<listitem>
<para>The single <emphasis>system control machine</emphasis>
distributes common server configuration files to all other
- server machines in the cell, in a cell that runs the United
- States edition of AFS (cells that use the international edition
- of AFS must not use the system control machine for this
- purpose). The machine conventionally also serves as the time
- synchronization source for the cell, adjusting its clock
- according to a time source outside the cell.</para>
+ server machines in the cell.
+ </para>
</listitem>
</itemizedlist>
</para>
</itemizedlist>
</para>
- <para>In addition, the United States edition of the Update Server
+ <para>In addition, the Update Server
encrypts sensitive information (such as the contents of <emphasis
role="bold">KeyFile</emphasis>) when distributing it. Other commands
in the <emphasis role="bold">bos</emphasis> suite and the commands
</indexterm>
<listitem>
- <para>Cells that run the United States edition of AFS conventionally use the Update Server to distribute a common
+ <para>Cells conventionally use the Update Server to distribute a common
version of each file from the cell's system control machine to other server machines (for more on the system control
machine, see <link linkend="HDRWQ94">The System Control Machine</link>). Run the Update Server's server portion on the
system control machine, and the client portion on all other server machines. Update the files on the system control
machine only, except as directed by instructions for dealing with emergencies.</para>
</listitem>
-
- <listitem>
- <para>Cells that run the international edition of AFS must not use the Update Server to distribute the contents of the
- <emphasis role="bold">/usr/afs/etc</emphasis> directory. Due to United States government regulations, the data
- encryption routines that AFS uses to protect the files in this directory as they cross the network are not available to
- the Update Server in the international edition of AFS. You must instead update the files on each server machine
- individually, taking extra care to issue exactly the same <emphasis role="bold">bos</emphasis> command for each machine.
- The necessary data encryption routines are available to the <emphasis role="bold">bos</emphasis> commands, so
- information is safe as it crosses the network from the machine where the <emphasis role="bold">bos</emphasis> command is
- issued to the server machines.</para>
- </listitem>
</itemizedlist></para>
<para>Never directly edit any of the files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory, except as directed
<listitem>
<para>The single <emphasis>system control machine</emphasis> distributes common server configuration files to all other
- server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international
- edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the
- time synchronization source for the cell, adjusting its clock according to a time source outside the cell.</para>
+ server machines in the cell.</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
- <para>A client portion of the Update Server that picks up common configuration files from the system control machine, in
- cells running the United States edition of AFS (the <emphasis role="bold">upclientetc</emphasis> process)</para>
+ <para>A client portion of the Update Server that picks up common configuration files from the system control machine
+ (the <emphasis role="bold">upclientetc</emphasis> process)</para>
</listitem>
</itemizedlist></para>
<sect2 id="HDRWQ94">
<title>The System Control Machine</title>
- <para>In cells that run the United States edition of AFS, the <emphasis>system control machine</emphasis> stores and
+ <para>The <emphasis>system control machine</emphasis> stores and
distributes system configuration files shared by all of the server machines in the cell. Each file server machine keeps its
own copy of the configuration files on its local disk, by convention in the <emphasis role="bold">/usr/afs/etc</emphasis>
directory. For consistent system performance, however, all server machines must use the same files. The easiest way to keep
the files consistent is to have the system control machine distribute them. You make changes only to the copy stored on the
- system control machine, as directed by the instructions in this document. The United States edition of AFS is available to
- cells in the United States and Canada and to selected institutions in other countries, as determined by United States
- government regulations.</para>
-
- <para>Cells that run the international version of AFS do not use the system control machine to distribute system configuration
- files. Some of the files contain information that is too sensitive to cross the network unencrypted, and United States
- government regulations forbid the export of the necessary encryption routines in the form that the Update Server uses. You
- must instead update the configuration files on each file server machine individually. The <emphasis role="bold">bos</emphasis>
- commands that you use to update the files encrypt the information using an exportable form of the encryption routines.</para>
+ system control machine, as directed by the instructions in this document.</para>
<para>For a list of the configuration files stored in the <emphasis role="bold">/usr/afs/etc</emphasis> directory, see <link
linkend="HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</link>.</para>
</indexterm>
<listitem>
- <para>The server portion of the Update Server (<emphasis role="bold">upserver</emphasis>) process, in cells using the
- United States edition of AFS. The client portion of the Update Server (<emphasis role="bold">upclientetc</emphasis>
+ <para>The server portion of the Update Server (<emphasis role="bold">upserver</emphasis>) process
+ The client portion of the Update Server (<emphasis role="bold">upclientetc</emphasis>
process) runs on the other server machines and references the system control machine.</para>
</listitem>
</itemizedlist></para>
Command 1 is '/usr/afs/bin/upclient fs7.example.com -t 60 /usr/afs/bin'
</programlisting>
- <para>If you run the United States edition of AFS, a simple file server machine also runs the <emphasis
+ <para>A simple file server machine also runs the <emphasis
role="bold">upclientetc</emphasis> process, so the output includes a message like the following. It indicates that <emphasis
role="bold">fs1.example.com</emphasis> is the system control machine.</para>
<sect3 id="HDRWQ99">
<title>The Output on the System Control Machine</title>
- <para>If you run the United States edition of AFS and have issued the <emphasis role="bold">bos status</emphasis> command
+ <para>If you have issued the <emphasis role="bold">bos status</emphasis> command
for the system control machine, the output includes an entry for the <emphasis role="bold">upserver</emphasis> process
similar to the following:</para>
a coordinator in each of several subgroups of machines, because the Ubik processes on various machines do not agree on
which machines need to participate in the quorum.</para>
- <para>If you run the United States version of AFS and use the Update Server, it is simplest to maintain the <emphasis
+ <para>If you use the Update Server, it is simplest to maintain the <emphasis
role="bold">/usr/afs/etc/CellServDB</emphasis> file on the system control machine, which distributes its copy to all
other server machines. The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to configure the Update Server.
