![[Return to Library]](../books.gif)
![[Contents]](../toc.gif)
![[Previous Topic]](../prev.gif)
![[Bottom of Topic]](../bot.gif)
This file documents new features, upgrade procedures, and remaining limitations associated with the general availability (GA) release of AFS(R) 3.5.
AFS 3.5 includes the following new features, many of which improve system performance.
The AFS 3.5 offering for Windows and NT systems includes the following components:
Enhancements to the Client component on NT include support for both File Server and Volume Location (VL) Server preference ranks, and support for whole file locking. For further details, see the AFS(R) Suite for Windows(R) Release Notes.
The File Server process now uses the POSIX-compliant threading package provided by the operating system, rather than the proprietary threading package used in previous AFS versions. The change makes the File Server truly multithreaded and increases throughput.
The one exception is the File Server for HP-UX 11.0, which still uses the proprietary threading package as in AFS 3.4a.
There are numerous performance improvements to the Backup System, many of which reduce the load that the Backup System places on other AFS servers and the network. For example, the procedures for compiling the list of volumes to be included in a dump is more efficient.
The Ubik Coordinator on the synchronization site for a given database now distributes database changes to the secondary sites in a more efficient manner. A change to Ubik's database locking method also prevents write starvation, a problem in which a secondary site is so busy answering read requests that it cannot accept changes from the synchronization site.
This feature is available on UNIX platforms only.
The AFS 3.5 version of the Ubik library properly handles communication between database server machines with multiple interface addresses, which enables you to run multihomed database server machines. However, the non-database server processes (such as the File Server) and the Cache Manager still only use one address per database server machine (the one listed in the server or client CellServDB file respectively). They do not switch to alternate interfaces if that address becomes inaccessible. To preserve the level of database access you currently enjoy, you must continue to replicate the databases.
This feature is available on UNIX platforms only.
AFS 3.5 includes support for multihomed client machines. When the Cache Manager first contacts a given File Server, it registers the addresses of its client machine. Thereafter, when the File Server initiates communication with the client machine, it can choose the address to which to send its message. If that address is inaccessible, it automatically switches to an alternate address.
Note that the File Server does not use the registered list of addresses when it responds to requests that the Cache Manager initiates--it still responds to the interface from which the request originated. Similarly, the Cache Manager does not use the list when choosing the interface to use for sending a request to a File Server.
You can control which addresses the Cache Manager registers with File Servers by creating one or both of the following files in the client machine's local /usr/vice/etc directory: NetInfo and NetRestrict. If the NetInfo file exists when the Cache Manager initializes, the Cache Managers uses its contents as the basis for a list of the machine's interfaces. If the file does not exist, the Cache Manager instead uses the network interfaces configured with the operating system. If the NetRestrict file exists, the Cache Manager removes any addresses included in it from the list it is compiling. It records the completed list in kernel memory.
To display the interface addresses listed in kernel memory, use the new fs getclientaddrs command. To change the list without rebooting the client machine, use the new fs setclientaddrs command.
AFS 3.5 improves the performance of AFS's RPC facility, Rx, by implementing the algorithms for slow start, congestion avoidance, fast retransmit, and fast recovery that are described in Internet RFC (Request for Comments) number 2001. You can access the RFC via http://info.internet.isi.edu:80/in-notes.
Also, the AFS 3.5 implementation of jumbograms is improved. Rx packets are now fixed length, and Rx begins transmissions by sending one packet per datagram. It gradually increases the number of packets per datagram as long as the recipient does not return any errors. In case of error, Rx reverts to sending only one packet per datagram. When retransmitting data, Rx always sends only one packet per datagram.
The AFS Development team has made several changes designed to improve AFS's overall quality and stability. These include a thorough reorganization of the source code, use of a more extensive suite of system tests during a longer testing period before release, and a larger staff.
There are several new commands and new options to existing commands in AFS 3.5. See Changes to AFS Commands and Files.
AFS 3.5 supports the following system
types.
| alpha_dux40 | DEC AXP system with one or more processors running Digital UNIX 4.0d |
| hp_ux110 | Hewlett-Packard 9000 Series and PA8000 Series 700 and 800 systems with one or more processors running the 32-bit version of HP-UX 11.0 |
| i386_linux22 | IBM-compatible PC with one or more processors running Linux kernel version 2.2.2 or 2.2.3 |
| rs_aix42 | IBM RS/6000 with one or more processors running the 32-bit version of AIX 4.2, 4.2.1, 4.3, 4.3.1, or 4.3.2 |
| sgi_65 | Silicon Graphics system with one or more processors running IRIX 6.5. The following processor types are supported: IP19, IP20, IP21, IP22, IP25, IP26, IP27, IP28, IP30, IP32 |
| sun4x_56 | Sun SPARCstation with one or more processors of kernel architecture sun4c, sun4d, sun4m, or sun4u running Solaris 2.6 |
The AFS 3.5 documentation set includes the following books:
and the AFS distribution includes a copy of each in the following two formats:
There are three sources for the documents:
This section explains how to create and mount a volume to house the HTML version of the documents, making them available for online viewing by your users. The recommended mount point for the volume is /afs/cellname/afsdoc. If you wish, you can create a link to the mount point on each client machine's local disk, called /usr/afsdoc. Alternatively, you can create a link to the mount point in each user's home directory. You can also choose to permit users to access only certain documents (most probably, the AFS User's Guide) by creating different mount points or setting different ACLs on different document directories.
This section also includes optional instructions for storing the PostScript version of the documents in AFS.
If you wish, you can set the volume's quota to a finite value after you complete the copying operations. At that point, use the vos examine command to determine how much space the volume is occupying. Then issue the fs setquota command to set a quota value that is slightly larger.
