<chapter id="HDRWQ17">
<title>Installing the First AFS Machine</title>
+ <para>
<indexterm>
<primary>file server machine</primary>
<secondary>first AFS machine</secondary>
</indexterm>
- <para>This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
+ This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
client machine. After completing all procedures in this chapter, you can remove the client functionality if you wish, as described
in <link linkend="HDRWQ98">Removing Client Functionality</link>.</para>
</listitem>
<listitem>
- <para>You have a NTP, or similar, time service deployed to ensure
- rough clock syncronistation between your clients and servers. If you
- wish to use AFS's built in timeservice (which is deprecated) please
- see Appendix B for the necessary modifications to this installation
- procedure.</para>
+ <para>You have NTP or a similar time service deployed to ensure
+ rough clock syncronistation between your clients and servers.</para>
</listitem>
</itemizedlist></para>
examples. Once you have unpacked the distribution,
change directory as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/rs_aix42/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/rs_aix42/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
<programlisting>
# <emphasis role="bold">cd /sbin/helpers</emphasis>
# <emphasis role="bold">mv v3fshelper v3fshelper.noafs</emphasis>
- # <emphasis role="bold">cp -p /tmp/afsdist/rs_aix42/root.server/etc/v3fshelper v3fshelper</emphasis>
+ # <emphasis role="bold">cp -p /tmp/afsdist/rs_aix42/dest/root.server/etc/v3fshelper v3fshelper</emphasis>
</programlisting></para>
</listitem>
examples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/root.client</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/dest/root.client</emphasis>
</programlisting></para>
</listitem>
<para>Copy the AFS-modified version of the <emphasis role="bold">fsck</emphasis> program (the <emphasis
role="bold">vfsck</emphasis> binary) and related files from the distribution directory to the new AFS-specific command
directory. <programlisting>
- # <emphasis role="bold">cp -p /tmp/afsdist/hp_ux110/root.server/etc/* .</emphasis>
+ # <emphasis role="bold">cp -p /tmp/afsdist/hp_ux110/dest/root.server/etc/* .</emphasis>
</programlisting></para>
</listitem>
examples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/sgi_65/root.client</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/sgi_65/dest/root.client</emphasis>
</programlisting></para>
</listitem>
examples. Once you have unpacked the distribution,
change directory as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/linux/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
exmaples. Once you have unpacked the distribution, change directory
as indicated.
<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/sun4x_56/root.client/usr/vice/etc</emphasis>
+ # <emphasis role="bold">cd /tmp/afsdist/sun4x_56/dest/root.client/usr/vice/etc</emphasis>
</programlisting></para>
</listitem>
<para>Copy the appropriate AFS kernel library file to the local file <emphasis
role="bold">/kernel/fs/afs</emphasis>.</para>
+ <para>If the machine is running Solaris 11 on the x86_64 platform:</para>
+
+ <programlisting>
+ # <emphasis role="bold">cp -p modload/libafs64.o /kernel/drv/amd64/afs</emphasis>
+</programlisting>
+
+ <para>If the machine is running Solaris 10 on the x86_64 platform:</para>
+
+ <programlisting>
+ # <emphasis role="bold">cp -p modload/libafs64.o /kernel/fs/amd64/afs</emphasis>
+</programlisting>
+
<para>If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, its kernel supports NFS server
functionality, and the <emphasis role="bold">nfsd</emphasis> process is running:</para>
<listitem>
<para>Copy the <emphasis role="bold">vfsck</emphasis> binary to the newly created directory, changing the name as you do
so. <programlisting>
- # <emphasis role="bold">cp /tmp/afsdist/sun4x_56/root.server/etc/vfsck fsck</emphasis>
+ # <emphasis role="bold">cp /tmp/afsdist/sun4x_56/dest/root.server/etc/vfsck fsck</emphasis>
</programlisting></para>
</listitem>
<para>Sites which still require <emphasis
role="bold">kaserver</emphasis> or external Kerberos v4 authentication
- should consult <link linkend="KAS016">Enabling kaserver based AFS
+ should consult <link linkend="KAS016">"Enabling kaserver based AFS
Login on Solaris Systems"</link> for details of how to enable AFS
login on Solaris.</para>
<para>The entry for AFS server processes, called either
<emphasis role="bold">afs</emphasis> or
<emphasis role="bold">afs/<replaceable>cell</replaceable></emphasis>.