- If you run the international version of AFS, you must update the file on each machine individually.</para>
+ </para>
<para>The only reason to alter the file is when configuring or decommissioning a database server machine. Use the
appropriate <emphasis role="bold">bos</emphasis> commands rather than editing the file by hand. For instructions, see
context. This section explains how to distribute the file to your server machines and how to make other cells aware of the
changes if you participate in the AFS global name space.</para>
- <para>If you use the United States edition of AFS, use the Update Server to distribute the central copy of the server
- <emphasis role="bold">CellServDB</emphasis> file stored on the cell's system control machine. If you use the international
- edition of AFS, instead change the file on each server machine individually. For further discussion of the system control
- machine and why international cells must not use it for files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory,
- see <link linkend="HDRWQ94">The System Control Machine</link>. For instructions on configuring the Update Server when using
- the United States version of AFS, see the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
+ <para>If you use the Update Server to distribute the central copy of the server
+ <emphasis role="bold">CellServDB</emphasis> file stored on the cell's system control machine.
+ For instructions on configuring the Update Server, see the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<para>To avoid formatting errors that can cause errors, always use the <emphasis role="bold">bos addhost</emphasis> and
<emphasis role="bold">bos removehost</emphasis> commands, rather than editing the file directly. You must also restart the
<listitem>
<para>Issue the <emphasis role="bold">bos addhost</emphasis> command to add each new database server machine to the
- <emphasis role="bold">CellServDB</emphasis> file. If you use the United States edition of AFS, specify the system control
+ <emphasis role="bold">CellServDB</emphasis> file. Specify the system control
machine as <emphasis>machine name</emphasis>. (If you have forgotten which machine is the system control machine, see
- <link linkend="HDRWQ99">The Output on the System Control Machine</link>.) If you use the international edition of AFS,
- repeat the command on each or your cell's server machines in turn by substituting its name for <emphasis>machine
- name</emphasis>. <programlisting>
+ <link linkend="HDRWQ99">The Output on the System Control Machine</link>.)
+<programlisting>
% <emphasis role="bold">bos addhost</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>host name</replaceable>>+
</programlisting></para>
<term><emphasis role="bold">machine name</emphasis></term>
<listitem>
- <para>Names the system control machine, if you are using the United States edition of AFS. If you are using the
- international edition of AFS, it names each of your server machines in turn.</para>
+ <para>Names the system control machine</para>
</listitem>
</varlistentry>
<listitem>
<para>Issue the <emphasis role="bold">bos removehost</emphasis> command to remove each database server machine from the
- <emphasis role="bold">CellServDB</emphasis> file. If you use the United States edition of AFS, specify the system control
+ <emphasis role="bold">CellServDB</emphasis> file. Specify the system control
machine as <emphasis>machine name</emphasis>. (If you have forgotten which machine is the system control machine, see
- <link linkend="HDRWQ99">The Output on the System Control Machine</link>.) If you use the international edition of AFS,
- repeat the command on each or your cell's server machines in turn by substituting its name for <emphasis>machine
- name</emphasis>. <programlisting>
+ <link linkend="HDRWQ99">The Output on the System Control Machine</link>.)