% vos create <machine name> <partition name> afsdoc -maxquota 0
% fs mkmount -dir /afs/.cellname/afsdoc -vol afsdoc
% vos release root.cell
% fs checkvolumes
% cd /afs/.cellname/afsdoc
% fs setacl . system:anyuser rl
In addition to a subdirectory for each document, several files with a .gif extension are copied to the afsdoc directory. They enable readers to move easily between sections of a document. The file called index.htm is an introductory HTML page that contains a hyperlink to each of the documents. For online viewing to work properly, these files must remain in the /afs/cellname/afsdoc directory.
# cp -rp doc_source/Html .
# cp -rp doc_source/PostScript .
# ln -s /afs/cellname/afsdoc /usr/afsdoc
An alternative is to create a link in each user's home directory to the /afs/cellname/afsdoc mount point.
This section explains how to upgrade server and client machines from AFS 3.4a to AFS 3.5. Before performing an upgrade, please read all of the introductory material in this section.
If you are installing AFS for the first time, skip this chapter and refer to the AFS Installation Guide.
AFS provides backward compatibility to the previous release only: AFS 3.5 is certified to be compatible with AFS 3.4a but not necessarily with earlier versions.
| Note: | Upgrading from AFS 3.3 or earlier directly to AFS 3.5 is not supported, because a VLDB conversion is required between AFS 3.3 and AFS 3.4a, and file system conversions are required on some system types. Contact the AFS Product Support group for assistance in upgrading to AFS 3.4a. |
You must meet the following requirements to upgrade successfully to AFS 3.5:
Use one of the following methods to obtain the AFS distribution of each system type for which you are licensed. To access the distribution by network, you must have an authentication account in the Transarc cell; contact AFS Product Support for assistance.
It is conventional to store many of the programs and files in the AFS binary distribution in a separate volume for each system type mounted in your AFS filespace at /afs/cellname/sysname/usr/afsws. These instructions rename the volume currently mounted at this location and create a new volume for AFS 3.5 binaries.
Repeat the instructions for each system type.
% vos create <machine name> <partition name> sysname.3.5 -maxquota 0
% fs mkmount /afs/.cellname/temp sysname.3.5
% cd /cdrom/sysname
% cd /afs/transarc.com/product/afs/3.5/sysname
% cd temp_afs35_dir
% cp -rp bin /afs/.cellname/temp
% cp -rp etc /afs/.cellname/temp
% cp -rp include /afs/.cellname/temp
% cp -rp lib /afs/.cellname/temp
% cp -rp root.client /afs/.cellname/temp
If you do not plan to retain the old volume, you can substitute the vos remove command in this step.
% vos rename sysname.usr.afsws sysname.usr.afsws.extension
% vos rename sysname.usr.afsws.3.5 sysname.usr.afsws
% fs rmmount /afs/.cellname/temp
AFS 3.5 supports a single revision level of some operating systems (for example, Digital UNIX 4.0d only), so in some cases you must upgrade the operating system before installing AFS 3.5. When performing any operating system upgrade, you must take several actions to preserve AFS functionality, including the following:
If you are installing a new AFS system type, you instead replace the remote commands supplied by the operating system with their modified counterparts in the AFS 3.5 distribution.
In addition, you must perform a file system conversion on AFS server partitions when upgrading to the following operating systems:
Instructions for each operating system follow. Before performing the conversion, move all AFS volumes to other file server machines or back them up. If creating backups, either use the AFS Backup System or another AFS-aware backup utility to create full dumps on tape, or use the vos dump command to create dump files on partitions that you are not converting (non-/vicep partitions).
For extra protection, create a tape copy of the complete contents of the /usr/afs directory on a database server machine. In the unlikely event that the contents of the /usr/afs directory are damaged, you can use the tape backup to restore it. This is particularly important for the VLDB and other administrative databases in the /usr/afs/db directory.
If you are upgrading to HP-UX 11.0 from version 10.10 or earlier, use the following instructions. If you already upgraded to HP-UX 10.20 while running AFS 3.4a, no action is necessary.
Before upgrading an AFS file server machine to Solaris 2.6, you must run the fs_conv_sol26 utility on all AFS server partitions. The utility works on machines running Solaris 2.4, 2.5, or 2.6; if the machine is running an earlier version of Solaris or SunOS, upgrade it to Solaris 2.4 or 2.5.
The Solaris 2.6 version of the fs process group must not run if there are unconverted partitions. The following instructions therefore run the utility before upgrading the operating system or AFS. This way you do not need to comment the AFS initialization script out of the machine's startup sequence (which you must otherwise do because it is likely to run automatically during the operating system upgrade and start the fileserver process).
The fs_conv_sol26 binary is in the root.server/usr/afs/bin directory of the AFS 3.5 distribution. Since the utility must run before you actually upgrade AFS or the operating system, the suggested method is to copy only the fs_conv_sol26 binary into the machine's /usr/afs/bin directory at first.
To ensure that there is no other activity on the AFS server partitions as the fs_conv_sol26 utility runs, the instructions unmount them. An additional reason to unmount partitions is that running the utility on a mounted partition can corrupt data on it. The instructions also comment out all server partition entries in the /etc/vfstab file to prevent the vendor version of the fsck program from running on the partitions in case an error during the operating system upgrade results in a reboot.
# cd /cdrom/sun4x_56/root.server/usr/afs/bin
# cp -p fs_conv_sol26 /usr/afs/bin
# cd /afs/transarc.com/product/afs/3.5/sun4x_56/root.server/usr/afs/bin
# cp -p fs_conv_sol26 /usr/afs/bin
# cd temp_afs35_dir/root.server/usr/afs/bin # cp -p fs_conv_sol26 /usr/afs/bin
# bos shutdown <machine name> -cell <cell name>
| Note: | Running the fs_conv_sol26 utility on a mounted partition can cause data corruption. |
# umount /vicepxx
# fs_conv_sol26 convert -device <raw device> -force [-verbose] > logfile
where
The following is an example of correct command format.
