuration files on each file server machine individually. The <emphasis role="bold">bos</emphasis>
2112 commands that you use to update the files encrypt the information using an exportable form of the encryption routines.</para>
2114 <para>For a list of the configuration files stored in the <emphasis role="bold">/usr/afs/etc</emphasis> directory, see <link
2115 linkend="HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</link>.</para>
2117 <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> configures a cell's first server machine as the system control
2118 machine. If you wish, you can reassign the role to a different machine that you install later, but you must then change the
2119 client portion of the Update Server (<emphasis role="bold">upclientetc</emphasis>) process running on all other server
2120 machines to refer to the new system control machine.</para>
2122 <para>The following processes define the system control machine: <itemizedlist>
2124 <primary>Update Server</primary>
2126 <secondary>server portion</secondary>
2128 <tertiary>on system control machine</tertiary>
2132 <primary>Update Server</primary>
2134 <secondary>client portion</secondary>
2136 <tertiary>for configuration files</tertiary>
2140 <para>The server portion of the Update Server (<emphasis role="bold">upserver</emphasis>) process, in cells using the
2141 United States edition of AFS. The client portion of the Update Server (<emphasis role="bold">upclientetc</emphasis>
2142 process) runs on the other server machines and references the system control machine.</para>
2146 <para>The NTP coordinator (<emphasis role="bold">runntp</emphasis> process) which points to a time source outside the
2147 cell, if the cell uses NTPD to synchronize its clocks. The <emphasis role="bold">runntp</emphasis> process on other
2148 machines reference the system control machine as their main time source.</para>
2150 </itemizedlist></para>
2152 <para>The system control machine can also run the processes that define a simple file server machine, as listed in <link
2153 linkend="HDRWQ91">Simple File Server Machines</link>. It can also server as a database server machine, and by convention acts
2154 as the binary distribution machine for its system type. A single <emphasis role="bold">upserver</emphasis> process can
2155 distribute both configuration files and binaries. See <link linkend="HDRWQ92">Database Server Machines</link> and <link
2156 linkend="HDRWQ93">Binary Distribution Machines</link>.</para>
2159 <primary>determining</primary>
2161 <secondary>roles taken by server machine</secondary>
2165 <primary>identifying</primary>
2167 <secondary>roles taken by server machine</secondary>
2171 <primary>server machine</primary>
2173 <secondary>determining roles</secondary>
2177 <primary>roles for server machine</primary>
2179 <secondary>determining</secondary>
2183 <primary>database server machine</primary>
2185 <secondary>identifying with bos status</secondary>
2189 <primary>determining</primary>
2191 <secondary>identity of database server machines</secondary>
2195 <primary>identifying</primary>
2197 <secondary>database server machine</secondary>
2201 <sect2 id="HDRWQ95">
2202 <title>To locate database server machines</title>
2206 <para>Issue the <emphasis role="bold">bos listhosts</emphasis> command. <programlisting>
2207 % <emphasis role="bold">bos listhosts</emphasis> <<replaceable>machine name</replaceable>>
2208 </programlisting></para>
2210 <para>The machines listed in the output are the cell's database server machines. For complete instructions and example
2211 output, see <link linkend="HDRWQ120">To display a cell's database server machines</link>.</para>
2215 <para><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">bos status</emphasis> command to verify
2216 that a machine listed in the output of the <emphasis role="bold">bos listhosts</emphasis> command is actually running the
2217 processes that define it as a database server machine. For complete instructions, see <link linkend="HDRWQ158">Displaying
2218 Process Status and Information from the BosConfig File</link>. <programlisting>
2219 % <emphasis role="bold">bos status</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver kaserver ptserver vlserver</emphasis>
2220 </programlisting></para>
2222 <para>If the specified machine is a database server machine, the output from the <emphasis role="bold">bos
2223 status</emphasis> command includes the following lines:</para>
2226 Instance buserver, currently running normally.
2227 Instance kaserver, currently running normally.
2228 Instance ptserver, currently running normally.
2229 Instance vlserver, currently running normally.
2235 <primary>system control machine</primary>
2237 <secondary>identifying with bos status</secondary>
2241 <primary>determining</primary>
2243 <secondary>identity of system control machine</secondary>
2247 <primary>identifying</primary>
2249 <secondary>system control machine</secondary>
2253 <sect2 id="HDRWQ96">
2254 <title>To locate the system control machine</title>
2258 <para>Issue the <emphasis role="bold">bos status</emphasis> command for any server machine. Complete instructions appear
2259 in <link linkend="HDRWQ158">Displaying Process Status and Information from the BosConfig File</link>. <programlisting>
2260 % <emphasis role="bold">bos status</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">upserver upclientbin upclientetc</emphasis> <emphasis
2261 role="bold">-long</emphasis>
2262 </programlisting></para>
2264 <para>The output you see depends on the machine you have contacted: a simple file server machine, the system control
2265 machine, or a binary distribution machine. See <link linkend="HDRWQ98">Interpreting the Output from the bos status
2266 Command</link>.</para>
2271 <primary>binary distribution machine</primary>
2273 <secondary>identifying with bos status</secondary>
2277 <primary>determining</primary>
2279 <secondary>identity of binary distribution machine</secondary>
2283 <primary>identifying</primary>
2285 <secondary>binary distribution machine</secondary>
2289 <sect2 id="HDRWQ97">
2290 <title>To locate the binary distribution machine for a system type</title>
2294 <para>Issue the <emphasis role="bold">bos status</emphasis> command for a file server machine of the system type you are
2295 checking (to determine a machine's system type, issue the <emphasis role="bold">fs sysname</emphasis> or <emphasis
2296 role="bold">sys</emphasis> command as described in <link linkend="HDRWQ417">Displaying and Setting the System Type
2297 Name</link>. Complete instructions for the <emphasis role="bold">bos status</emphasis> command appear in <link
2298 linkend="HDRWQ158">Displaying Process Status and Information from the BosConfig File</link>. <programlisting>
2299 % <emphasis role="bold">bos status</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">upserver upclientbin upclientetc -long</emphasis>
2300 </programlisting></para>
2302 <para>The output you see depends on the machine you have contacted: a simple file server machine, the system control
2303 machine, or a binary distribution machine. See <link linkend="HDRWQ98">Interpreting the Output from the bos status
2304 Command</link>.</para>
2309 <primary>simple file server machine</primary>
2311 <secondary>identifying with bos status</secondary>
2315 <primary>determining</primary>
2317 <secondary>identity of:</secondary>
2319 <tertiary>simple file server machines</tertiary>
2323 <primary>identifying</primary>
2325 <secondary>simple file server machine</secondary>
2329 <sect2 id="HDRWQ98">
2330 <title>Interpreting the Output from the bos status Command</title>
2332 <para>Interpreting the output of the <emphasis role="bold">bos status</emphasis> command is most straightforward for a simple
2333 file server machine. There is no <emphasis role="bold">upserver</emphasis> process, so the output includes the following
2337 bos: failed to get instance info for 'upserver' (no such entity)
2340 <para>A simple file server machine runs the <emphasis role="bold">upclientbin</emphasis> process, so the output includes a
2341 message like the following. It indicates that <emphasis role="bold">fs7.abc.com</emphasis> is the binary distribution machine
2342 for this system type.</para>
2345 Instance upclientbin, (type is simple) currently running normally.
2346 Process last started at Wed Mar 10 23:37:09 1999 (1 proc start)
2347 Command 1 is '/usr/afs/bin/upclient fs7.abc.com -t 60 /usr/afs/bin'
2350 <para>If you run the United States edition of AFS, a simple file server machine also runs the <emphasis
2351 role="bold">upclientetc</emphasis> process, so the output includes a message like the following. It indicates that <emphasis
2352 role="bold">fs1.abc.com</emphasis> is the system control machine.</para>
2355 Instance upclientetc, (type is simple) currently running normally.
2356 Process last started at Mon Mar 22 05:23:49 1999 (1 proc start)
2357 Command 1 is '/usr/afs/bin/upclient fs1.abc.com -t 60 /usr/afs/etc'
2360 <sect3 id="HDRWQ99">
2361 <title>The Output on the System Control Machine</title>
2363 <para>If you run the United States edition of AFS and have issued the <emphasis role="bold">bos status</emphasis> command
2364 for the system control machine, the output includes an entry for the <emphasis role="bold">upserver</emphasis> process
2365 similar to the following:</para>
2368 Instance upserver, (type is simple) currently running normally.
2369 Process last started at Mon Mar 22 05:23:54 1999 (1 proc start)
2370 Command 1 is '/usr/afs/bin/upserver'
2373 <para>If you are using the default configuration recommended in the <emphasis>IBM AFS Quick Beginnings</emphasis>, the
2374 system control machine is also the binary distribution machine for its system type, and a single <emphasis
2375 role="bold">upserver</emphasis> process distributes both kinds of updates. In that case, the output includes the following
2379 bos: failed to get instance info for 'upclientbin' (no such entity)
2380 bos: failed to get instance info for 'upclientetc' (no such entity)
2383 <para>If the system control machine is not a binary distribution machine, the output includes an error message for the
2384 <emphasis role="bold">upclientetc</emphasis> process, but a complete a listing for the <emphasis
2385 role="bold">upclientbin</emphasis> process (in this case it refers to the machine <emphasis
2386 role="bold">fs5.abc.com</emphasis> as the binary distribution machine):</para>
2389 Instance upclientbin, (type is simple) currently running normally.
2390 Process last started at Mon Mar 22 05:23:49 1999 (1 proc start)
2391 Command 1 is '/usr/afs/bin/upclient fs5.abc.com -t 60 /usr/afs/bin'
2392 bos: failed to get instance info for 'upclientetc' (no such entity)
2396 <sect3 id="HDRWQ100">
2397 <title>The Output on a Binary Distribution Machine</title>
2399 <para>If you have issued the <emphasis role="bold">bos status</emphasis> command for a binary distribution machine, the
2400 output includes an entry for the <emphasis role="bold">upserver</emphasis> process similar to the following and error
2401 message for the <emphasis role="bold">upclientbin</emphasis> process:</para>
2404 Instance upserver, (type is simple) currently running normally.
2405 Process last started at Mon Apr 5 05:23:54 1999 (1 proc start)
2406 Command 1 is '/usr/afs/bin/upserver'
2407 bos: failed to get instance info for 'upclientbin' (no such entity)
2410 <para>Unless this machine also happens to be the system control machine, a message like the following references the system
2411 control machine (in this case, <emphasis role="bold">fs3.abc.com</emphasis>):</para>
2414 Instance upclientetc, (type is simple) currently running normally.
2415 Process last started at Mon Apr 5 05:23:49 1999 (1 proc start)
2416 Command 1 is '/usr/afs/bin/upclient fs3.abc.com -t 60 /usr/afs/etc'
2422 <sect1 id="HDRWQ101">
2423 <title>Administering Database Server Machines</title>
2425 <para>This section explains how to administer database server machines. For installation instructions, see the <emphasis>IBM AFS
2426 Quick Beginnings</emphasis>.</para>
2429 <primary>distribution</primary>
2431 <secondary>of databases</secondary>
2435 <primary>database, distributed</primary>
2437 <secondary></secondary>
2439 <see>administrative database</see>
2443 <primary>distributed database</primary>
2445 <secondary></secondary>
2447 <see>administrative database</see>
2451 <primary>administrative database</primary>
2453 <secondary>about replicating</secondary>
2457 <primary>database server machine</primary>
2459 <secondary>maintaining</secondary>
2463 <primary>Ubik</primary>
2465 <secondary>operation described</secondary>
2469 <primary>synchronization site (Ubik)</primary>
2471 <secondary>defined</secondary>
2475 <primary>secondary site (Ubik)</primary>
2479 <primary>coordinator (Ubik)</primary>
2481 <secondary>defined</secondary>
2485 <primary>Ubik</primary>
2487 <secondary>automatic updates</secondary>
2491 <primary>automatic</primary>
2493 <secondary>update to admin. databases by Ubik</secondary>
2496 <sect2 id="HDRWQ102">
2497 <title>Replicating the AFS Administrative Databases</title>
2499 <para>There are several benefits to replicating the AFS administrative databases (the Authentication, Backup, Protection, and
2500 Volume Location Databases), as discussed in <link linkend="HDRWQ52">Replicating the AFS Administrative Databases</link>. For
2501 correct cell functioning, the copies of each database must be identical at all times. To keep the databases synchronized, AFS
2502 uses library of utilities called <emphasis>Ubik</emphasis>. Each database server process runs an associated lightweight Ubik
2503 process, and client-side programs call Ubik's client-side subroutines when they submit requests to read and change the
2506 <para>Ubik is designed to work with minimal administrator intervention, but there are several configuration requirements, as
2507 detailed in <link linkend="HDRWQ103">Configuring the Cell for Proper Ubik Operation</link>. The following brief overview of
2508 Ubik's operation is helpful for understanding the requirements. For more details, see <link linkend="HDRWQ104">How Ubik
2509 Operates Automatically</link>.</para>
2511 <para>Ubik is designed to distribute changes made in an AFS administrative database to all copies as quickly as possible. Only
2512 one copy of the database, the <emphasis>synchronization site</emphasis>, accepts change requests from clients; the lightweight
2513 Ubik process running there is the <emphasis>Ubik coordinator</emphasis>. To maintain maximum availability, there is a separate
2514 Ubik coordinator for each database, and the synchronization site for each of the four databases can be on a different machine.
2515 The synchronization site for a database can also move from machine to machine in response to process, machine, or network
2518 <para>The other copies of a database, and the Ubik processes that maintain them, are termed <emphasis>secondary</emphasis>.
2519 The secondary sites do not accept database changes directly from client-side programs, but only from the synchronization
2522 <para>After the Ubik coordinator records a change in its copy of a database, it immediately sends the change to the secondary
2523 sites. During the brief distribution period, clients cannot access any of the copies of the database, even for reading. If the
2524 coordinator cannot reach a majority of the secondary sites, it halts the distribution and informs the client that the
2525 attempted change failed.</para>
2527 <para>To avoid distribution failures, the Ubik processes maintain constant contact by exchanging time-stamped messages. As
2528 long as a majority of the secondary sites respond to the coordinator's messages, there is a <emphasis>quorum</emphasis> of
2529 sites that are synchronized with the coordinator. If a process, machine, or network outage breaks the quorum, the Ubik
2530 processes attempt to elect a new coordinator in order to establish a new quorum among the highest possible number of sites.
2531 See <link linkend="HDRWQ106">A Flexible Coordinator Boosts Availability</link>.</para>
2534 <primary>Ubik</primary>
2536 <secondary>requirements summarized</secondary>
2540 <primary>database server process</primary>
2542 <secondary>need to run all on every database server machine</secondary>
2546 <primary>CellServDB file (server)</primary>
2548 <secondary>importance to Ubik operation</secondary>
2551 <sect3 id="HDRWQ103">
2552 <title>Configuring the Cell for Proper Ubik Operation</title>
2554 <para>This section describes how to configure your cell to maintain proper Ubik operation. <itemizedlist>
2556 <para>Run all four database server processes--Authentication Server, Backup Server, Protection Server, and VL
2557 Server--on all database server machines.</para>
2559 <para>Both the client and server portions of Ubik expect that all the database server machines listed in the <emphasis
2560 role="bold">CellServDB</emphasis> file are running all of the database server processes. There is no mechanism for
2561 indicating that only some database server processes are running on a machine.</para>
2565 <para>Maintain correct information in the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file at all
2568 <para>Ubik consults the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file to determine the sites with
2569 which to establish and maintain a quorum. Incorrect information can result in unsynchronized databases or election of
2570 a coordinator in each of several subgroups of machines, because the Ubik processes on various machines do not agree on
2571 which machines need to participate in the quorum.</para>
2573 <para>If you run the United States version of AFS and use the Update Server, it is simplest to maintain the <emphasis
2574 role="bold">/usr/afs/etc/CellServDB</emphasis> file on the system control machine, which distributes its copy to all
2575 other server machines. The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to configure the Update Server.
