/[gentoo]/xml/htdocs/doc/en/openafs.xml
Gentoo

Diff of /xml/htdocs/doc/en/openafs.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.18 Revision 1.19
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/openafs.xml,v 1.18 2005/07/02 09:40:23 swift Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/openafs.xml,v 1.19 2005/07/02 09:50:30 swift Exp $ -->
3 3
4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
5 5
6<guide link = "/doc/en/openafs.xml"> 6<guide link = "/doc/en/openafs.xml">
7<title>Gentoo Linux OpenAFS Guide</title> 7<title>Gentoo Linux OpenAFS Guide</title>
8
8<author title="Editor"> 9<author title="Editor">
9 <mail link="darks@gentoo.org">Holger Brueckner</mail> 10 <mail link="darks@gentoo.org">Holger Brueckner</mail>
10</author> 11</author>
11<author title="Editor"> 12<author title="Editor">
12 <mail link="bennyc@gentoo.org">Benny Chuang</mail> 13 <mail link="bennyc@gentoo.org">Benny Chuang</mail>
26 27
27<version>0.8</version> 28<version>0.8</version>
28<date>2005-07-02</date> 29<date>2005-07-02</date>
29 30
30<chapter> 31<chapter>
31 <title>Overview</title> 32<title>Overview</title>
32 <section> 33<section>
33 <title>About this Document</title> 34<title>About this Document</title>
34 <body> 35<body>
36
37<p>
35 <p>This document provides you with all neccessary steps to install an openafs server on Gentoo Linux. 38This document provides you with all neccessary steps to install an openafs
36 Parts of this document are taken from the AFS FAQ and IBM's Quick Beginnings guide on AFS. Well, never reinvent 39server on Gentoo Linux. Parts of this document are taken from the AFS FAQ and
37 the wheel :)</p> 40IBM's Quick Beginnings guide on AFS. Well, never reinvent the wheel :)
41</p>
42
38 </body> 43</body>
39 </section> 44</section>
40 <section> 45<section>
41 <title>What is AFS ?</title> 46<title>What is AFS ?</title>
42 <body> 47<body>
43 48
44 <p> 49<p>
45 AFS is a distributed filesystem that enables co-operating hosts 50AFS is a distributed filesystem that enables co-operating hosts
46 (clients and servers) to efficiently share filesystem resources 51(clients and servers) to efficiently share filesystem resources
47 across both local area and wide area networks. Clients hold a 52across both local area and wide area networks. Clients hold a
48 cache for often used objects (files), to get quicker 53cache for often used objects (files), to get quicker
49 access to them. 54access to them.
50 </p> 55</p>
51 <p> 56
57<p>
52 AFS is based on a distributed file system originally developed 58AFS is based on a distributed file system originally developed
53 at the Information Technology Center at Carnegie-Mellon University 59at the Information Technology Center at Carnegie-Mellon University
54 that was called the "Andrew File System". "Andrew" was the name of the research project at CMU - honouring the 60that was called the "Andrew File System". "Andrew" was the name of the
55 founders of the University. Once Transarc was formed and AFS became a 61research project at CMU - honouring the founders of the University. Once
56 product, the "Andrew" was dropped to indicate that AFS had gone beyond 62Transarc was formed and AFS became a product, the "Andrew" was dropped to
57 the Andrew research project and had become a supported, product quality 63indicate that AFS had gone beyond the Andrew research project and had become
58 filesystem. However, there were a number of existing cells that rooted 64a supported, product quality filesystem. However, there were a number of
59 their filesystem as /afs. At the time, changing the root of the filesystem 65existing cells that rooted their filesystem as /afs. At the time, changing
60 was a non-trivial undertaking. So, to save the early AFS sites from having 66the root of the filesystem was a non-trivial undertaking. So, to save the
61 to rename their filesystem, AFS remained as the name and filesystem root. 67early AFS sites from having to rename their filesystem, AFS remained as the
62 </p> 68name and filesystem root.
69</p>
70
63 </body> 71</body>
64 </section> 72</section>
65 <section> 73<section>
66 <title>What is an AFS cell ?</title> 74<title>What is an AFS cell ?</title>
67 <body> 75<body>
76
77<p>
68 <p>An AFS cell is a collection of servers grouped together administratively 78An AFS cell is a collection of servers grouped together administratively
69 and presenting a single, cohesive filesystem. Typically, an AFS cell is a set of 79and presenting a single, cohesive filesystem. Typically, an AFS cell is a set
70 hosts that use the same Internet domain name (like for example gentoo.org) 80of hosts that use the same Internet domain name (like for example gentoo.org)
71 Users log into AFS client workstations which request information and files 81Users log into AFS client workstations which request information and files
72 from the cell's servers on behalf of the users. Users won't know on which server 82from the cell's servers on behalf of the users. Users won't know on which server
73 a file which they are accessing, is located. They even won't notice if a server 83a file which they are accessing, is located. They even won't notice if a server
74 will be located to another room, since every volume can be replicated and moved 84will be located to another room, since every volume can be replicated and moved
75 to another server without any user noticing. The files are always accessable. 85to another server without any user noticing. The files are always accessable.
