From 8761673c608986d32bb858b26441b09c24f41696 Mon Sep 17 00:00:00 2001 From: Jason Edgecombe Date: Sun, 5 Aug 2007 22:01:42 +0000 Subject: [PATCH] man-page-afsd-crypt-alias-20070805 Complete the documentation of the afsd flags and update a few things like -settime and -nosettime. Add man pages for fs setcrypt, fs getcrypt, and CellAlias. Based on work by Jason Edgecombe and then extensively edited, so any errors I probably introduced. --- doc/man-pages/README | 8 - doc/man-pages/pod1/fs_getcrypt.pod | 72 ++++++ doc/man-pages/pod1/fs_setcrypt.pod | 93 ++++++++ doc/man-pages/pod5/CellAlias.pod | 55 +++++ doc/man-pages/pod8/afsd.pod | 448 +++++++++++++++++++++++-------------- 5 files changed, 497 insertions(+), 179 deletions(-) create mode 100644 doc/man-pages/pod1/fs_getcrypt.pod create mode 100644 doc/man-pages/pod1/fs_setcrypt.pod create mode 100644 doc/man-pages/pod5/CellAlias.pod diff --git a/doc/man-pages/README b/doc/man-pages/README index 751cacd..957691f 100644 --- a/doc/man-pages/README +++ b/doc/man-pages/README @@ -192,13 +192,11 @@ Known Problems bos_util copyauth fs getcalleraccess - fs getcrypt fs listaliases fs newalias fs rxstatpeer fs rxstatproc fs setcbaddr - fs setcrypt kseal pts interactive pts quit @@ -231,12 +229,6 @@ Known Problems * fs sysname documentation needs to include the possibility of setting multiple sysnames and the resulting behavior. - * The afsd man page is horribly out of date. It doesn't explain - dynroot, many options are missing, and some of the options described - are no longer valid. It also still assumes that -settime is the - default and says that the system must be rebooted after shutdown, - which isn't the case at least on Linux. - * bos listkeys and the KeyFile man page assume that you're using the kaserver. diff --git a/doc/man-pages/pod1/fs_getcrypt.pod b/doc/man-pages/pod1/fs_getcrypt.pod new file mode 100644 index 0000000..1258880 --- /dev/null +++ b/doc/man-pages/pod1/fs_getcrypt.pod @@ -0,0 +1,72 @@ +=head1 NAME + +fs getcrypt - Displays the state of encryption for AFS file transfers + +=head1 SYNOPSIS + +=for html +
+ +B + +=for html +
+ +=head1 DESCRIPTION + +The B command shows the status of network traffic encryption +for file traffic in the AFS client. This encryption applies to file +traffic going to and coming from the AFS server for users with valid +tokens. The complement of this command is B which sets the +status of encryption on the client. + +=head1 CAUTIONS + +AFS uses an encryption scheme called fcrypt, based on but slightly weaker +than DES. Because fcrypt and DES are obsolete, the user must decide how +much to trust the encryption. Consider using a Virtual Private Network at +the IP level if better encryption is needed. + +Encrypting file traffic requires a token. Unauthenticated connections or +connections authorized via IP-based ACLs will not be encrypted even when +encryption is turned on. + +=head1 OPTIONS + +This commands takes no options. + +=head1 OUTPUT + +If encryption is enabled, the output is: + + Security level is currently crypt (data security). + +If encryption if disabled, the output is: + + Security level is currently clear. + +=head1 EXAMPLES + +There is only one way to invoke B: + + % fs getcrypt + +=back + +=head1 PRIVILEGE REQUIRED + +No special priviledges are required for this command. + +=head1 SEE ALSO + +L + +The description of the fcrypt encryption mechanism at +L. + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the IBM Public License Version 1.0. This +man page was written by Jason Edgecombe for OpenAFS. diff --git a/doc/man-pages/pod1/fs_setcrypt.pod b/doc/man-pages/pod1/fs_setcrypt.pod new file mode 100644 index 0000000..386bdd7 --- /dev/null +++ b/doc/man-pages/pod1/fs_setcrypt.pod @@ -0,0 +1,93 @@ +=head1 NAME + +fs setcrypt - Enables of disables the encryption of AFS file transfers + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-crypt>] > >>> + +=for html +
