<chapter id="HDRWQ17">
<title>Installing the First AFS Machine</title>
+ <para>
<indexterm>
<primary>file server machine</primary>
<secondary>first AFS machine</secondary>
</indexterm>
- <para>This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
+ This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
client machine. After completing all procedures in this chapter, you can remove the client functionality if you wish, as described
in <link linkend="HDRWQ98">Removing Client Functionality</link>.</para>
</listitem>
<listitem>
- <para>You have a NTP, or similar, time service deployed to ensure
- rough clock syncronistation between your clients and servers. If you
- wish to use AFS's built in timeservice (which is deprecated) please
- see Appendix B for the necessary modifications to this installation
- procedure.</para>
+ <para>You have NTP or a similar time service deployed to ensure
+ rough clock syncronistation between your clients and servers.</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
- <para>Start the server portion of the Update Server</para>
+ <para>Optionally, start the server portion of the Update Server</para>
</listitem>
</orderedlist></para>
<para>The <emphasis role="bold">/vicep</emphasis><replaceable>xx</replaceable> directories must reside in the file server
machine's root directory, not in one of its subdirectories (for example, <emphasis role="bold">/usr/vicepa</emphasis> is
- not an acceptable directory location).</para>
+ not an acceptable directory location).
+
+ The <emphasis role="bold">fileserver</emphasis> will refuse to
+ mount
+ any <emphasis role="bold">/vicep</emphasis><replaceable>xx</replaceable>
+ folders that are not separate partitions. </para>
+
+ <warning>
+ <para>The separate partition requirement may be overridden by
+ creating a file named
+ <emphasis role="bold">/vicep<replaceable>xx</replaceable>/AlwaysAttach</emphasis>;
+ however, mixed-use partitions, whether cache or fileserver,
+ have the risk that a non-AFS use will fill the partition and
+ not leave enough free space for AFS. Even though it is
+ allowed, be wary of configuring a mixed-use partition
+ without understanding the ramifications of doing so with the
+ workload on your filesystem.
+ <indexterm>
+ <primary>AFS server partition</primary>
+ <secondary>AlwaysAttach</secondary>
+ </indexterm>
+ </para>
+ </warning>
<para>You can also add or remove server partitions on an existing file server machine. For instructions, see the chapter
in the <emphasis>OpenAFS Administration Guide</emphasis> about maintaining server machines.</para>
</listitem>
<listitem>
- <para>On some system types, install and configure a modified <emphasis role="bold">fsck</emphasis> program which
+ <para>On system types using the <emphasis role="bold">inode</emphasis> storage format, install and configure a modified <emphasis role="bold">fsck</emphasis> program which
recognizes the structures that the File Server uses to organize volume data on AFS server partitions. The <emphasis
role="bold">fsck</emphasis> program provided with the operating system does not understand the AFS data structures, and so
removes them to the <emphasis role="bold">lost+found</emphasis> directory.</para>
examples. Once you have unpacked the distribution,
change directory as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/rs_aix42/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/rs_aix42/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
<programlisting>
# <emphasis role="bold">cd /sbin/helpers</emphasis>
# <emphasis role="bold">mv v3fshelper v3fshelper.noafs</emphasis>
- # <emphasis role="bold">cp -p /tmp/afsdist/rs_aix42/root.server/etc/v3fshelper v3fshelper</emphasis>
+ # <emphasis role="bold">cp -p /tmp/afsdist/rs_aix42/dest/root.server/etc/v3fshelper v3fshelper</emphasis>
</programlisting></para>
</listitem>
examples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/root.client</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/dest/root.client</emphasis>
</programlisting></para>
</listitem>
<para>Copy the AFS-modified version of the <emphasis role="bold">fsck</emphasis> program (the <emphasis
role="bold">vfsck</emphasis> binary) and related files from the distribution directory to the new AFS-specific command
directory. <programlisting>
- # <emphasis role="bold">cp -p /tmp/afsdist/hp_ux110/root.server/etc/* .</emphasis>
+ # <emphasis role="bold">cp -p /tmp/afsdist/hp_ux110/dest/root.server/etc/* .</emphasis>
</programlisting></para>
</listitem>
examples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/sgi_65/root.client</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/sgi_65/dest/root.client</emphasis>
</programlisting></para>
</listitem>
instructions are provided for those building from source.</para>
<para>Begin by running the AFS client startup scripts, which call the
- <emphasis role="bold">modprobe</emphasis> program, which dynamically
- loads AFS modifications into the kernel. Then create partitions for
+ <emphasis role="bold">modprobe</emphasis> program to dynamically
+ load the AFS modifications into the kernel. Then create partitions for
storing AFS volumes. You do not need to replace the Linux <emphasis
role="bold">fsck</emphasis> program. If the machine is to remain an
AFS client machine, incorporate AFS into the machine's Pluggable
<para>The procedure for starting up OpenAFS depends upon your distribution</para>
<sect3>
<title>Fedora and RedHat Enterprise Linux</title>
- <para>OpenAFS ship RPMS for all current Fedora and RHEL releases.