76 Well it's like NFS on steroids :) 86Well it's like NFS on steroids :)
77 </p> 87</p>
88
78 </body> 89</body>
79 </section> 90</section>
80 <section> 91<section>
81 <title>What are the benefits of using AFS ?</title> 92<title>What are the benefits of using AFS ?</title>
82 <body> 93<body>
94
95<p>
83 <p>The main strengths of AFS are its: 96The main strengths of AFS are its:
84
85 caching facility (on client side, typically 100M to 1GB), 97caching facility (on client side, typically 100M to 1GB),
86 security features (Kerberos 4 based, access control lists), 98security features (Kerberos 4 based, access control lists),
87 simplicity of addressing (you just have one filesystem), 99simplicity of addressing (you just have one filesystem),
88 scalability (add further servers to your cell as needed), 100scalability (add further servers to your cell as needed),
89 communications protocol. 101communications protocol.
90 </p> 102</p>
103
91 </body> 104</body>
92 </section> 105</section>
93 <section> 106<section>
94 <title>Where can i get more information ?</title> 107<title>Where can i get more information ?</title>
95 <body> 108<body>
96 <p> 109
110<p>
97 Read the <uri link="http://www.angelfire.com/hi/plutonic/afs-faq.html">AFS FAQ</uri>. 111Read the <uri link="http://www.angelfire.com/hi/plutonic/afs-faq.html">AFS
98 </p> 112FAQ</uri>.
99 <p> 113</p>
114
115<p>
116Openafs main page is at <uri
100 Openafs main page is at <uri link="http://www.openafs.org">www.openafs.org</uri>. 117link="http://www.openafs.org">www.openafs.org</uri>.
101 </p> 118</p>
102 <p> 119
120<p>
103 AFS was originally developed by Transarc which is now owned by IBM. 121AFS was originally developed by Transarc which is now owned by IBM.
104 You can find some information about AFS on 122You can find some information about AFS on
105 <uri link="http://www.transarc.ibm.com/Product/EFS/AFS/index.html">Transarcs Webpage</uri> 123<uri link="http://www.transarc.ibm.com/Product/EFS/AFS/index.html">Transarcs
106 </p> 124Webpage</uri>.
125</p>
126
107 </body> 127</body>
108 </section> 128</section>
109
110</chapter> 129</chapter>
111 130
112<chapter> 131<chapter>
113<title>Documentation</title> 132<title>Documentation</title>
114 <section> 133<section>
115 <title>Getting AFS Documentation</title> 134<title>Getting AFS Documentation</title>
116 <body> 135<body>
117 <p> 136
137<p>
118 You can get the original IBM AFS Documentation. It is very well written and you 138You can get the original IBM AFS Documentation. It is very well written and you
119 really want
120 read it if it is up to you to administer a AFS Server. 139really want read it if it is up to you to administer a AFS Server.
121 </p> 140</p>
141
122<pre caption="Installing afsdoc"> 142<pre caption="Installing afsdoc">
123# <i>emerge app-doc/afsdoc</i> 143# <i>emerge app-doc/afsdoc</i>
124</pre> 144</pre>
145
125 </body> 146</body>
126 </section> 147</section>
127</chapter> 148</chapter>
128 149
129<chapter> 150<chapter>
130<title>Client Installation</title> 151<title>Client Installation</title>
131 <section> 152<section>
132 <title>Preliminary Work</title> 153<title>Preliminary Work</title>
133 <body> 154<body>
134 <note> 155
156<note>
135 All commands should be written in one line !! In this document they are 157All commands should be written in one line !! In this document they are
136 sometimes wrapped to two lines to make them easier to read. 158sometimes wrapped to two lines to make them easier to read.
137 </note> 159</note>
138 <note> 160
161<note>
139 Unfortunately the AFS Client needs a ext2 partiton for it's cache to run 162Unfortunately the AFS Client needs a ext2 partiton for it's cache to run
140 correctly, because there are some locking issues with reiserfs. You need to 163correctly, because there are some locking issues with reiserfs. You need to
141 create a ext2 partition of approx. 200MB (more won't hurt) and mount it to 164create a ext2 partition of approx. 200MB (more won't hurt) and mount it to
142 <path>/usr/vice/cache</path> 165<path>/usr/vice/cache</path>
143 </note> 166</note>
144 <p> 167
168<p>
145 You should adjust the two files CellServDB and ThisCell before you build the 169You should adjust the two files CellServDB and ThisCell before you build the
146 afs client. (These files are in <path>/usr/portage/net-fs/openafs/files</path>) 170afs client. (These files are in <path>/usr/portage/net-fs/openafs/files</path>)
147 </p> 171</p>
172
148 <pre caption="Adjusting CellServDB and ThisCell"> 173<pre caption="Adjusting CellServDB and ThisCell">
149 CellServDB: 174CellServDB:
150 >netlabs #Cell name 175>netlabs #Cell name
151 10.0.0.1 #storage 17610.0.0.1 #storage
152 177
153 ThisCell: 178ThisCell:
154 netlabs 179netlabs
155 </pre> 180</pre>
156 181
157 <warn> 182<warn>
158 Only use spaces inside the <path>CellServDB</path> file. The client will most 183Only use spaces inside the <path>CellServDB</path> file. The client will most
159 likely fail if you use TABs. 184likely fail if you use TABs.
160 </warn> 185</warn>
161 186
162 <p> 187<p>
163 CellServDB tells your client which server(s) he needs to contact for a 188CellServDB tells your client which server(s) he needs to contact for a
164 specific cell. ThisCell should be quite obvious. Normally you use a name 189specific cell. ThisCell should be quite obvious. Normally you use a name
165 which is unique for your organisation. Your (official) domain might be a 190which is unique for your organisation. Your (official) domain might be a
166 good choice. 191good choice.