2576 If you run the international version of AFS, you must update the file on each machine individually.</para>
2578 <para>The only reason to alter the file is when configuring or decommissioning a database server machine. Use the
2579 appropriate <emphasis role="bold">bos</emphasis> commands rather than editing the file by hand. For instructions, see
2580 <link linkend="HDRWQ118">Maintaining the Server CellServDB File</link>. The instructions in <link
2581 linkend="HDRWQ142">Monitoring and Controlling Server Processes</link> for stopping and starting processes remind you
2582 to alter the <emphasis role="bold">CellServDB</emphasis> file when appropriate, as do the instructions in the
2583 <emphasis>IBM AFS Quick Beginnings</emphasis> for installing or decommissioning a database server machine.</para>
2585 <para>(Client processes and the server processes that do not maintain databases also rely on correct information in
2586 the <emphasis role="bold">CellServDB</emphasis> file for proper operation, but their use of the information does not
2587 affect Ubik's operation. See <link linkend="HDRWQ118">Maintaining the Server CellServDB File</link> and <link
2588 linkend="HDRWQ406">Maintaining Knowledge of Database Server Machines</link>.)</para>
2591 <primary>clocks</primary>
2593 <secondary>need to synchronize for Ubik</secondary>
2598 <para>Keep the clocks synchronized on all machines in the cell, especially the database server machines.</para>
2600 <para>In the conventional configuration specified in the <emphasis>IBM AFS Quick Beginnings</emphasis>, you run the
2601 <emphasis role="bold">runntp</emphasis> process to supervise the local Network Time Protocol Daemon (NTPD) on every
2602 AFS server machine. The NTPD on the system control machine synchronizes its clock with a reliable source outside the
2603 cell and broadcasts the time to the NTPDs on the other server machines. You can choose to run a different time
2604 synchronization protocol if you wish.</para>
2606 <para>Keeping clocks synchronized is important because the Ubik processes at a database's sites timestamp the messages
2607 which they exchange to maintain constant contact. Timestamping the messages is necessary because in a networked
2608 environment it is not safe to assume that a message reaches its destination instantly. Ubik compares the timestamp on
2609 an incoming message with the current time. If the difference is too great, it is possible that an outage is preventing
2610 reliable communication between the Ubik sites, which can possibly result in unsynchronized databases. Ubik considers
2611 the message invalid, which can prompt it to attempt election of a different coordinator.</para>
2613 <para>Electing a new coordinator is appropriate if a timestamped message is expired due to actual interruption of
2614 communication, but not if a message appears expired only because the sender and recipient do not share the same time.
2615 For detailed examples of how unsynchronized clocks can destabilize Ubik operation, see <link linkend="HDRWQ105">How
2616 Ubik Uses Timestamped Messages</link>.</para>
2618 </itemizedlist></para>
2621 <primary>Ubik</primary>
2623 <secondary>features summarized</secondary>
2627 <primary>process</primary>
2629 <secondary>lightweight Ubik</secondary>
2633 <primary>Ubik</primary>
2635 <secondary>server and client portions</secondary>
2639 <sect3 id="HDRWQ104">
2640 <title>How Ubik Operates Automatically</title>
2642 <para>The following Ubik features help keep its maintenance requirements to a minimum: <itemizedlist>
2644 <para>Ubik's server and client portions operate automatically.</para>
2646 <para>Each database server process runs a lightweight process to call on the server portion of the Ubik library. It is
2647 common to refer to this lightweight process itself as Ubik. Because it is lightweight, the Ubik process does not
2648 appear in process listings such as those generated by the UNIX <emphasis role="bold">ps</emphasis> command.
2649 Client-side programs that need to read and change the databases directly call the subroutines in the Ubik library's
2650 client portion, rather than running a separate lightweight process. Examples of such programs are the <emphasis
2651 role="bold">klog</emphasis> command and the commands in the <emphasis role="bold">pts</emphasis> suite.</para>
2655 <para>Ubik tracks database version numbers.</para>
2657 <para>As the coordinator records a change to a database, it increments the database's version number. The version
2658 number makes it easy for the coordinator to determine if a site has the most recent version or not. The version number
2659 speeds the return to normal functioning after election of a new coordinator or when communication is restored after an
2660 outage, because it makes it easy to determine which site has the most current database and which need to be
2665 <para>Ubik's use of timestamped messages guarantees that database copies are always synchronized during normal
2668 <para>Replicating a database to increase data availability is pointless if all copies of the database are not the
2669 same. Inconsistent performance can result if clients receive different information depending on which copy of the
2670 database they access. As previously noted, Ubik sites constantly track the status of their peers by exchanging
2671 timestamped messages. For a detailed description, see <link linkend="HDRWQ105">How Ubik Uses Timestamped
2672 Messages</link>.</para>
2676 <para>The ability to move the coordinator maximizes database availability.</para>
2678 <para>Suppose, for example, that in a cell with three database server machines a network partition separates the two
2679 secondary sites from the coordinator. The coordinator retires because it is no longer in contact with a majority of
2680 the sites listed in the <emphasis role="bold">CellServDB</emphasis> file. The two sites on the other side of the
2681 partition can elect a new coordinator among themselves, and it can then accept database changes from clients. If the
2682 coordinator cannot move in this way, the database has to be read-only until the network partition is repaired. For a
2683 detailed description of Ubik's election procedure, see <link linkend="HDRWQ106">A Flexible Coordinator Boosts
2684 Availability</link>.</para>
2686 </itemizedlist></para>
2689 <primary>consistency guarantees</primary>
2691 <secondary>administrative databases</secondary>
2695 <primary>Ubik</primary>
2697 <secondary>consistency guarantees</secondary>
2700 <sect4 id="HDRWQ105">
2701 <title>How Ubik Uses Timestamped Messages</title>
2703 <para>Ubik synchronizes the copies of a database by maintaining constant contact between the synchronization site and the
2704 secondary sites. The Ubik coordinator frequently sends a time-stamped <emphasis>guarantee</emphasis> message to each of
2705 the secondary sites. When the secondary site receives the message, it concludes that it is in contact with the
2706 coordinator. It considers its copy of the database to be valid until time <emphasis>T</emphasis>, which is usually 60
2707 seconds from the time the coordinator sent the message. In response, the secondary site returns a
2708 <emphasis>vote</emphasis> message that acknowledges the coordinator as valid until a certain time X, which is usually 120
2709 seconds in the future.</para>
2711 <para>The coordinator sends guarantee messages more frequently than every <emphasis>T</emphasis> seconds, so that the
2712 expiration periods overlap. There is no danger of expiration unless a network partition or other outage actually
2713 interrupts communication. If the guarantee expires, the secondary site's copy of the database it not necessarily current.
2714 Nonetheless, the database server continues to service client requests. It is considered better for overall cell
2715 functioning that a secondary site remains accessible even if the information it is distributing is possibly out of date.
2716 Most of the AFS administrative databases do not change that frequently, in any case, and making a database inaccessible
2717 causes a timeout for clients that happen to access that copy.</para>
2719 <para>As previously mentioned, Ubik's use of timestamped messages makes it vital to synchronize the clocks on database
2720 server machines. There are two ways that skewed clocks can interrupt normal Ubik functioning, depending on which clock is
2721 ahead of the others.</para>
2723 <para>Suppose, for example, that the Ubik coordinator's clock is ahead of the secondary sites: the coordinator's clock
2724 says 9:35:30, but the secondary clocks say 9:31:30. The secondary sites send votes messages that acknowledge the
2725 coordinator as valid until 9:33:30. This is two minutes in the future according to the secondary clocks, but is already in
2726 the past from the coordinator's perspective. The coordinator concludes that it no longer has enough support to remain
2727 coordinator and forces election of a new coordinator. Election takes about three minutes, during which time no copy of the
2728 database accepts changes.</para>
2730 <para>The opposite possibility is that a secondary site's clock (14:50:00) is ahead of the coordinator's (14:46:30). When
2731 the coordinator sends a guarantee message good until 14:47:30), it has already expired according to the secondary clock.
2732 Believing that it is out of contact with the coordinator, the secondary site stops sending votes for the coordinator and
2733 tries get itself elected as coordinator. This is appropriate if the coordinator has actually failed, but is inappropriate
2734 when there is no actual outage.</para>
2736 <para>The attempt of a single secondary site to get elected as the new coordinator usually does not affect the performance
2737 of the other sites. As long as their clocks agree with the coordinator's, they ignore the other secondary site's request
2738 for votes and continue voting for the current coordinator. However, if enough of the secondary sites's clocks get ahead of
2739 the coordinator's, they can force election of a new coordinator even though the current one is actually working
2743 <primary>Ubik</primary>
2745 <secondary>election of coordinator</secondary>
2749 <primary>coordinator (Ubik)</primary>
2751 <secondary>election procedure described</secondary>
2755 <primary>election of Ubik coordinator</primary>
2759 <primary>flexible synchronization site (Ubik)</primary>
2763 <primary>synchronization site (Ubik)</primary>
2765 <secondary>flexibility</secondary>
2769 <primary>Ubik</primary>
2771 <secondary>majority defined</secondary>
2775 <primary>majority</primary>
2777 <secondary>defined for Ubik</secondary>
2781 <primary>outages</primary>
2783 <secondary>due to Ubik election</secondary>
2787 <primary>system outages</primary>
2789 <secondary>due to Ubik election</secondary>
2793 <sect4 id="HDRWQ106">
2794 <title>A Flexible Coordinator Boosts Availability</title>
2796 <para>Ubik uses timestamped messages to determine when coordinator election is necessary, just as it does to keep the
2797 database copies synchronized. As long as the coordinator receives vote messages from a majority of the sites (it
2798 implicitly votes for itself), it is appropriate for it to continue as coordinator because it is successfully distributing
2799 database changes. A majority is defined as more than 50% of all database sites when there are an odd number of sites; with
2800 an even number of sites, the site with the lowest Internet address has an extra vote for breaking ties as necessary.If the
2801 coordinator is not receiving sufficient votes, it retires and the Ubik sites elect a new coordinator. This does not happen
2802 spontaneously, but only when the coordinator really fails or stops receiving a majority of the votes. The secondary sites
2803 have a built-in bias to continue voting for an existing coordinator, which prevents undue elections.</para>
2805 <para>The election of the new coordinator is by majority vote. The Ubik subprocesses have a bias to vote for the site with
2806 the lowest Internet address, which helps it gather the necessary majority quicker than if all the sites were competing to
2807 receive votes themselves. During the election (which normally lasts less than three minutes), clients can read information
2808 from the database, but cannot make any changes.</para>
2810 <para>Ubik's election procedure makes it possible for each database server process's coordinator to be on a different
2811 machine. For example, if the Ubik coordinators for all four processes start out on machine A and the Protection Server on
2812 machine A fails for some reason, then a different site (say machine B) must be elected as the new Protection Database Ubik
2813 coordinator. Machine B remains the coordinator for the Protection Database even after the Protection Server on machine A
2814 is working again. The failure of the Protection Server has no effect on the Authentication, Backup, or VL Servers, so
2815 their coordinators remain on machine A.</para>
2820 <sect2 id="HDRWQ107">
2821 <title>Backing Up and Restoring the Administrative Databases</title>
2823 <para>The AFS administrative databases store information that is critical for AFS operation in your cell. If a database
2824 becomes corrupted due to a hardware failure or other problem on a database server machine, it likely to be difficult and
2825 time-consuming to recreate all of the information from scratch. To protect yourself against loss of data, back up the
2826 administrative databases to a permanent media, such as tape, on a regular basis. The recommended method is to use a standard
2827 local disk backup utility such as the UNIX <emphasis role="bold">tar</emphasis> command.</para>
2829 <para>When deciding how often to back up a database, consider the amount of data that you are willing to recreate by hand if
2830 it becomes necessary to restore the database from a backup copy. In most cells, the databases differ quite a bit in how often
2831 and how much they change. Changes to the Authentication Database are probably the least frequent, and consist mostly of
2832 changed user passwords. Protection Database and VLDB changes are probably more frequent, as users add or delete groups and
2833 change group memberships, and as you and other administrators create or move volumes. The number and frequency of changes is
2834 probably greatest in the Backup Database, particularly if you perform backups every day.</para>
2836 <para>The ease with which you can recapture lost changes also differs for the different databases: <itemizedlist>
2838 <para>If regular users make a large proportion of the changes to the Authentication Database and Protection Database in
2839 your cell, then recovering them possibly requires a large amount of detective work and interviewing of users, assuming
2840 that they can even remember what changes they made at what time.</para>
2844 <para>Recovering lost changes to the VLDB is more straightforward, because you can use the <emphasis role="bold">vos
2845 syncserv</emphasis> and <emphasis role="bold">vos syncvldb</emphasis> commands to correct any discrepancies between the
2846 VLDB and the actual state of volumes on server machines. Running these commands can be time-consuming, however.</para>
2850 <para>The configuration information in the Backup Database (Tape Coordinator port offsets, volume sets and entries, the
2851 dump hierarchy, and so on) probably does not change that often, in which case it is not that hard to recover a few
2852 recent changes. In contrast, there are likely to be a large number of new dump records resulting from dump operations.
2853 You can recover these records by using the <emphasis role="bold">-dbadd</emphasis> argument to the <emphasis
2854 role="bold">backup scantape</emphasis> command, reading in information from the backup tapes themselves. This can take a
2855 long time and require numerous tape changes, however, depending on how much data you back up in your cell and how you
2856 append dumps. Furthermore, the <emphasis role="bold">backup scantape</emphasis> command is subject to several
2857 restrictions. The most basic is that it halts if it finds that an existing dump record in the database has the same dump
2858 ID number as a dump on the tape it is scanning. If you want to continue with the scanning operation, you must locate and
2859 remove the existing record from the database. For further discussion, see the <emphasis role="bold">backup
2860 scantape</emphasis> command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
2862 </itemizedlist></para>
2864 <para>These differences between the databases possibly suggest backing up the database at different frequencies, ranging from
2865 every few days or weekly for the Backup Database to every few weeks for the Authentication Database. On the other hand, it is
2866 probably simpler from a logistical standpoint to back them all up at the same time (and frequently), particularly if tape
2867 consumption is not a major concern. Also, it is not generally necessary to keep backup copies of the databases for a long
2868 time, so you can recycle the tapes fairly frequently.</para>
2871 <primary>administrative database</primary>
2873 <secondary>backing up</secondary>
2877 <primary>backing up</primary>
2879 <secondary>administrative databases</secondary>
2883 <sect2 id="HDRWQ108">
2884 <title>To back up the administrative databases</title>
2888 <para>Log in as the local superuser <emphasis role="bold">root</emphasis> on a database server machine that is not the
2889 synchronization site. The machine with the highest IP address is normally the best choice, since it is least likely to
2890 become the synchronization site in an election.</para>
2894 <para><anchor id="LIDBBK_SHUTDOWN" />Issue the <emphasis role="bold">bos shutdown</emphasis> command to shut down the
2895 relevant server process on the local machine. For a complete description of the command, see <link linkend="HDRWQ168">To
2896 stop processes temporarily</link>.</para>
2898 <para>For the <emphasis role="bold">-instance</emphasis> argument, specify one or more database server process names
2899 (<emphasis role="bold">buserver</emphasis> for the Backup Server, <emphasis role="bold">kaserver</emphasis> for the
2900 Authentication Server, <emphasis role="bold">ptserver</emphasis> for the Protection Server, or <emphasis
2901 role="bold">vlserver</emphasis> for the Volume Location Server. Include the <emphasis role="bold">-localauth</emphasis>
2902 flag because you are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have
2903 administrative tokens.</para>
2906 # <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-instance</emphasis> <<replaceable>instances</replaceable>>+ <emphasis
2907 role="bold">-localauth</emphasis> [<emphasis role="bold">-wait</emphasis>]
2912 <para>Use a local disk backup utility, such as the UNIX <emphasis role="bold">tar</emphasis> command, to transfer one or
2913 more database files to tape. If the local database server machine does not have a tape device attached, use a remote copy
2914 command to transfer the file to a machine with a tape device, then use the <emphasis role="bold">tar</emphasis> command
2917 <para>The following command sequence backs up the complete contents of the <emphasis role="bold">/usr/afs/db</emphasis>
2921 # <emphasis role="bold">cd /usr/afs/db</emphasis>
2922 # <emphasis role="bold">tar cvf</emphasis> tape_device <emphasis role="bold">.</emphasis>
2925 <para>To back up individual database files, substitute their names for the period in the preceding <emphasis
2926 role="bold">tar</emphasis> command: <itemizedlist>
2928 <para><emphasis role="bold">bdb.DB0</emphasis> for the Backup Database</para>
2932 <para><emphasis role="bold">kaserver.DB0</emphasis> for the Authentication Database</para>
2936 <para><emphasis role="bold">prdb.DB0</emphasis> for the Protection Database</para>
2940 <para><emphasis role="bold">vldb.DB0</emphasis> for the VLDB</para>
2942 </itemizedlist></para>
2946 <para>Issue the <emphasis role="bold">bos start</emphasis> command to restart the server processes on the local machine.
