/[gentoo]/xml/htdocs/doc/en/openafs.xml
Gentoo

Diff of /xml/htdocs/doc/en/openafs.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.17 Revision 1.18
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/openafs.xml,v 1.17 2004/09/22 11:42:11 swift Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/openafs.xml,v 1.18 2005/07/02 09:40:23 swift Exp $ -->
3 3
4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
5 5
6<guide link = "/doc/en/openafs.xml"> 6<guide link = "/doc/en/openafs.xml">
7<title>Gentoo Linux OpenAFS Guide</title> 7<title>Gentoo Linux OpenAFS Guide</title>
22This guide shows you how to install a openafs server and client on gentoo linux 22This guide shows you how to install a openafs server and client on gentoo linux
23</abstract> 23</abstract>
24 24
25<license/> 25<license/>
26 26
27<version>0.7</version> 27<version>0.8</version>
28<date>September 22, 2004</date> 28<date>2005-07-02</date>
29 29
30<chapter> 30<chapter>
31 <title>Overview</title> 31 <title>Overview</title>
32 <section> 32 <section>
33 <title>About this Document</title> 33 <title>About this Document</title>
117 <p> 117 <p>
118 You can get the original IBM AFS Documentation. It is very well written and you 118 You can get the original IBM AFS Documentation. It is very well written and you
119 really want 119 really want
120 read it if it is up to you to administer a AFS Server. 120 read it if it is up to you to administer a AFS Server.
121 </p> 121 </p>
122<pre> 122<pre caption="Installing afsdoc">
123# <i>emerge app-doc/afsdoc</i> 123# <i>emerge app-doc/afsdoc</i>
124</pre> 124</pre>
125 </body> 125 </body>
126 </section> 126 </section>
127</chapter> 127</chapter>
143 </note> 143 </note>
144 <p> 144 <p>
145 You should adjust the two files CellServDB and ThisCell before you build the 145 You should adjust the two files CellServDB and ThisCell before you build the
146 afs client. (These files are in <path>/usr/portage/net-fs/openafs/files</path>) 146 afs client. (These files are in <path>/usr/portage/net-fs/openafs/files</path>)
147 </p> 147 </p>
148 <pre> 148 <pre caption="Adjusting CellServDB and ThisCell">
149 CellServDB: 149 CellServDB:
150 >netlabs #Cell name 150 >netlabs #Cell name
151 10.0.0.1 #storage 151 10.0.0.1 #storage
152 152
153 ThisCell: 153 ThisCell:
168 </body> 168 </body>
169 </section> 169 </section>
170 <section> 170 <section>
171 <title>Building the Client</title> 171 <title>Building the Client</title>
172 <body> 172 <body>
173<pre> 173<pre caption="Installing openafs">
174# <i>emerge net-fs/openafs</i> 174# <i>emerge net-fs/openafs</i>
175</pre> 175</pre>
176 <p> 176 <p>
177 After successful compilation you're ready to go. 177 After successful compilation you're ready to go.
178 </p> 178 </p>
187 </p> 187 </p>
188 <warn> 188 <warn>
189 You should always have a running afs server in your domain when trying to start the afs client. You're system won't boot 189 You should always have a running afs server in your domain when trying to start the afs client. You're system won't boot
190 until it gets some timeout if your afs server is down. (and this is quite a long long time) 190 until it gets some timeout if your afs server is down. (and this is quite a long long time)
191 </warn> 191 </warn>
192<pre> 192<pre caption="Adding afs to the default runlevel">
193# <i>rc-update add afs default</i> 193# <i>rc-update add afs default</i>
194</pre> 194</pre>
195 </body> 195 </body>
196 </section> 196 </section>
197</chapter> 197</chapter>
203 <body> 203 <body>
204 <p> 204 <p>
205 The following command will install all necessary binaries for setting up a AFS Server 205 The following command will install all necessary binaries for setting up a AFS Server
206 <e>and</e> Client. 206 <e>and</e> Client.
207 </p> 207 </p>
208<pre> 208<pre caption="Installing openafs">
209# <i>emerge net-fs/openafs</i> 209# <i>emerge net-fs/openafs</i>
210</pre> 210</pre>
211 </body> 211 </body>
212 </section> 212 </section>
213 <section> 213 <section>
214 <title>Starting AFS Server</title> 214 <title>Starting AFS Server</title>
215 <body> 215 <body>
216 <p> 216 <p>
217 You need to remove the sample CellServDB and ThisCell file first. 217 You need to remove the sample CellServDB and ThisCell file first.