167 </p> 192</p>
168 </body> 193
194</body>
169 </section> 195</section>
170 <section> 196<section>
171 <title>Building the Client</title> 197<title>Building the Client</title>
172 <body> 198<body>
199
173<pre caption="Installing openafs"> 200<pre caption="Installing openafs">
174# <i>emerge net-fs/openafs</i> 201# <i>emerge net-fs/openafs</i>
175</pre> 202</pre>
176 <p> 203
204<p>
177 After successful compilation you're ready to go. 205After successful compilation you're ready to go.
178 </p> 206</p>
179 </body> 207
208</body>
180 </section> 209</section>
181 <section> 210<section>
182 <title>Starting afs on startup</title> 211<title>Starting afs on startup</title>
183 <body> 212<body>
184 <p> 213
214<p>
185 The following command will create the appropriate links to start your afs client 215The following command will create the appropriate links to start your afs client
186 on system startup. 216on system startup.
187 </p> 217</p>
188 <warn> 218
189 You should always have a running afs server in your domain when trying to start the afs client. You're system won't boot 219<warn>
220You should always have a running afs server in your domain when trying to
221start the afs client. You're system won't boot until it gets some timeout
190 until it gets some timeout if your afs server is down. (and this is quite a long long time) 222if your afs server is down. (and this is quite a long long time)
191 </warn> 223</warn>
224
192<pre caption="Adding afs to the default runlevel"> 225<pre caption="Adding afs to the default runlevel">
193# <i>rc-update add afs default</i> 226# <i>rc-update add afs default</i>
194</pre> 227</pre>
195 </body> 228
229</body>
196 </section> 230</section>
197</chapter> 231</chapter>
198 232
199<chapter> 233<chapter>
200<title>Server Installation</title> 234<title>Server Installation</title>
201 <section> 235<section>
202 <title>Building the Server</title> 236<title>Building the Server</title>
203 <body> 237<body>
204 <p> 238
239<p>
205 The following command will install all necessary binaries for setting up a AFS Server 240The following command will install all necessary binaries for setting up a AFS
206 <e>and</e> Client. 241Server <e>and</e> Client.
207 </p> 242</p>
243
208<pre caption="Installing openafs"> 244<pre caption="Installing openafs">
209# <i>emerge net-fs/openafs</i> 245# <i>emerge net-fs/openafs</i>
210</pre> 246</pre>
211 </body> 247
248</body>
212 </section> 249</section>
213 <section> 250<section>
214 <title>Starting AFS Server</title> 251<title>Starting AFS Server</title>
215 <body> 252<body>
216 <p> 253
254<p>
217 You need to remove the sample CellServDB and ThisCell file first. 255You need to remove the sample CellServDB and ThisCell file first.
218 </p> 256</p>
257
219<pre caption="Remove sample files"> 258<pre caption="Remove sample files">
220# <i>rm /usr/vice/etc/ThisCell</i> 259# <i>rm /usr/vice/etc/ThisCell</i>
221# <i>rm /usr/vice/etc/CellServDB</i> 260# <i>rm /usr/vice/etc/CellServDB</i>
222</pre> 261</pre>
223 <p> 262
263<p>
224 Next you will run the <b>bosserver</b> command to initialize the Basic OverSeer (BOS) 264Next you will run the <b>bosserver</b> command to initialize the Basic OverSeer
225 Server, which monitors and controls other AFS server processes on its server 265(BOS) Server, which monitors and controls other AFS server processes on its
226 machine. Think of it as init for the system. Include the <b>-noauth</b> 266server machine. Think of it as init for the system. Include the <b>-noauth</b>
227 flag to disable authorization checking, since you haven't added the admin user yet. 267flag to disable authorization checking, since you haven't added the admin user
228 </p> 268yet.
229 <warn> 269</p>
270
271<warn>
230 Disabling authorization checking gravely compromises cell security. 272Disabling authorization checking gravely compromises cell security.
231 You must complete all subsequent steps in one uninterrupted pass 273You must complete all subsequent steps in one uninterrupted pass
232 and must not leave the machine unattended until you restart the BOS Server with 274and must not leave the machine unattended until you restart the BOS Server with
233 authorization checking enabled. Well this is what the AFS documentation says :) 275authorization checking enabled. Well this is what the AFS documentation says :)
234 </warn> 276</warn>
277
235<pre caption="Initialize the Basic OverSeer Server"> 278<pre caption="Initialize the Basic OverSeer Server">
236# <i>/usr/afs/bin/bosserver -noauth &amp;</i> 279# <i>/usr/afs/bin/bosserver -noauth &amp;</i>
237</pre> 280</pre>
238 <p> 281
282<p>
239 Verify that the BOS Server created <path>/usr/vice/etc/CellServDB</path> 283Verify that the BOS Server created <path>/usr/vice/etc/CellServDB</path>
240 and <path>/usr/vice/etc/ThisCell</path> 284and <path>/usr/vice/etc/ThisCell</path>
241 </p> 285</p>
286
242<pre caption="Check if CellServDB and ThisCell are created"> 287<pre caption="Check if CellServDB and ThisCell are created">
243# <i>ls -al /usr/vice/etc/</i> 288# <i>ls -al /usr/vice/etc/</i>
244-rw-r--r-- 1 root root 41 Jun 4 22:21 CellServDB 289-rw-r--r-- 1 root root 41 Jun 4 22:21 CellServDB
245-rw-r--r-- 1 root root 7 Jun 4 22:21 ThisCell 290-rw-r--r-- 1 root root 7 Jun 4 22:21 ThisCell
246</pre> 291</pre>
247 292
248 </body> 293</body>
249 </section> 294</section>
250 <section> 295<section>
251 <title>Defining Cell Name and Membership for Server Process</title> 296<title>Defining Cell Name and Membership for Server Process</title>