+ +=head1 DESCRIPTION + +The B command sets the status of network traffic encryption +for file traffic in the AFS client. This encryption applies to file +traffic going to and coming from the AFS File Server for users with valid +tokens. This command does not control the encryption used for +authentication, which uses Kerberos 5 or klog/kaserver. The complement of +this command is B, which shows the status of encryption on +the client. + +The default encryption status is enabled. + +This is a global setting and applies to all subsequent connections to an +AFS File Server from this Cache Manager. There is no way to enable or +disable encryption for specific connections. + +=head1 CAUTIONS + +AFS uses an encryption scheme called fcrypt, based on but slightly weaker +than DES, and there is currently no way to specify a different encryption +mechanism. Because fcrypt and DES are obsolete, the user must decide how +much to trust the encryption. Consider using a Virtual Private Network at +the IP level if better encryption is needed. + +Encrypting file traffic requires a token. Unauthenticated connections or +connections authorized via IP-based ACLs will not be encrypted even when +encryption is turned on. + +=head1 OPTIONS + +=over 4 + +=item B<-crypt> > + +This is the only option to B. The B<-crypt> option takes +either C or C. C enables encryption. C disables +encryption. Since this is the only option, the C<-crypt> flag may be +omitted. + +C<0> and C<1> or C and C are not supported as replacements +for C and C. + +=back + +=head1 OUTPUT + +This command produces no output other than error messages. + +=head1 EXAMPLES + +There are only four ways to invoke B. Either of: + + % fs setcrypt -crypt on + % fs setcrypt on + +will enable encryption for authenticated connections and: + + % fs setcrypt -crypt off + % fs setcrypt off + +will disable encryption. + +=head1 PRIVILEGE REQUIRED + +The issuer must be logged in as the local superuser root. + +=head1 SEE ALSO + +L + +The description of the fcrypt encryption mechanism at +L. + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the IBM Public License Version 1.0. This +man page was written by Jason Edgecombe for OpenAFS. diff --git a/doc/man-pages/pod5/CellAlias.pod b/doc/man-pages/pod5/CellAlias.pod new file mode 100644 index 0000000..350eea6 --- /dev/null +++ b/doc/man-pages/pod5/CellAlias.pod @@ -0,0 +1,55 @@ +=head1 NAME + +CellAlias - Maps cell names to aliases in /afs + +=head1 DESCRIPTION + +The F file is used when the AFS Cache Manager is Dynamic Root +(B<-dynroot>) mode. It creates symbolic links in the dynamic root that +link an alias for a cell (usually a short name) to the full name for the +cell. + +The most common use of this configuration file is to allow short names for +frequently used cell names. Traditionally, such short names would be +created by the local AFS administrator by creating symbolic links in the +C volume. Such symlinks do not appear when Dynamic Root is +enabled because, with Dynamic Root, the Cache Manager does not mount or +look at the C volume. F is a replacement which allows +such short names to be created under the client control. + +If you configure a short name mapping such as C for +C, the mapping of C<.ir> to C<.ir.stanford.edu> for the +read-write version of the C volume for that cell will be +created automatically. There is no need to list that alias separately (and +it is listed separately, B will report an error on startup). + +The contents of the F file should consist of one line of two +whitespace-separated columns per alias. The first column is the real name +of the cell, and the second column is the alias that should be created. + +=head1 EXAMPLES + +The following F file: + + openafs.org openafs + uncc.edu uncc + +results in the following symbolic links: + + /afs/.openafs -> /afs/.openafs.org + /afs/openafs -> /afs/openafs.org + /afs/.uncc -> /afs/.uncc.edu + /afs/uncc -> /afs/uncc.edu + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the IBM Public License Version 1.0. This +man page was written by Jason Edgecombe for OpenAFS. diff --git a/doc/man-pages/pod8/afsd.pod b/doc/man-pages/pod8/afsd.pod index 27c58a1..5e49164 100644 --- a/doc/man-pages/pod8/afsd.pod +++ b/doc/man-pages/pod8/afsd.pod @@ -7,23 +7,30 @@ afsd - Initializes the Cache Manager and starts related daemons =for html
-B S<<< [B<-blocks> >] >>> - S<<< [B<-files> >] >>> - S<<< [B<-rootvol> >] >>> - S<<< [B<-stat> >] >>> - [B<-memcache>] S<<< [B<-cachedir> >] >>> - S<<< [B<-mountdir> >] >>> - S<<< [B<-daemons> >] >>> - [B<-nosettime>] [B<-verbose>] [B<-rmtsys>] [B<-debug>] - S<<< [B<-chunksize> >] >>> - S<<< [B<-dcache> >] >>> - S<<< [B<-volumes> >] >>> +B [B<-afsdb>] [B<-backuptree>] S<<< [B<-biods> >] >>> - S<<< [B<-prealloc> >] >>> + S<<< [B<-blocks> >] >>> + S<<< [B<-cachedir> >] >>> + S<<< [B<-chunksize> >] >>> S<<< [B<-confdir> >] >>> - S<<< [B<-logfile> >] >>> - [B<-waitclose>] [B<-shutdown>] [B<-enable_peer_stats>] - [B<-enable_process_stats>] [B<-dynroot>] [B<-help>] + S<<< [B<-daemons> >] >>> + S<<< [B<-dcache> >] >>> [B<-debug>] + [B<-dynroot>] [B<-enable_peer_stats>] [B<-enable_process_stats>] + [B<-fakestat>] [B<-fakestat-all>] + S<<< [B<-files> >] >>> + S<<< [B<-files_per_subdir> > ] >>> + [B<-help>] S<<< [B<-logfile> >] >>> + [B<-mem_alloc_sleep>] [B<-memcache>] + S<<< [B<-mountdir> >] >>> [B<-nomount>] + [B<-nosettime>] + S<<< [B<-prealloc> >] >>> + [B<-rmtsys>] S<<< [B<-rootvol> >] >>> + [B<-rxbind>] S<<< [B<-rxpck> value for rx_extraPackets ] >>> + [B<-settime>] [B<-shutdown>] + S<<< [B<-splitcache> >] >>> + S<<< [B<-stat> >] >>> [B<-verbose>] + S<<< [B<-volumes> >] >>> + [B<-waitclose>] =for html