218 </p> 218 </p>
219<pre> 219<pre caption="Remove sample files">
220# <i>rm /usr/vice/etc/ThisCell</i> 220# <i>rm /usr/vice/etc/ThisCell</i>
221# <i>rm /usr/vice/etc/CellServDB</i> 221# <i>rm /usr/vice/etc/CellServDB</i>
222</pre> 222</pre>
223 <p> 223 <p>
224 Next you will run the <b>bosserver</b> command to initialize the Basic OverSeer (BOS) 224 Next you will run the <b>bosserver</b> command to initialize the Basic OverSeer (BOS)
230 Disabling authorization checking gravely compromises cell security. 230 Disabling authorization checking gravely compromises cell security.
231 You must complete all subsequent steps in one uninterrupted pass 231 You must complete all subsequent steps in one uninterrupted pass
232 and must not leave the machine unattended until you restart the BOS Server with 232 and must not leave the machine unattended until you restart the BOS Server with
233 authorization checking enabled. Well this is what the AFS documentation says :) 233 authorization checking enabled. Well this is what the AFS documentation says :)
234 </warn> 234 </warn>
235<pre> 235<pre caption="Initialize the Basic OverSeer Server">
236# <i>/usr/afs/bin/bosserver -noauth &amp;</i> 236# <i>/usr/afs/bin/bosserver -noauth &amp;</i>
237</pre> 237</pre>
238 <p> 238 <p>
239 Verify that the BOS Server created <path>/usr/vice/etc/CellServDB</path> 239 Verify that the BOS Server created <path>/usr/vice/etc/CellServDB</path>
240 and <path>/usr/vice/etc/ThisCell</path> 240 and <path>/usr/vice/etc/ThisCell</path>
241 </p> 241 </p>
242<pre> 242<pre caption="Check if CellServDB and ThisCell are created">
243# <i>ls -al /usr/vice/etc/</i> 243# <i>ls -al /usr/vice/etc/</i>
244-rw-r--r-- 1 root root 41 Jun 4 22:21 CellServDB 244-rw-r--r-- 1 root root 41 Jun 4 22:21 CellServDB
245-rw-r--r-- 1 root root 7 Jun 4 22:21 ThisCell 245-rw-r--r-- 1 root root 7 Jun 4 22:21 ThisCell
246</pre> 246</pre>
247 247
264 For the &lt;cell name&gt; 264 For the &lt;cell name&gt;
265 argument substitute your cell's complete name (such as <b>gentoo</b>)</note> 265 argument substitute your cell's complete name (such as <b>gentoo</b>)</note>
266 <p> 266 <p>
267 Run the <b>bos setcellname</b> command to set the cell name: 267 Run the <b>bos setcellname</b> command to set the cell name:
268 </p> 268 </p>
269<pre> 269<pre caption="Set the cell name">
270# <i>/usr/afs/bin/bos setcellname &lt;server name&gt; &lt;cell name&gt; -noauth</i> 270# <i>/usr/afs/bin/bos setcellname &lt;server name&gt; &lt;cell name&gt; -noauth</i>
271</pre> 271</pre>
272 </body> 272 </body>
273 </section> 273 </section>
274 <section> 274 <section>
299 <ti>vlserver</ti> 299 <ti>vlserver</ti>
300 <ti>The Volume Location Server maintains the Volume Location Database (VLDB). 300 <ti>The Volume Location Server maintains the Volume Location Database (VLDB).