252 <body> 297<body>
253 <p> 298
299<p>
254 Now assign your cells name. 300Now assign your cells name.
255 </p> 301</p>
302
303<impo>
256 <impo>There are some restrictions on the name format. 304There are some restrictions on the name format.
257 Two of the most important restrictions are that the name 305Two of the most important restrictions are that the name
258 cannot include uppercase letters or more than 64 characters. Remember that 306cannot include uppercase letters or more than 64 characters. Remember that
259 your cell name will show up under <path>/afs</path>, so you might want to choose 307your cell name will show up under <path>/afs</path>, so you might want to choose
260 a short one.</impo> 308a short one.
309</impo>
310
311<note>
261 <note>In the following and every instruction in this guide, for the &lt;server name&gt; 312In the following and every instruction in this guide, for the &lt;server
262 argument substitute the full-qualified hostname 313name&gt; argument substitute the full-qualified hostname (such as
263 (such as <b>afs.gentoo.org</b>) of the machine you are installing. 314<b>afs.gentoo.org</b>) of the machine you are installing. For the &lt;cell
264 For the &lt;cell name&gt;
265 argument substitute your cell's complete name (such as <b>gentoo</b>)</note> 315name&gt; argument substitute your cell's complete name (such as
266 <p> 316<b>gentoo</b>)
317</note>
318
319<p>
267 Run the <b>bos setcellname</b> command to set the cell name: 320Run the <b>bos setcellname</b> command to set the cell name:
268 </p> 321</p>
322
269<pre caption="Set the cell name"> 323<pre caption="Set the cell name">
270# <i>/usr/afs/bin/bos setcellname &lt;server name&gt; &lt;cell name&gt; -noauth</i> 324# <i>/usr/afs/bin/bos setcellname &lt;server name&gt; &lt;cell name&gt; -noauth</i>
271</pre> 325</pre>
326
272 </body> 327</body>
273 </section> 328</section>
274 <section> 329<section>
275 <title>Starting the Database Server Process</title> 330<title>Starting the Database Server Process</title>
276 <body><p> 331<body>
332
333<p>
277 Next use the <b>bos create</b> command to create entries for the four database 334Next use the <b>bos create</b> command to create entries for the four database
278 server processes in the 335server processes in the <path>/usr/afs/local/BosConfig</path> file. The four
279 <path>/usr/afs/local/BosConfig</path> file. The four processes run on database 336processes run on database server machines only.
280 server machines only. 337</p>
281 </p>
282 338
283 <table> 339<table>
284 <tr> 340<tr>
285 <ti>kaserver</ti> 341 <ti>kaserver</ti>
342 <ti>
286 <ti>The Authentication Server maintains the Authentication Database. 343 The Authentication Server maintains the Authentication Database.
287 This can be replaced by a Kerberos 5 daemon. If anybody want's to try that 344 This can be replaced by a Kerberos 5 daemon. If anybody want's to try that
288 feel free to update this document :)</ti> 345 feel free to update this document :)
289 </tr> 346 </ti>
290 <tr> 347</tr>
348<tr>
291 <ti>buserver</ti> 349 <ti>buserver</ti>
292 <ti>The Backup Server maintains the Backup Database</ti> 350 <ti>The Backup Server maintains the Backup Database</ti>
293 </tr> 351</tr>
294 <tr> 352<tr>
295 <ti>ptserver</ti> 353 <ti>ptserver</ti>
296 <ti>The Protection Server maintains the Protection Database</ti> 354 <ti>The Protection Server maintains the Protection Database</ti>
297 </tr> 355</tr>
298 <tr> 356<tr>
299 <ti>vlserver</ti> 357 <ti>vlserver</ti>
358 <ti>
300 <ti>The Volume Location Server maintains the Volume Location Database (VLDB). 359 The Volume Location Server maintains the Volume Location Database (VLDB).
