</listitem>
<listitem>
- <para>Start the server portion of the Update Server</para>
+ <para>Optionally, start the server portion of the Update Server</para>
</listitem>
</orderedlist></para>
<para>The <emphasis role="bold">/vicep</emphasis><replaceable>xx</replaceable> directories must reside in the file server
machine's root directory, not in one of its subdirectories (for example, <emphasis role="bold">/usr/vicepa</emphasis> is
- not an acceptable directory location).</para>
+ not an acceptable directory location).
+
+ The <emphasis role="bold">fileserver</emphasis> will refuse to
+ mount
+ any <emphasis role="bold">/vicep</emphasis><replaceable>xx</replaceable>
+ folders that are not separate partitions. </para>
+
+ <warning>
+ <para>The separate partition requirement may be overridden by
+ creating a file named
+ <emphasis role="bold">/vicep<replaceable>xx</replaceable>/AlwaysAttach</emphasis>;
+ however, mixed-use partitions, whether cache or fileserver,
+ have the risk that a non-AFS use will fill the partition and
+ not leave enough free space for AFS. Even though it is
+ allowed, be wary of configuring a mixed-use partition
+ without understanding the ramifications of doing so with the
+ workload on your filesystem.
+ <indexterm>
+ <primary>AFS server partition</primary>
+ <secondary>AlwaysAttach</secondary>
+ </indexterm>
+ </para>
+ </warning>
<para>You can also add or remove server partitions on an existing file server machine. For instructions, see the chapter
in the <emphasis>OpenAFS Administration Guide</emphasis> about maintaining server machines.</para>
</listitem>
<listitem>
- <para>On some system types, install and configure a modified <emphasis role="bold">fsck</emphasis> program which
+ <para>On system types using the <emphasis role="bold">inode</emphasis> storage format, install and configure a modified <emphasis role="bold">fsck</emphasis> program which
recognizes the structures that the File Server uses to organize volume data on AFS server partitions. The <emphasis
role="bold">fsck</emphasis> program provided with the operating system does not understand the AFS data structures, and so
removes them to the <emphasis role="bold">lost+found</emphasis> directory.</para>
instructions are provided for those building from source.</para>
<para>Begin by running the AFS client startup scripts, which call the
- <emphasis role="bold">modprobe</emphasis> program, which dynamically
- loads AFS modifications into the kernel. Then create partitions for
+ <emphasis role="bold">modprobe</emphasis> program to dynamically
+ load the AFS modifications into the kernel. Then create partitions for
storing AFS volumes. You do not need to replace the Linux <emphasis
role="bold">fsck</emphasis> program. If the machine is to remain an
AFS client machine, incorporate AFS into the machine's Pluggable
<para>The procedure for starting up OpenAFS depends upon your distribution</para>
<sect3>
<title>Fedora and RedHat Enterprise Linux</title>
- <para>OpenAFS ship RPMS for all current Fedora and RHEL releases.
+ <para>OpenAFS provides RPMS for all current Fedora and RedHat Enterprise Linux (RHEL) releases on the OpenAFS web site and the OpenAFS yum repository.
<orderedlist>
<listitem>
- <para>Download and install the RPM set for your operating system.
- RPMs are available from the OpenAFS web site. You will need the
- <emphasis role="bold">openafs</emphasis>
- <emphasis role="bold">openafs-client></emphasis>
- <emphasis role="bold">openafs-server</emphasis> packages, along with
- an <emphasis role="bold">openafs-kernel</emphasis> package matching
- your current, running, kernel.</para>
- <para>You can find the version of your current kernel by running
-<programlisting>
- # uname -r
-<replaceable>2.6.20-1.2933.fc6</replaceable>
-</programlisting></para>
- <para>Once downloaded, the packages may be installed with the
- <emphasis role="bold">rpm</emphasis> command
-<programlisting>
- # rpm -U openafs-* openafs-client-* openafs-server-* openafs-kernel-*
-</programlisting></para>
+ <para>Browse to
+ http://dl.openafs.org/dl/openafs/<replaceable>VERSION</replaceable>,
+ where VERSION is the latest stable release of
+ OpenAFS. Download the
+ openafs-repository-<replaceable>VERSION</replaceable>.noarch.rpm
+ file for Fedora systems or the
+ openafs-repository-rhel-<replaceable>VERSION</replaceable>.noarch.rpm
+ file for RedHat-based systems.