301 Very important :)</ti> 301 Very important :)</ti>
302 </tr> 302 </tr>
303 </table> 303 </table>
304<pre> 304<pre caption="Create entries for the database processes">
305# <i>/usr/afs/bin/bos create &lt;server name&gt; kaserver simple 305# <i>/usr/afs/bin/bos create &lt;server name&gt; kaserver simple
306 /usr/afs/bin/kaserver -cell &lt;cell name&gt; -noauth</i> 306 /usr/afs/bin/kaserver -cell &lt;cell name&gt; -noauth</i>
307# <i>/usr/afs/bin/bos create &lt;server name&gt; buserver simple 307# <i>/usr/afs/bin/bos create &lt;server name&gt; buserver simple
308 /usr/afs/bin/buserver -cell &lt;cell name&gt; -noauth</i> 308 /usr/afs/bin/buserver -cell &lt;cell name&gt; -noauth</i>
309# <i>/usr/afs/bin/bos create &lt;server name&gt; ptserver simple 309# <i>/usr/afs/bin/bos create &lt;server name&gt; ptserver simple
312 /usr/afs/bin/vlserver -cell &lt;cell name&gt; -noauth</i> 312 /usr/afs/bin/vlserver -cell &lt;cell name&gt; -noauth</i>
313</pre> 313</pre>
314 <p> 314 <p>
315 You can verify that all servers are running with the <b>bos status</b> command: 315 You can verify that all servers are running with the <b>bos status</b> command:
316 </p> 316 </p>
317<pre> 317<pre caption="Check if all the servers are running">
318# <i>/usr/afs/bin/bos status &lt;server name&gt; -noauth</i> 318# <i>/usr/afs/bin/bos status &lt;server name&gt; -noauth</i>
319Instance kaserver, currently running normally. 319Instance kaserver, currently running normally.
320Instance buserver, currently running normally. 320Instance buserver, currently running normally.
321Instance ptserver, currently running normally. 321Instance ptserver, currently running normally.
322Instance vlserver, currently running normally. 322Instance vlserver, currently running normally.
339 pretty much like Kerberos :) 339 pretty much like Kerberos :)
340 </p> 340 </p>
341 <p> 341 <p>
342 Enter <b>kas</b> interactive mode 342 Enter <b>kas</b> interactive mode
343 </p> 343 </p>
344<pre> 344<pre caption="Entering the interactive mode">
345# <i>/usr/afs/bin/kas -cell &lt;cell name&gt; -noauth</i> 345# <i>/usr/afs/bin/kas -cell &lt;cell name&gt; -noauth</i>
346ka&gt; <i>create afs</i> 346ka&gt; <i>create afs</i>
347initial_password: 347initial_password:
348Verifying, please re-enter initial_password: 348Verifying, please re-enter initial_password:
349ka&gt; <i>create admin</i> 349ka&gt; <i>create admin</i>
372</pre> 372</pre>
373 <p> 373 <p>
374 Run the <b>bos adduser</b> command, to add the <b>admin</b> user to 374 Run the <b>bos adduser</b> command, to add the <b>admin</b> user to
375 the <path>/usr/afs/etc/UserList</path>. 375 the <path>/usr/afs/etc/UserList</path>.
376 </p> 376 </p>
377<pre> 377<pre caption="Add the admin user to the UserList">
378# <i>/usr/afs/bin/bos adduser &lt;server name&gt; admin -cell &lt;cell name&gt; -noauth</i> 378# <i>/usr/afs/bin/bos adduser &lt;server name&gt; admin -cell &lt;cell name&gt; -noauth</i>
379</pre> 379</pre>
380 <p> 380 <p>
381 Issue the <b>bos addkey</b> command to define the AFS Server 381 Issue the <b>bos addkey</b> command to define the AFS Server
382 encryption key in <path>/usr/afs/etc/KeyFile</path> 382 encryption key in <path>/usr/afs/etc/KeyFile</path>
383 </p> 383 </p>
384 <note> 384 <note>
385 If asked for the input key, give the password you entered when creating 385 If asked for the input key, give the password you entered when creating
386 the afs entry with <b>kas</b> 386 the afs entry with <b>kas</b>
387 </note> 387 </note>
388<pre> 388<pre caption="Entering the password">
389# <i>/usr/afs/bin/bos addkey &lt;server name&gt; -kvno 0 -cell &lt;cell name&gt; -noauth</i> 389# <i>/usr/afs/bin/bos addkey &lt;server name&gt; -kvno 0 -cell &lt;cell name&gt; -noauth</i>
390 input key: 390 input key:
391 Retype input key: 391 Retype input key:
392</pre> 392</pre>
393 <p> 393 <p>
400 entry you are creating. If the local password file (/etc/passwd or equivalent) 400 entry you are creating. If the local password file (/etc/passwd or equivalent)