# fs_conv_sol26 convert -device /dev/rdsk/c0t1d0s3 -force > /tmp/s3log
The following type of message in the log confirms that the conversion of a partition was successful:
/vicepa: 477 AFS inodes were converted to a SunOS 5.6 \
format; 0 already converted.
/dev/dsk/disk /dev/rdsk/disk /vicepxx afs boot order yes
For example:
/dev/dsk/c0t6d0s1 /dev/rdsk/c0t6d0s1 /vicepa afs 3 yes
For reference, the complete syntax of the fs_conv_sol26 command is as follows:
fs_conv_sol26 {convert | unconvert | help] [-verbose] [-force]
{-device <raw device name>+ | -part </vicepx>+}
where
The following command consults the /etc/vfstab file and converts all AFS server partitions listed in it. Allowing automatic conversion in this way is admittedly easier than the partition-by-partition method outlined in the preceding instructions, but it is not recommended. It requires that you leave all AFS server partition entries uncommented in the /etc/vfstab file, introducing the possibility that the Solaris version of the fsck program can access them if the machine reboots spontaneously during the upgrade process.
fs_conv_sol26 convert -force /* not recommended */
The instructions in this section explain how to use the Update Server to distribute server binaries from a binary distribution machine of each system type. Repeat the steps for each binary distribution machine in your cell. If you do not use the Update Server, repeat the steps on every server machine in your cell.
If you are copying files from the AFS product tree or via the Web, the server machine must also be configured as an AFS client machine.
# mkdir /usr/afs/bin.35
# cd /cdrom/sysname/root.server/usr/afs/bin
# cd /afs/transarc.com/product/afs/3.5/sysname/root.server/usr/afs/bin
# cd temp_afs35_dir/root.server/usr/afs/bin
# cp -p * /usr/afs/bin.35
# cd /cdrom/sysname/root.server/usr/afs/bin
# cp -p upclient /usr/afs/bin.35
# cd /afs/transarc.com/product/afs/3.5/domestic/sysname/root.server/usr/afs/bin
# cp -p upclient /usr/afs/bin.35
# cd temp_upclient_location/sysname/root.server/usr/afs/bin
# cp -p upclient /usr/afs/bin.35
# cd /usr/afs
# mv bin bin.old
# mv bin.35 bin
Repeat the following instructions on each server machine. Perform them first on the database server machine with the lowest IP address, next on the other database server machines, and finally on other server machines.
The AFS data stored on a server machine is inaccessible to client machines during the upgrade process, so it is best to perform it at the time and in the manner that will disturb your users least.
If you do not use binary distribution machines, perform the instructions in Distributing Binaries to Server Machines on this machine.
% su root Password: root_password
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
| Note: | Some files in the /usr/vice/etc directory, such as the AFS initialization file (called afs.rc on many system types), do not necessarily need to change for a new release. It is a good policy to compare the contents of the distribution directory and the /usr/vice/etc directory before performing the copying operation. If there are files in the /usr/vice/etc directory that you created for AFS 3.4a and that you want to retain, either move them to a safe location before performing the following instructions, or alter the following instructions to copy over only the appropriate files. |
# cp -p usr/vice/etc/* /usr/vice/etc # cp -rp usr/vice/etc/C /usr/vice/etc
If you have not yet incorporated AFS into the machine's authentication system, perform the instructions in the section titled Enabling AFS Login in the AFS Installation Guide chapter about configuring client machines. If this machine was running the same operating system revision with AFS 3.4a, you presumably already incorporated AFS into its authentication system. You can consult that section to verify that the configuration is correct.
| Note: | If the machine also serves as a client and you upgraded the client files in the previous step, you must upgrade the kernel extensions now and reboot the machine to use them and the new Cache Manager. |
Begin by shutting down the server processes. This prevents them from restarting accidently before you have a chance to incorporate the AFS 3.5 extensions into the kernel.
# bos shutdown <machine name> -localauth -wait
Now perform the instructions in Incorporating AFS into the Kernel, which have you reboot the machine. Assuming that the machine's AFS initialization file is configured to invoke the bosserver command as specified in the AFS Installation Guide, the BOS Server starts and starts up the other AFS server processes listed in the local /usr/afs/local/BosConfig file.
If you choose to upgrade the kernel extensions later, you can restart all server processes at this point by issuing the bos restart command with the -bosserver flag. Alternatively, you wait for the processes to restart automatically at the time specified in the /usr/afs/local/BosConfig file.
# bos prune <machine name> -bak -old -localauth
Step 7 of Distributing Binaries to Server Machines had you move the AFS 3.4a version of the binaries to the /usr/afs/bin.old directory. You can also remove that directory on any machine where you created it.
# rm -rf /usr/afs/bin.old
% su root Password: root_password
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
| Note: | Some files in the /usr/vice/etc directory, such as the AFS initialization file (called afs.rc on many system types), do not necessarily need to change for a new release. It is a good policy to compare the contents of the distribution directory and the /usr/vice/etc directory before performing the copying operation. If there are files in the /usr/vice/etc directory that you created for AFS 3.4a and that you want to retain, either move them to a safe location before performing the following instructions, or alter the following instructions to copy over only the appropriate files. |
# cp -p usr/vice/etc/* /usr/vice/etc # cp -rp usr/vice/etc/C /usr/vice/etc
If you have not yet incorporated AFS into the machine's authentication system, perform the instructions in the section titled Enabling AFS Login in the AFS Installation Guide chapter about configuring client machines. If this machine was running the same operating system revision with AFS 3.4a, you presumably already incorporated AFS into its authentication system. You can consult that section to verify that the configuration is correct.