+ </para>
+ </listitem>
+ <listitem>
+ <para>Install the downloaded RPM file using the following command:
+ <programlisting>
+ # rpm -U openafs-repository*.rpm
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Install the RPM set for your operating system using the yum command as follows:
+ <programlisting>
+ # yum -y install openafs-client openafs-server openafs-krb5 kmod-openafs
+ </programlisting>
+
+ </para>
+ <para>Alternatively, you may use dynamically-compiled kernel
+ modules if you have the kernel headers, a compiler, and the
+ dkms package from
+ <ulink url="http://fedoraproject.org/wiki/EPEL"><citetitle>EPEL</citetitle></ulink> installed.
+
+ </para>
+ <para>To use dynamically-compiled kernel modules instead of statically compiled modules, use the following command instead of the kmod-openafs as shown above:
+ <programlisting>
+ # yum install openafs-client openafs-server openafs-krb5 dkms-openafs
+ </programlisting>
+ </para>
</listitem>
<!-- If you do this with current RHEL and Fedora releases you end up with
a dynroot'd client running - this breaks setting up the root.afs volume
<listitem>
<para>Unpack the distribution tarball. The examples below assume
that you have unpacked the files into the
- <emphasis role="bold">/tmp/afsdist</emphasis>directory. If you
+ <emphasis role="bold">/tmp/afsdist</emphasis> directory. If you
pick a different location, substitute this in all of the following
examples. Once you have unpacked the distribution,
change directory as indicated.
</indexterm> <orderedlist>
<listitem>
<para>Issue the <emphasis role="bold">bos create</emphasis> command to start the Backup Server. <programlisting>
- # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver simple /usr/afs/bin/buserver</emphasis> \
- <emphasis role="bold"> -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver simple /usr/afs/bin/buserver</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
<listitem>
<para>Issue the <emphasis role="bold">bos create</emphasis> command to start the Protection Server. <programlisting>
- # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">ptserver simple /usr/afs/bin/ptserver</emphasis> \
- <emphasis role="bold"> -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">ptserver simple /usr/afs/bin/ptserver</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
<listitem>
<para>Issue the <emphasis role="bold">bos create</emphasis> command to start the VL Server. <programlisting>
- # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">vlserver simple /usr/afs/bin/vlserver</emphasis> \
- <emphasis role="bold"> -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">vlserver simple /usr/afs/bin/vlserver</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
</orderedlist></para>
role="bold">admin</emphasis> user to the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. This enables the
<emphasis role="bold">admin</emphasis> user to issue privileged <emphasis role="bold">bos</emphasis> and <emphasis
role="bold">vos</emphasis> commands. <programlisting>
- # <emphasis role="bold">./bos adduser</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">admin -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos adduser</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">admin -noauth</emphasis>
</programlisting>
<indexterm>
<primary>commands</primary>
<para>Once the kvno is known, the key can then be extracted using
asetkey</para>
<programlisting>
- # <emphasis role="bold">asetkey</emphasis> <<replaceable>kvno</replaceable>> <emphasis role="bold">/etc/afs.keytab afs/</emphasis><<replaceable>cell name</replaceable>>
+ # <emphasis role="bold">asetkey add</emphasis> <<replaceable>kvno</replaceable>> <emphasis role="bold">/etc/afs.keytab afs/</emphasis><<replaceable>cell name</replaceable>>
</programlisting>
<indexterm>
<emphasis role="bold">afs/<replaceable>cell name</replaceable></emphasis>
entry, which you displayed in Step <link linkend="LIWQ55">3</link>.