@@ -56,9 +63,11 @@ Cache Manager to contact them and to access files in the cell. Omission of a cell from this list, or incorrect information about its database server machines, prevents the Cache Manager from accessing files in it. -The list of database server machines is transferred into the kernel from -the F file. After initialization, use the B command to change the kernel-resident list without having to +By default, the list of database server machines is transferred into the +kernel from the F file. Alternatively, when the +B<-afsdb> option is used, the list of database server machines is taken +from the AFSDB DNS records for each cell. After initialization, use the +B command to change the kernel-resident list without having to reboot. =item * @@ -93,8 +102,8 @@ not remove the directory that formerly served this function, if one exists. The second field in the F file is the source for -this name, and the standard value is the F directory. Use -the B<-cachedir> argument to override the value in the B file. +this name. The standard value is F. Use the B<-cachedir> +argument to override the value in the B file. =item * @@ -229,14 +238,12 @@ B<-stat> argument to override the default. =item * -Randomly selects a file server machine in the local cell as the source for -the correct time. Every five minutes thereafter, the local clock is -adjusted (if necessary) to match the file server machine's clock. - -Use the B<-nosettime> flag to prevent the afsd command from selecting a -time standard. This is recommended only on file server machines that are -also acting as clients. File server machines maintain the correct time -using the Network Time Protocol Daemon instead. +If the B<-settime> option is specified, then it randomly selects a file +server machine in the local cell as the source for the correct time. Every +five minutes thereafter, the local clock is adjusted (if necessary) to +match the file server machine's clock. This is not enabled by default. It +is recommended, instead, that the Network Time Protocol Daemon be used to +synchronize the time. =back @@ -286,11 +293,11 @@ Server. =item * -One I daemon, which sends a probe to the File Server -every few minutes to check that it is still accessible. It also -synchronizes the machine's clock with the clock on a randomly-chosen file -server machine, unless the B<-nosettime> flag is used. There is always one -server connection daemon. +One I daemon, which sends a probe to the File +Server every few minutes to check that it is still accessible. If the +B<-settime> option is set, it also synchronizes the machine's clock +with the clock on a randomly-chosen file server machine. There is +always one server connection daemon. =item * @@ -353,12 +360,63 @@ AFS has for years had difficulties with being stopped and restarted without an intervening reboot. While most of these issues have been ironed out, stopping and restarting AFS is not recommended unless necessary and rebooting before restarting AFS is still the safest course -of action. +of action. This does not apply to Linux; it should be safe to restart the +AFS client on Linux without rebooting. + +In contrast to many client-server applications, not all communication is +initiated by the client. When the AFS client opens a file, it registers a +callback with the AFS server. If the file changes, the server notifies the +client that the file has changed and that all cached copies should be +discarded. In order to enable full functionality on the AFS client, +including all command-line utilities, the following UDP ports must be open +on an firewalls between the client and the server: + + fileserver 7000/udp + cachemanager 7001/udp (OpenAFS client. Arla uses 4711/udp) + ptserver 7002/udp + vlserver 7003/udp + kaserver 7004/udp (not needed with Kerberos v5) + volserver 7005/udp + reserved 7006/udp (for future use) + bosserver 7007/udp + +Additionally, for B