401 already has an entry for 401 already has an entry for
402 <b>admin</b> that assigns a different UID use the <b>-id</b> argument 402 <b>admin</b> that assigns a different UID use the <b>-id</b> argument
403 to create matching UID's 403 to create matching UID's
404 </note> 404 </note>
405<pre> 405<pre caption="Create a Protection Database entry for the database user">
406# <i>/usr/afs/bin/pts createuser -name admin -cell &lt;cell name&gt; [-id &lt;AFS UID&gt;] -noauth</i> 406# <i>/usr/afs/bin/pts createuser -name admin -cell &lt;cell name&gt; [-id &lt;AFS UID&gt;] -noauth</i>
407</pre> 407</pre>
408 <p> 408 <p>
409 Issue the <b>pts adduser</b> command to make the <b>admin</b> user a member 409 Issue the <b>pts adduser</b> command to make the <b>admin</b> user a member
410 of the system:administrators group, 410 of the system:administrators group,
411 and the <b>pts membership</b> command to verify the new membership 411 and the <b>pts membership</b> command to verify the new membership
412 </p> 412 </p>
413<pre> 413<pre caption="Make admin a member of the administrators group and verify">
414# <i>/usr/afs/bin/pts adduser admin system:administrators -cell &lt;cell name&gt; -noauth</i> 414# <i>/usr/afs/bin/pts adduser admin system:administrators -cell &lt;cell name&gt; -noauth</i>
415# <i>/usr/afs/bin/pts membership admin -cell &lt;cell name&gt; -noauth</i> 415# <i>/usr/afs/bin/pts membership admin -cell &lt;cell name&gt; -noauth</i>
416 Groups admin (id: 1) is a member of: 416 Groups admin (id: 1) is a member of:
417 system:administrators 417 system:administrators
418</pre> 418</pre>
419 <p> 419 <p>
420 Restart all AFS Server processes 420 Restart all AFS Server processes
421 </p> 421 </p>
422<pre> 422<pre caption="Restart all AFS server processes">
423# <i>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell name&gt; -noauth</i> 423# <i>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell name&gt; -noauth</i>
424</pre> 424</pre>
425 </body> 425 </body>
426 </section> 426 </section>
427 <section> 427 <section>
429 <body> 429 <body>
430 <p> 430 <p>
431 Start the <b>fs</b> process, which consists of the File Server, Volume Server and Salvager (fileserver, 431 Start the <b>fs</b> process, which consists of the File Server, Volume Server and Salvager (fileserver,
432 volserver and salvager processes). 432 volserver and salvager processes).
433 </p> 433 </p>
434<pre> 434<pre caption="Start the fs process">
435# <i>/usr/afs/bin/bos create &lt;server name&gt; fs fs /usr/afs/bin/fileserver 435# <i>/usr/afs/bin/bos create &lt;server name&gt; fs fs /usr/afs/bin/fileserver
436 /usr/afs/bin/volserver 436 /usr/afs/bin/volserver
437 /usr/afs/bin/salvager 437 /usr/afs/bin/salvager
438 -cell &lt;cell name&gt; -noauth</i> 438 -cell &lt;cell name&gt; -noauth</i>
439</pre> 439</pre>
440 <p> 440 <p>
441 Verify that all processes are running 441 Verify that all processes are running
442 </p> 442 </p>
443<pre> 443<pre caption="Check if all processes are running">
444 # <i>/usr/afs/bin/bos status &lt;server name&gt; -long -noauth</i> 444 # <i>/usr/afs/bin/bos status &lt;server name&gt; -long -noauth</i>
445 Instance kaserver, (type is simple) currently running normally. 445 Instance kaserver, (type is simple) currently running normally.
446 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts) 446 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts)
447 Last exit at Mon Jun 4 21:07:17 2001 447 Last exit at Mon Jun 4 21:07:17 2001
448 Command 1 is '/usr/afs/bin/kaserver' 448 Command 1 is '/usr/afs/bin/kaserver'
480 <note> 480 <note>
481 For the partition name argument, substitute the name of one of the machine's 481 For the partition name argument, substitute the name of one of the machine's
482 AFS Server partitions. By convention 482 AFS Server partitions. By convention
483 these partitions are named <path>/vicepx</path>, where x is in the range of a-z. 483 these partitions are named <path>/vicepx</path>, where x is in the range of a-z.
