HP 9000 Series 300 Computers. Using and Administering NFS Services

Transcription

1 HP 9000 Series 300 Compters Using and Administering NFS Services

2 Using and Administering NFS Services HP 9000 Series 300 FJ/o- HEWLETT ~all PACKARD Manal Part Nmber: Printed in U.S.A., Janary 1989

3 Notice Hewlett-Packard makes no warranty of any kind with regard to this material, inclding, bt not limited to, the implied warranties of merchantability and fitness for a particlar prpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or conseqential damages in connection with the frnishing, performance, or se of this material. n Hewlett-Packard assmes no responsibility for the se or reliability of its software on eqipment that is not frnished by Hewlett-Packard. Copyright 1987, 1988, 1989, Hewlett-Packard Company. This docment contains proprietary information, which is protected by copyright. All rights are reserved. No part of this docment may be photocopied, reprodced or translated to another langage withot the prior written consent of Hewlett-Packard Company. The information contained in this docment is sbject to change withot notice. Restricted Rights Legend Use, dplication or disclosre by the Government is sbject to restrictions as set forth in paragraph (b )(3)(B) of the Rights in Technical Data and Software clase in DAR (a). n Copyright 1980, 1984, AT&T, Inc. Copyright 1979, 1980, 1983, The Regents of the University of California. Copyright, 1979, 1987, 1988, Sn Microsystems, Inc. This software and docmentation is based in part on the Forth Berkeley Software Distribtion nder license from the Regents of the University of California. DEC and VAX are registered trademarks of Digital Eqipment Corp. n MS-DOS is a U.S. registered trademark of Microsoft Corporation. ii

4 UNIX is a U.S. registered trademark of AT&T in the U.S.A. and in other contries. NFS is a trademark of Sn Microsystems, Inc. Hewlett-Packard Co E. Harmony Rd. Fort Collins, CO U.S.A. Printing History Jne Edition 1. Janary Edition 2. iii

5 () \' / n n iv

6 (_) (_) (_) Table of Contents Chapter 1: Docmentation Overview Contents Conventions Docmentation Gide Chapter 2: NFS Services Overview NFSServices NFS Remote File Access Remote Exection Facility (REX) Remote Procedre Call (RPC) Remote Procedre Call Protocol Compiler (RPCGEN) External Data Representation (XDR) NetworkLockManager Yellow Pages (YP) Virtal Home Environment (VHE) Chapter 3: Common Commands KeyTerms NFSCommands NFS Remote File Access rpcinfo rp rsers showmont Remote Exection Facility (REX) Yell ow Pages Overview YP Maps YP Servers and YP Clients v

7 Chapter 3: Common Commands (Contined) YPDomains YP Master and Slave Servers YPCommands domainname ypcat.... ypmatch.... yppasswd.... ypwhich.... Chapter 4 Installation KeyTerms Prepare the System InstallSoftware UseUpdate Configre anew Kernel Add a Compter to the Network RelinkPrograms Chapter 5: NFS Configration and Maintenance KeyTerms Gidelines NetworkMemory ConfigrationFiles Daemons Servers.... NFS Configration Compare /etc/newconfig Files to Existing Files Set UIDs and GIDs Create an NFS Server Create an NFS Client Configre YP (optional) Configre VHE (optional) Execte/etc/netnfsrc () ' / n n vi

8 Chapter 5: NFS Configration and Maintenance (Contined) Maintenance... Remove NFS File Access UpdateSoftware Clock Skew... Chapter 6: Remote Exection Facility (REX) Introdction The on Command ConfigrationReqirements EnvironmentSimlation Configringrexd SecrityConsiderations Diagnostics The on Command Error Messages rexd Error Messages Chapter 7: The Network Lock Manager Introdction The Locking Protocol The Network Stats Monitor Chapter 8: YP Configration and Maintenance KeyTerms YPDatabases Local and Global Maps Netgrops Files Related to YP YPCommands YPConfigration Before Configring YP Create a YP Master Server Create a YP Client Create a YP Slave Server Propagate YP Maps vii

9 Chapter 8: YP Configration and Maintenance (Contined) VerifyYP.... YPMaintenance DisableYP.... Modify YP Maps YPMaintenance.... Add New YP Servers Add New Users to a Node.... Make a Different Node the YP Master Create or Change YP Password l..ogfiles.... Create Non-standard YP Maps.... Chapter 9: VHE Configration and Maintenance Configration Overview Configration Complete Preparation Steps Compare /etc/newconfig Files to Existing Files Determine File Systems and Mont Point Directories 4. Create/etc/vhe_list Update /etc/passwd Update /etc/exports Distribte /etc/vhe_list and /etc/passwd Execte /sr/etc/vhe/vhe_monter Verify that VHE is Correctly Configred.... ConfigrationRefinements NFS monts in the Backgrond VHEMaintenance.... Unmonting file systems Adding or Deleting VHE Nodes (~ n n "'. viii