to work through the firewall you need to allow +inbound and outbound UDP on ports >1024 (probably 1024s). + +Be sure to set the UDP timeouts on the firewall to be at least twenty +minutes for the best callback performance. =head1 OPTIONS =over 4 +=item B<-afsdb> + +Enable afsdb support. This will use DNS to lookup the AFSDB record and use +that for the database servers for each cell instead of the values in the +F file. This has the advantage of only needing to update one +DNS record to reconfigure the AFS clients for a new database server as +opposed to touching all of the clients, and also allows one to access a +cell without preconfiguring its database servers in F. + +=item B<-backuptree> + +Prefer backup volumes for mountpoints in backup volumes. This option means +that the AFS client will prefer to resolve mount points to backup volumes +when a parent of the current volume is a backup volume. This is similar to +the standard behaviour of preferring read-only volumes over read-write +volumes when the parent volume is a read-only volume. + +=item B<-biods> > + +Sets the number of VM daemons dedicated to performing I/O operations on a +machine running a version of AIX with virtual memory (VM) integration. If +both this argument and the B<-daemons> argument are omitted, the default +is five. If this argument is omitted but the B<-daemons> argument is +provided, the number of VM daemons is set to twice the value of the +B<-daemons> argument. + =item B<-blocks> > Specifies the number of kilobyte blocks to be made available for caching @@ -369,44 +427,32 @@ F file. For a disk cache, the value cannot exceed cache, do not combine this argument with the B<-dcache> argument, since doing so can possibly result in a chunk size that is not an exponent of 2. -=item B<-files> > - -Specifies the number of F> files to create in the cache -directory for a disk cache, overriding the default that is calculated as -described in L. Each F> file accommodates a -chunk of data, and can grow to a maximum size of 64 KB by default. Do not -combine this argument with the B<-memcache> argument. - -=item B<-rootvol> > - -Names the read/write volume corresponding to the root directory for the -AFS file tree (which is usually the F directory). This value -overrides the default of the C volume. - -=item B<-stat> > - -Specifies the number of entries to allocate in the machine's memory for -recording status information about the AFS files in the cache. This value -overrides the default of C<300>. - -=item B<-memcache> - -Initializes a memory cache rather than a disk cache. Do not combine this -flag with the B<-files> argument. - =item B<-cachedir> > Names the local disk directory to be used as the cache. This value overrides the default defined in the second field of the F file. -=item B<-mountdir> > +=item B<-chunksize> > -Names the local disk directory on which to mount the root of the AFS -filespace. This value overrides the default defined in the first field of -the F file. If a value other than the F -directory is used, the machine cannot access the filespace of cells that -do use that value. +Sets the size of each cache chunk. The integer provided, which must be +from the range C<0> to C<30>, is used as an exponent on the number 2. It +overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a +memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than +C<30>, sets chunk size to the appropriate default. Values less than C<10> +(which sets chunk size to a 1 KB) are not recommended. Combining this +argument with the B<-dcache> argument is not recommended because it +requires that the issuer calculate the cache size that results. + +B<-chunksize> is an important option when tuning for performance. Setting +this option to larger values can increase performance when dealing with +large files. + +=item B<-confdir> > + +Names a directory other than the F directory from which to +fetch the F, F, and F configuration +files. =item B<-daemons> > @@ -421,25 +467,17 @@ VM daemons is set to twice the value of this argument, if it is provided and the B<-biods> argument is not. If both arguments are omitted, there are five VM daemons. -=item B<-nosettime> - -Prevents the Cache Manager from synchronizing its clock with the clock on -a server machine selected at random, by checking the time on the server -machine every five minutes. Use this flag only on a machine that is -already using another time synchronization protocol (for example, a server -machine that is running the