301 Very important :)</ti> 360 Very important :)
302 </tr> 361 </ti>
362</tr>
303 </table> 363</table>
364
304<pre caption="Create entries for the database processes"> 365<pre caption="Create entries for the database processes">
305# <i>/usr/afs/bin/bos create &lt;server name&gt; kaserver simple 366# <i>/usr/afs/bin/bos create &lt;server name&gt; kaserver simple /usr/afs/bin/kaserver -cell &lt;cell name&gt; -noauth</i>
306 /usr/afs/bin/kaserver -cell &lt;cell name&gt; -noauth</i> 367# <i>/usr/afs/bin/bos create &lt;server name&gt; buserver simple /usr/afs/bin/buserver -cell &lt;cell name&gt; -noauth</i>
307# <i>/usr/afs/bin/bos create &lt;server name&gt; buserver simple 368# <i>/usr/afs/bin/bos create &lt;server name&gt; ptserver simple /usr/afs/bin/ptserver -cell &lt;cell name&gt; -noauth</i>
308 /usr/afs/bin/buserver -cell &lt;cell name&gt; -noauth</i> 369# <i>/usr/afs/bin/bos create &lt;server name&gt; vlserver simple /usr/afs/bin/vlserver -cell &lt;cell name&gt; -noauth</i>
309# <i>/usr/afs/bin/bos create &lt;server name&gt; ptserver simple
310 /usr/afs/bin/ptserver -cell &lt;cell name&gt; -noauth</i>
311# <i>/usr/afs/bin/bos create &lt;server name&gt; vlserver simple
312 /usr/afs/bin/vlserver -cell &lt;cell name&gt; -noauth</i>
313</pre> 370</pre>
314 <p> 371
372<p>
315 You can verify that all servers are running with the <b>bos status</b> command: 373You can verify that all servers are running with the <b>bos status</b> command:
316 </p> 374</p>
375
317<pre caption="Check if all the servers are running"> 376<pre caption="Check if all the servers are running">
318# <i>/usr/afs/bin/bos status &lt;server name&gt; -noauth</i> 377# <i>/usr/afs/bin/bos status &lt;server name&gt; -noauth</i>
319Instance kaserver, currently running normally. 378Instance kaserver, currently running normally.
320Instance buserver, currently running normally. 379Instance buserver, currently running normally.
321Instance ptserver, currently running normally. 380Instance ptserver, currently running normally.
322Instance vlserver, currently running normally. 381Instance vlserver, currently running normally.
323</pre> 382</pre>
324 383
325 </body> 384</body>
326 </section> 385</section>
327 <section> 386<section>
328 <title>Initializing Cell Security</title> 387<title>Initializing Cell Security</title>
329 <body> 388<body>
330 <p> 389
390<p>
331 Now we'll initialize the cell's security mechanisms. We'll begin by creating the 391Now we'll initialize the cell's security mechanisms. We'll begin by creating
332 following two initial entries in the 392the following two initial entries in the Authentication Database: The main
333 Authentication Database: The main administrative account, called <b>admin</b> by 393administrative account, called <b>admin</b> by convention and an entry for
334 convention and an entry for
335 the AFS server processes, called <b>afs</b>. No user logs in under the 394the AFS server processes, called <b>afs</b>. No user logs in under the
336 identity <b>afs</b>, but the Authentication 395identity <b>afs</b>, but the Authentication Server's Ticket Granting
337 Server's Ticket Granting Service (TGS) module uses the account 396Service (TGS) module uses the account to encrypt the server tickets that
338 to encrypt the server tickets that it grants to AFS clients. This sounds 397it grants to AFS clients. This sounds pretty much like Kerberos :)
339 pretty much like Kerberos :) 398</p>
340 </p> 399
341 <p> 400<p>
342 Enter <b>kas</b> interactive mode 401Enter <b>kas</b> interactive mode
343 </p> 402</p>
403
344<pre caption="Entering the interactive mode"> 404<pre caption="Entering the interactive mode">
345# <i>/usr/afs/bin/kas -cell &lt;cell name&gt; -noauth</i> 405# <i>/usr/afs/bin/kas -cell &lt;cell name&gt; -noauth</i>
346ka&gt; <i>create afs</i> 406ka&gt; <i>create afs</i>
347initial_password: 407initial_password:
348Verifying, please re-enter initial_password: 408Verifying, please re-enter initial_password:
350initial_password: 410initial_password:
351Verifying, please re-enter initial_password: 411Verifying, please re-enter initial_password:
352ka&gt; <i>examine afs</i> 412ka&gt; <i>examine afs</i>
353 413
354User data for afs 414User data for afs
355 key (0) cksum is 2651715259, last cpw: Mon Jun 4 20:49:30 2001 415key (0) cksum is 2651715259, last cpw: Mon Jun 4 20:49:30 2001
356 password will never expire. 416password will never expire.
357 An unlimited number of unsuccessful authentications is permitted. 417An unlimited number of unsuccessful authentications is permitted.
358 entry never expires. Max ticket lifetime 100.00 hours. 418entry never expires. Max ticket lifetime 100.00 hours.
359 last mod on Mon Jun 4 20:49:30 2001 by $lt;none&gt; 419last mod on Mon Jun 4 20:49:30 2001 by $lt;none&gt;
360 permit password reuse 420permit password reuse
361ka&gt; <i>setfields admin -flags admin</i> 421ka&gt; <i>setfields admin -flags admin</i>
362ka&gt; <i>examine admin</i> 422ka&gt; <i>examine admin</i>
363 423
364User data for admin (ADMIN) 424User data for admin (ADMIN)
365 key (0) cksum is 2651715259, last cpw: Mon Jun 4 20:49:59 2001 425key (0) cksum is 2651715259, last cpw: Mon Jun 4 20:49:59 2001
366 password will never expire. 426password will never expire.
367 An unlimited number of unsuccessful authentications is permitted. 427An unlimited number of unsuccessful authentications is permitted.
368 entry never expires. Max ticket lifetime 25.00 hours. 428entry never expires. Max ticket lifetime 25.00 hours.