As part of the upgrade process, you must incorporate AFS 3.5 extensions into the kernel on every AFS server and client machine. The following sections provide instructions for using a kernel dynamic loader or building a static kernel as appropriate.
The AIX kernel extension facility is the dynamic kernel loader provided by IBM Corporation for AIX. AIX does not support building AFS modifications into a static kernel.
For AFS to function correctly, the kernel extension facility must run each time the machine reboots. The simplest way to guarantee this is to invoke the facility in the machine's AFS initialization file. In the following instructions you edit the rc.afs initialization script provided in the AFS distribution, selecting the appropriate options depending on whether NFS is also to run.
After editing the script, you verify that there is an entry in the AIX inittab file that invokes it, then reboot the machine to incorporate the new AFS extensions into the kernel and restart the Cache Manager.
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
# cd usr/vice/etc
# cp -rp dkload /usr/vice/etc
# cp -p rc.afs /etc/rc.afs
| Note: | For the machine to function as an NFS/AFS translator, NFS must already be loaded into the kernel. It is loaded automatically on systems running AIX 4.1.1 and later, as long as the file /etc/exports exists. |
NFS=$NFS_NONE
NFS=$NFS_NFS
NFS=$NFS_IAUTH
rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS services
# cd /usr/vice/etc # rm rc.afs # ln -s /etc/rc.afs
# shutdown -r now
login: root Password: root_password
On Digital UNIX systems, you must build AFS modifications into a new static kernel; Digital UNIX does not support dynamic loading. If the machine's hardware and software configuration exactly matches another Digital UNIX machine on which AFS 3.5 is already built into the kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS modifications into the kernel on each machine according to the following instructions.
If the machine was running a revision of Digital UNIX 4.0 and AFS 3.4a, the configuration changes specified in Step 1 through Step 4 are presumably already in place.
# cd /usr/sys/conf # cp machine_name AFS
. .
. .
options UFS
options NFS
options AFS
. .
. .
. . .
. . .
OPTIONS/nfs optional nfs define_dynamic
OPTIONS/afs optional afs define_dynamic
OPTIONS/cdfs optional cdfs define_dynamic
. . .
. . .
. . . .
. . . .
#
MODULE/nfs_server optional nfs_server Binary
nfs/nfs_server.c module nfs_server optimize -g3
nfs/nfs3_server.c module nfs_server optimize -g3
#
MODULE/afs optional afs Binary
afs/libafs.c module afs
#
. .
. .
#include <afs.h>
#if defined(AFS) && AFS
extern struct vfsops afs_vfsops;
#endif
. .
. .
. . .
. . .
&fdfs_vfsops;, "fdfs", /* 12 = MOUNT_FDFS */
#if defined(AFS)
&afs_vfsops;, "afs",
#else
(struct vfsops *)0, "", /* 13 = MOUNT_ADDON */
#endif
#if NFS && INFS_DYNAMIC "nfsv3", /* 14 = MOUNT_NFS3 */
&nfs3_vfsops;,
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
If the initialization file is not already in place, copy it now. Note the removal of the .rc extension as you copy.
# cp usr/vice/etc/afs.rc /sbin/init.d/afs
The initial GA distribution of AFS 3.5 includes only the libafs.nonfs.o version of the library, because Digital UNIX machines are not supported as NFS/AFS Translator machines.
If later AFS 3.5 distributions support NFS/AFS Translator functionality on Digital UNIX, on translator machines you can instead copy the libafs.o version of the library (in this case, the machine's kernel must also support NFS server functionality).
# cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod
# doconfig -c AFS
# mv /vmunix /vmunix_save # cp /sys/AFS/vmunix /vmunix
# cd /sbin/init.d # ln -s ../init.d/afs /sbin/rc3.d/S67afs # ln -s ../init.d/afs /sbin/rc0.d/K66afs
# cd /usr/vice/etc # rm afs.rc # ln -s /sbin/init.d/afs afs.rc
# shutdown -r now
login: root Password: root_password
On HP-UX systems, you must build AFS modifications into a new kernel; HP-UX does not support dynamic loading. If the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS 3.5 is already built into the kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS modifications into the kernel on each machine according to the following instructions.
# cp /stand/vmunix /stand/vmunix.noafs # cp /stand/system /stand/system.noafs
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
If the initialization file is not already in place, copy it now. Note the removal of the .rc extension as you copy.
# cp usr/vice/etc/afs.rc /sbin/init.d/afs
# cp usr/vice/etc/afs.driver /usr/conf/master.d/afs
The initial GA distribution of AFS 3.5 includes only the libafs.nonfs.o version of the library, because HP-UX machines are not supported as NFS/AFS Translator machines. Change the library's name to libafs.a as you copy it.
If later AFS 3.5 distributions support NFS/AFS Translator functionality on HP-UX, on translator machines instead copy the libafs.a version of the library (in this case, the machine's kernel must also support NFS server functionality).
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a
# cd /sbin/init.d # ln -s ../init.d/afs /sbin/rc2.d/S460afs # ln -s ../init.d/afs /sbin/rc2.d/K800afs
# cd /usr/vice/etc # rm afs.rc # ln -s /sbin/init.d/afs afs.rc
# sam -display local_hostname:0
# cd /stand/build
# mk_kernel
# mv /stand/build/vmunix_test /stand/vmunix # shutdown -r now
login: root Password: root_password
To incorporate AFS into the kernel on IRIX systems, choose one of two methods:
The ml program is the dynamic kernel loader provided by SGI for IRIX systems.