B process). - -=item B<-verbose> - -Generates a detailed trace of the B program's actions on the -standard output stream. - -=item B<-rmtsys> +=item B<-dcache> > -Initializes an additional daemon to execute AFS-specific system calls on -behalf of NFS client machines. Use this flag only if the machine is an -NFS/AFS translator machine serving users of NFS client machines who -execute AFS commands. +Sets the number of dcache entries in memory, which are used to store +information about cache chunks. For a disk cache, this overrides the +default, which is 50% of the number of F> files (cache chunks). For +a memory cache, this argument effectively sets the number of cache chunks, +but its use is not recommended, because it requires the issuer to +calculate the resulting total cache size (derived by multiplying this +value by the chunk size). Do not combine this argument with the B<-blocks> +argument, since doing so can possibly result in a chunk size that is not +an exponent of 2. =item B<-debug> @@ -447,42 +485,121 @@ Generates a highly detailed trace of the B program's actions on the standard output stream. The information is useful mostly for debugging purposes. -=item B<-chunksize> > +=item B<-dynroot> -Sets the size of each cache chunk. The integer provided, which must be -from the range C<0> to C<30>, is used as an exponent on the number 2. It -overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a -memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than -C<30>, sets chunk size to the appropriate default. Values less than C<10> -(which sets chunk size to a 1 KB) are not recommended. Combining this -argument with the B<-dcache> argument is not recommended because it -requires that the issuer calculate the cache size that results. +The standard behaviour of the AFS client without the B<-dynroot> option is +to mount the root.afs volume from the default cell on the F path. The +F folder and root.afs volume traditionally shows the folders for +F and other cells as configured by the AFS cell administrator. -=item B<-dcache> > +The B<-dynroot> option changes this. Using this option, the AFS client +does not mount the root.afs volume on F. Instead it uses the +contents of the F file to populate the listing of cells in +F. This is known as a DYNamic ROOT. A cell is not contacted until +the path F> if accessed. This functions similarly to an +automounter. The main advantage of using B<-dynroot> is that the AFS +client will start properly even without network access, whereas the client +not using B<-dynroot> will freeze upon startup if cannot contact the +default cell specified in F and mount the root.afs +volume. Dynamic root mode is also sometimes called travelling mode because +it works well for laptops which don't always have network connectivity. -Sets the number of dcache entries in memory, which are used to store -information about cache chunks. For a disk cache, this overrides the -default, which is 50% of the number of F> files (cache -chunks). For a memory cache, this argument effectively sets the number of -cache chunks, but its use is not recommended, because it requires the -issuer to calculate the resulting total cache size (derived by multiplying -this value by the chunk size). Do not combine this argument with the -B<-blocks> argument, since doing so can possibly result in a chunk size -that is not an exponent of 2. +Two advantages of not using dynroot are that listing F will usually +be faster because the contents of F are limited to what the AFS +administrator decides and that symbolic links are traditionally created +by the AFS administrator to provide a short name for the cell (i.e. +cellname.domain.com is aliased to cellname). However, with dynroot, the +local system administrator can limit the default contents of F by +installing a stripped-down F file, and if dynroot is in effect, +the F file can be used to provide shortname for common AFS cells +which provides equivalent functionality to the most commonly used symbolic +links. -=item B<-volumes> > +=item B<-enable_peer_stats> -Specifies the number of memory structures to allocate for storing volume -location information. The default value is C<50>. +Activates the collection of Rx statistics and allocates memory for their +storage. For each connection with a specific UDP port on another machine, +a separate record is kept for each type of RPC (FetchFile, GetStatus, and +so on) sent or received. To display or otherwise access the records, use +the Rx Monitoring