+ The latter form is preferred since it works regardless of whether
+ your cell name matches your Kerberos realm name and allows multiple
+ AFS cells to be served from a single Kerberos realm.
No user logs in under this identity, but it is used to encrypt the
server tickets that granted to AFS clients for presentation to
server processes during mutual authentication. (The
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ54" />Issue the
+ <listitem id="LIWQ54">
+ <para>Issue the
<emphasis role="bold">add_principal</emphasis> command to create
Kerberos Database entries called
<emphasis role="bold">admin</emphasis> and
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ55" />Issue the <emphasis role="bold">kadmin
+ <listitem id="LIWQ55">
+ <para>Issue the <emphasis role="bold">kadmin
get_principal</emphasis> command to display the <emphasis
role="bold">afs/</emphasis><<replaceable>cell name</replaceable>> entry.
<programlisting>
</listitem>
<listitem>
- <para>Issue the <emphasis role="bold">kadmin quit</emphasis> command to leave <emphasis role="bold">kadmin</emphasis>
+ <para>Issue the <emphasis role="bold">quit</emphasis> command to leave <emphasis role="bold">kadmin</emphasis>
interactive mode. <programlisting>
kadmin: <emphasis role="bold">quit</emphasis>
</programlisting> <indexterm>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ57" />Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
+ <listitem id="LIWQ57">
+ <para>Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
role="bold">admin</emphasis> user to the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. This enables the
<emphasis role="bold">admin</emphasis> user to issue privileged <emphasis role="bold">bos</emphasis> and <emphasis
role="bold">vos</emphasis> commands. <programlisting>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ58" />Issue the
+ <listitem id="LIWQ58">
+ <para>Issue the
<emphasis role="bold">asetkey</emphasis> command to set the AFS
server encryption key in the
<emphasis role="bold">/usr/afs/etc/KeyFile</emphasis> file. This key
<para>asetkey requires the key version number (or kvno) of the
<emphasis role="bold">afs/</emphasis><replaceable>cell</replaceable>
- key. You should have noted this down when creating the key earlier.
- The key version number can also be found by running the
+ key. You should have made note of the kvno when creating the key
+ earlier. The key version number can also be found by running the
<emphasis role="bold">kvno</emphasis> command</para>
<programlisting>
- # <emphasis role="bold">kvno afs/</emphasis><<replaceable>cell name</replaceable>>
+ # <emphasis role="bold">kvno -k /etc/afs.keytab afs/</emphasis><<replaceable>cell name</replaceable>>
</programlisting>
<para>Once the kvno is known, the key can then be extracted using
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ59" />Issue the
+ <listitem id="LIWQ59">
+ <para>Issue the
<emphasis role="bold">bos listkeys</emphasis> command to verify that
the key version number for the new key in the
<emphasis role="bold">KeyFile</emphasis> file is the same as the key
<programlisting>
# <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">dafs dafs /usr/afs/bin/dafileserver</emphasis> \
<emphasis role="bold">/usr/afs/bin/davolserver /usr/afs/bin/salvageserver</emphasis> \
- <emphasis role="bold">/usr/afs/bin/salvager</emphasis> <emphasis role="bold">-noauth</emphasis>
+ <emphasis role="bold">/usr/afs/bin/dasalvager</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
</itemizedlist>
</sect1>
<sect1 id="HDRWQ62">
- <title>Starting the Controller for NTPD</title>
+ <title>Clock Sync Considerations</title>
<para>Keeping the clocks on all server and client machines in your cell synchronized is crucial to several functions, and in
particular to the correct operation of AFS's distributed database technology, Ubik. The chapter in the <emphasis>OpenAFS
Administration Guide</emphasis> about administering server machines explains how time skew can disturb Ubik's performance and
cause service outages in your cell.</para>
- <para>Historically, AFS used to distribute its own version of the Network
-Time Protocol Daemon. Whilst this is still provided for existing sites, we
-recommend that you configure and install your time service independently of
-AFS. A reliable timeservice will also be required by your Kerberos realm,
-and so may already be available at your site.</para>
+ <para>You should install and configure your time service independently of
+ AFS. Your Kerberos realm will also require a reliable time source, so your site
+ may already have one available.</para>
<indexterm>
<primary>overview</primary>
192.12.105.3 #db1.example.com
192.12.105.4 #db2.example.com
192.12.105.55 #db3.example.com