+ <para>OpenAFS provides RPMS for all current Fedora and RedHat Enterprise Linux (RHEL) releases on the OpenAFS web site and the OpenAFS yum repository.
<orderedlist>
<listitem>
- <para>Download and install the RPM set for your operating system.
- RPMs are available from the OpenAFS web site. You will need the
- <emphasis role="bold">openafs</emphasis>
- <emphasis role="bold">openafs-client></emphasis>
- <emphasis role="bold">openafs-server</emphasis> packages, along with
- an <emphasis role="bold">openafs-kernel</emphasis> package matching
- your current, running, kernel.</para>
- <para>You can find the version of your current kernel by running
-<programlisting>
- # uname -r
-<replaceable>2.6.20-1.2933.fc6</replaceable>
-</programlisting></para>
- <para>Once downloaded, the packages may be installed with the
- <emphasis role="bold">rpm</emphasis> command
-<programlisting>
- # rpm -U openafs-* openafs-client-* openafs-server-* openafs-kernel-*
-</programlisting></para>
+ <para>Browse to
+ http://dl.openafs.org/dl/openafs/<replaceable>VERSION</replaceable>,
+ where VERSION is the latest stable release of
+ OpenAFS. Download the
+ openafs-repository-<replaceable>VERSION</replaceable>.noarch.rpm
+ file for Fedora systems or the
+ openafs-repository-rhel-<replaceable>VERSION</replaceable>.noarch.rpm
+ file for RedHat-based systems.
+ </para>
+ </listitem>
+ <listitem>
+ <para>Install the downloaded RPM file using the following command:
+ <programlisting>
+ # rpm -U openafs-repository*.rpm
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Install the RPM set for your operating system using the yum command as follows:
+ <programlisting>
+ # yum -y install openafs-client openafs-server openafs-krb5 kmod-openafs
+ </programlisting>
+
+ </para>
+ <para>Alternatively, you may use dynamically-compiled kernel
+ modules if you have the kernel headers, a compiler, and the
+ dkms package from
+ <ulink url="http://fedoraproject.org/wiki/EPEL"><citetitle>EPEL</citetitle></ulink> installed.
+
+ </para>
+ <para>To use dynamically-compiled kernel modules instead of statically compiled modules, use the following command instead of the kmod-openafs as shown above:
+ <programlisting>
+ # yum install openafs-client openafs-server openafs-krb5 dkms-openafs
+ </programlisting>
+ </para>
</listitem>
<!-- If you do this with current RHEL and Fedora releases you end up with
a dynroot'd client running - this breaks setting up the root.afs volume
<listitem>
<para>Unpack the distribution tarball. The examples below assume
that you have unpacked the files into the
- <emphasis role="bold">/tmp/afsdist</emphasis>directory. If you
+ <emphasis role="bold">/tmp/afsdist</emphasis> directory. If you
pick a different location, substitute this in all of the following
examples. Once you have unpacked the distribution,
change directory as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/linux/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
exmaples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/sun4x_56/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/sun4x_56/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
<para>Copy the appropriate AFS kernel library file to the local file <emphasis
role="bold">/kernel/fs/afs</emphasis>.</para>
+ <para>If the machine is running Solaris 11 on the x86_64 platform:</para>
+
+ <programlisting>
+ # <emphasis role="bold">cp -p modload/libafs64.o /kernel/drv/amd64/afs</emphasis>
+</programlisting>
+
+ <para>If the machine is running Solaris 10 on the x86_64 platform:</para>
+
+ <programlisting>
+ # <emphasis role="bold">cp -p modload/libafs64.o /kernel/fs/amd64/afs</emphasis>
+</programlisting>
+
<para>If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, its kernel supports NFS server
functionality, and the <emphasis role="bold">nfsd</emphasis> process is running:</para>
<listitem>
<para>Copy the <emphasis role="bold">vfsck</emphasis> binary to the newly created directory, changing the name as you do
so. <programlisting>
- # <emphasis role="bold">cp /tmp/afsdist/sun4x_56/root.server/etc/vfsck fsck</emphasis>
+ # <emphasis role="bold">cp /tmp/afsdist/sun4x_56/dest/root.server/etc/vfsck fsck</emphasis>
</programlisting></para>
</listitem>
<para>Sites which still require <emphasis
role="bold">kaserver</emphasis> or external Kerberos v4 authentication
- should consult <link linkend="KAS016">Enabling kaserver based AFS
+ should consult <link linkend="KAS016">"Enabling kaserver based AFS
Login on Solaris Systems"</link> for details of how to enable AFS
login on Solaris.</para>
<para>The entry for AFS server processes, called either
<emphasis role="bold">afs</emphasis> or
<emphasis role="bold">afs/<replaceable>cell</replaceable></emphasis>.