API. -=item B<-biods> > +=item B<-enable_process_stats> -Sets the number of VM daemons dedicated to performing I/O operations on a -machine running a version of AIX with virtual memory (VM) integration. If -both this argument and the B<-daemons> argument are omitted, the default -is five. If this argument is omitted but the B<-daemons> argument is -provided, the number of VM daemons is set to twice the value of the -B<-daemons> argument. +Activates the collection of Rx statistics and allocates memory for their +storage. A separate record is kept for each type of RPC (FetchFile, +GetStatus, and so on) sent or received, aggregated over all connections to +other machines. To display or otherwise access the records, use the Rx +Monitoring API. + +=item B<-fakestat> + +Return fake values for stat calls on cross-cell mounts. This option makes +an C of F much faster since each cell isn't contacted, and +this and the B<-fakestat-all> options are useful on Mac OS X so that the +Finder program doesn't try to contact every AFS cell the system knows +about. + +=item B<-fakestat-all> + +Return fake values for stat calls on all mounts, not just cross-cell +mounts. This and the B<-fakestat> options are useful on Mac OS X so that +the Finder program doesn't hang when browsing AFS directories. + +=item B<-files> > + +Specifies the number of F> files to create in the cache directory +for a disk cache, overriding the default that is calculated as described +in L. Each F> file accommodates a chunk of data, and +can grow to a maximum size of 64 KB by default. Do not combine this +argument with the B<-memcache> argument. + +=item B<-files_per_subdir> > + +Limits the number of cache files in each subdirectory of the cache +directory. The value of the option should be the base-two log of the +number of cache files per cache subdirectory (so 10 for 1024 files, 14 for +16384 files, and so forth). + +=item B<-help> + +Prints the online help for this command. All other valid options are +ignored. + +=item B<-logfile> > + +This option is obsolete and no longer has any effect. + +=item B<-mem_alloc_sleep> + +Allows sleeps when allocating a memory cache. + +=item B<-memcache> + +Initializes a memory cache rather than a disk cache. Do not combine this +flag with the B<-files> argument. + +=item B<-mountdir> > + +Names the local disk directory on which to mount the root of the AFS +filespace. This value overrides the default defined in the first field of +the F file. If a value other than the F +directory is used, the machine cannot access the filespace of cells that +do use that value. + +=item B<-nomount> + +Do not mount AFS on startup. The afs global mount must be mounted via +some other means. This is useful on Mac OS X where /afs is sometimes +mounted in /Network/afs like other network file systems. + +=item B<-nosettime> + +This is enabled by default. It prevents the Cache Manager from +synchronizing its clock with the clock on a server machine selected at +random by checking the time on the server machine every five minutes. +This is the recommended behavior; instead of the AFS Cache Manager, the +Network Time Protocol Daemon should be used to synchronize the system +time. =item B<-prealloc> > @@ -490,80 +607,68 @@ Specifies the number of pieces of memory to preallocate for the Cache Manager's internal use. The default initial value is C<400>, but the Cache Manager dynamically allocates more memory as it needs it. -=item B<-confdir> > +=item B<-rmtsys> -Names a directory other than the F directory from which to -fetch the F, F, and F configuration -files. +Initializes an additional daemon to execute AFS-specific system calls on +behalf of NFS client machines. Use this flag only if the machine is an +NFS/AFS translator machine serving users of NFS client machines who +execute AFS commands. -=item B<-logfile> > +=item B<-rootvol> > -Is obsolete and has no real effect. It specifies an alternate file in -which to record a type of trace that the Cache Manager no longer -generates; the default value is F. +Names the read/write volume corresponding to the root directory for the +AFS file tree (which is usually the F directory). This value +overrides the default of the C volume. This option is ignored if +B<-dynroot> is given. -=item B<-waitclose> +=item B<-rxbind> -Has no effect on the operation of the Cache Manager. The behavior it -affected in previous versions of the Cache Manager, to perform synchronous -writes to the File Server, is now the default behavior. To