If you choose to use the ml program rather than to build AFS modifications into a static kernel, then for AFS to function correctly the ml program must run each time the machine reboots. The simplest way to guarantee this is to invoke the program in the machine's AFS initialization script, which is included in the AFS distribution. In this section you activate the configuration variables that trigger the appropriate commands in the script.
# uname -m
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
You can choose to copy all of the kernel library files into the /usr/vice/etc/sgiload directory, but they require a significant amount of space.
# cd usr/vice/etc/sgiload
If the machine's kernel supports NFS server functionality:
# cp -p libafs.IPxx.o /usr/vice/etc/sgiload
If the machine's kernel does not support NFS server functionality:
# cp -p libafs.nonfs.IPxx.o /usr/vice/etc/sgiload
If you prefer to build a kernel, and the machine's hardware and software configuration exactly matches another IRIX machine on which AFS 3.5 is already built into the kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS modifications into the kernel on each machine according to the following instructions.
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
# uname -m
# cd bin
If the machine's kernel supports NFS server functionality:
# cp -p libafs.IPxx.a /var/sysgen/boot/afs.a
If the machine's kernel does not support NFS server functionality:
# cp -p libafs.nonfs.IPxx.a /var/sysgen/boot/afs.a
# cp -p afs.sm /var/sysgen/system # cp -p afs /var/sysgen/master.d
# cp /unix /unix_orig # autoconfig
If the initialization file is not already in place, copy it now. If the machine is configured as a client machine, you already copied the script to the local /usr/vice/etc directory. Otherwise, change directory as indicated, substituting sgi_65 for the sysname variable.
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
Now copy the script. Note the removal of the .rc extension as you copy.
# cp script_location/afs.rc /etc/init.d/afs
If you are using the ml program:
# /etc/chkconfig -f afsml on
If you built AFS into a static kernel:
# /etc/chkconfig -f afsml off
If the machine is to function as an NFS/AFS Translator, the kernel supports NFS server functionality, and the afsxnfs variable is not already set appropriately, set it now.
# /etc/chkconfig -f afsxnfs on
# cd /etc/init.d # ln -s ../init.d/afs /etc/rc2.d/S35afs # ln -s ../init.d/afs /etc/rc0.d/K35afs
# cd /usr/vice/etc # rm afs.rc # ln -s /etc/init.d/afs afs.rc
# shutdown -i6 -g0 -y
login: root Password: root_password
The insmod program is the dynamic kernel loader for Linux. Linux does not support building AFS modifications into a static kernel.
For AFS to function correctly, the insmod program must run each time the machine reboots. The simplest way to guarantee this is to invoke the program in the machine's AFS initialization file. As distributed, the initialization file includes commands that select the appropriate AFS library file and run the insmod program automatically. In this section you run the script to load AFS modifications into the kernel.
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
# cd usr/vice/etc # cp -rp modload /usr/vice/etc
If the initialization file is not already in place, copy it now. Note the removal of the .rc extension as you copy.
# cp -p afs.rc /etc/rc.d/init.d/afs
Similarly, the afsd options file possibly already exists as /etc/sysconfig/afs from running AFS 3.4a on this machine. Compare it to the version in the root.client/usr/vice/etc directory of the AFS 3.5 distribution to see if any changes are needed.
If the options file is not already in place, copy it now. Note the removal of the .conf extension as you copy.
# cp afs.conf /etc/sysconfig/afs
If necessary, edit the options file to invoke the desired arguments on the afsd command in the initialization script. For further information, see the section titled Configuring the Cache Manager in the AFS Installation Guide chapter about configuring client machines.
# /sbin/chkconfig --add afs
# cd /usr/vice/etc
# rm afs.rc afs.conf
# ln -s /etc/rc.d/init.d/afs afs.rc
# ln -s /etc/sysconfig/afs afs.conf
# shutdown -r now
login: root Password: root_password
The modload program is the dynamic kernel loader provided by Sun Microsystems for Solaris systems. Solaris does not support building AFS modifications into a static kernel.
For AFS to function correctly, the modload program must run each time the machine reboots. The simplest way to guarantee this is to invoke the program in the machine's AFS initialization file. In this section you copy an AFS library file to the location where the modload program can access it, /kernel/fs/afs. Select the appropriate library file based on whether NFS is also running.
# cd /afs/cellname/sysname/usr/afsws/root.client
# cd /cdrom/sysname/root.client
# cd /afs/transarc.com/product/afs/3.5/sysname/root.client
# cd temp_afs35_dir/root.client
If the initialization file is not already in place, copy it now. Note the removal of the .rc extension as you copy.
# cd usr/vice/etc # cp afs.rc /etc/init.d/afs
If the machine's kernel supports NFS server functionality and the nfsd process is running:
# cp -p modload/libafs.o /kernel/fs/afs
If the machine's kernel does not support NFS server functionality or if the nfsd process is not running:
# cp -p modload/libafs.nonfs.o /kernel/fs/afs
# cd /etc/init.d # ln -s ../init.d/afs /etc/rc3.d/S99afs # ln -s ../init.d/afs /etc/rc0.d/K66afs
# cd /usr/vice/etc # rm afs.rc # ln -s /etc/init.d/afs afs.rc
# shutdown -i6 -g0 -y
login: root Password: root_password
This section summarizes limitations and requirements for AFS 3.5, grouping them by system type where appropriate.
AFS 3.5 supports up to 15 addresses on a multihomed file server machine.
AFS 3.5 supports up to 32 addresses on a multihomed client machine. Do not configure more interfaces.
Like AFS 3.4a, AFS 3.5 supports up to 256 server (/vicep) partitions on a file server machine.