484 </note> 484 </note>
485<pre> 485<pre caption="Create the root.afs volume">
486 # <i>/usr/afs/bin/vos create &lt;server name&gt; 486 # <i>/usr/afs/bin/vos create &lt;server name&gt;
487 &lt;partition name&gt; root.afs 487 &lt;partition name&gt; root.afs
488 -cell &lt;cell name&gt; -noauth</i> 488 -cell &lt;cell name&gt; -noauth</i>
489</pre> 489</pre>
490 <p> 490 <p>
499 the server", ensure that the partition is mounted before running OpenAFS 499 the server", ensure that the partition is mounted before running OpenAFS
500 servers, or mount the directory and restart the processes using 500 servers, or mount the directory and restart the processes using
501 <c>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell 501 <c>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell
502 name&gt; -noauth</c>. 502 name&gt; -noauth</c>.
503 </p> 503 </p>
504<pre> 504<pre caption="Synchronise the VLDB">
505 # <i>/usr/afs/bin/vos syncvldb &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i> 505 # <i>/usr/afs/bin/vos syncvldb &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i>
506 # <i>/usr/afs/bin/vos syncserv &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i> 506 # <i>/usr/afs/bin/vos syncserv &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i>
507</pre> 507</pre>
508 </body> 508 </body>
509 </section> 509 </section>
510 <section> 510 <section>
511 <title>Starting the Server Portion of the Update Server</title> 511 <title>Starting the Server Portion of the Update Server</title>
512 <body> 512 <body>
513<pre> 513<pre caption="Start the update server">
514# <i>/usr/afs/bin/bos create &lt;server name&gt; 514# <i>/usr/afs/bin/bos create &lt;server name&gt;
515 upserver simple "/usr/afs/bin/upserver 515 upserver simple "/usr/afs/bin/upserver
516 -crypt /usr/afs/etc -clear /usr/afs/bin" 516 -crypt /usr/afs/etc -clear /usr/afs/bin"
517 -cell &lt;cell name&gt; -noauth</i> 517 -cell &lt;cell name&gt; -noauth</i>
518</pre> 518</pre>
522 <title>Configuring the Top Level of the AFS filespace</title> 522 <title>Configuring the Top Level of the AFS filespace</title>
523 <body> 523 <body>
524 <p> 524 <p>
525 First you need to set some acl's, so that any user can lookup <path>/afs</path>. 525 First you need to set some acl's, so that any user can lookup <path>/afs</path>.
526 </p> 526 </p>
527<pre> 527<pre caption="Set access control lists">
528# <i>/usr/afs/bin/fs setacl /afs system:anyuser rl</i> 528# <i>/usr/afs/bin/fs setacl /afs system:anyuser rl</i>
529</pre> 529</pre>
530 <p> 530 <p>
531 Then you need to create the root volume, mount it readonly on <path>/afs/&lt;cell name&gt;</path> and read/write 531 Then you need to create the root volume, mount it readonly on <path>/afs/&lt;cell name&gt;</path> and read/write
532 on <path>/afs/.&lt;cell name&gt;</path> 532 on <path>/afs/.&lt;cell name&gt;</path>
533 </p> 533 </p>
534<pre> 534<pre caption="Prepare the root volume">
535# <i>/usr/afs/bin/vos create &lt;server name&gt;&lt;partition name&gt; root.cell</i> 535# <i>/usr/afs/bin/vos create &lt;server name&gt;&lt;partition name&gt; root.cell</i>
536# <i>/usr/afs/bin/fs mkmount /afs/&lt;cell name&gt; root.cell </i> 536# <i>/usr/afs/bin/fs mkmount /afs/&lt;cell name&gt; root.cell </i>
537# <i>/usr/afs/bin/fs setacl /afs/&lt;cell name&gt; system:anyuser rl</i> 537# <i>/usr/afs/bin/fs setacl /afs/&lt;cell name&gt; system:anyuser rl</i>
538# <i>/usr/afs/bin/fs mkmount /afs/.&lt;cell name&gt; root.cell -rw</i> 538# <i>/usr/afs/bin/fs mkmount /afs/.&lt;cell name&gt; root.cell -rw</i>
539</pre> 539</pre>

Legend:
Removed from v.1.17  
changed lines
  Added in v.1.18

  ViewVC Help
Powered by ViewVC 1.1.20