+ The latter form is preferred since it works regardless of whether
+ your cell name matches your Kerberos realm name and allows multiple
+ AFS cells to be served from a single Kerberos realm.
No user logs in under this identity, but it is used to encrypt the
server tickets that granted to AFS clients for presentation to
server processes during mutual authentication. (The
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ54" />Issue the
+ <listitem id="LIWQ54">
+ <para>Issue the
<emphasis role="bold">add_principal</emphasis> command to create
Kerberos Database entries called
<emphasis role="bold">admin</emphasis> and
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ55" />Issue the <emphasis role="bold">kadmin
+ <listitem id="LIWQ55">
+ <para>Issue the <emphasis role="bold">kadmin
get_principal</emphasis> command to display the <emphasis
role="bold">afs/</emphasis><<replaceable>cell name</replaceable>> entry.
<programlisting>
</listitem>
<listitem>
- <para>Issue the <emphasis role="bold">kadmin quit</emphasis> command to leave <emphasis role="bold">kadmin</emphasis>
+ <para>Issue the <emphasis role="bold">quit</emphasis> command to leave <emphasis role="bold">kadmin</emphasis>
interactive mode. <programlisting>
kadmin: <emphasis role="bold">quit</emphasis>
</programlisting> <indexterm>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ57" />Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
+ <listitem id="LIWQ57">
+ <para>Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
role="bold">admin</emphasis> user to the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. This enables the
<emphasis role="bold">admin</emphasis> user to issue privileged <emphasis role="bold">bos</emphasis> and <emphasis
role="bold">vos</emphasis> commands. <programlisting>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ58" />Issue the
+ <listitem id="LIWQ58">
+ <para>Issue the
<emphasis role="bold">asetkey</emphasis> command to set the AFS
server encryption key in the
<emphasis role="bold">/usr/afs/etc/KeyFile</emphasis> file. This key
<para>asetkey requires the key version number (or kvno) of the
<emphasis role="bold">afs/</emphasis><replaceable>cell</replaceable>
- key. You should have noted this down when creating the key earlier.
- The key version number can also be found by running the
+ key. You should have made note of the kvno when creating the key
+ earlier. The key version number can also be found by running the
<emphasis role="bold">kvno</emphasis> command</para>
<programlisting>
- # <emphasis role="bold">kvno afs/</emphasis><<replaceable>cell name</replaceable>>
+ # <emphasis role="bold">kvno -k /etc/afs.keytab afs/</emphasis><<replaceable>cell name</replaceable>>
</programlisting>
<para>Once the kvno is known, the key can then be extracted using
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ59" />Issue the
+ <listitem id="LIWQ59">
+ <para>Issue the
<emphasis role="bold">bos listkeys</emphasis> command to verify that
the key version number for the new key in the
<emphasis role="bold">KeyFile</emphasis> file is the same as the key
<para>If you are planning on running the Demand-Attach File Server, create the <emphasis
role="bold">dafs</emphasis> process:
<programlisting>
- # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs fs /usr/afs/bin/dafileserver</emphasis> \
+ # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">dafs dafs /usr/afs/bin/dafileserver</emphasis> \
<emphasis role="bold">/usr/afs/bin/davolserver /usr/afs/bin/salvageserver</emphasis> \
- <emphasis role="bold">/usr/afs/bin/salvager</emphasis> <emphasis role="bold">-noauth</emphasis>
+ <emphasis role="bold">/usr/afs/bin/dasalvager</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
</itemizedlist>
</sect1>
<sect1 id="HDRWQ62">
- <title>Starting the Controller for NTPD</title>
+ <title>Clock Sync Considerations</title>
<para>Keeping the clocks on all server and client machines in your cell synchronized is crucial to several functions, and in
particular to the correct operation of AFS's distributed database technology, Ubik. The chapter in the <emphasis>OpenAFS
Administration Guide</emphasis> about administering server machines explains how time skew can disturb Ubik's performance and
cause service outages in your cell.</para>
- <para>Historically, AFS used to distribute its own version of the Network
-Time Protocol Daemon. Whilst this is still provided for existing sites, we
-recommend that you configure and install your time service independently of
-AFS. A reliable timeservice will also be required by your Kerberos realm,
-and so may already be available at your site.</para>
+ <para>You should install and configure your time service independently of
+ AFS. Your Kerberos realm will also require a reliable time source, so your site
+ may already have one available.</para>