2947 For a complete description of the command, see <link linkend="HDRWQ166">To start processes by changing their status flags
2948 to Run</link>. Provide the same values for the <emphasis role="bold">-instance</emphasis> argument as in Step <link
2949 linkend="LIDBBK_SHUTDOWN">2</link>, and the <emphasis role="bold">-localauth</emphasis> flag for the same reason.
2951 # <emphasis role="bold">bos start</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-instance</emphasis> <<replaceable>server process name</replaceable>>+ <emphasis
2952 role="bold">-localauth</emphasis>
2953 </programlisting></para>
2958 <primary>administrative database</primary>
2960 <secondary>restoring</secondary>
2964 <primary>restoring</primary>
2966 <secondary>administrative databases</secondary>
2970 <sect2 id="HDRWQ109">
2971 <title>To restore an administrative database</title>
2975 <para>Log in as the local superuser <emphasis role="bold">root</emphasis> on each database server machine in the
2980 <para><anchor id="LIDBREST_SHUTDOWN" />Working on one of the machines, issue the <emphasis role="bold">bos
2981 shutdown</emphasis> command once for each database server machine, to shut down the relevant server process on all of
2982 them. For a complete description of the command, see <link linkend="HDRWQ168">To stop processes temporarily</link>.</para>
2984 <para>For the <emphasis role="bold">-instance</emphasis> argument, specify one or more database server process names
2985 (<emphasis role="bold">buserver</emphasis> for the Backup Server, <emphasis role="bold">kaserver</emphasis> for the
2986 Authentication Server, <emphasis role="bold">ptserver</emphasis> for the Protection Server, or <emphasis
2987 role="bold">vlserver</emphasis> for the Volume Location Server. Include the <emphasis role="bold">-localauth</emphasis>
2988 flag because you are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have
2989 administrative tokens.</para>
2992 # <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-instance</emphasis> <<replaceable>instances</replaceable>>+ <emphasis
2993 role="bold">-localauth</emphasis> [<emphasis role="bold">-wait</emphasis>]
2998 <para>Remove the database from each database server machine, by issuing the following commands on each one.
3000 # <emphasis role="bold">cd /usr/afs/db</emphasis>
3001 </programlisting></para>
3003 <para>For the Backup Database:</para>
3006 # <emphasis role="bold">rm bdb.DB0</emphasis>
3007 # <emphasis role="bold">rm bdb.DBSYS1</emphasis>
3010 <para>For the Authentication Database:</para>
3013 # <emphasis role="bold">rm kaserver.DB0</emphasis>
3014 # <emphasis role="bold">rm kaserver.DBSYS1</emphasis>
3017 <para>For the Protection Database:</para>
3020 # <emphasis role="bold">rm prdb.DB0</emphasis>
3021 # <emphasis role="bold">rm prdb.DBSYS1</emphasis>
3024 <para>For the VLDB:</para>
3027 # <emphasis role="bold">rm vldb.DB0</emphasis>
3028 # <emphasis role="bold">rm vldb.DBSYS1</emphasis>
3033 <para>Using the local disk backup utility that you used to back up the database, copy the most recently backed-up version
3034 of it to the appropriate file on the database server machine with the lowest IP address. The following is an appropriate
3035 <emphasis role="bold">tar</emphasis> command if the synchronization site has a tape device attached: <programlisting>
3036 # <emphasis role="bold">cd /usr/afs/db</emphasis>
3037 # <emphasis role="bold">tar xvf</emphasis> tape_device database_file
3038 </programlisting></para>
3040 <para>where <emphasis>database_file</emphasis> is one of the following: <itemizedlist>
3042 <para><emphasis role="bold">bdb.DB0</emphasis> for the Backup Database</para>
3046 <para><emphasis role="bold">kaserver.DB0</emphasis> for the Authentication Database</para>
3050 <para><emphasis role="bold">prdb.DB0</emphasis> for the Protection Database</para>
3054 <para><emphasis role="bold">vldb.DB0</emphasis> for the VLDB</para>
3056 </itemizedlist></para>
3060 <para>Working on one of the machines, issue the <emphasis role="bold">bos start</emphasis> command to restart the server
3061 process on each of the database server machines in turn. Start with the machine with the lowest IP address, which becomes
3062 the synchronization site for the Backup Database. Wait for it to establish itself as the synchronization site before
3063 repeating the command to restart the process on the other database server machines. For a complete description of the
3064 command, see <link linkend="HDRWQ166">To start processes by changing their status flags to Run</link>. Provide the same
3065 values for the <emphasis role="bold">-instance</emphasis> argument as in Step <link linkend="LIDBREST_SHUTDOWN">2</link>,
3066 and the <emphasis role="bold">-localauth</emphasis> flag for the same reason. <programlisting>
3067 # <emphasis role="bold">bos start</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-instance</emphasis> <<replaceable>server process name</replaceable>>+ <emphasis
3068 role="bold">-localauth</emphasis>
3069 </programlisting></para>
3073 <para>If the database has changed since you last backed it up, issue the appropriate commands from the instructions in the
3074 indicated sections to recreate the information in the restored database. If issuing <emphasis role="bold">pts</emphasis>
3075 commands, you must first obtain administrative tokens. The <emphasis role="bold">backup</emphasis> and <emphasis
3076 role="bold">vos</emphasis> commands accept the <emphasis role="bold">-localauth</emphasis> flag if you are logged in as
3077 the local superuser <emphasis role="bold">root</emphasis>, so you do not need administrative tokens. The Authentication
3078 Server always performs a separate authentication anyway, so you only need to include the <emphasis
3079 role="bold">-admin</emphasis> argument if issuing <emphasis role="bold">kas</emphasis> commands. <itemizedlist>
3081 <para>To define or remove volume sets and volume entries in the Backup Database, see <link
3082 linkend="HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</link>.</para>
3086 <para>To edit the dump hierarchy in the Backup Database, see <link linkend="HDRWQ267">Defining and Displaying the
3087 Dump Hierarchy</link>.</para>
3091 <para>To define or remove Tape Coordinator port offset entries in the Backup Database, see <link
3092 linkend="HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</link>.</para>
3096 <para>To restore dump records in the Backup Database, see <link linkend="HDRWQ305">To scan the contents of a
3101 <para>To recreate Authentication Database entries or password changes for users, see the appropriate section of
3102 <link linkend="HDRWQ491">Administering User Accounts</link>.</para>
3106 <para>To recreate Protection Database entries or group membership information, see the appropriate section of <link
3107 linkend="HDRWQ531">Administering the Protection Database</link>.</para>
3111 <para>To synchronize the VLDB with volume headers, see <link linkend="HDRWQ227">Synchronizing the VLDB and Volume
3112 Headers</link>.</para>
3114 </itemizedlist></para>
3119 <primary>installing</primary>
3121 <secondary>server process binaries, about</secondary>
3125 <primary>server process binaries</primary>
3127 <secondary>installing</secondary>
3131 <primary>BOS Server</primary>
3133 <secondary>maintainer of server process binaries</secondary>
3137 <primary>server process</primary>
3139 <secondary>binaries</secondary>
3141 <see>server process binaries</see>
3145 <primary>directories (server)</primary>
3147 <secondary>/usr/afs/bin</secondary>
3151 <primary>server machine</primary>
3153 <secondary>need for consistent version of software</secondary>
3158 <sect1 id="HDRWQ110">
3159 <title>Installing Server Process Software</title>
3161 <para>This section explains how to install new server process binaries on file server machines, how to revert to a previous
3162 version if the current version is not working properly, and how to install new disks to house AFS volumes on a file server
3165 <para>The most frequent reason to replace a server process's binaries is to upgrade AFS to a new version. In general,
3166 installation instructions accompany the updated software, but this chapter provides an additional reference.</para>
3168 <para>Each AFS server machine must store the server process binaries in a local disk directory, called <emphasis
3169 role="bold">/usr/afs/bin</emphasis> by convention. For predictable system performance, it is best that all server machines run
3170 the same build level, or at least the same version, of the server software. For instructions on checking AFS build level, see
3171 <link linkend="HDRWQ117">Displaying A Binary File's Build Level</link>.</para>
3173 <para>The Update Server makes it easy to distribute a consistent version of software to all server machines. You designate one
3174 server machine of each system type as the <emphasis>binary distribution machine</emphasis> by running the server portion of the
3175 Update Server (<emphasis role="bold">upserver</emphasis> process) on it. All other server machines of that system type run the
3176 client portion of the Update Server (<emphasis role="bold">upclientbin</emphasis> process) to retrieve updated software from the
3177 binary distribution machine. The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to install the appropriate
3178 processes. For more on binary distribution machines, see <link linkend="HDRWQ93">Binary Distribution Machines</link>.</para>
3180 <para>When you use the Update Server, you install new binaries on binary distribution machines only. If you install binaries
3181 directly on a machine that is running the <emphasis role="bold">upclientbin</emphasis> process, they are overwritten the next
3182 time the process compares the contents of the local <emphasis role="bold">/usr/afs/bin</emphasis> directory to the contents on
3183 the system control machine, by default within five minutes.</para>
3185 <para>The following instructions explain how to use the appropriate commands from the <emphasis role="bold">bos</emphasis> suite
3186 to install and uninstall server binaries.</para>
3189 <primary>installing</primary>
3191 <secondary>server binaries</secondary>
3195 <primary>server process binaries</primary>
3197 <secondary>installing</secondary>
3201 <primary>command suite</primary>
3203 <secondary>binaries</secondary>
3205 <tertiary>installing</tertiary>
3209 <primary>file server machine</primary>
3211 <secondary>installing command and process binaries</secondary>
3215 <primary>server process</primary>
3217 <secondary>restarting for changed binaries</secondary>
3220 <sect2 id="HDRWQ111">
3221 <title>Installing New Binaries</title>
3223 <para>An AFS server process does not automatically switch to a new process binary file as soon as it is installed in the
3224 <emphasis role="bold">/usr/afs/bin</emphasis> directory. The process continues to use the previous version of the binary file
3225 until it (the process) next restarts. By default, the BOS Server restarts processes for which there are new binary files every
3226 day at 5:00 a.m., as specified in the <emphasis role="bold">/usr/afs/local/BosConfig</emphasis> file. To display or change
3227 this <emphasis>binary restart time</emphasis>, use the <emphasis role="bold">bos getrestart</emphasis> and <emphasis
3228 role="bold">bos setrestart</emphasis> commands, as described in <link linkend="HDRWQ171">Setting the BOS Server's Restart
3229 Times</link>.</para>
3231 <para>You can force the server machine to start using new server process binaries immediately by issuing the <emphasis
3232 role="bold">bos restart</emphasis> command as described in the following instructions.</para>
3234 <para>You do not need to restart processes when you install new command suite binaries. The new binary is invoked
3235 automatically the next time a command from the suite is issued.</para>
3238 <primary>file extension</primary>
3240 <secondary>.BAK</secondary>
3244 <primary>file extension</primary>
3246 <secondary>.OLD</secondary>
3250 <primary>BAK version of binary file</primary>
3252 <secondary>created by bos install command</secondary>
3256 <primary>OLD version of binary file</primary>
3258 <secondary>created by bos install command</secondary>
3262 <primary>saving</primary>
3264 <secondary>previous version of server binaries</secondary>
3267 <para>When you use the <emphasis role="bold">bos install</emphasis> command, the BOS Server automatically saves the current
3268 version of a binary file by adding a <emphasis role="bold">.BAK</emphasis> extension to its name. It renames the current
3269 <emphasis role="bold">.BAK</emphasis> version, if any, to the <emphasis role="bold">.OLD</emphasis> version, if there is no
3270 <emphasis role="bold">.OLD</emphasis> version already. If there is a current <emphasis role="bold">.OLD</emphasis> version,
3271 the current <emphasis role="bold">.BAK</emphasis> version must be at least seven days old to replace it.</para>
3273 <para>It is best to store AFS binaries in the <emphasis role="bold">/usr/afs/bin</emphasis> directory, because that is the
3274 only directory the BOS Server automatically checks for new binaries. You can, however, use the <emphasis role="bold">bos
3275 install</emphasis> command's <emphasis role="bold">-dir</emphasis> argument to install non-AFS binaries into other directories
3276 on a server machine's local disk. See the command's reference page in the <emphasis>IBM AFS Administration
3277 Reference</emphasis> for further information.</para>
3280 <primary>bos commands</primary>
3282 <secondary>install</secondary>
3286 <primary>commands</primary>
3288 <secondary>bos install</secondary>
3292 <sect2 id="Header_130">
3293 <title>To install new server binaries</title>
3297 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
3298 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
3299 display the users in the UserList file</link>. <programlisting>
3300 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
3301 </programlisting></para>
3305 <para>Verify that the binaries are available in the source directory from which you are installing them. If the machine is
3306 also an AFS client, you can retrieve the binaries from a central directory in AFS. Otherwise, you can obtain them directly
3307 from the AFS distribution media, from a local disk directory where you previously installed them, or from a remote machine
3308 using a transfer utility such as the <emphasis role="bold">ftp</emphasis> command.</para>
3312 <para><anchor id="LIWQ112" />Issue the <emphasis role="bold">bos install</emphasis> command for the binary distribution
3313 machine. (If you have forgotten which machine is performing that role, see <link linkend="HDRWQ97">To locate the binary
3314 distribution machine for a system type</link>.) <programlisting>
3315 % <emphasis role="bold">bos install</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>files to install</replaceable>>+
3316 </programlisting></para>
3318 <para>where <variablelist>
3320 <term><emphasis role="bold">i</emphasis></term>
3323 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">install</emphasis>.</para>
3328 <term><emphasis role="bold">machine name</emphasis></term>
3331 <para>Names the binary distribution machine.</para>
3336 <term><emphasis role="bold">files to install</emphasis></term>
3339 <para>Names each binary file to install into the local <emphasis role="bold">/usr/afs/bin</emphasis> directory.