<programlisting>
- # <emphasis role="bold">./bos listkeys</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos listkeys</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-noauth</emphasis>
key 0 has cksum <replaceable>checksum</replaceable>
</programlisting></para>
to accept the default.</para>
<programlisting>
- # <emphasis role="bold">pts createuser -name admin -cell</emphasis> <<replaceable>cell name</replaceable>> [<emphasis
+ # <emphasis role="bold">pts createuser -name admin</emphasis> [<emphasis
role="bold">-id</emphasis> <<replaceable>AFS UID</replaceable>>] <emphasis role="bold">-noauth</emphasis>
User admin has id <replaceable>AFS UID</replaceable>
</programlisting>
membership</emphasis> command to verify the new membership. Membership in the group enables the <emphasis
role="bold">admin</emphasis> user to issue privileged <emphasis role="bold">pts</emphasis> commands and some privileged
<emphasis role="bold">fs</emphasis> commands. <programlisting>
- # <emphasis role="bold">./pts adduser admin system:administrators -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
- # <emphasis role="bold">./pts membership admin -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./pts adduser admin system:administrators</emphasis> <emphasis role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./pts membership admin</emphasis> <emphasis role="bold">-noauth</emphasis>
Groups admin (id: 1) is a member of:
system:administrators
</programlisting> <indexterm>
<listitem>
<para>Issue the <emphasis role="bold">bos restart</emphasis> command with the <emphasis role="bold">-all</emphasis> flag
to restart the database server processes, so that they start using the new server encryption key. <programlisting>
- # <emphasis role="bold">./bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-all -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
+ # <emphasis role="bold">./bos restart</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-all</emphasis>
+ <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
</orderedlist>
</sect1>
<sect1 id="HDRWQ60">
- <title>Starting the File Server, Volume Server, and Salvager</title>
-
- <para>Start the <emphasis role="bold">fs</emphasis> process, which consists of the File Server, Volume Server, and Salvager
- (<emphasis role="bold">fileserver</emphasis>, <emphasis role="bold">volserver</emphasis> and <emphasis
- role="bold">salvager</emphasis> processes). <orderedlist>
+ <title>Starting the File Server processes</title>
+
+ <para>Start either the <emphasis role="bold">fs</emphasis> process or, if you want to run the Demand-Attach File Server, the
+ <emphasis role="bold">dafs</emphasis> process. The <emphasis role="bold">fs</emphasis> process consists of the File Server,
+ Volume Server, and Salvager (<emphasis role="bold">fileserver</emphasis>, <emphasis role="bold">volserver</emphasis> and
+ <emphasis role="bold">salvager</emphasis> processes). The <emphasis role="bold">dafs</emphasis> process consists of the
+ Demand-Attach File Server, Volume Server, Salvage Server, and Salvager (<emphasis role="bold">dafileserver</emphasis>,
+ <emphasis role="bold"> davolserver</emphasis>, <emphasis role="bold">salvageserver</emphasis>, and <emphasis
+ role="bold">dasalvager</emphasis> processes). For information about the Demand-Attach File Server and to see whether or not
+ you should run it, see <link linkend="DAFS">Appendix C, The Demand-Attach File Server</link>.
+ <orderedlist>
<listitem>
<para>Issue the <emphasis role="bold">bos create</emphasis> command to start the <emphasis role="bold">fs</emphasis>
- process. The command appears here on multiple lines only for legibility. <programlisting>
+ process or the <emphasis role="bold">dafs</emphasis> process. The commands appear here on multiple lines only for legibility.