+<programlisting>
% <emphasis role="bold">bos removehost</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>host name</replaceable>>+
</programlisting></para>
<term><emphasis role="bold">machine name</emphasis></term>
<listitem>
- <para>Names the system control machine, if you are using the United States edition of AFS. If you are using the
- international edition of AFS, it names each of your server machines in turn.</para>
+ <para>Names the system control machine.</para>
</listitem>
</varlistentry>
<listitem>
<para>If the machine is a database server machine, edit its entry in the <emphasis
role="bold">/usr/afs/etc/CellServDB</emphasis> file on every server machine in the cell to list one of the new IP
- addresses. If you use the United States edition of AFS, you can edit the file on the system control machine and wait the
+ addresses. You can edit the file on the system control machine and wait the
required time (by default, five minutes) for the Update Server to distribute the changed file to all server
machines.</para>
</listitem>
role="bold">upserver</emphasis> process is the server portion of the Update Server. Its function depends on which edition of
AFS you use: <itemizedlist>
<listitem>
- <para>With both the United States and international editions, it runs on the binary distribution machine of each system
+ <para>It runs on the binary distribution machine of each system
type you use as a server machine, distributing the contents of each one's <emphasis role="bold">/usr/afs/bin</emphasis>
directory to the other server machines of that type. This guarantees that all machines have the same version of AFS
binaries. (For a list of the binaries, see <link linkend="HDRWQ84">Binaries in the /usr/afs/bin
</listitem>
<listitem>
- <para>In you use the United States edition of AFS, it also runs on the cell's system control machine, distributing the
+ <para>It also runs on the cell's system control machine, distributing the
contents of its <emphasis role="bold">/usr/afs/etc</emphasis> directory to all the other server machines in order to
synchronize the configuration files stored in that directory. (For a list of the configuration files, see <link
linkend="HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</link>.)</para>
</listitem>
<listitem>
- <para>If you use the United States edition of AFS, another instance of the process runs on every server machine except
+ <para>Another instance of the process runs on every server machine except
the system control machine. It references the system control machine as the source for updates to the common
configuration files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory. The conventional process name to
assign is <emphasis role="bold">upclientetc</emphasis>.</para>
of the Update Server client portion (by convention called <emphasis role="bold">upclientbin</emphasis>) that references the
binary distribution machine.</para>
- <para>If you run the United States edition of AFS, it is conventional for the first server machine you install to act as the
+ <para>It is conventional for the first server machine you install to act as the
system control machine, running the server portion of the Update Server (<emphasis role="bold">upserver</emphasis> process) to
distribute the contents of its <emphasis role="bold">/usr/afs/etc</emphasis> directory. All other server machines run an
instance of the Update Server client portion (by convention called <emphasis role="bold">upclientetc</emphasis>) that
references the system control machine.</para>
- <note>
- <para>If you are using the international edition of AFS, do not use the Update Server to distribute the contents of the
- <emphasis role="bold">/usr/afs/etc</emphasis> directory (you do not run a system control machine). Ignore all references to
- the process in this chapter.</para>
- </note>
-
<para>It is simplest not to move binary distribution or system control responsibilities to a different machine unless you
completely decommission a machine that is currently serving in one of those roles. Running the Update Server usually imposes
very little processing load. If you must move the functionality, perform the following related tasks. <itemizedlist>
<listitem>
<para>In addition to using server encryption keys when communicating with clients, the server processes use them to
protect communications with other server processes. Therefore, all server machines in your cell must have the same
- version of the <emphasis role="bold">KeyFile</emphasis> file. The easiest way to maintain consistency (if you run the
- United States edition of AFS) is to use the Update Server to distribute the contents of the system control machine's
+ version of the <emphasis role="bold">KeyFile</emphasis> file. The easiest way to maintain consistency
+ is to use the Update Server to distribute the contents of the system control machine's
<emphasis role="bold">/usr/afs/etc</emphasis> directory to all of the other server machines. There are two implications:
<itemizedlist>
<listitem>
</indexterm>
</listitem>
</itemizedlist></para>
-
- <para>If you run the international edition of AFS, do not use the Update Server to distribute the contents of the
- <emphasis role="bold">/usr/afs/etc</emphasis> directory, particularly the <emphasis role="bold">KeyFile</emphasis> file.