- >stateu.edu #State University cell
- 138.255.68.93 #serverA.stateu.edu
- 138.255.68.72 #serverB.stateu.edu
- 138.255.33.154 #serverC.stateu.edu
+ >example.org #Example Organization cell
+ 138.255.68.93 #serverA.example.org
+ 138.255.68.72 #serverB.example.org
+ 138.255.33.154 #serverC.example.org
</programlisting>
<indexterm>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ81" />Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
+ <listitem id="LIWQ81">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
role="bold">root.cell</emphasis> volume. Then issue the <emphasis role="bold">fs mkmount</emphasis> command to mount it as
a subdirectory of the <emphasis role="bold">/afs</emphasis> directory, where it serves as the root of your cell's local
AFS filespace. Finally, issue the <emphasis role="bold">fs setacl</emphasis> command to create an ACL entry for the
<para>For the <replaceable>partition name</replaceable> argument, substitute the name of one of the machine's AFS server
partitions (such as <emphasis role="bold">/vicepa</emphasis>). For the <replaceable>cellname</replaceable> argument,
- substitute your cell's fully-qualified Internet domain name (such as <emphasis role="bold">abc.com</emphasis>).</para>
+ substitute your cell's fully-qualified Internet domain name (such as <emphasis role="bold">example.com</emphasis>).</para>
<programlisting>
# <emphasis role="bold">/usr/afs/bin/vos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <emphasis
<listitem>
<para><emphasis role="bold">(Optional)</emphasis> Create a symbolic link to a shortened cell name, to reduce the length of
- pathnames for users in the local cell. For example, in the <emphasis role="bold">abc.com</emphasis> cell, <emphasis
- role="bold">/afs/abc</emphasis> is a link to <emphasis role="bold">/afs/abc.com</emphasis>. <programlisting>
+ pathnames for users in the local cell. For example, in the <emphasis role="bold">example.com</emphasis> cell, <emphasis
+ role="bold">/afs/example</emphasis> is a link to <emphasis role="bold">/afs/example.com</emphasis>. <programlisting>
# <emphasis role="bold">cd /afs</emphasis>
# <emphasis role="bold">ln -s</emphasis> <replaceable>full_cellname</replaceable> <replaceable>short_cellname</replaceable>
</programlisting> <indexterm>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ82" />Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
+ <listitem id="LIWQ82">
+ <para>Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
for both the <emphasis role="bold">root.afs</emphasis> and <emphasis role="bold">root.cell</emphasis> volumes. In each
case, substitute for the <replaceable>partition name</replaceable> argument the partition where the volume's read/write
version resides. When you install additional file server machines, it is a good idea to create replication sites on them
<tertiary>volume for AFS binaries</tertiary>
</indexterm>
- <listitem>
- <para><anchor id="LIWQ84" />Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
+ <listitem id="LIWQ84">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
the AFS client binaries for this system type. The following example instruction creates volumes called
<replaceable>sysname</replaceable>, <replaceable>sysname</replaceable>.<emphasis role="bold">usr</emphasis>, and
<replaceable>sysname</replaceable>.<emphasis role="bold">usr.afsws</emphasis>. Refer to the <emphasis>OpenAFS Release
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ85" />Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
+ <listitem id="LIWQ85">
+ <para>Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
the volume mounted at the <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/usr/afsws</emphasis> directory. This
enables you to copy all of the appropriate files from the CD-ROM into the volume without exceeding the volume's
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ86" />Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
+ <listitem id="LIWQ86">
+ <para>Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
directory <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/@sys/usr/afsws</emphasis>. You can specify the actual system name instead of <emphasis
role="bold">@sys</emphasis> if you wish, but the advantage of using <emphasis role="bold">@sys</emphasis> is that it
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ92" />If this machine is going to remain an AFS client after you complete the installation, verify
+ <listitem id="LIWQ92">
+ <para>If this machine is going to remain an AFS client after you complete the installation, verify
that the local <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file includes an entry for each foreign
cell.</para>
git://git.openafs.org / openafs.git / blobdiff