3340 Partial pathnames are interpreted relative to the current working directory. The last element in each pathname
3341 (the filename itself) matches the name of the file it is replacing, such as <emphasis
3342 role="bold">bosserver</emphasis> or <emphasis role="bold">volserver</emphasis> for server processes, <emphasis
3343 role="bold">bos</emphasis> or <emphasis role="bold">vos</emphasis> for commands.</para>
3345 <para>Each AFS server process other than the <emphasis role="bold">fs</emphasis> process uses a single binary
3346 file. The <emphasis role="bold">fs</emphasis> process uses three binary files: <emphasis
3347 role="bold">fileserver</emphasis>, <emphasis role="bold">volserver</emphasis>, and <emphasis
3348 role="bold">salvager</emphasis>. Installing a new version of one component does not necessarily mean that you need
3349 to replace all three.</para>
3352 </variablelist></para>
3356 <para>Repeat Step <link linkend="LIWQ112">3</link> for each binary distribution machine.</para>
3360 <para><emphasis role="bold">(Optional)</emphasis> If you want to restart processes to use the new binaries immediately,
3361 wait until the <emphasis role="bold">upclientbin</emphasis> process retrieves them from the binary distribution machine.
3362 You can verify the timestamps on binary files by using the <emphasis role="bold">bos getdate</emphasis> command as
3363 described in <link linkend="HDRWQ115">Displaying Binary Version Dates</link>. When the binary files are available on each
3364 server machine, issue the <emphasis role="bold">bos restart</emphasis> command, for which complete instructions appear in
3365 <link linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.</para>
3367 <para>If you are working on an AFS client machine, it is a wise precaution to have a copy of the <emphasis
3368 role="bold">bos</emphasis> command suite binaries on the local disk before restarting server processes. In the
3369 conventional configuration, the <emphasis role="bold">/usr/afsws/bin</emphasis> directory that houses the <emphasis
3370 role="bold">bos</emphasis> command binary on client machines is a symbolic link into AFS, which conserves local disk
3371 space. However, restarting certain processes (particularly the database server processes) can make the AFS filespace
3372 inaccessible, particularly if a problem arises during the restart. Having a local copy of the <emphasis
3373 role="bold">bos</emphasis> binary enables you to uninstall or reinstall process binaries or restart processes even in this
3374 case. Use the <emphasis role="bold">cp</emphasis> command to copy the <emphasis role="bold">bos</emphasis> command binary
3375 from the <emphasis role="bold">/usr/afsws/bin</emphasis> directory to a local directory such as <emphasis
3376 role="bold">/tmp</emphasis>.</para>
3378 <para>Restarting a process causes a service outage. It is best to perform the restart at times of low system usage if
3382 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>instances</replaceable>>+
3388 <primary>uninstalling</primary>
3390 <secondary>server process and command suite binaries</secondary>
3394 <primary>reverting</primary>
3396 <secondary>to old version of server process and command binaries</secondary>
3400 <primary>server process binaries</primary>
3402 <secondary>uninstalling</secondary>
3406 <primary>server process binaries</primary>
3408 <secondary>reverting to old version</secondary>
3412 <primary>command suite</primary>
3414 <secondary>binaries</secondary>
3416 <tertiary>uninstalling</tertiary>
3420 <primary>server machine</primary>
3422 <secondary>uninstalling command & process binaries</secondary>
3426 <primary>BAK version of binary file</primary>
3428 <secondary>used by bos uninstall command</secondary>
3432 <primary>OLD version of binary file</primary>
3434 <secondary>used by bos uninstall command</secondary>
3438 <sect2 id="HDRWQ113">
3439 <title>Reverting to the Previous Version of Binaries</title>
3441 <para>In rare cases, installing a new binary can cause problems serious enough to require reverting to the previous version.
3442 Just as with installing binaries, consistent system performance requires reverting every server machine back to the same
3443 version. Issue the <emphasis role="bold">bos uninstall</emphasis> command described here on each binary distribution
3446 <para>When you use the <emphasis role="bold">bos uninstall</emphasis> command, the BOS Server discards the current version of
3447 a binary file and promotes the <emphasis role="bold">.BAK</emphasis> version of the file by removing the extension. It renames
3448 the current <emphasis role="bold">.OLD</emphasis> version, if any, to <emphasis role="bold">.BAK</emphasis>.</para>
3450 <para>If there is no current <emphasis role="bold">.BAK</emphasis> version, the <emphasis role="bold">bos uninstall</emphasis>
3451 command operation fails and generates an error message. If a <emphasis role="bold">.OLD</emphasis> version still exists, issue
3452 the <emphasis role="bold">mv</emphasis> command to rename it to <emphasis role="bold">.BAK</emphasis> before reissuing the
3453 <emphasis role="bold">bos uninstall</emphasis> command.</para>
3455 <para>Just as when you install new binaries, the server processes do not start using a reverted version immediately.
3456 Presumably you are reverting because the current binaries do not work, so the following instructions have you restart the
3457 relevant processes.</para>
3460 <primary>bos commands</primary>
3462 <secondary>uninstall</secondary>
3466 <primary>commands</primary>
3468 <secondary>bos install</secondary>
3472 <sect2 id="Header_132">
3473 <title>To revert to the previous version of binaries</title>
3477 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
3478 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
3479 display the users in the UserList file</link>. <programlisting>
3480 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
3481 </programlisting></para>
3485 <para>Verify that the <emphasis role="bold">.BAK</emphasis> version of each relevant binary is available in the <emphasis
3486 role="bold">/usr/afs/bin</emphasis> directory on each binary distribution machine. If necessary, you can use the <emphasis
3487 role="bold">bos getdate</emphasis> command as described in <link linkend="HDRWQ115">Displaying Binary Version
3488 Dates</link>. If necessary, rename the <emphasis role="bold">.OLD</emphasis> version to <emphasis
3489 role="bold">.BAK</emphasis></para>
3493 <para><anchor id="LIWQ114" />Issue the <emphasis role="bold">bos uninstall</emphasis> command for a binary distribution
3494 machine. (If you have forgotten which machine is performing that role, see <link linkend="HDRWQ97">To locate the binary
3495 distribution machine for a system type</link>.) <programlisting>
3496 % <emphasis role="bold">bos uninstall</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>files to uninstall</replaceable>>+
3497 </programlisting></para>
3499 <para>where <variablelist>
3501 <term><emphasis role="bold">u</emphasis></term>
3504 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">uninstall</emphasis>.</para>
3509 <term><emphasis role="bold">machine name</emphasis></term>
3512 <para>Names the binary distribution machine.</para>
3517 <term><emphasis role="bold">files to uninstall</emphasis></term>
3520 <para>Names each binary file in the <emphasis role="bold">/usr/afs/bin</emphasis> directory to replace with its
3521 <emphasis role="bold">.BAK</emphasis> version. The file name alone is sufficient, because the <emphasis
3522 role="bold">/usr/afs/bin</emphasis> directory is assumed.</para>
3525 </variablelist></para>
3529 <para>Repeat Step <link linkend="LIWQ114">3</link> for each binary distribution machine.</para>
3533 <para>Wait until the <emphasis role="bold">upclientbin</emphasis> process on each server machine retrieves the reverted
3534 from the binary distribution machine. You can verify the timestamps on binary files by using the <emphasis role="bold">bos
3535 getdate</emphasis> command as described in <link linkend="HDRWQ115">Displaying Binary Version Dates</link>. When the
3536 binary files are available on each server machine, issue the <emphasis role="bold">bos restart</emphasis> command, for
3537 which complete instructions appear in <link linkend="HDRWQ170">Stopping and Immediately Restarting
3538 Processes</link>.</para>
3540 <para>If you are working on an AFS client machine, it is a wise precaution to have a copy of the <emphasis
3541 role="bold">bos</emphasis> command suite binaries on the local disk before restarting server processes. In the
3542 conventional configuration, the <emphasis role="bold">/usr/afsws/bin</emphasis> directory that houses the <emphasis
3543 role="bold">bos</emphasis> command binary on client machines is a symbolic link into AFS, which conserves local disk
3544 space. However, restarting certain processes (particularly the database server processes) can make the AFS filespace
3545 inaccessible, particularly if a problem arises during the restart. Having a local copy of the <emphasis
3546 role="bold">bos</emphasis> binary enables you to uninstall or reinstall process binaries or restart processes even in this
3547 case. Use the <emphasis role="bold">cp</emphasis> command to copy the <emphasis role="bold">bos</emphasis> command binary
3548 from the <emphasis role="bold">/usr/afsws/bin</emphasis> directory to a local directory such as <emphasis
3549 role="bold">/tmp</emphasis>.</para>
3552 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>instances</replaceable>>+
3558 <primary>server process binaries</primary>
3560 <secondary>displaying time stamp</secondary>
3564 <primary>command suite</primary>
3566 <secondary>binaries</secondary>
3568 <tertiary>displaying time stamp</tertiary>
3572 <primary>time stamp</primary>
3574 <secondary>on binary file, listing</secondary>
3578 <primary>date</primary>
3580 <secondary>on binary file, listing</secondary>
3584 <primary>compilation</primary>
3586 <secondary>date of, listing on binary file</secondary>
3590 <primary>displaying</primary>
3592 <secondary>time stamp on binary file</secondary>
3596 <sect2 id="HDRWQ115">
3597 <title>Displaying Binary Version Dates</title>
3599 <para>You can check the compilation dates for all three versions of a binary file in the <emphasis
3600 role="bold">/usr/afs/bin</emphasis> directory--the current, <emphasis role="bold">.BAK</emphasis> and .<emphasis
3601 role="bold">OLD</emphasis> versions. This is useful for verifying that new binaries have been copied to a file server machine
3602 from its binary distribution machine before restarting a server process to use the new binaries.</para>
3604 <para>To check dates on binaries in a directory other than <emphasis role="bold">/usr/afs/bin</emphasis>, add the <emphasis
3605 role="bold">-dir</emphasis> argument. See the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
3608 <primary>bos commands</primary>
3610 <secondary>getdate</secondary>
3614 <primary>commands</primary>
3616 <secondary>bos getdate</secondary>
3620 <sect2 id="Header_134">
3621 <title>To display binary version dates</title>
3625 <para>Issue the <emphasis role="bold">bos getdate</emphasis> command. <programlisting>
3626 % <emphasis role="bold">bos getdate</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>files to check</replaceable>>+
3627 </programlisting></para>
3629 <para>where <variablelist>
3631 <term><emphasis role="bold">getd</emphasis></term>
3634 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">getdate</emphasis>.</para>
3639 <term><emphasis role="bold">machine name</emphasis></term>
3642 <para>Name the file server machine for which to display binary dates.</para>
3647 <term><emphasis role="bold">files to check</emphasis></term>
3650 <para>Names each binary file to display.</para>
3653 </variablelist></para>
3658 <primary>BAK version of binary file</primary>
3660 <secondary>removing obsolete</secondary>
3664 <primary>OLD version of binary file</primary>
3666 <secondary>removing obsolete</secondary>
3670 <primary>removing</primary>
3672 <secondary>obsolete .BAK and .OLD version of binaries</secondary>
3676 <primary>server process binaries</primary>
3678 <secondary>removing obsolete</secondary>
3682 <primary>command suite</primary>
3684 <secondary>binaries</secondary>
3686 <tertiary>removing obsolete</tertiary>
3690 <primary>removing</primary>
3692 <secondary>core files from /usr/afs/logs</secondary>
3696 <primary>core files</primary>
3698 <secondary>removing from /usr/afs/logs directory</secondary>
3702 <primary>usr/afs/bin directory</primary>
3704 <secondary>removing obsolete .BAK and .OLD files</secondary>
3708 <sect2 id="HDRWQ116">
3709 <title>Removing Obsolete Binary Files</title>
3711 <para>When processes with new binaries have been running without problems for a number of days, it is generally safe to remove
3712 the <emphasis role="bold">.BAK</emphasis> and <emphasis role="bold">.OLD</emphasis> versions from the <emphasis
3713 role="bold">/usr/afs/bin</emphasis> directory, both to reduce clutter and to free space on the file server machine's local
3716 <para>You can use the <emphasis role="bold">bos prune</emphasis> command's flags to remove the following types of files:
3719 <para>To remove files in the <emphasis role="bold">/usr/afs/bin</emphasis> directory with a <emphasis
3720 role="bold">.BAK</emphasis> extension, use the <emphasis role="bold">-bak</emphasis> flag.</para>
3724 <para>To remove files in the <emphasis role="bold">/usr/afs/bin</emphasis> directory with a <emphasis
3725 role="bold">.OLD</emphasis> extension, use the <emphasis role="bold">-old</emphasis> flag.</para>
3729 <para>To remove files in the <emphasis role="bold">/usr/afs/logs</emphasis> directory called <emphasis
3730 role="bold">core</emphasis>, with any extension, use the <emphasis role="bold">-core</emphasis> flag.</para>
3734 <para>To remove all three types of files, use the <emphasis role="bold">-all</emphasis> flag.</para>
3736 </itemizedlist></para>
3739 <primary>commands</primary>
3741 <secondary>bos prune</secondary>
3745 <primary>bos commands</primary>
3747 <secondary>prune</secondary>
3751 <sect2 id="Header_136">
3752 <title>To remove obsolete binaries</title>
3756 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
3757 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
3758 display the users in the UserList file</link>. <programlisting>
3759 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
3760 </programlisting></para>
3764 <para>Issue the <emphasis role="bold">bos prune</emphasis> command with one or more of its flags. <programlisting>
3765 % <emphasis role="bold">bos prune</emphasis> <<replaceable>machine name</replaceable>> [<emphasis role="bold">-bak</emphasis>] [<emphasis
3766 role="bold">-old</emphasis>] [<emphasis role="bold">-core</emphasis>] [<emphasis role="bold">-all</emphasis>]
3767 </programlisting></para>
3769 <para>where <variablelist>
3771 <term><emphasis role="bold">p</emphasis></term>
3774 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">prune</emphasis>.</para>
3779 <term><emphasis role="bold">machine name</emphasis></term>
3782 <para>Names the file server machine on which to remove obsolete files.</para>
3787 <term><emphasis role="bold">-bak</emphasis></term>
3790 <para>Removes all the files with a <emphasis role="bold">.BAK</emphasis> extension from the <emphasis
3791 role="bold">/usr/afs/bin</emphasis> directory. Do not combine this flag with the <emphasis
3792 role="bold">-all</emphasis> flag.</para>
3797 <term><emphasis role="bold">-old</emphasis></term>
3800 <para>Removes all the files a .<emphasis role="bold">OLD</emphasis> extension from the <emphasis
3801 role="bold">/usr/afs/bin</emphasis> directory. Do not combine this flag with the <emphasis
3802 role="bold">-all</emphasis> flag.</para>
3807 <term><emphasis role="bold">-core</emphasis></term>
3810 <para>Removes all core files from the <emphasis role="bold">/usr/afs/logs</emphasis> directory. Do not combine
3811 this flag with the <emphasis role="bold">-all</emphasis> flag</para>
3816 <term><emphasis role="bold">-all</emphasis></term>
3819 <para>Combines the effect of the other three flags. Do not combine it with the other three flags.</para>
3822 </variablelist></para>
3827 <sect2 id="HDRWQ117">
3828 <title>Displaying A Binary File's Build Level</title>
3830 <para>For the most consistent performance on a server machine, and cell-wide, it is best for all server processes to come from
3831 the same AFS distribution. Every AFS binary includes an ASCII string that specifies its version, or <emphasis>build
3832 level</emphasis>. To display it, use the <emphasis role="bold">strings</emphasis> and <emphasis role="bold">grep</emphasis>
3833 commands, which are included in most UNIX distributions.</para>
3836 <primary>commands</primary>
3838 <secondary>which</secondary>
3842 <primary>commands</primary>
3844 <secondary>strings</secondary>
3848 <primary>strings command</primary>
3852 <primary>which command</primary>
3856 <sect2 id="Header_138">
3857 <title>To display an AFS binary's build level</title>
3861 <para>Change to the directory that houses the binary file . If you are not sure where the binary resides, issue the
3862 <emphasis role="bold">which</emphasis> command. <programlisting>
3863 % <emphasis role="bold">which</emphasis> binary_file
3864 /bin_dir_path/binary_file
3865 % <emphasis role="bold">cd</emphasis> bin_dir_path
3866 </programlisting></para>
3870 <para>Issue the <emphasis role="bold">strings</emphasis> command to extract all ASCII strings from the binary file. Pipe
3871 the output to the <emphasis role="bold">grep</emphasis> command to locate the relevant line. <programlisting>