The VLDB can store up to 255 server entries, each representing one file server machine (single- or multihomed). This effectively determines the maximum number of file server machines in the cell. To make room in the VLDB for new file server machines, use the vos changeaddr command's -remove argument to remove entries that correspond to decommissioned file server machines.
Like AFS 3.4a, AFS 3.5 supports a maximum file and volume size of 2 GB. There is no limit on partition size other than the one imposed by the operating system.
Like AFS 3.4a, AFS 3.5 supports a maximum disk cache size of 1 GB. In AFS version 3.1 and earlier, the limit is 700 MB.
The File Server (fileserver process) can use up to 128 threads. It always reserves five threads for special uses, so the maximum effective value for the fileserver command's -p argument is 123.
The initial GA release of AFS 3.5 supports only the 32-bit version of any supported operating system that also has a 64-bit version. See also Supported System Types.
If using a Netscape browser to read the HTML version of an AFS document, use version 4.0 or higher. Some fonts used in the documents possibly do not display properly in earlier versions.
In AFS 3.5 both client and server programs properly handle jumbograms and send them whenever possible. However, AFS 3.4a client programs cannot always process jumbograms correctly. If you plan to continue running AFS 3.4a client programs or Cache Managers and included the -nojumbo flag on the 3.4a version of the fileserver, vlserver, or volserver commands, then include it on the 3.5 version of those servers also. The AFS Command Reference Manual reference pages for the fileserver and volserver commands no longer show the -nojumbo flag, but it is in fact still available. For further advice, contact the AFS Product Support group.
The AFS 3.5 distribution does not include an AFS-modified login binary for any system type, because all supported operating systems now use an integrated authentication system (the Pluggable Authentication Module [PAM] is an example). The AFS Installation Guide includes instructions on incorporating AFS into each operating system's authentication scheme.
The AFS-modified version of the rlogind program does not pass AFS tokens as does the AFS-modified version of the rsh and rcp programs (or their equivalents). If you use the rlogin program to access a machine that is not configured for remote commands (that is, either or both of the hosts.equiv and .rhosts files are not configured as necessary) a password prompt appears; after providing the correct password, you are logged on to the machine and have an AFS token. If the machine is configured for the remote commands, there is no password prompt; you are logged into the machine but do not have AFS tokens.
The AFS distribution for some system types does not include a modified rlogind program. See the following sections about each system type.
AFS 3.5 does not yet support version 6 of the Internet Protocol (IPv6). Until it does, you must continue to specify the IPv4 protocol names udp and tcp in the entries for AFS-modified services in the inetd configuration file, rather than the IPv6 names upd6 and tcp6. If you use the IPv6 version, the AFS-modified inetd daemon cannot locate the service and does not open the service's port.
The inetd configuration file included with some operating system revisions possibly specifies IPv6 protocols by default. You must modify or replace the file in order to use the AFS-modified version of remote services.
If the name of every file system element (file, link, or subdirectory) in a directory is 16 characters or more, then when there are about 31,700 elements it becomes impossible to create any more elements with long names. It is still possible to create elements with names shorter than 16 characters. This limitation is due to the way AFS implements directories. It is hoped that a future release of AFS will eliminate it. For a more detailed explanation, contact the AFS Product Support group.
Only members of the system:administrators group can turn on the setuid or setgid mode bit on an AFS file or directory. However, AFS generates an error message only when a regular user attempts to set the bit on a directory. Attempts on a file fail silently.
The documentation specifies the following syntax for creating an authentication-only account (entries in the Authentication and Protection Databases only) by using an add instruction in the uss bulk template file:
add username[:]
However, you must in fact follow the username value with two colons for the uss bulk command to create the account:
add username::
The Backup Server locks the Backup Database as it performs the backup savedb command, which can take a long time. Because other backup operations cannot access the database during this time, they appear to hang. Avoid running other backup operations after issuing the backup savedb command.
Actually, this limitation applies to any operation that locks the Backup Database for a significant amount of time, but most other operations do not. In any case, running the backup savedb command is appropriate only in the rare case when the Backup Database is corrupted, so this limitation usually does not have a significant impact.
The NFS/AFS Translator does not always perform well under heavy load. Sometimes the translator machine hangs, and sometimes NFS client machines display the following error message.
NFS Stale File Handle
There is no longer a difference between the AFS library files in the international edition of AFS and their counterparts in the international edition. The AFS 3.5 version of the libraries is similar to the pre-AFS 3.5 international version in that a small set of functions related to encryption are static (not publicly linkable). Customers using the United States edition who need the publicly linkable version of the routines can obtain it from other sources (such as the Kerberos distribution).
The following differences between the United States and international editions of AFS persist in AFS 3.5:
The AFS distribution does not include the sample files referred to in the chapter in the AFS System Administrator's Guide about the package program, and the AFS Installation Guide therefore does not include instructions for installing them. If you wish to use the package program and the examples in the AFS System Administrator's Guide are not sufficient to guide you, contact the AFS Product Support group for assistance.
A machine running AIX 4.2.1 or higher cannot act as both an NFS/AFS Translator and a NFS/DFS Gateway Server at the same time, because both translation protocols must have exclusive access to the AIX iauth interface. An attempt by either file system to access the iauth interface when the other file system is already using it fails with an error message.
Do not run NFS Version 3 software on NFS client machines that use an NFS/AFS Translator machine running AIX 4.2.1 or higher. The NFS3 client software uses the readdir+ NFS command on directories, which can cause excessive volume lookups on the translator machine. This can lead to timeouts, especially when used in the /afs directory or other directories with many volume mount points. Use NFS Version 2 instead.
There is no AFS-modified version of the rlogind program for AIX system types, because AIX accomplishes remote authentication through the same mechanism as local authentication (using the AIX secondary authentication system). For details about AIX authentication, see the AFS Installation Guide.