369 last mod on Mon Jun 4 20:51:10 2001 by $lt;none&gt; 429last mod on Mon Jun 4 20:51:10 2001 by $lt;none&gt;
370 permit password reuse 430permit password reuse
371ka&gt; 431ka&gt;
372</pre> 432</pre>
373 <p> 433
434<p>
374 Run the <b>bos adduser</b> command, to add the <b>admin</b> user to 435Run the <b>bos adduser</b> command, to add the <b>admin</b> user to
375 the <path>/usr/afs/etc/UserList</path>. 436the <path>/usr/afs/etc/UserList</path>.
376 </p> 437</p>
438
377<pre caption="Add the admin user to the UserList"> 439<pre caption="Add the admin user to the UserList">
378# <i>/usr/afs/bin/bos adduser &lt;server name&gt; admin -cell &lt;cell name&gt; -noauth</i> 440# <i>/usr/afs/bin/bos adduser &lt;server name&gt; admin -cell &lt;cell name&gt; -noauth</i>
379</pre> 441</pre>
380 <p> 442
443<p>
381 Issue the <b>bos addkey</b> command to define the AFS Server 444Issue the <b>bos addkey</b> command to define the AFS Server
382 encryption key in <path>/usr/afs/etc/KeyFile</path> 445encryption key in <path>/usr/afs/etc/KeyFile</path>
383 </p> 446</p>
384 <note> 447
448<note>
385 If asked for the input key, give the password you entered when creating 449If asked for the input key, give the password you entered when creating
386 the afs entry with <b>kas</b> 450the afs entry with <b>kas</b>
387 </note> 451</note>
452
388<pre caption="Entering the password"> 453<pre caption="Entering the password">
389# <i>/usr/afs/bin/bos addkey &lt;server name&gt; -kvno 0 -cell &lt;cell name&gt; -noauth</i> 454# <i>/usr/afs/bin/bos addkey &lt;server name&gt; -kvno 0 -cell &lt;cell name&gt; -noauth</i>
390 input key: 455input key:
391 Retype input key: 456Retype input key:
392</pre> 457</pre>
393 <p> 458
459<p>
394 Issue the <b>pts createuser</b> command to create a Protection Database 460Issue the <b>pts createuser</b> command to create a Protection Database
395 entry for the admin user 461entry for the admin user
396 </p> 462</p>
397 <note> 463
464<note>
398 By default, the Protection Server assigns AFS UID 1 to the <b>admin</b> user, because 465By default, the Protection Server assigns AFS UID 1 to the <b>admin</b> user,
399 it is the first user 466because it is the first user entry you are creating. If the local password file
400 entry you are creating. If the local password file (/etc/passwd or equivalent) 467(/etc/passwd or equivalent) already has an entry for <b>admin</b> that assigns
401 already has an entry for 468a different UID use the <b>-id</b> argument to create matching UID's
402 <b>admin</b> that assigns a different UID use the <b>-id</b> argument 469</note>
403 to create matching UID's 470
404 </note>
405<pre caption="Create a Protection Database entry for the database user"> 471<pre caption="Create a Protection Database entry for the database user">
406# <i>/usr/afs/bin/pts createuser -name admin -cell &lt;cell name&gt; [-id &lt;AFS UID&gt;] -noauth</i> 472# <i>/usr/afs/bin/pts createuser -name admin -cell &lt;cell name&gt; [-id &lt;AFS UID&gt;] -noauth</i>
407</pre> 473</pre>
408 <p> 474
475<p>
409 Issue the <b>pts adduser</b> command to make the <b>admin</b> user a member 476Issue the <b>pts adduser</b> command to make the <b>admin</b> user a member
410 of the system:administrators group, 477of the system:administrators group, and the <b>pts membership</b> command to
411 and the <b>pts membership</b> command to verify the new membership 478verify the new membership
412 </p> 479</p>
480
413<pre caption="Make admin a member of the administrators group and verify"> 481<pre caption="Make admin a member of the administrators group and verify">
414# <i>/usr/afs/bin/pts adduser admin system:administrators -cell &lt;cell name&gt; -noauth</i> 482# <i>/usr/afs/bin/pts adduser admin system:administrators -cell &lt;cell name&gt; -noauth</i>
415# <i>/usr/afs/bin/pts membership admin -cell &lt;cell name&gt; -noauth</i> 483# <i>/usr/afs/bin/pts membership admin -cell &lt;cell name&gt; -noauth</i>
416 Groups admin (id: 1) is a member of: 484Groups admin (id: 1) is a member of:
417 system:administrators 485system:administrators
418</pre> 486</pre>
419 <p> 487
488<p>
420 Restart all AFS Server processes 489Restart all AFS Server processes
421 </p> 490</p>
491
422<pre caption="Restart all AFS server processes"> 492<pre caption="Restart all AFS server processes">
423# <i>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell name&gt; -noauth</i> 493# <i>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell name&gt; -noauth</i>
424</pre> 494</pre>
495
425 </body> 496</body>
426 </section> 497</section>
427 <section> 498<section>
428 <title>Starting the File Server, Volume Server and Salvager</title> 499<title>Starting the File Server, Volume Server and Salvager</title>
429 <body> 500<body>
430 <p> 501
502<p>
431 Start the <b>fs</b> process, which consists of the File Server, Volume Server and Salvager (fileserver, 503Start the <b>fs</b> process, which consists of the File Server, Volume Server
432 volserver and salvager processes). 504and Salvager (fileserver, volserver and salvager processes).