- The data in the file is too sensitive for transfer in unencrypted form, and because of United States government exports
- regulations the international edition of AFS does not include the necessary encryption routines in a form that the
- Update Server can use. You must instead modify the file on each server machine individually, taking care to enter the
- same key on every server machine.</para>
</listitem>
<listitem>
<para>Issue the <emphasis role="bold">bos addkey</emphasis> command to create a new AFS server
encryption key in the <emphasis role="bold">KeyFile</emphasis> file.</para>
- <para>If you run the United States edition of AFS and use the Update Server to distribute the contents of the system
+ <para>If you use the Update Server to distribute the contents of the system
control machine's <emphasis role="bold">/usr/afs/etc</emphasis> directory, substitute the system control machine for the
machine name argument. (If you have forgotten which machine is the system control machine, see <link linkend="HDRWQ96">To
locate the system control machine</link>.)</para>
- <para>If you run the international edition of AFS or do not use the Update Server, repeat the <emphasis role="bold">bos
- addkey</emphasis> command, substituting each server machine in your cell for the machine name argument in turn.</para>
-
<para>To avoid visible echoing of the string that corresponds to the new key, omit the <emphasis
role="bold">-key</emphasis> argument from the command line; instead enter the string at the prompts that appear when you
omit it, as shown in the following syntax specification.</para>
<listitem>
<para>Specifies the new key's key version number as an integer from the range 0 (zero) through 255.</para>
- <para>Remember the number. You need to use it again in Step <link linkend="LIWQ367">6</link>. If you are using the
- international edition of AFS, be sure to type the same number each time you issue this command.</para>
+ <para>Remember the number. You need to use it again in Step <link linkend="LIWQ367">6</link>.</para>
</listitem>
</varlistentry>
<listitem>
<para>Is a character string similar to a user password, of any length from one to about 1,000 characters. To
improve security, include nonalphabetic characters and make the string as long as is practical (you need to type
- it only in this step and in Step <link linkend="LIWQ367">6</link>). If you are using the international edition of
- AFS, be sure to type the same string each time you issue this command.</para>
+ it only in this step and in Step <link linkend="LIWQ367">6</link>).</para>
<para>Do not enter an octal string directly. The BOS Server scrambles the character string into an octal string
appropriate for use as an encryption key before recording it in the <emphasis role="bold">KeyFile</emphasis>
<para>Issue the <emphasis role="bold">bos removekey</emphasis> command to remove one or more server encryption keys from
the <emphasis role="bold">KeyFile</emphasis> file.</para>
- <para>If you run the United States edition of AFS and use the Update Server to distribute the contents of the system
+ <para>If you use the Update Server to distribute the contents of the system
control machine's <emphasis role="bold">/usr/afs/etc</emphasis> directory, substitute the system control machine for the
machine name argument. (If you have forgotten which machine is the system control machine, see <link linkend="HDRWQ96">To
locate the system control machine</link>.)</para>
- <para>If you run the international edition of AFS or do not use the Update Server, repeat the <emphasis role="bold">bos
- removekey</emphasis> command, substituting each server machine in your cell for the machine name argument in turn.</para>
-
<programlisting>
% <emphasis role="bold">bos removekey</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>key version number</replaceable>>
</programlisting>
system control machine first. If the Update Server is working, then it is distributing the same change as you are making on
each server machine individually.</para>
- <para>If your cell does not use the Update Server, or uses the international edition of AFS, you always change keys on server
+ <para>If your cell does not use the Update Server or you always change keys on server
machines individually. The following instructions are also appropriate for you.</para>
</sect2>
<secondary>as distributor of UserList file</secondary>
</indexterm></para>
- <para>If your cell runs the United States edition of AFS and uses the Update Server to distribute the contents of the system
+ <para>If your cell uses the Update Server to distribute the contents of the system
control machine's <emphasis role="bold">/usr/afs/etc</emphasis> directory, then edit only the copy of the <emphasis
role="bold">UserList</emphasis> file stored on the system control machine. If you have forgotten which machine is the system
control machine, see <link linkend="HDRWQ90">The Four Roles for File Server Machines</link>.</para>
- <para>If your cell runs the international edition of AFS, or does not use a system control machine, then you must edit the
- <emphasis role="bold">UserList</emphasis> file on each server machine individually.</para>
-
<para>To avoid making formatting errors that can result in performance problems, never edit the <emphasis
role="bold">UserList</emphasis> file directly. Instead, use the <emphasis role="bold">bos adduser</emphasis> or <emphasis
role="bold">bos removeuser</emphasis> commands as described in this section. <indexterm>
<listitem>
<para>Names the system control machine if you use the Update Server to distribute the contents of the <emphasis
- role="bold">/usr/afs/etc</emphasis> directory (possible only in cells running the United States edition of AFS).
+ role="bold">/usr/afs/etc</emphasis> directory.
By default, it can take up to five minutes for the Update Server to distribute the changes, so newly added users
must wait that long before attempting to issue privileged commands.</para>
-
- <para>If you are running the international edition of AFS, or do not use the Update Server, repeat the command,
- substituting the name of each AFS server machine for machine name in turn.</para>
</listitem>
</varlistentry>
<listitem>
<para>Names the system control machine if you use the Update Server to distribute the contents of the <emphasis
- role="bold">/usr/afs/etc</emphasis> directory (possible only in cells running the United States edition of AFS).
+ role="bold">/usr/afs/etc</emphasis> directory.
By default, it can take up to five minutes for the Update Server to distribute the change, so newly removed users
can continue to issue privileged commands during that time.</para>
-
- <para>If you are running the international edition of AFS, or do not use the Update Server, repeat the command,
- substituting the name of each AFS server machine for machine name in turn.</para>
</listitem>
</varlistentry>