AFS does not support use of AIX's Large File Enabled Journalled File System as an AFS server (/vicep) partition. If you configure a partition that uses that file system as an AFS server partition, the File Server ignores it and writes the following message to the /usr/afs/log/FileLog file:
/vicepxx is a big files filesystem, ignoring it
AFS supports use of the Large File Enabled Journalled File System as the cache partition on a client machine.
The chuser, chfn, and chsh commands are inoperative on AFS machines running AIX. AFS authentication uses the AIX secondary authentication system, and sets the registry variable in the /etc/security/user file to DCE for the default user. That is, the setting is
registry = DCE
as described in the section of the AFS Installation Guide that concerns login on AIX systems. However, when the registry variable has any value other than registry = files, AIX does not allow edits to /etc/passwd and related files, and so disallows the chuser, chfn and chsh commands. Attempts to edit entries by running these commands on the command line result in error messages like the following.
You can only change the HOME directory on the name server.
You can only change the User INFORMATION on the name server.
You can only change the Initial PROGRAM on the name server.
From within SMIT, using the chuser function results in an error message like the following:
3004-716: You can only change the HOME directory on the name server
It is not possible for AFS Development to alter this behavior, because AIX imposes the restriction. Sites that wish to run these commands must develop a solution appropriate for their needs.
AFS 3.5 includes support for Digital UNIX 4.0d only. AFS 3.4a did not support this operating system level on server machines. When upgrading a server machine, you must perform a file system conversion as part of the operating system upgrade. See Upgrading the Operating System.
The initial general availability (GA) release of AFS 3.5 does not support use of Digital UNIX systems as NFS/AFS Translator machines.
Like AFS 3.4a, AFS 3.5 does not support use of Digital UNIX's Advanced File System (AdvFS) as either a client cache partition or a server (/vicep) partition. It is acceptable to use both AdvFS and AFS on the same machine, but the cache partition and all AFS server partitions must be UFS partitions.
AFS 3.5 includes support for HP-UX 11.0 only. If you are upgrading from HP-UX 10.10 or earlier, you must first upgrade to HP-UX 10.20 and perform a file system conversion, then upgrade to HP-UX 11.0. See Upgrading the Operating System.
A command in the AFS Installation Guide instructions for building AFS into the kernel on HP-UX systems is incorrect. It appears in three sections:
The incorrect command is the one that copies the AFS kernel library called libafs.nonfs.a to the /usr/conf/lib directory: it does not specify that you must change the library's name to libafs.a as you copy it. The correct text for the entire step is as follows:
Copy the AFS kernel module to the local /usr/conf/lib directory.
If the machine's kernel supports NFS server functionality:
# cp bin/libafs.a /usr/conf/lib
If the machine's kernel does not support NFS server functionality, use the following command. Note the name change to libafs.a as you copy the file.
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a
The following error message indicates that the library file does not have the expected name:
Make: Don't know how to make /usr/conf/lib/libafs.a. Stop.
The initial general availability release of AFS 3.5 does not support use of HP-UX 11.0 systems as NFS/AFS Translator machines.
Like AFS 3.4a, AFS 3.5 does not support use of HP-UX's VxFS file system as either a client cache partition or server (/vicep) partition. It is acceptable to use both VxFS and AFS on the same machine, but the cache partition and all AFS server partitions must be UFS partitions.
The File Server process for HP-UX 11.0 systems does not use the native HP-UX threads package, because AFS Development found that the multithreaded File Server often hung. AFS Development has notified HP that they believe a defect in HP-UX is causing the behavior.
The pluggable authentication module (PAM) that HP-UX 11.0 uses during the login process attempts to change directory to the user's home directory before obtaining AFS tokens. By convention, the access control list (ACL) on home directories does not grant access to unauthenticated entities, so the attempt fails. (In other words, home directory ACLs do not usually grant the l [lookup] and r [read] permissions to the system:anyuser group, and PAM has no tokens at this point.) PAM changes directory to the local file system root (/) instead, and then obtains tokens. AFS Development has informed Hewlett Packard that this ordering presents a problem for AFS users.
To avoid having to change directory manually after every login, place the following line at the top of the shell configuration script (the .cshrc file or equivalent):
cd $HOME
For the AFS PAM module to work correctly, all entries for a service in the PAM configuration file (/etc/pam.conf) must have the value optional in the third field, as specified in the AFS Installation Guide instructions for incorporating AFS into a PAM scheme. However, when you make the login entry that invokes the pam_dial_auth module optional in this way, it can mean that PAM succeeds (the user can login) even when the user does not meet all of the pam_dial_auth module's required conditions. This is not usually considered desirable.
If you do not use dial-up authentication, do not include (or comment out) the login entry in the PAM configuration file that invokes the pam_dial_auth module. If you do use dial-up authentication, you must develop a configuration that meets your needs; consult the HP-UX documentation for PAM and the pam_dial_auth module.
The AFS kernel dump program, kdump, cannot read the tables and variables stored in the kernel of an sgi_65 system if the IRIX dynamic kernel loader, ml, was used to load AFS extensions into the kernel. The kdump program can read only static kernels into which AFS is built.
The AFS distribution for IRIX systems does not include AFS-modified versions of any of the remote (r*) commands except inetd.afs. SGI has already modified the IRIX versions of the remote commands to be compatible with AFS.
Do not run the IRIX File System Reorganizer (fsr program) on the client cache partition (/usr/vice/cache directory or equivalent) or any AFS server partition (/vicep directory). The program can cause AFS data corruption or loss.
The IRIX 6.5 distribution includes and starts the timed time-synchronization daemon by default. If you want to use the runntp program and the Network Time Protocol Daemon (NTPD) on AFS server machines, as documented in the AFS Installation Guide, disable the timed daemon and remove it from the machine's startup sequence.