3872 % <emphasis role="bold">strings ./</emphasis>binary_file <emphasis role="bold">| grep Base</emphasis>
3873 </programlisting></para>
3875 <para>The output reports the AFS build level in a format like the following:</para>
3878 @(#)Base configuration afsversion build_level
3881 <para>For example, the following string indicates the binary is from AFS 3.6 build 3.0:</para>
3884 @(#)Base configuration afs3.6 3.0
3890 <primary>CellServDB file (server)</primary>
3892 <secondary>maintaining</secondary>
3896 <primary>files</primary>
3898 <secondary>CellServDB (server)</secondary>
3902 <primary>database server process</primary>
3904 <secondary>use of CellServDB file</secondary>
3908 <primary>Ubik</primary>
3910 <secondary>use of CellServDB file</secondary>
3914 <primary>server process</primary>
3916 <secondary>use of CellServDB file</secondary>
3921 <sect1 id="HDRWQ118">
3922 <title>Maintaining the Server CellServDB File</title>
3924 <para>Every file server machine maintains a list of its home cell's database server machines in the local disk file <emphasis
3925 role="bold">/usr/afs/etc/CellServDB</emphasis> on its local disk. Both database server processes and non-database server
3926 processes consult the file: <itemizedlist>
3928 <para>The database server processes (the Authentication, Backup, Protection, and Volume Location Servers) maintain
3929 constant contact with their peers in order to keep their copies of the replicated administrative databases
3930 synchronized.</para>
3932 <para>As detailed in <link linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>, the database server
3933 processes use the Ubik utility to synchronize the information in the databases they maintain. The Ubik coordinator at the
3934 synchronization site for each database maintains the single read/write copy of the database and distributes changes to the
3935 secondary sites as necessary. It must maintain contact with a majority of the secondary sites to remain the coordinator,
3936 and consults the <emphasis role="bold">CellServDB</emphasis> file to learn how many peers it has and on which machines
3937 they are running.</para>
3939 <para>If the coordinator loses contact with the majority of its peers, they all cooperate to elect a new coordinator by
3940 majority vote. During the election, all of the Ubik processes consult the <emphasis role="bold">CellServDB</emphasis> file
3941 to learn where to send their votes, and what number constitutes a majority.</para>
3945 <para>The non-database server processes must know which machines are running the database server processes in order to
3946 retrieve information from the databases. For example, the first time that a user accesses an AFS file, the File Server
3947 that houses it contacts the Protection Server to obtain a list of the user's group memberships (the list is called a
3948 current protection subgroup, or CPS). The File Server uses the CPS as it determines if the access control list (ACL)
3949 protecting the file grants the required permissions to the user (for more details, see <link linkend="HDRWQ534">About the
3950 Protection Database</link>).</para>
3952 </itemizedlist></para>
3955 <primary>CellServDB file (server)</primary>
3957 <secondary>effect of wrong information in</secondary>
3960 <para>The consequences of missing or incorrect information in the <emphasis role="bold">CellServDB</emphasis> file are as
3961 follows: <itemizedlist>
3963 <para>If the file does not list a machine, then it is effectively not a database server machine even if the database
3964 server processes are running. The Ubik coordinator does not send it database updates or include it in the count that
3965 establishes a majority. It does not participate in Ubik elections, and so refuses to distribute database information to
3966 any client machines that happen to contact it (which they can do if their <emphasis
3967 role="bold">/usr/vice/etc/CellServDB</emphasis> file lists it). Users of the client machine must wait for a timeout before
3968 they can contact a correctly functioning database server machine.</para>
3972 <para>If the file lists a machine that is not running the database server processes, the consequences can be serious. The
3973 Ubik coordinator cannot send it database updates, but includes it in the count that establishes a majority. If valid
3974 secondary sites go down and stop sending their votes to the coordinator, it can wrongly appear that the coordinator no
3975 longer has the majority it needs. The resulting election of a new coordinator causes a service outage during which
3976 information from the database becomes unavailable. Furthermore, the lack of a vote from the incorrectly listed site can
3977 disturb the election, if it makes the other sites believe that a majority of sites are not voting for the new
3980 <para>A more minor consequence is that non-database server processes attempt to contact the database server processes on
3981 the machine. They experience a timeout delay because the processes are not running.</para>
3983 </itemizedlist></para>
3985 <para>Note that the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file on a server machine is not the same as the
3986 <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file on client machine. The client version includes entries for
3987 foreign cells as well as the local cell. However, it is important to update both versions of the file whenever you change your
3988 cell's database server machines. A server machine that is also a client needs to have both files, and you need to update them
3989 both. For more information on maintaining the client version of the <emphasis role="bold">CellServDB</emphasis> file, see <link
3990 linkend="HDRWQ406">Maintaining Knowledge of Database Server Machines</link>.</para>
3993 <primary>system control machine</primary>
3995 <secondary>CellServDB file, distributing to server machines</secondary>
3999 <primary>distribution</primary>
4001 <secondary>of CellServDB file (server)</secondary>
4005 <primary>Update Server</primary>
4007 <secondary>CellServDB file (server), distributing</secondary>
4010 <sect2 id="HDRWQ119">
4011 <title>Distributing the Server CellServDB File</title>
4013 <para>To avoid the negative consequences of incorrect information in the <emphasis
4014 role="bold">/usr/afs/etc/CellServDB</emphasis> file, you must update it on all of your cell's server machines every time you
4015 add or remove a database server machine. The <emphasis>IBM AFS Quick Beginnings</emphasis> provides complete instructions for
4016 installing or removing a database server machine and for updating the <emphasis role="bold">CellServDB</emphasis> file in that
4017 context. This section explains how to distribute the file to your server machines and how to make other cells aware of the
4018 changes if you participate in the AFS global name space.</para>
4020 <para>If you use the United States edition of AFS, use the Update Server to distribute the central copy of the server
4021 <emphasis role="bold">CellServDB</emphasis> file stored on the cell's system control machine. If you use the international
4022 edition of AFS, instead change the file on each server machine individually. For further discussion of the system control
4023 machine and why international cells must not use it for files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory,
4024 see <link linkend="HDRWQ94">The System Control Machine</link>. For instructions on configuring the Update Server when using
4025 the United States version of AFS, see the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
4027 <para>To avoid formatting errors that can cause errors, always use the <emphasis role="bold">bos addhost</emphasis> and
4028 <emphasis role="bold">bos removehost</emphasis> commands, rather than editing the file directly. You must also restart the
4029 database server processes running on the machine, to initiate a coordinator election among the new set of database server
4030 machines. This step is included in the instructions that appear in <link linkend="HDRWQ121">To add a database server machine
4031 to the CellServDB file</link> and <link linkend="HDRWQ122">To remove a database server machine from the CellServDB
4032 file</link>. For instructions on displaying the contents of the file, see <link linkend="HDRWQ120">To display a cell's
4033 database server machines</link>.</para>
4035 <para>If you make your cell accessible to foreign users as part of the AFS global name space, you also need to inform other
4036 cells when you change your cell's database server machines. The AFS Support group maintains a <emphasis
4037 role="bold">CellServDB</emphasis> file that lists all cells that participate in the AFS global name space, and can change your
4038 cell's entry at your request. For further details, see <link linkend="HDRWQ38">Making Your Cell Visible to
4039 Others</link>.</para>
4041 <para>Another way to advertise your cell's database server machines is to maintain a copy of the file at the conventional
4042 location in your AFS filespace, <emphasis role="bold">/afs/</emphasis><emphasis>cellname</emphasis><emphasis
4043 role="bold">/service/etc/CellServDB.local</emphasis>. For further discussion, see <link linkend="HDRWQ43">The Third
4044 Level</link>.</para>
4047 <primary>bos commands</primary>
4049 <secondary>listhosts</secondary>
4053 <primary>commands</primary>
4055 <secondary>bos listhosts</secondary>
4059 <primary>CellServDB file (server)</primary>
4061 <secondary>displaying</secondary>
4065 <primary>displaying</primary>
4067 <secondary>CellServDB file (server)</secondary>
4071 <primary>database server machine</primary>
4073 <secondary>displaying list in server CellServDB file</secondary>
4077 <primary>displaying</primary>
4079 <secondary>database server machines in server CellServDB file</secondary>
4083 <sect2 id="HDRWQ120">
4084 <title>To display a cell's database server machines</title>
4088 <para>Issue the <emphasis role="bold">bos listhosts</emphasis> command. If you have maintained the file properly, the
4089 output is the same on every server machine, but the <emphasis>machine name</emphasis> argument enables you to check
4090 various machines if you wish. <programlisting>
4091 % <emphasis role="bold">bos listhosts</emphasis> <<replaceable>machine name</replaceable>> [<<replaceable>cell name</replaceable>>]
4092 </programlisting></para>
4094 <para>where <variablelist>
4096 <term><emphasis role="bold">listh</emphasis></term>
4099 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">listhosts</emphasis>.</para>
4104 <term><emphasis role="bold">machine name</emphasis></term>
4107 <para>Specifies the server machine from which to display the <emphasis
4108 role="bold">/usr/afs/etc/CellServDB</emphasis> file.</para>
4113 <term><emphasis role="bold">cell name</emphasis></term>
4116 <para>Specifies the complete Internet domain name of a foreign cell. You must already know the name of at least
4117 one server machine in the cell, to provide as the <emphasis role="bold">machine name</emphasis> argument.</para>
4120 </variablelist></para>
4124 <para>The output lists the machines in the order they appear in the <emphasis role="bold">CellServDB</emphasis> file on the
4125 specified server machine. It assigns each one a <computeroutput>Host</computeroutput> index number, as in the following
4126 example. There is no implied relationship between the index and a machine's IP address, name, or role as Ubik coordinator or
4127 secondary site.</para>
4130 % <emphasis role="bold">bos listhosts fs1.abc.com</emphasis>
4131 Cell name is abc.com
4132 Host 1 is fs1.abc.com
4133 Host 2 is fs7.abc.com
4134 Host 3 is fs4.abc.com
4137 <para>The output lists machines by name rather than IP address as long as the naming service (such as the Domain Name Service
4138 or local host table) is functioning properly. To display IP addresses, login to a server machine as the local superuser
4139 <emphasis role="bold">root</emphasis> and use a text editor or display command, such as the <emphasis
4140 role="bold">cat</emphasis> command, to view the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file.</para>
4143 <primary>adding</primary>
4145 <secondary>database server machine</secondary>
4147 <tertiary>to server CellServDB file</tertiary>
4151 <primary>database server machine</primary>
4153 <secondary>adding</secondary>
4155 <tertiary>to server CellServDB file</tertiary>
4159 <primary>CellServDB file (server)</primary>
4161 <secondary>adding database server machine</secondary>
4165 <primary>adding</primary>
4167 <secondary>CellServDB file (server) entry for database server machine</secondary>
4171 <primary>database server machine</primary>
4173 <secondary>CellServDB file (server) entry</secondary>
4175 <tertiary>adding</tertiary>
4179 <primary>database server process</primary>
4181 <secondary>restarting after adding entry to server CellServDB file</secondary>
4185 <primary>Protection Server</primary>
4187 <secondary>restarting after adding entry to server CellServDB file</secondary>
4191 <primary>Authentication Server</primary>
4193 <secondary>restarting after adding entry to server CellServDB file</secondary>
4197 <primary>VL Server</primary>
4199 <secondary>restarting after adding entry to server CellServDB file</secondary>
4203 <primary>Backup Server</primary>
4205 <secondary>restarting after adding entry to server CellServDB file</secondary>
4209 <primary>bos commands</primary>
4211 <secondary>addhost</secondary>
4215 <primary>commands</primary>
4217 <secondary>bos addhost</secondary>
4221 <sect2 id="HDRWQ121">
4222 <title>To add a database server machine to the CellServDB file</title>
4226 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
4227 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
4228 display the users in the UserList file</link>. <programlisting>
4229 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
4230 </programlisting></para>
4234 <para>Issue the <emphasis role="bold">bos addhost</emphasis> command to add each new database server machine to the
4235 <emphasis role="bold">CellServDB</emphasis> file. If you use the United States edition of AFS, specify the system control
4236 machine as <emphasis>machine name</emphasis>. (If you have forgotten which machine is the system control machine, see
4237 <link linkend="HDRWQ99">The Output on the System Control Machine</link>.) If you use the international edition of AFS,
4238 repeat the command on each or your cell's server machines in turn by substituting its name for <emphasis>machine
4239 name</emphasis>. <programlisting>
4240 % <emphasis role="bold">bos addhost</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>host name</replaceable>>+
4241 </programlisting></para>
4243 <para>where <variablelist>
4245 <term><emphasis role="bold">addh</emphasis></term>
4248 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">addhost</emphasis>.</para>
4253 <term><emphasis role="bold">machine name</emphasis></term>
4256 <para>Names the system control machine, if you are using the United States edition of AFS. If you are using the
4257 international edition of AFS, it names each of your server machines in turn.</para>
4262 <term><emphasis role="bold">host name</emphasis></term>
4265 <para>Specifies the fully qualified hostname of each database server machine to add to the <emphasis
4266 role="bold">CellServDB</emphasis> file (for example: <emphasis role="bold">fs4.abc.com</emphasis>). The BOS Server
4267 uses the <emphasis role="bold">gethostbyname()</emphasis> routine to obtain each machine's IP address and records
4268 both the name and address automatically.</para>
4271 </variablelist></para>
4275 <para>Restart the Authentication Server, Backup Server, Protection Server, and VL Server on every database server machine,
4276 so that the new set of machines participate in the election of a new Ubik coordinator. The instruction uses the
4277 conventional names for the processes; make the appropriate substitution if you use different process names. For complete
4278 syntax, see <link linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.</para>
4280 <para><emphasis role="bold">Important:</emphasis> Repeat the following command in quick succession on all of the database
4281 server machines.</para>
4284 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver kaserver ptserver vlserver</emphasis>
4289 <para>Edit the <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file on each of your cell's client machines. For
4290 instructions, see <link linkend="HDRWQ406">Maintaining Knowledge of Database Server Machines</link>.</para>
4294 <para>If you participate in the AFS global name space, please have one of your cell's designated site contacts register
4295 the changes you have made with the AFS Product Support group.</para>
4297 <para>If you maintain a central copy of your cell's server <emphasis role="bold">CellServDB</emphasis> file in the
4298 conventional location (<emphasis role="bold">/afs/</emphasis><emphasis>cellname</emphasis><emphasis
4299 role="bold">/service/etc/CellServDB.local</emphasis>), edit the file to reflect the change.</para>
4304 <primary>removing</primary>
4306 <secondary>database server machine</secondary>
4308 <tertiary>from server CellServDB file</tertiary>
4312 <primary>database server machine</primary>
4314 <secondary>removing</secondary>
4316 <tertiary>from server CellServDB file</tertiary>
4320 <primary>CellServDB file (server)</primary>
4322 <secondary>removing database server machine</secondary>
4326 <primary>database server machine</primary>
4328 <secondary>CellServDB file (server) entry</secondary>
4330 <tertiary>removing</tertiary>