<indexterm>
<primary>overview</primary>
192.12.105.3 #db1.example.com
192.12.105.4 #db2.example.com
192.12.105.55 #db3.example.com
- >stateu.edu #State University cell
- 138.255.68.93 #serverA.stateu.edu
- 138.255.68.72 #serverB.stateu.edu
- 138.255.33.154 #serverC.stateu.edu
+ >example.org #Example Organization cell
+ 138.255.68.93 #serverA.example.org
+ 138.255.68.72 #serverB.example.org
+ 138.255.33.154 #serverC.example.org
</programlisting>
<indexterm>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ81" />Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
+ <listitem id="LIWQ81">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
role="bold">root.cell</emphasis> volume. Then issue the <emphasis role="bold">fs mkmount</emphasis> command to mount it as
a subdirectory of the <emphasis role="bold">/afs</emphasis> directory, where it serves as the root of your cell's local
AFS filespace. Finally, issue the <emphasis role="bold">fs setacl</emphasis> command to create an ACL entry for the
<para>For the <replaceable>partition name</replaceable> argument, substitute the name of one of the machine's AFS server
partitions (such as <emphasis role="bold">/vicepa</emphasis>). For the <replaceable>cellname</replaceable> argument,
- substitute your cell's fully-qualified Internet domain name (such as <emphasis role="bold">abc.com</emphasis>).</para>
+ substitute your cell's fully-qualified Internet domain name (such as <emphasis role="bold">example.com</emphasis>).</para>
<programlisting>
# <emphasis role="bold">/usr/afs/bin/vos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <emphasis
<listitem>
<para><emphasis role="bold">(Optional)</emphasis> Create a symbolic link to a shortened cell name, to reduce the length of
- pathnames for users in the local cell. For example, in the <emphasis role="bold">abc.com</emphasis> cell, <emphasis
- role="bold">/afs/abc</emphasis> is a link to <emphasis role="bold">/afs/abc.com</emphasis>. <programlisting>
+ pathnames for users in the local cell. For example, in the <emphasis role="bold">example.com</emphasis> cell, <emphasis
+ role="bold">/afs/example</emphasis> is a link to <emphasis role="bold">/afs/example.com</emphasis>. <programlisting>
# <emphasis role="bold">cd /afs</emphasis>
# <emphasis role="bold">ln -s</emphasis> <replaceable>full_cellname</replaceable> <replaceable>short_cellname</replaceable>
</programlisting> <indexterm>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ82" />Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
+ <listitem id="LIWQ82">
+ <para>Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
for both the <emphasis role="bold">root.afs</emphasis> and <emphasis role="bold">root.cell</emphasis> volumes. In each
case, substitute for the <replaceable>partition name</replaceable> argument the partition where the volume's read/write
version resides. When you install additional file server machines, it is a good idea to create replication sites on them
<tertiary>volume for AFS binaries</tertiary>
</indexterm>
- <listitem>
- <para><anchor id="LIWQ84" />Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
+ <listitem id="LIWQ84">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
the AFS client binaries for this system type. The following example instruction creates volumes called
<replaceable>sysname</replaceable>, <replaceable>sysname</replaceable>.<emphasis role="bold">usr</emphasis>, and
<replaceable>sysname</replaceable>.<emphasis role="bold">usr.afsws</emphasis>. Refer to the <emphasis>OpenAFS Release
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ85" />Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
+ <listitem id="LIWQ85">
+ <para>Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
the volume mounted at the <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/usr/afsws</emphasis> directory. This
enables you to copy all of the appropriate files from the CD-ROM into the volume without exceeding the volume's
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ86" />Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
+ <listitem id="LIWQ86">
+ <para>Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
directory <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/@sys/usr/afsws</emphasis>. You can specify the actual system name instead of <emphasis
role="bold">@sys</emphasis> if you wish, but the advantage of using <emphasis role="bold">@sys</emphasis> is that it
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ92" />If this machine is going to remain an AFS client after you complete the installation, verify
+ <listitem id="LIWQ92">
+ <para>If this machine is going to remain an AFS client after you complete the installation, verify
that the local <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file includes an entry for each foreign
cell.</para>