433 </p> 505</p>
506
434<pre caption="Start the fs process"> 507<pre caption="Start the fs process">
435# <i>/usr/afs/bin/bos create &lt;server name&gt; fs fs /usr/afs/bin/fileserver 508# <i>/usr/afs/bin/bos create &lt;server name&gt; fs fs /usr/afs/bin/fileserver /usr/afs/bin/volserver /usr/afs/bin/salvager -cell &lt;cell name&gt; -noauth</i>
436 /usr/afs/bin/volserver
437 /usr/afs/bin/salvager
438 -cell &lt;cell name&gt; -noauth</i>
439</pre> 509</pre>
440 <p> 510
511<p>
441 Verify that all processes are running 512Verify that all processes are running
442 </p> 513</p>
514
443<pre caption="Check if all processes are running"> 515<pre caption="Check if all processes are running">
444 # <i>/usr/afs/bin/bos status &lt;server name&gt; -long -noauth</i> 516# <i>/usr/afs/bin/bos status &lt;server name&gt; -long -noauth</i>
445 Instance kaserver, (type is simple) currently running normally. 517Instance kaserver, (type is simple) currently running normally.
446 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts) 518Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts)
447 Last exit at Mon Jun 4 21:07:17 2001 519Last exit at Mon Jun 4 21:07:17 2001
448 Command 1 is '/usr/afs/bin/kaserver' 520Command 1 is '/usr/afs/bin/kaserver'
449 521
450 Instance buserver, (type is simple) currently running normally. 522Instance buserver, (type is simple) currently running normally.
451 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts) 523Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts)
452 Last exit at Mon Jun 4 21:07:17 2001 524Last exit at Mon Jun 4 21:07:17 2001
453 Command 1 is '/usr/afs/bin/buserver' 525Command 1 is '/usr/afs/bin/buserver'
454 526
455 Instance ptserver, (type is simple) currently running normally. 527Instance ptserver, (type is simple) currently running normally.
456 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts) 528Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts)
457 Last exit at Mon Jun 4 21:07:17 2001 529Last exit at Mon Jun 4 21:07:17 2001
458 Command 1 is '/usr/afs/bin/ptserver' 530Command 1 is '/usr/afs/bin/ptserver'
459 531
460 Instance vlserver, (type is simple) currently running normally. 532Instance vlserver, (type is simple) currently running normally.
461 Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts) 533Process last started at Mon Jun 4 21:07:17 2001 (2 proc starts)
462 Last exit at Mon Jun 4 21:07:17 2001 534Last exit at Mon Jun 4 21:07:17 2001
463 Command 1 is '/usr/afs/bin/vlserver' 535Command 1 is '/usr/afs/bin/vlserver'
464 536
465 Instance fs, (type is fs) currently running normally. 537Instance fs, (type is fs) currently running normally.
466 Auxiliary status is: file server running. 538Auxiliary status is: file server running.
467 Process last started at Mon Jun 4 21:09:30 2001 (2 proc starts) 539Process last started at Mon Jun 4 21:09:30 2001 (2 proc starts)
468 Command 1 is '/usr/afs/bin/fileserver' 540Command 1 is '/usr/afs/bin/fileserver'
469 Command 2 is '/usr/afs/bin/volserver' 541Command 2 is '/usr/afs/bin/volserver'
470 Command 3 is '/usr/afs/bin/salvager' 542Command 3 is '/usr/afs/bin/salvager'
471</pre> 543</pre>
472 <p> 544
545<p>
473 Your next action depends on whether you have ever run AFS file server machines 546Your next action depends on whether you have ever run AFS file server machines
474 in the cell: 547in the cell:
475 </p> 548</p>
476 <p> 549
550<p>
477 If you are installing the first AFS Server ever in the cell create the 551If you are installing the first AFS Server ever in the cell create the
478 first AFS volume, <b>root.afs</b> 552first AFS volume, <b>root.afs</b>
479 </p> 553</p>
554
480 <note> 555<note>
481 For the partition name argument, substitute the name of one of the machine's 556For the partition name argument, substitute the name of one of the machine's
482 AFS Server partitions. By convention 557AFS Server partitions. By convention
483 these partitions are named <path>/vicepx</path>, where x is in the range of a-z. 558these partitions are named <path>/vicepx</path>, where x is in the range of a-z.
484 </note> 559</note>
560
485<pre caption="Create the root.afs volume"> 561<pre caption="Create the root.afs volume">
486 # <i>/usr/afs/bin/vos create &lt;server name&gt; 562# <i>/usr/afs/bin/vos create &lt;server name&gt; &lt;partition name&gt; root.afs -cell &lt;cell name&gt; -noauth</i>
487 &lt;partition name&gt; root.afs
488 -cell &lt;cell name&gt; -noauth</i>
489</pre> 563</pre>
490 <p> 564
565<p>
491 If there are existing AFS file server machines and volumes in the cell 566If there are existing AFS file server machines and volumes in the cell
492 issue the <b>vos sncvldb</b> and <b>vos 567issue the <b>vos sncvldb</b> and <b>vos syncserv</b> commands to synchronize
493 syncserv</b> commands to synchronize the VLDB (Volume Location Database) with 568the VLDB (Volume Location Database) with the actual state of volumes on the
494 the actual state of volumes on the local machine. This will copy all necessary data to your 569local machine. This will copy all necessary data to your new server.