4334 <primary>database server process</primary>
4336 <secondary>restarting after removing entry from server CellServDB file</secondary>
4340 <primary>Protection Server</primary>
4342 <secondary>restarting after removing entry from server CellServDB file</secondary>
4346 <primary>Authentication Server</primary>
4348 <secondary>restarting after removing entry from server CellServDB file</secondary>
4352 <primary>VL Server</primary>
4354 <secondary>restarting after removing entry from server CellServDB file</secondary>
4358 <primary>Backup Server</primary>
4360 <secondary>restarting after removing entry from server CellServDB file</secondary>
4364 <primary>bos commands</primary>
4366 <secondary>removehost</secondary>
4370 <primary>commands</primary>
4372 <secondary>bos removehost</secondary>
4376 <sect2 id="HDRWQ122">
4377 <title>To remove a database server machine from the CellServDB file</title>
4381 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
4382 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
4383 display the users in the UserList file</link>. <programlisting>
4384 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
4385 </programlisting></para>
4389 <para>Issue the <emphasis role="bold">bos removehost</emphasis> command to remove each database server machine from the
4390 <emphasis role="bold">CellServDB</emphasis> file. If you use the United States edition of AFS, specify the system control
4391 machine as <emphasis>machine name</emphasis>. (If you have forgotten which machine is the system control machine, see
4392 <link linkend="HDRWQ99">The Output on the System Control Machine</link>.) If you use the international edition of AFS,
4393 repeat the command on each or your cell's server machines in turn by substituting its name for <emphasis>machine
4394 name</emphasis>. <programlisting>
4395 % <emphasis role="bold">bos removehost</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>host name</replaceable>>+
4396 </programlisting></para>
4398 <para>where <variablelist>
4400 <term><emphasis role="bold">removeh</emphasis></term>
4403 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">removehost</emphasis>.</para>
4408 <term><emphasis role="bold">machine name</emphasis></term>
4411 <para>Names the system control machine, if you are using the United States edition of AFS. If you are using the
4412 international edition of AFS, it names each of your server machines in turn.</para>
4417 <term><emphasis role="bold">host name</emphasis></term>
4420 <para>Specifies the fully qualified hostname of each database server machine to remove from the <emphasis
4421 role="bold">CellServDB</emphasis> file (for example: <emphasis role="bold">fs4.abc.com</emphasis>).</para>
4424 </variablelist></para>
4428 <para>Restart the Authentication Server, Backup Server, Protection Server, and VL Server on every database server machine,
4429 so that the new set of machines participate in the election of a new Ubik coordinator. The instruction uses the
4430 conventional names for the processes; make the appropriate substitution if you use different process names. For complete
4431 syntax, see <link linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.</para>
4433 <para><emphasis role="bold">Important:</emphasis> Repeat the following command in quick succession on all of the database
4434 server machines.</para>
4437 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver kaserver ptserver vlserver</emphasis>
4442 <para>Edit the <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file on each of your cell's client machines. For
4443 instructions, see <link linkend="HDRWQ406">Maintaining Knowledge of Database Server Machines</link>.</para>
4447 <para>If you participate in the AFS global name space, please have one of your cell's designated site contacts register
4448 the changes you have made with the AFS Product Support group.</para>
4450 <para>If you maintain a central copy of your cell's server <emphasis role="bold">CellServDB</emphasis> file in the
4451 conventional location (<emphasis role="bold">/afs/</emphasis><emphasis>cellname</emphasis><emphasis
4452 role="bold">/service/etc/CellServDB.local</emphasis>), edit the file to reflect the change.</para>
4458 <sect1 id="HDRWQ123">
4459 <title>Managing Authentication and Authorization Requirements</title>
4461 <para>This section describes how the AFS server processes guarantee that only properly authorized users perform privileged
4462 commands, by checking authorization checking and mutually authenticating with their clients. It explains how you can control
4463 authorization checking requirements on a per-machine or per-cell basis, and how to bypass mutual authentication when issuing
4467 <primary>authorization checking</primary>
4469 <secondary>compared to authentication</secondary>
4473 <primary>authentication</primary>
4475 <secondary>compared to authorization checking</secondary>
4479 <primary>privileged commands</primary>
4483 <primary>commands</primary>
4485 <secondary>privileged, defined</secondary>
4489 <primary>anonymous user</primary>
4491 <secondary>identity assigned to unauthenticated user</secondary>
4495 <primary>authorization checking</primary>
4497 <secondary>defined</secondary>
4500 <sect2 id="HDRWQ124">
4501 <title>Authentication versus Authorization</title>
4503 <para>Many AFS commands are <emphasis>privileged</emphasis> in that the AFS server process invoked by the command performs it
4504 only for a properly authorized user. The server process performs the following two tests to determine if someone is properly
4505 authorized: <itemizedlist>
4507 <para>In the <emphasis>authentication</emphasis> test, the server process mutually authenticates with the command
4508 interpreter, Cache Manager, or other client process that is acting on behalf of a user or application. The goal of this
4509 test is to determine who is issuing the command. The server process verifies that the issuer really is who he or she
4510 claims to be, by examining the server ticket and other components of the issuer's token. (Secondarily, it allows the
4511 client process to verify that the server process is genuine.) If the issuer has no token or otherwise fails the test,
4512 the server process assigns him or her the identity <emphasis role="bold">anonymous</emphasis>, a completely unprivileged
4513 user. For a more complete description of mutual authentication, see <link linkend="HDRWQ75">A More Detailed Look at
4514 Mutual Authentication</link>.</para>
4516 <para>Many individual commands enable you to bypass the authentication test by assuming the <emphasis
4517 role="bold">anonymous</emphasis> identity without even attempting to mutually authenticate. Note, however, that this is
4518 futile if the command is privileged and the server process is still performing the <emphasis>authorization</emphasis>
4519 test, because in that case the process refuses to execute privileged commands for the <emphasis
4520 role="bold">anonymous</emphasis> user.</para>
4524 <para>In the authorization test, the server process determines if the issuer is authorized to use the command by
4525 consulting a list of privileged users. The goal of this test is to determine what the issuer is allowed to do. Different
4526 server processes consult different lists of users, as described in <link linkend="HDRWQ581">Managing Administrative
4527 Privilege</link>. The server process refuses to execute any privileged command for an unauthorized issuer. If a command
4528 has no privilege requirements, the server process skips this step and executes and immediately.</para>
4531 <para>Never place the <emphasis role="bold">anonymous</emphasis> user or the <emphasis
4532 role="bold">system:anyuser</emphasis> group on a privilege list; it makes authorization checking meaningless.</para>
4534 <para>You can use the <emphasis role="bold">bos setauth</emphasis> command to control whether the server processes on
4535 a server machine check for authorization. Other server machines are not affected. Keep in mind that turning off
4536 authorization checking is a grave security risk, because the server processes on that machine perform any action for
4540 </itemizedlist></para>
4543 <primary>controlling</primary>
4545 <secondary>authorization checking for entire cell</secondary>
4549 <primary>authorization checking</primary>
4551 <secondary>controlling cell-wide</secondary>
4555 <primary>restarting</primary>
4557 <secondary>server process</secondary>
4559 <tertiary>when changing authorization checking</tertiary>
4563 <primary>authorization checking</primary>
4565 <secondary>and restarting processes</secondary>
4569 <sect2 id="HDRWQ125">
4570 <title>Controlling Authorization Checking on a Server Machine</title>
4572 <para>Disabling authorization checking is a serious breach of security because it means that the AFS server processes on a
4573 file server machine performs any action for any user, even the <emphasis role="bold">anonymous</emphasis> user.</para>
4575 <para>The only time it is common to disable authorization checking is when installing a new file server machine (see the IBM
4576 AFS Quick Beginnings). It is necessary then because it is not possible to configure all of the necessary security mechanisms
4577 before performing other actions that normally make use of them. For greatest security, work at the console of the machine you
4578 are installing and enable authorization checking as soon as possible.</para>
4580 <para>During normal operation, the only reason to disable authorization checking is if an error occurs with the server
4581 encryption keys, leaving the servers unable to authenticate users properly. For instructions on handling key-related
4582 emergencies, see <link linkend="HDRWQ370">Handling Server Encryption Key Emergencies</link>.</para>
4584 <para>You control authorization checking on each file server machine separately; turning it on or off on one machine does not
4585 affect the others. Because client machines generally choose a server process at random, it is hard to predict what
4586 authorization checking conditions prevail for a given command unless you make the requirement the same on all machines. To
4587 turn authorization checking on or off for the entire cell, you must repeat the appropriate command on every file server
4590 <para>The server processes constantly monitor the directory <emphasis role="bold">/usr/afs/local</emphasis> on their local
4591 disks to determine if they need to check for authorization. If the file called <emphasis role="bold">NoAuth</emphasis> appears
4592 in that directory, then the servers do not check for authorization. When it is not present (the usual case), they perform
4593 authorization checking.</para>
4595 <para>Control the presence of the <emphasis role="bold">NoAuth</emphasis> file through the BOS Server. When you disable
4596 authorization checking with the <emphasis role="bold">bos setauth</emphasis> command (or, during installation, by putting the
4597 <emphasis role="bold">-noauth</emphasis> flag on the command that starts up the BOS Server), the BOS Server creates the
4598 zero-length <emphasis role="bold">NoAuth</emphasis> file. When you reenable authorization checking, the BOS Server removes the
4602 <primary>bos commands</primary>
4604 <secondary>setauth</secondary>
4608 <primary>commands</primary>
4610 <secondary>bos setauth</secondary>
4614 <primary>authorization checking</primary>
4616 <secondary>disabling</secondary>
4620 <primary>turning off authorization checking</primary>
4624 <primary>disabling</primary>
4626 <secondary>authorization checking</secondary>
4630 <sect2 id="HDRWQ126">
4631 <title>To disable authorization checking on a server machine</title>
4635 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
4636 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
4637 display the users in the UserList file</link>. <programlisting>
4638 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
4639 </programlisting></para>
4643 <para>Issue the <emphasis role="bold">bos setauth</emphasis> command to disable authorization checking. <programlisting>
4644 % <emphasis role="bold">bos setauth</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">off</emphasis>
4645 </programlisting></para>
4647 <para>where <variablelist>
4649 <term><emphasis role="bold">seta</emphasis></term>
4652 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">setauth</emphasis>.</para>
4657 <term><emphasis role="bold">machine name</emphasis></term>
4660 <para>Specifies the file server machine on which server processes do not check for authorization.</para>
4663 </variablelist></para>
4668 <primary>authorization checking</primary>
4670 <secondary>enabling</secondary>
4674 <primary>enabling authorization checking</primary>
4678 <primary>turning on authorization checking</primary>
4682 <sect2 id="HDRWQ127">
4683 <title>To enable authorization checking on a server machine</title>
4687 <para>Reenable authorization checking. (No privilege is required because the machine is not currently checking for
4688 authorization.) For detailed syntax information, see the preceding section. <programlisting>
4689 % <emphasis role="bold">bos setauth</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">on</emphasis>
4690 </programlisting></para>
4695 <primary>mutual authentication</primary>
4697 <secondary>preventing</secondary>
4701 <primary>preventing</primary>
4703 <secondary>mutual authentication</secondary>
4707 <sect2 id="HDRWQ128">
4708 <title>Bypassing Mutual Authentication for an Individual Command</title>
4710 <para>Several of the server processes allow any user (not just system administrators) to disable mutual authentication when
4711 issuing a command. The server process treats the issuer as the unauthenticated user <emphasis
4712 role="bold">anonymous</emphasis>.</para>
4714 <para>The facilities for preventing mutual authentication are provided for use in emergencies (such as the key emergency
4715 discussed in <link linkend="HDRWQ370">Handling Server Encryption Key Emergencies</link>). During normal circumstances,
4716 authorization checking is turned on, making it useless to prevent authentication: the server processes refuse to perform
4717 privileged commands for the user <emphasis role="bold">anonymous</emphasis>.</para>
4719 <para>It can be useful to prevent authentication when authorization checking is turned off. The very act of trying to
4720 authenticate can cause problems if the server cannot understand a particular encryption key, as is likely to happen in a key
4724 <primary>bos commands</primary>
4726 <secondary>mutual authentication, bypassing</secondary>
4730 <primary>kas commands</primary>
4732 <secondary>mutual authentication, bypassing</secondary>
4736 <primary>pts commands</primary>
4738 <secondary>mutual authentication, bypassing</secondary>
4742 <primary>vos commands</primary>
4744 <secondary>mutual authentication, bypassing</secondary>
4748 <primary>kas commands</primary>
4750 <secondary>interactive</secondary>
4754 <primary>commands</primary>
4756 <secondary>kas interactive</secondary>
4760 <primary>entering</primary>
4762 <secondary>kas interactive mode</secondary>
4766 <primary>interactive mode (kas commands)</primary>
4770 <sect2 id="HDRWQ129">
4771 <title>To bypass mutual authentication for bos, kas, pts, and vos commands</title>
4773 <para>Provide the <emphasis role="bold">-noauth</emphasis> flag which is available on many of the commands in the suites. To
4774 verify that a command accepts the flag, issue the <emphasis role="bold">help</emphasis> command in its suite, or consult the
4775 command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis> (the reference page also specifies the
4776 shortest acceptable abbreviation for the flag on each command). The suites' <emphasis role="bold">apropos</emphasis> and
4777 <emphasis role="bold">help</emphasis> commands do not themselves accept the flag.</para>
4779 <para>You can bypass mutual authentication for all <emphasis role="bold">kas</emphasis> commands issued during an interactive
4780 session by including the <emphasis role="bold">-noauth</emphasis> flag on the <emphasis role="bold">kas interactive</emphasis>
4781 command. If you have already entered interactive mode with an authenticated identity, issue the <emphasis role="bold">(kas)
4782 noauthentication</emphasis> command to assume the <emphasis role="bold">anonymous</emphasis> identity.</para>
4785 <primary>fs commands</primary>
4787 <secondary>mutual authentication, bypassing</secondary>
4791 <sect2 id="Header_151">
4792 <title>To bypass mutual authentication for fs commands</title>
4794 <para>This is not possible, except by issuing the <emphasis role="bold">unlog</emphasis> command to discard your tokens before
4795 issuing the <emphasis role="bold">fs</emphasis> command.</para>
4799 <sect1 id="HDRWQ130">
4800 <title>Adding or Removing Disks and Partitions</title>
4802 <para>AFS makes it very easy to add storage space to your cell, just by adding disks to existing file server machines. This
4803 section explains how to install or remove a disk used to store AFS volumes. (Another way to add storage space is to install
4804 additional server machines, as instructed in the <emphasis>IBM AFS Quick Beginnings</emphasis>.)</para>
4806 <para>Both adding and removing a disk cause at least a brief file system outage, because you must restart the <emphasis
4807 role="bold">fs</emphasis> process to have it recognize the new set of server partitions. Some operating systems require that you
4808 shut the machine off before adding or removing a disk, in which case you must shut down all of the AFS server processes first.