The IRIX 6.5 distribution includes the clogin program as the default login utility. This graphical utility does not grant AFS tokens. You must disable it if you wish to use the standard command-line login program or the xdm graphical login utility, both of which do grant AFS tokens if AFS modifications have been incorporated into the kernel. Issue the following command to disable the clogin program.
# /etc/chkconfig -f visuallogin off
When Red Hat Software releases and officially supports a version of Linux kernel 2.2, the AFS Development team will certify AFS 3.5 against it and it will become the officially supported kernel version. Until that time, the initial general availability (GA) release of AFS 3.5 supports Linux kernel versions 2.2.2 and 2.2.3 only.
Until Red Hat releases their Linux distribution, you must obtain kernel source and compile the kernel yourself, then dynamically load AFS modifications into it. See the following note about kernel building requirements. You can obtain kernel versions 2.2.2 and 2.2.3 via ftp.kernel.org or one of its mirror sites, and there is kernel upgrade information at the http://www.kernel.org Web site.
| Note: | Do not attempt to run AFS with versions of the Linux 2.2 kernel other
than 2.2.2 and 2.2.3. The AFS Development
team is aware, for instance, that the initial GA release of AFS 3.5
does not work with kernel versions 2.2.4 and
2.2.5.
Because kernel versions 2.2.2 and 2.2.3 are not the final, most stable version of the Linux kernel, it is possible that defects remain. Although AFS 3.5 has been tested on these kernel versions, be aware that AFS performance is subject to possible defects in Linux itself that the unique AFS and Linux usage patterns at your site can exercise in new ways. |
For correct AFS performance, the operating system must use the C library called libc6 (or glibc2), rather than libc5 (glibc1).
You must use version 2.7.2.3 or higher of the gcc program, which is part of the Linux distribution. Do not use other compilers.
A uniprocessor machine generally performs best with a uniprocessor kernel. The standard Linux kernel configuration and building tools are sufficient for building a uniprocessor kernel.
The Linux kernel-building tools by default create a symmetric multiprocessor (SMP) kernel, which can run on both uniprocessor and multiprocessor machines. If you are building an SMP kernel for use with AFS, you must use a modified version of the insmod program. It is available for download at the following URL (the same location as the AFS 3.5 distribution). To comply with the GNU Public License (GPL), the download site also makes available the complete modified insmod.c source file and a source-code patch against the original insmod.c file.
http://www.transarc.com/Downloads
The modifications are also now part of the Linux modutils source code available at the following URL, and will therefore be available in the Red Hat distribution of Linux that includes kernel version 2.2. Select the file listed at the top of the index.
http://www.pi.se/blox/modutils/index.html
With either uniprocessor or SMP kernels, you can select networking options if you wish. However, it is a known limitation of kernel version 2.2.2 that socket filtering does not work; it does work in kernel version 2.2.3.
AFS for Linux does not includes the Authentication Server's AuthLog database (the AuthLog.dir and AuthLog.pag files). Therefore, the kdb command is inoperative on this system type.
For the afsmonitor, scout and fms programs to work properly, the dynamic library /usr/lib/libncurses.so must be installed on the machine. It is available in most Linux distributions.
AFS 3.5 includes support for Solaris 2.6 only, and you must perform a file system conversion when upgrading a server machine to this operating system level. See Upgrading the Operating System.
There is no AFS-modified version of the rlogind program for Solaris systems. The Solaris version always prompts for a password and authenticates you with AFS whether or not the .rhosts or hosts.equiv files are configured properly for remote access.
For the AFS PAM module to work correctly, all entries for a service in the PAM configuration file (/etc/pam.conf) must have the value optional in the third field, as specified in the AFS Installation Guide instructions for incorporating AFS into a PAM scheme. However, when you make the login entry that invokes the pam_dial_auth module optional in this way, it can mean that PAM succeeds (the user can login) even when the user does not meet all of the pam_dial_auth module's required conditions. This is not usually considered desirable.
If you do not use dial-up authentication, do not include (or comment out) the login entry in the PAM configuration file that invokes the pam_dial_auth module. If you do use dial-up authentication, you must develop a configuration that meets your needs; consult the Solaris documentation for PAM and the pam_dial_auth module.
The AFS Development group has filed a Request for Enhancement (RFE #4122186) with SunSoft for a design change that eliminates this problem with the pam_dial_auth module. There is no projected solution date at the time of the AFS 3.5 general availability (GA) release. For further information, contact the AFS Product Support group.
There were several defects in the initial release of the Solaris 2.6 implementation of the Common Desktop Environment (CDE). They prevented integrated AFS login from working consistently under CDE. To fix the defects and to obtain support for use of CDE from the AFS Product Support group, you must install the following SunSoft patches.
Use the following command to determine which version of CDE you are running:
% pkg_info -l SUNWdtdte
This section briefly describes commands, command options, and configuration files that are new in AFS 3.5. The items appear in alphabetical order in each section. It also lists obsolete commands removed from the AFS distribution.
AFS 3.5 includes the following new commands and files. All are documented completely in the AFS Command Reference Manual, and many are also discussed in the AFS System Administrator's Guide.
AFS 3.5 adds the following new options and functionality to existing commands. All are documented completely in the AFS Command Reference Manual, and many are also discussed in the AFS System Administrator's Guide.
The following commands and command options have been removed from the AFS distribution, because the functionality they provide is no longer supported. As indicated, you can still use some of them if you type the command name in full; this level of support is provided for existing cells that are possibly using the commands in scripts.
kas debuginfo
kas getpassword
kas getrandomkey
kas getticket (use the klog command instead)
kas setkey (use the kas setpassword command instead)
![[Top of Topic]](../top.gif)