495 new server. 570</p>
496 </p> 571
497 <p> 572<p>
498 If the command fails with the message "partition /vicepa does not exist on 573If the command fails with the message "partition /vicepa does not exist on
499 the server", ensure that the partition is mounted before running OpenAFS 574the server", ensure that the partition is mounted before running OpenAFS
500 servers, or mount the directory and restart the processes using 575servers, or mount the directory and restart the processes using
501 <c>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell 576<c>/usr/afs/bin/bos restart &lt;server name&gt; -all -cell &lt;cell
502 name&gt; -noauth</c>. 577name&gt; -noauth</c>.
503 </p> 578</p>
579
504<pre caption="Synchronise the VLDB"> 580<pre caption="Synchronise the VLDB">
505 # <i>/usr/afs/bin/vos syncvldb &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i> 581# <i>/usr/afs/bin/vos syncvldb &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i>
506 # <i>/usr/afs/bin/vos syncserv &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i> 582# <i>/usr/afs/bin/vos syncserv &lt;server name&gt; -cell &lt;cell name&gt; -verbose -noauth</i>
507</pre> 583</pre>
584
508 </body> 585</body>
509 </section> 586</section>
510 <section> 587<section>
511 <title>Starting the Server Portion of the Update Server</title> 588<title>Starting the Server Portion of the Update Server</title>
512 <body> 589<body>
590
513<pre caption="Start the update server"> 591<pre caption="Start the update server">
514# <i>/usr/afs/bin/bos create &lt;server name&gt; 592# <i>/usr/afs/bin/bos create &lt;server name&gt;
515 upserver simple "/usr/afs/bin/upserver 593upserver simple "/usr/afs/bin/upserver
516 -crypt /usr/afs/etc -clear /usr/afs/bin" 594-crypt /usr/afs/etc -clear /usr/afs/bin"
517 -cell &lt;cell name&gt; -noauth</i> 595-cell &lt;cell name&gt; -noauth</i>
518</pre> 596</pre>
597
519 </body> 598</body>
520 </section> 599</section>
521 <section> 600<section>
522 <title>Configuring the Top Level of the AFS filespace</title> 601<title>Configuring the Top Level of the AFS filespace</title>
523 <body> 602<body>
524 <p> 603
604<p>
525 First you need to set some acl's, so that any user can lookup <path>/afs</path>. 605First you need to set some acl's, so that any user can lookup
526 </p> 606<path>/afs</path>.
607</p>
608
527<pre caption="Set access control lists"> 609<pre caption="Set access control lists">
528# <i>/usr/afs/bin/fs setacl /afs system:anyuser rl</i> 610# <i>/usr/afs/bin/fs setacl /afs system:anyuser rl</i>
529</pre> 611</pre>
530 <p> 612
531 Then you need to create the root volume, mount it readonly on <path>/afs/&lt;cell name&gt;</path> and read/write 613<p>
532 on <path>/afs/.&lt;cell name&gt;</path> 614Then you need to create the root volume, mount it readonly on
533 </p> 615<path>/afs/&lt;cell name&gt;</path> and read/write on <path>/afs/.&lt;cell
616name&gt;</path>
617</p>
618
534<pre caption="Prepare the root volume"> 619<pre caption="Prepare the root volume">
535# <i>/usr/afs/bin/vos create &lt;server name&gt;&lt;partition name&gt; root.cell</i> 620# <i>/usr/afs/bin/vos create &lt;server name&gt;&lt;partition name&gt; root.cell</i>
536# <i>/usr/afs/bin/fs mkmount /afs/&lt;cell name&gt; root.cell </i> 621# <i>/usr/afs/bin/fs mkmount /afs/&lt;cell name&gt; root.cell </i>
537# <i>/usr/afs/bin/fs setacl /afs/&lt;cell name&gt; system:anyuser rl</i> 622# <i>/usr/afs/bin/fs setacl /afs/&lt;cell name&gt; system:anyuser rl</i>
538# <i>/usr/afs/bin/fs mkmount /afs/.&lt;cell name&gt; root.cell -rw</i> 623# <i>/usr/afs/bin/fs mkmount /afs/.&lt;cell name&gt; root.cell -rw</i>
539</pre> 624</pre>
540 <p> 625
626<p>
541 Finally you're done !!! You should now have a working AFS file server 627Finally you're done !!! You should now have a working AFS file server
542 on your local network. Time to get a big 628on your local network. Time to get a big
543 cup of coffee and print out the AFS documentation !!! 629cup of coffee and print out the AFS documentation !!!
544 </p> 630</p>
545 <note> 631
632<note>
546 It is very important for the AFS server to function properly, that all system 633It is very important for the AFS server to function properly, that all system
547 clock's are synchronized. 634clock's are synchronized. This is best accomplished by installing a ntp server
548 This is best 635on one machine (e.g. the AFS server) and synchronize all client clock's
549 accomplished by installing a ntp server on one machine (e.g. the AFS server)
550 and synchronize all client clock's
551 with the ntp client. This can also be done by the afs client. 636with the ntp client. This can also be done by the afs client.
552 </note> 637</note>
638
553 </body> 639</body>
554 </section> 640</section>
555
556</chapter> 641</chapter>
557 642
558<chapter> 643<chapter>
559<title>Basic Administration</title> 644<title>Basic Administration</title>
560<section> 645<section>

Legend:
Removed from v.1.18  
changed lines
  Added in v.1.19

  ViewVC Help
Powered by ViewVC 1.1.20