4809 Otherwise, the AFS-related aspects of adding or removing a disk are not complicated, so the duration of the outage depends
4810 mostly on how long it takes to install or remove the disk itself.</para>
4812 <para>The following instructions for installing a new disk completely prepare it to house AFS volumes. You can then use the
4813 <emphasis role="bold">vos create</emphasis> command to create new volumes, or the <emphasis role="bold">vos move</emphasis>
4814 command to move existing ones from other partitions. For instructions, see <link linkend="HDRWQ185">Creating Read/write
4815 Volumes</link> and <link linkend="HDRWQ226">Moving Volumes</link>. The instructions for removing a disk are basically the
4816 reverse of the installation instructions, but include extra steps that protect against data loss.</para>
4818 <para>A server machines can house 256 AFS server partitions, each one mounted at a directory with a name of the form <emphasis
4819 role="bold">/vicep</emphasis><emphasis>index</emphasis>, where <emphasis>index</emphasis> is one or two lowercase letters. By
4820 convention, the first partition on a machine is mounted at <emphasis role="bold">/vicepa</emphasis>, the second at <emphasis
4821 role="bold">/vicepb</emphasis>, and so on to the twenty-sixth at <emphasis role="bold">/vicepz</emphasis>. Additional partitions
4822 are mounted at <emphasis role="bold">/vicepaa</emphasis> through <emphasis role="bold">/vicepaz</emphasis> and so on up to
4823 <emphasis role="bold">/vicepiv</emphasis>. Using the letters consecutively is not required, but is simpler.</para>
4825 <para>Mount each <emphasis role="bold">/vicep</emphasis> directory directly under the local file system's root directory (
4826 <emphasis role="bold">/</emphasis> ), not as a subdirectory of any other directory; for example, <emphasis
4827 role="bold">/usr/vicepa</emphasis> is not an acceptable location. You must also map the directory to the partition's device name
4828 in the file server machine's file systems registry file (<emphasis role="bold">/etc/fstab</emphasis> or equivalent).</para>
4830 <para>These instructions assume that the machine's AFS initialization file includes the following command to restart the BOS
4831 Server after each reboot. The BOS Server starts the other AFS server processes listed in the local <emphasis
4832 role="bold">/usr/afs/local/BosConfig</emphasis> file. For information on the <emphasis role="bold">bosserver</emphasis>
4833 command's optional arguments, see its reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
4836 /usr/afs/bin/bosserver &
4840 <primary>adding</primary>
4842 <secondary>disk to file server machine</secondary>
4846 <primary>installing</primary>
4848 <secondary>disk on file server machine</secondary>
4852 <primary>disk</primary>
4854 <secondary>file server machine</secondary>
4856 <tertiary>adding/installing</tertiary>
4860 <primary>file server machine</primary>
4862 <secondary>disk</secondary>
4864 <tertiary>adding/installing</tertiary>
4868 <primary>mounting</primary>
4870 <secondary>disk on file server machine</secondary>
4874 <primary>commands</primary>
4876 <secondary>vos listpart</secondary>
4880 <primary>vos commands</primary>
4882 <secondary>listpart</secondary>
4885 <sect2 id="HDRWQ131">
4886 <title>To add and mount a new disk to house AFS volumes</title>
4890 <para>Become the local superuser <emphasis role="bold">root</emphasis> on the machine, if you are not already, by issuing
4891 the <emphasis role="bold">su</emphasis> command. <programlisting>
4892 % <emphasis role="bold">su root</emphasis>
4893 Password: <replaceable>root_password</replaceable>
4894 </programlisting></para>
4898 <para>Decide how many AFS partitions to divide the new disk into and the names of the directories at which to mount them
4899 (the introduction to this section describes the naming conventions). To display the names of the existing server
4900 partitions on the machine, issue the <emphasis role="bold">vos listpart</emphasis> command. Include the <emphasis
4901 role="bold">-localauth</emphasis> flag because you are logged in as the local superuser <emphasis
4902 role="bold">root</emphasis> but do not necessarily have administrative tokens. <programlisting>
4903 # <emphasis role="bold">vos listpart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-localauth</emphasis>
4904 </programlisting></para>
4906 <para>where <variablelist>
4908 <term><emphasis role="bold">listp</emphasis></term>
4911 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">listpart</emphasis>.</para>
4916 <term><emphasis role="bold">machine name</emphasis></term>
4919 <para>Names the local file server machine.</para>
4924 <term><emphasis role="bold">-localauth</emphasis></term>
4927 <para>Constructs a server ticket using a key from the local <emphasis role="bold">/usr/afs/etc/KeyFile</emphasis>
4928 file. The <emphasis role="bold">bos</emphasis> command interpreter presents it to the BOS Server during mutual
4929 authentication.</para>
4932 </variablelist></para>
4936 <para>Create each directory at which to mount a partition. <programlisting>
4937 # <emphasis role="bold">mkdir /vicep</emphasis><replaceable>x</replaceable>[<replaceable>x</replaceable>]
4938 </programlisting></para>
4941 <primary>files</primary>
4943 <secondary>file systems registry (fstab)</secondary>
4947 <primary>file systems registry file</primary>
4949 <secondary>adding new disk to file server machine</secondary>
4953 <primary>etc/fstab file</primary>
4955 <secondary></secondary>
4957 <see>file systems registry file</see>
4961 <primary>fstab file</primary>
4963 <secondary></secondary>
4965 <see>file systems registry file</see>
4970 <para><anchor id="LIWQ132" />Using a text editor, create an entry in the machine's file systems registry file (<emphasis
4971 role="bold">/etc/fstab</emphasis> or equivalent) for each new disk partition, mapping its device name to the directory you
4972 created in the previous step. Refer to existing entries in the file to learn the proper format, which varies for different
4973 operating systems.</para>
4977 <para><anchor id="LIWQ133" />If the operating system requires that you shut off the machine to install a new disk, issue
4978 the <emphasis role="bold">bos shutdown</emphasis> command to shut down all AFS server processes other than the BOS Server
4979 (it terminates safely when you shut off the machine). Include the <emphasis role="bold">-localauth</emphasis> flag because
4980 you are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have administrative
4981 tokens. For a complete description of the command, see <link linkend="HDRWQ168">To stop processes temporarily</link>.
4983 # <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-localauth</emphasis> [<emphasis
4984 role="bold">-wait</emphasis>]
4985 </programlisting></para>
4989 <para><anchor id="LIWQ134" />If necessary, shut off the machine. Install and format the new disk according to the
4990 instructions provided by the disk and operating system vendors. If necessary, edit the disk's partition table to reflect
4991 the changes you made to the files system registry file in step <link linkend="LIWQ132">4</link>; consult the operating
4992 system documentation for instructions.</para>
4996 <para>If you shut off the machine down in step <link linkend="LIWQ134">6</link>, turn it on. Otherwise, issue the
4997 <emphasis role="bold">bos restart</emphasis> command to restart the <emphasis role="bold">fs</emphasis> process, forcing
4998 it to recognize the new set of server partitions. Include the <emphasis role="bold">-localauth</emphasis> flag because you
4999 are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have administrative
5000 tokens. For complete instructions for the <emphasis role="bold">bos restart</emphasis> command, see <link
5001 linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>. <programlisting>
5002 # <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs -localauth</emphasis>
5003 </programlisting></para>
5007 <para>Issue the <emphasis role="bold">bos status</emphasis> command to verify that all server processes are running
5008 correctly. For more detailed instructions, see <link linkend="HDRWQ158">Displaying Process Status and Information from the
5009 BosConfig File</link>. <programlisting>
5010 # <emphasis role="bold">bos status</emphasis> <<replaceable>machine name</replaceable>>
5011 </programlisting></para>
5016 <primary>removing</primary>
5018 <secondary>disk from file server machine</secondary>
5022 <primary>disk</primary>
5024 <secondary>file server machine</secondary>
5026 <tertiary>removing</tertiary>
5030 <primary>file server machine</primary>
5032 <secondary>disk</secondary>
5034 <tertiary>removing</tertiary>
5038 <primary>unmounting</primary>
5040 <secondary>file server machine disk</secondary>
5044 <primary>vos commands</primary>
5046 <secondary>move</secondary>
5048 <tertiary>when removing file server machine disk</tertiary>
5052 <sect2 id="HDRWQ135">
5053 <title>To unmount and remove a disk housing AFS volumes</title>
5057 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
5058 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
5059 display the users in the UserList file</link>. <programlisting>
5060 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
5061 </programlisting></para>
5065 <para>Issue the <emphasis role="bold">vos listvol</emphasis> command to list the volumes housed on each partition of each
5066 disk you are about to remove, in preparation for removing them or moving them to other partitions. For detailed
5067 instructions, see <link linkend="HDRWQ219">Displaying Volume Headers</link>. <programlisting>
5068 % <emphasis role="bold">vos listvol</emphasis> <<replaceable>machine name</replaceable>> [<<replaceable>partition name</replaceable>>]
5069 </programlisting></para>
5073 <para>Move any volume you wish to retain in the file system to another partition. You can move only read/write volumes.
5074 For more detailed instructions, and for instructions on moving read-only and backup volumes, see <link
5075 linkend="HDRWQ226">Moving Volumes</link>. <programlisting>
5076 % <emphasis role="bold">vos move</emphasis> <<replaceable>volume name or ID</replaceable>> \
5077 <<replaceable>machine name on source</replaceable>> <<replaceable>partition name on source</replaceable>> \
5078 <<replaceable>machine name on destination</replaceable>> <<replaceable>partition name on destination</replaceable>>
5079 </programlisting></para>
5083 <para><emphasis role="bold">(Optional)</emphasis> If there are any volumes you do not wish to retain, back them up using
5084 the <emphasis role="bold">vos dump</emphasis> command or the AFS Backup System. See <link linkend="HDRWQ240">Dumping and
5085 Restoring Volumes</link> or <link linkend="HDRWQ296">Backing Up Data</link>, respectively.</para>
5089 <para>Become the local superuser <emphasis role="bold">root</emphasis> on the machine, if you are not already, by issuing
5090 the <emphasis role="bold">su</emphasis> command. <programlisting>
5091 % <emphasis role="bold">su root</emphasis>
5092 Password: <replaceable>root_password</replaceable>
5093 </programlisting></para>
5096 <primary>umount command</primary>
5100 <primary>commands</primary>
5102 <secondary>umount</secondary>
5107 <para>Issue the <emphasis role="bold">umount</emphasis> command, repeating it for each partition on the disk to be
5108 removed. <programlisting>
5109 # <emphasis role="bold">cd /</emphasis>
5110 # <emphasis role="bold">umount /dev/</emphasis><<replaceable>partition_block_device_name</replaceable>>
5111 </programlisting></para>
5114 <primary>file systems registry file</primary>
5116 <secondary>removing disk from file server machine</secondary>
5121 <para><anchor id="LIWQ136" />Using a text editor, remove or comment out each partition's entry from the machine's file
5122 systems registry file (<emphasis role="bold">/etc/fstab</emphasis> or equivalent).</para>
5126 <para>Remove the <emphasis role="bold">/vicep</emphasis> directory associated with each partition. <programlisting>
5127 # <emphasis role="bold">rmdir /vicep</emphasis>xx
5128 </programlisting></para>
5132 <para>If the operating system requires that you shut off the machine to remove a disk, issue the <emphasis role="bold">bos
5133 shutdown</emphasis> command to shut down all AFS server processes other than the BOS Server (it terminates safely when you
5134 shut off the machine). Include the <emphasis role="bold">-localauth</emphasis> flag because you are logged in as the local
5135 superuser <emphasis role="bold">root</emphasis> but do not necessarily have administrative tokens. For a complete
5136 description of the command, see <link linkend="HDRWQ168">To stop processes temporarily</link>. <programlisting>
5137 # <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-localauth</emphasis> [<emphasis
5138 role="bold">-wait</emphasis>]
5139 </programlisting></para>
5143 <para><anchor id="LIWQ137" />If necessary, shut off the machine. Remove the disk according to the instructions provided by
5144 the disk and operating system vendors. If necessary, edit the disk's partition table to reflect the changes you made to
5145 the files system registry file in step <link linkend="LIWQ136">7</link>; consult the operating system documentation for
5146 instructions.</para>
5150 <para>If you shut off the machine down in step <link linkend="LIWQ137">10</link>, turn it on. Otherwise, issue the
5151 <emphasis role="bold">bos restart</emphasis> command to restart the <emphasis role="bold">fs</emphasis> process, forcing
5152 it to recognize the new set of server partitions. Include the <emphasis role="bold">-localauth</emphasis> flag because you
5153 are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have administrative
5154 tokens. For complete instructions for the <emphasis role="bold">bos restart</emphasis> command, see <link
5155 linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>. <programlisting>
5156 # <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs -localauth</emphasis>
5157 </programlisting></para>
5161 <para>Issue the <emphasis role="bold">bos status</emphasis> command to verify that all server processes are running
5162 correctly. For more detailed instructions, see <link linkend="HDRWQ158">Displaying Process Status and Information from the
5163 BosConfig File</link>. <programlisting>
5164 # <emphasis role="bold">bos status</emphasis> <<replaceable>machine name</replaceable>>
5165 </programlisting></para>
5170 <primary>File Server</primary>
5172 <secondary>use of NetInfo file</secondary>
5176 <primary>File Server</primary>
5178 <secondary>use of NetRestrict file</secondary>
5182 <primary>File Server</primary>
5184 <secondary>use of sysid file</secondary>
5188 <primary>Ubik</primary>
5190 <secondary>use of NetInfo and NetRestrict files</secondary>
5194 <primary>database server machine</primary>
5196 <secondary>use of NetInfo and NetRestrict files</secondary>
5200 <primary>File Server</primary>
5202 <secondary>interfaces registered in VLDB server entry</secondary>
5206 <primary>setting</primary>
5208 <secondary>server machine interfaces registered in VLDB</secondary>
5212 <primary>controlling</primary>
5214 <secondary>server machine interfaces registered in VLDB</secondary>
5218 <primary>displaying</primary>
5220 <secondary>server entries from VLDB</secondary>
5224 <primary>displaying</primary>
5226 <secondary>VLDB server entries</secondary>
5230 <primary>server entry in VLDB</primary>
5235 <sect1 id="HDRWQ138">
5236 <title>Managing Server IP Addresses and VLDB Server Entries</title>
5238 <para>The AFS support for multihomed file server machines is largely automatic. The File Server process records the IP addresses
5239 of its file server machine's network interfaces in the local <emphasis role="bold">/usr/afs/local/sysid</emphasis> file and also
5240 registers them in a <emphasis>server entry</emphasis> in the Volume Location Database (VLDB). The <emphasis
5241 role="bold">sysid</emphasis> file and server entry are identified by the same unique number, which creates an association
5242 between them.</para>
5244 <para>When the Cache Manager requests volume location information, the Volume Location (VL) Server provides all of the
5245 interfaces registered for each server machine that houses the volume. This enables the Cache Manager to make use of multiple
5246 addresses when accessing AFS data stored on a multihomed file server machine.</para>
5248 <para>If you wish, you can control which interfaces the File Server registers in its VLDB server entry by creating two files in
5249 the local <emphasis role="bold">/usr/afs/local</emphasis> directory: <emphasis role="bold">NetInfo</emphasis> and <emphasis
5250 role="bold">NetRestrict</emphasis>. Each time the File Server restarts, it builds a list of the local machine's interfaces by
5251 reading the <emphasis role="bold">NetInfo</emphasis> file, if it exists. If you do not create the file, the File Server uses the
5252 list of network interfaces configured with the operating system. It then removes from the list any addresses that appear in the
5253 <emphasis role="bold">NetRestrict</emphasis> file, if it exists. The File Server records the resulting list in the <emphasis
5254 role="bold">sysid</emphasis> file and registers the interfaces in the VLDB server entry that has the same unique
5257 <para>On database server machines, the <emphasis role="bold">NetInfo</emphasis> and <emphasis role="bold">NetRestrict</emphasis>
5258 files also determine which interfaces the Ubik database synchronization library uses when communicating with the database server
5259 processes running on other database server machines.</para>
5261 <para>There is a maximum number of IP addresses in each server entry, as documented in the <emphasis>IBM AFS Release
5262 Notes</emphasis>. If a multihomed file server machine has more interfaces than the maximum, AFS simply ignores the excess ones.