+
+ <itemizedlist>
+ <listitem>
+ <para>If you are not planning on running the Demand-Attach File Server, create the <emphasis role="bold">fs</emphasis>
+ process:
+ <programlisting>
# <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs fs /usr/afs/bin/fileserver</emphasis> \
<emphasis role="bold">/usr/afs/bin/volserver /usr/afs/bin/salvager</emphasis> \
- <emphasis role="bold">-cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis role="bold">-noauth</emphasis>
+ <emphasis role="bold">-noauth</emphasis>
+</programlisting></para>
+ </listitem>
+ <listitem>
+ <para>If you are planning on running the Demand-Attach File Server, create the <emphasis
+ role="bold">dafs</emphasis> process:
+ <programlisting>
+ # <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">dafs dafs /usr/afs/bin/dafileserver</emphasis> \
+ <emphasis role="bold">/usr/afs/bin/davolserver /usr/afs/bin/salvageserver</emphasis> \
+ <emphasis role="bold">/usr/afs/bin/dasalvager</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
+ </listitem>
+ </itemizedlist>
+ </para>
<para>Sometimes a message about Volume Location Database (VLDB) initialization appears, along with one or more instances
of an error message similar to the following:</para>
<secondary>status</secondary>
</indexterm></para>
- <para>You can verify that the <emphasis role="bold">fs</emphasis> process has started successfully by issuing the
- <emphasis role="bold">bos status</emphasis> command. Its output mentions two <computeroutput>proc
+ <para>You can verify that the <emphasis role="bold">fs</emphasis> or <emphasis role="bold">dafs</emphasis> process has started
+ successfully by issuing the <emphasis role="bold">bos status</emphasis> command. Its output mentions two <computeroutput>proc
starts</computeroutput>.</para>
+ <itemizedlist>
+ <listitem>
+ <para>If you are not running the Demand-Attach File Server:
+
<programlisting>
# <emphasis role="bold">./bos status</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">fs -long -noauth</emphasis>
-</programlisting>
+</programlisting></para></listitem>
+
+ <listitem>
+ <para>If you are running the Demand-Attach File Server:
+ <programlisting>
+ # <emphasis role="bold">./bos status</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">dafs -long -noauth</emphasis>
+</programlisting></para></listitem>
+ </itemizedlist>
+
</listitem>
<listitem>
<programlisting>
# <emphasis role="bold">./vos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <emphasis
role="bold">root.afs</emphasis> \
- <emphasis role="bold">-cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis role="bold">-noauth</emphasis>
+ <emphasis role="bold">-noauth</emphasis>
</programlisting>
<para>The Volume Server produces a message confirming that it created the volume on the specified partition. You can
syncvldb</emphasis> and <emphasis role="bold">vos syncserv</emphasis> commands to synchronize the VLDB with the
actual state of volumes on the local machine. To follow the progress of the synchronization operation, which can
take several minutes, use the <emphasis role="bold">-verbose</emphasis> flag. <programlisting>
- # <emphasis role="bold">./vos syncvldb</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
+ # <emphasis role="bold">./vos syncvldb</emphasis> <<replaceable>machine name</replaceable>> <emphasis
role="bold">-verbose -noauth</emphasis>
- # <emphasis role="bold">./vos syncserv</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
+ # <emphasis role="bold">./vos syncserv</emphasis> <<replaceable>machine name</replaceable>> <emphasis
role="bold">-verbose -noauth</emphasis>
</programlisting></para>
process. <programlisting>
# <emphasis role="bold">./bos create</emphasis> <<replaceable>machine name></replaceable> <emphasis role="bold">upserver simple</emphasis> \
<emphasis role="bold">"/usr/afs/bin/upserver -crypt /usr/afs/etc</emphasis> \
- <emphasis role="bold">-clear /usr/afs/bin" -cell</emphasis> <<replaceable>cell name</replaceable>> <emphasis
- role="bold">-noauth</emphasis>
+ <emphasis role="bold">-clear /usr/afs/bin"</emphasis> <emphasis role="bold">-noauth</emphasis>
</programlisting></para>
</listitem>
</orderedlist></para>
role="bold">system:administrators</emphasis> group. It is a default entry that AFS places on every new volume's root
directory.</para>
+ <para>The top-level AFS directory, typically /afs, is a special case:
+ when the client is configured to run in dynroot mode (e.g.
+ <emphasis role="bold">afsd -dynroot</emphasis>, attempts to set
+ the ACL on this directory will return <emphasis role="bold">
+ Connection timed out</emphasis>. This is because the dynamically-
+ generated root directory is not a part of the global AFS space,
+ and cannot have an access control list set on it.</para>
+
<programlisting>
# <emphasis role="bold">/usr/afs/bin/fs setacl /afs system:anyuser rl</emphasis>
</programlisting>
git://git.openafs.org / openafs.git / blobdiff