perform -asynchronous writes in certain cases, use the B command. +Bind the Rx socket (one interface only). + +=item B<-rxpck> > + +Set rx_extraPackets to this value. + +=item B<-settime> + +Enable native AFS time synchronization. This option is the opposite of +B<-nosettime> and cannot be used with the B<-nosettime> option. =item B<-shutdown> -Shuts down the Cache Manager, but not in the most effective possible -way. Do not use this flag. +Shuts down the Cache Manager. Before calling B with this option, +unmount the AFS file system with B. -=item B<-enable_peer_stats> +=item B<-splitcache> > -Activates the collection of Rx statistics and allocates memory for their -storage. For each connection with a specific UDP port on another machine, -a separate record is kept for each type of RPC (FetchFile, GetStatus, and -so on) sent or received. To display or otherwise access the records, use -the Rx Monitoring API. +This allows the user to set a certain percentage of the AFS cache be +reserved for read/write content and the rest to be reserved for read-only +content. The ratio should be written as a fraction. For example, +C<-splitcache 75/25> devotes 75% of your cache space to read/write content +and 25% to read-only. -=item B<-enable_process_stats> +=item B<-stat> > -Activates the collection of Rx statistics and allocates memory for their -storage. A separate record is kept for each type of RPC (FetchFile, -GetStatus, and so on) sent or received, aggregated over all connections to -other machines. To display or otherwise access the records, use the Rx -Monitoring API. +Specifies the number of entries to allocate in the machine's memory for +recording status information about the AFS files in the cache. This value +overrides the default of C<300>. -=item B<-dynroot> +=item B<-verbose> -The standard behaviour of the AFS client without the B<-dynroot> option is -to mount the root.afs volume from the default cell on the F path. The -F folder and root.afs volume traditionally shows the folders for -F and other cells as configured by the AFS cell administrator. +Generates a detailed trace of the B program's actions on the +standard output stream. -The B<-dynroot> option changes this. Using this option, the AFS client does -NOT mount the root.afs volume on F. Instead it uses the contents of -the F file to populate the listing of cells in F. This -is known as a DYNamic ROOT. A cell is not contacted until the path -F> if accessed. This functions similarly to an automounter. -The main advantage of using B<-dynroot> is that the AFS client will -start properly even without network access, whereas the client not using -B<-dynroot> will freeze upon startup if cannot contact the default cell -specified in F and mount the root.afs volume. Dynamic root mode -is also sometimes called travelling mode because it works well for laptops -which don't always have network connectivity. +=item B<-volumes> > -Two advantages of not using dynroot are that listing F will usually -be faster because the contents of F are limited to what the AFS -administrator decides and that symbolic links are traditionally created -by the AFS administrator to provide a short name for the cell (i.e. -cellname.domain.com is aliased to cellname). However, with dynroot, the -local system administrator can limit the default contents of F by -installing a stripped-down F file, and if dynroot is in effect, -the F file can be used to provide shortname for common AFS cells -which provides equivalent functionality to the most commonly used symbolic -links. +Specifies the number of memory structures to allocate for storing volume +location information. The default value is C<50>. -=item B<-help> +=item B<-waitclose> -Prints the online help for this command. All other valid options are -ignored. +Has no effect on the operation of the Cache Manager. The behavior it +affected in previous versions of the Cache Manager, to perform synchronous +writes to the File Server, is now the default behavior. To perform +asynchronous writes in certain cases, use the B command. =back @@ -591,6 +696,7 @@ The issuer must be logged in as the local superuser root. =head1 SEE ALSO +L, L, L, L @@ -599,6 +705,6 @@ L IBM Corporation 2000. All Rights Reserved. -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. +This documentation is covered by the IBM Public License Version 1.0. It +was converted from HTML to POD by software written by Chas Williams and +Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. -- 1.9.4