5263 It is probably appropriate for such machines to use the <emphasis role="bold">NetInfo</emphasis> and <emphasis
5264 role="bold">NetRestrict</emphasis> files to control which interfaces are registered.</para>
5266 <para>If for some reason the <emphasis role="bold">sysid</emphasis> file no longer exists, the File Server creates a new one
5267 with a new unique identifier. When the File Server registers the contents of the new file, the Volume Location (VL) Server
5268 normally recognizes automatically that the new file corresponds to an existing server entry, and overwrites the existing server
5269 entry with the new file contents and identifier. However, it is best not to remove the <emphasis role="bold">sysid</emphasis>
5270 file if that can be avoided.</para>
5272 <para>Similarly, it is important not to copy the <emphasis role="bold">sysid</emphasis> file from one file server machine to
5273 another. If you commonly copy the contents of the <emphasis role="bold">/usr/afs</emphasis> directory from an existing machine
5274 as part of installing a new file server machine, be sure to remove the <emphasis role="bold">sysid</emphasis> file from the
5275 <emphasis role="bold">/usr/afs/local</emphasis> directory on the new machine before starting the File Server.</para>
5277 <para>There are certain cases where the VL Server cannot determine whether it is appropriate to overwrite an existing server
5278 entry with a new <emphasis role="bold">sysid</emphasis> file's contents and identifier. It then refuses to allow the File Server
5279 to register the interfaces, which prevents the File Server from starting. This can happen if, for example, a new <emphasis
5280 role="bold">sysid</emphasis> file includes two interfaces that currently are registered by themselves in separate server
5281 entries. In such cases, error messages in the <emphasis role="bold">/usr/afs/log/VLLog</emphasis> file on the VL Server machine
5282 and in the <emphasis role="bold">/usr/afs/log/FileLog</emphasis> file on the file server machine indicate that you need to use
5283 the <emphasis role="bold">vos changeaddr</emphasis> command to resolve the problem. Contact the AFS Product Support group for
5284 instructions and assistance.</para>
5286 <para>Except in this type of rare error case, the only appropriate use of the <emphasis role="bold">vos changeaddr</emphasis>
5287 command is to remove a VLDB server entry completely when you remove a file server machine from service. The VLDB can accommodate
5288 a maximum number of server entries, as specified in the <emphasis>IBM AFS Release Notes</emphasis>. Removing obsolete entries
5289 makes it possible to allocate server entries for new file server machines as required. See the instructions that follow.</para>
5291 <para>Do not use the <emphasis role="bold">vos changeaddr</emphasis> command to change the list of interfaces registered in a
5292 VLDB server entry. To change a file server machine's IP addresses and server entry, see the instructions that follow.</para>
5295 <primary>NetInfo file (server version)</primary>
5297 <secondary>creating/editing</secondary>
5301 <primary>creating</primary>
5303 <secondary>NetInfo file (server version)</secondary>
5307 <primary>editing</primary>
5309 <secondary>NetInfo file (server version)</secondary>
5312 <sect2 id="Header_156">
5313 <title>To create or edit the server NetInfo file</title>
5317 <para>Become the local superuser <emphasis role="bold">root</emphasis> on the machine, if you are not already, by issuing
5318 the <emphasis role="bold">su</emphasis> command. <programlisting>
5319 % <emphasis role="bold">su root</emphasis>
5320 Password: <replaceable>root_password</replaceable>
5321 </programlisting></para>
5325 <para>Using a text editor, open the <emphasis role="bold">/usr/afs/local/NetInfo</emphasis> file. Place one IP address in
5326 dotted decimal format (for example, <computeroutput>192.12.107.33</computeroutput>) on each line. The order of entries is
5327 not significant.</para>
5331 <para>If you want the File Server to start using the revised list immediately, use the <emphasis role="bold">bos
5332 restart</emphasis> command to restart the <emphasis role="bold">fs</emphasis> process. For instructions, see <link
5333 linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.</para>
5338 <primary>NetRestrict file (server version)</primary>
5340 <secondary>creating/editing</secondary>
5344 <primary>creating</primary>
5346 <secondary>NetRestrict file (server version)</secondary>
5350 <primary>editing</primary>
5352 <secondary>NetRestrict file (server version)</secondary>
5356 <sect2 id="Header_157">
5357 <title>To create or edit the server NetRestrict file</title>
5361 <para>Become the local superuser <emphasis role="bold">root</emphasis> on the machine, if you are not already, by issuing
5362 the <emphasis role="bold">su</emphasis> command. <programlisting>
5363 % <emphasis role="bold">su root</emphasis>
5364 Password: <replaceable>root_password</replaceable>
5365 </programlisting></para>
5369 <para>Using a text editor, open the <emphasis role="bold">/usr/afs/local/NetRestrict</emphasis> file. Place one IP address
5370 in dotted decimal format on each line. The order of the addresses is not significant. Use the value <emphasis
5371 role="bold">255</emphasis> as a wildcard that represents all possible addresses in that field. For example, the entry
5372 <computeroutput>192.12.105.255</computeroutput> indicates that the Cache Manager does not register any of the addresses in
5373 the 192.12.105 subnet.</para>
5377 <para>If you want the File Server to start using the revised list immediately, use the <emphasis role="bold">bos
5378 restart</emphasis> command to restart the <emphasis role="bold">fs</emphasis> process. For instructions, see <link
5379 linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.</para>
5384 <primary>vos commands</primary>
5386 <secondary>listaddrs</secondary>
5390 <primary>commands</primary>
5392 <secondary>vos listaddrs</secondary>
5396 <sect2 id="Header_158">
5397 <title>To display all server entries from the VLDB</title>
5401 <para>Issue the <emphasis role="bold">vos listaddrs</emphasis> command to display all server entries from the VLDB.
5403 % <emphasis role="bold">vos listaddrs</emphasis>
5404 </programlisting></para>
5406 <para>where <emphasis role="bold">lista</emphasis> is the shortest acceptable abbreviation of <emphasis
5407 role="bold">listaddrs</emphasis>.</para>
5409 <para>The output displays all server entries from the VLDB, each on its own line. If a file server machine is multihomed,
5410 all of its registered addresses appear on the line. The first one is the one reported as a volume's site in the output
5411 from the <emphasis role="bold">vos examine</emphasis> and <emphasis role="bold">vos listvldb</emphasis> commands.</para>
5413 <para>VLDB server entries record IP addresses, and the command interpreter has the local name service (either a process
5414 like the Domain Name Service or a local host table) translate them to hostnames before displaying them. If an IP address
5415 appears in the output, it is not possible to translate it.</para>
5417 <para>The existence of an entry does not necessarily indicate that the machine that is still an active file server
5418 machine. To remove obsolete server entries, see the following instructions.</para>
5423 <primary>vos commands</primary>
5425 <secondary>changeaddr</secondary>
5429 <primary>commands</primary>
5431 <secondary>vos changeaddr</secondary>
5435 <sect2 id="Header_159">
5436 <title>To remove obsolete server entries from the VLDB</title>
5440 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
5441 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
5442 display the users in the UserList file</link>. <programlisting>
5443 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
5444 </programlisting></para>
5448 <para>Issue the <emphasis role="bold">vos changeaddr</emphasis> command to remove a server entry from the VLDB.
5450 % <emphasis role="bold">vos changeaddr</emphasis> <<replaceable>original IP address</replaceable>> <emphasis role="bold">-remove</emphasis>
5451 </programlisting></para>
5453 <para>where <variablelist>
5455 <term><emphasis role="bold">ch</emphasis></term>
5458 <para>Is the shortest acceptable abbreviation of <emphasis role="bold">changeaddr</emphasis>.</para>
5463 <term><emphasis role="bold">original IP address</emphasis></term>
5466 <para>Specifies one of the IP addresses currently registered for the file server machine in the VLDB. Any of a
5467 multihomed file server machine's addresses are acceptable to identify it.</para>
5472 <term><emphasis role="bold">-remove</emphasis></term>
5475 <para>Removes the server entry.</para>
5478 </variablelist></para>
5483 <sect2 id="Header_160">
5484 <title>To change a server machine's IP addresses</title>
5488 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. If necessary, issue
5489 the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link linkend="HDRWQ593">To
5490 display the users in the UserList file</link>. <programlisting>
5491 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
5492 </programlisting></para>
5496 <para>If the machine is the system control machine or a binary distribution machine, and you are also changing its
5497 hostname, redefine all relevant <emphasis role="bold">upclient</emphasis> processes on other server machines to refer to
5498 the new hostname. Use the <emphasis role="bold">bos delete</emphasis> and <emphasis role="bold">bos create</emphasis>
5499 commands as instructed in <link linkend="HDRWQ161">Creating and Removing Processes</link>.</para>
5503 <para>If the machine is a database server machine, edit its entry in the <emphasis
5504 role="bold">/usr/afs/etc/CellServDB</emphasis> file on every server machine in the cell to list one of the new IP
5505 addresses. If you use the United States edition of AFS, you can edit the file on the system control machine and wait the
5506 required time (by default, five minutes) for the Update Server to distribute the changed file to all server
5511 <para>If the machine is a database server machine, issue the <emphasis role="bold">bos shutdown</emphasis> command to stop
5512 all server processes. If the machine is also a file server, the volumes on it are inaccessible during this time. For a
5513 complete description of the command, see <link linkend="HDRWQ168">To stop processes temporarily</link>. <programlisting>
5514 % <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>>
5515 </programlisting></para>
5519 <para>Use the utilities provided with the operating system to change one or more of the machine's IP addresses.</para>
5523 <para>If appropriate, edit the <emphasis role="bold">/usr/afs/local/NetInfo</emphasis> file, the <emphasis
5524 role="bold">/usr/afs/local/NetRestrict</emphasis> file, or both, to reflect the changed addresses. Instructions appear
5525 earlier in this section.</para>
5529 <para>If the machine is a database server machine, issue the <emphasis role="bold">bos restart</emphasis> command to
5530 restart all server processes on the machine. For complete instructions for the <emphasis role="bold">bos
5531 restart</emphasis> command, see <link linkend="HDRWQ170">Stopping and Immediately Restarting Processes</link>.
5533 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-all</emphasis>
5534 </programlisting></para>
5536 <para>At the same time, issue the <emphasis role="bold">bos restart</emphasis> command on all other database server
5537 machines in the cell to restart the database server processes only (the Authentication, Backup, Protection, and Volume
5538 Location Servers). Issue the commands in quick succession so that all of the database server processes vote in the quorum
5542 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">kaserver buserver ptserver vlserver</emphasis>
5545 <para>If you are changing IP addresses on every database server machine in the cell, you must also issue the <emphasis
5546 role="bold">bos restart</emphasis> command on every file server machine in the cell to restart the <emphasis
5547 role="bold">fs</emphasis> process.</para>
5551 <para>If the machine is not a database server machine, issue the <emphasis role="bold">bos restart</emphasis> command to
5552 restart the <emphasis role="bold">fs</emphasis> process (if the machine is a database server, you already restarted the
5553 process in the previous step). The File Server automatically compiles a new list of interfaces, records them in the
5554 <emphasis role="bold">/usr/afs/local/sysid</emphasis> file, and registers them in its VLDB server entry. <programlisting>
5555 % <emphasis role="bold">bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs</emphasis>
5556 </programlisting></para>
5560 <para>If the machine is a database server machine, edit its entry in the <emphasis
5561 role="bold">/usr/vice/etc/CellServDB</emphasis> file on every client machine in the cell to list one of the new IP
5562 addresses. Instructions appear in <link linkend="HDRWQ406">Maintaining Knowledge of Database Server
5563 Machines</link>.</para>
5567 <para>If there are machine entries in the Protection Database for the machine's previous IP addresses, use the <emphasis
5568 role="bold">pts rename</emphasis> command to change them to the new addresses. For instructions, see <link
5569 linkend="HDRWQ556">Changing a Protection Database Entry's Name</link>.</para>
5574 <primary>rebooting</primary>
5576 <secondary>server machine, instructions</secondary>
5580 <primary>server machine</primary>
5582 <secondary>rebooting</secondary>
5586 <primary>BOS Server</primary>
5588 <secondary>role in reboot of server machine</secondary>
5593 <sect1 id="HDRWQ139">
5594 <title>Rebooting a Server Machine</title>
5596 <para>You can reboot a server machine either by typing the appropriate commands at its console or by issuing the <emphasis
5597 role="bold">bos exec</emphasis> command on a remote machine. Remote rebooting can be more convenient, because you do not need to
5598 leave your present location, but you cannot track the progress of the reboot as you can at the console. Remote rebooting is
5599 possible because the server machine's operating system recognizes the BOS Server, which executes the <emphasis role="bold">bos
5600 exec</emphasis> command, as the local superuser <emphasis role="bold">root</emphasis>.</para>
5602 <para>Rebooting server machines is part of routine maintenance in some cells, and some instructions in the AFS documentation
5603 include it as a step. It is certainly not intended to be the standard method for recovering from AFS-related problems, however,
5604 but only a last resort when the machine is unresponsive and you have tried all other reasonable options.</para>
5606 <para>Rebooting causes a service outage. If the machine stores volumes, they are all inaccessible until the reboot completes and
5607 the File Server reattaches them. If the machine is a database server machine, information from the databases can become
5608 unavailable during the reelection of the synchronization site for each database server process; the VL Server outage generally
5609 has the greatest impact, because the Cache Manager must be able to access the VLDB to fetch AFS data.</para>
5611 <para>By convention, a server machine's AFS initialization file includes the following command to restart the BOS Server after
5612 each reboot. It starts the other AFS server processes listed in the local <emphasis
5613 role="bold">/usr/afs/local/BosConfig</emphasis> file. These instructions assume that the initialization file includes the
5617 /usr/afs/bin/bosserver &
5620 <sect2 id="HDRWQ140">
5621 <title>To reboot a file server machine from its console</title>
5625 <para>Become the local superuser <emphasis role="bold">root</emphasis> on the machine, if you are not already, by issuing
5626 the <emphasis role="bold">su</emphasis> command. <programlisting>
5627 % <emphasis role="bold">su root</emphasis>
5628 Password: <replaceable>root_password</replaceable>
5629 </programlisting></para>
5633 <para>Issue the <emphasis role="bold">bos shutdown</emphasis> command to shut down all AFS server processes other than the
5634 BOS Server, which terminates safely when you reboot the machine. Include the <emphasis role="bold">-localauth</emphasis>
5635 flag because you are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have
5636 administrative tokens. For a complete description of the command, see <link linkend="HDRWQ168">To stop processes
5637 temporarily</link>. <programlisting>
5638 # <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-localauth</emphasis> [<emphasis
5639 role="bold">-wait</emphasis>]
5640 </programlisting></para>
5644 <para>Reboot the machine. On many system types, the appropriate command is <emphasis role="bold">shutdown</emphasis>, but
5645 the appropriate options vary; consult your UNIX administrator's guide. <programlisting>
5646 # <emphasis role="bold">shutdown</emphasis>
5647 </programlisting></para>
5652 <primary>commands</primary>
5654 <secondary>bos exec</secondary>
5658 <primary>bos commands</primary>
5660 <secondary>exec</secondary>
5664 <sect2 id="HDRWQ141">
5665 <title>To reboot a file server machine remotely</title>
5669 <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file on the machine you are
5670 rebooting. If necessary, issue the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in
5671 <link linkend="HDRWQ593">To display the users in the UserList file</link>. <programlisting>
5672 % <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
5673 </programlisting></para>
5677 <para>Issue the <emphasis role="bold">bos shutdown</emphasis> to halt AFS server processes other than the BOS Server,
5678 which terminates safely when you turn off the machine. For a complete description of the command, see <link
5679 linkend="HDRWQ168">To stop processes temporarily</link>. <programlisting>
5680 % <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> [<emphasis role="bold">-wait</emphasis>]
5681 </programlisting></para>
5685 <para>Issue the <emphasis role="bold">bos exec</emphasis> command to reboot the machine remotely. <programlisting>
5686 % <emphasis role="bold">bos exec</emphasis> <<replaceable>machine name</replaceable>> reboot_command
5687 </programlisting></para>
5689 <para>where <variablelist>
5691 <term><emphasis role="bold">machine name</emphasis></term>
5694 <para>Names the file server machine to reboot.</para>
5699 <term><emphasis role="bold">reboot_command</emphasis></term>
5702 <para>Is the rebooting command for the machine's operating system. The <emphasis role="bold">shutdown</emphasis>
5703 command is appropriate on many system types, but consult your operating system documentation.</para>
5706 </variablelist></para>
git://git.openafs.org / openafs.git / blob