10 Chapter 9: VHE Configration and Maintenance (Contined) AdvancedUsage Adding altlogin and monter Logins $HOME $ROOT Alternate Mont Points Using VHE for Mail Chapter '0: Trobleshooting KeyTerms TrobleshootingReferences Power Up and Connectivity Testing Trobleshooting Sections Gidelines CommonNetworkProblems InitialTrobleshooting ErrorMessages UnsolvedProblems FlowchartFormat TrobleshootNFS Mont Fails (Flowchart 2) Server Not Responding (Flowchart 3.1) Restricted Access (Flowchart 4) Programs Hang (Flowchart 5) Performance Problems (Flowchart 6) Trobleshoot Yellow Pages Trobleshoot VHE Appendix A: HP NFS Services vs. Local HP-UX Appendix B: Migrating from RFA to NFS LJ Similarities B-2 / \ Why Migrate to NFS Services? B-1 Differences B-2 Changing Scripts from RF A to NFS B-4 ix

11 Appendix B: Migrating from RFA to NFS (Contined) Shell Scripts that Accept Different Paths Shell Scripts with Hard-coded Paths RF A throgh NFS Appendix C: NFS in an HP-UX Clster Environment HP-UXClsterTerms.... NFS Configration and Maintenance YP Configration and Maintenance Trobleshooting Appendix D: Password Secrity B-4 B-5 B-7 I C-1 C-2 C-3 C-3 () Glossary Index n n X

12 Docmentation Overview 1 Before reading this manal, yo shold be familiar with HP-UX and have access to HP-UX Reference manals. Yo will find this manal helpfl if yo have any of the following responsibilities for the NFS (Network File System) Services prodct. Installation Initial configration of NFS, YP (Yellow Pages) or VHE (Virtal Home Environment) services (j Rotine administration and maintenance of NFS, YP or VHE Trobleshooting common NFS, YP or VHE problems Note If yo are sing NFS Services, bt have no administrative responsibilities, yo will need to se the "Common Commands" chapter. (j Docmentation Qrerview 1-1

13 Contents Refer to the following list for a brief description of the information contained in each chapter and appendix. Chapter 1: Docmentation Overview This chapter describes who shold se this manal, what is in this manal, and where to go for more information. Chapter 2: NFS Services Overview This chapter provides a brief overview of the NFS Services prodct, particlarly the NFS, RPC, RPCGEN, REX, Network Lock Manager, YP, and VHE services. It also describes common terms and concepts. Chapter 3: Common Commands This chapter provides brief explanations of remote file access via NFS and common NFS and YP commands. Chapter 4: Installation This chapter explains how to install the NFS Services prodct. Chapter 5: NFS Configration and Maintenance The first section explains how to set p yor files in the correct configration. It also describes NFS daemons, servers, and file systems. The second section explains procedres for maintaining an efficient system. It incldes topics sch as NFS file access removal and clock skew problems. n 1-2 Contents

14 Chapter 6: Remote Exection Facility (REX) This chapter explains how to configre and se the Remote Exection Facility (REX). Yo can se REX to execte commands on a remote host. Chapter 7: Network Lock Manager The Network Lock Manager and the Stats Monitor permits cooperating processes to synchronize access to shared files via System V file locking primitives. This chapter describes the Lock Manager in detail. Chapter 8: YP Configration and Maintenance The first section explains how to set p yor files in a configration that allows yo to centrally administer yor YP databases. The second section explains procedres for administrating and maintaining the YP service. It incldes topics sch as modifying yor system to se YP and changing yor YP password. Chapter 9: VHE Configration and Maintenance This chapter explains how to configre yor system to se the Virtal Home Environment (VHE) service. VHE allows yo to set p remote login environments to resemble home node login environments. Chapter 1 0: Trobleshooting This chapter describes how to locate and eliminate network problems, specifically those related to the NFS, YP and VHE services. Appendix A: HP NFS Services vs. Local HP-UX This appendix describes the basic differences between NFS Services and local HP-UX operations. Docmentation Qrerview 1-3

15 Appendix B: Migrating from RFA to NFS This appendix describes how to translate RF A applications to NFS applications. Appendix C: NFS in an HP-UX Clster Environment This appendix lists the interactions between NFS Services and HP-UX clster nodes. Appendix D: Password Secrity This appendix explains the se of encrypted passwords and password secrity. Glossary The glossary lists and defines terms sed in this manal that may not be familiar to yo. Index n The index provides a page reference to the sbjects contained within this manal. n \ / 1-4 Contents

16 Conventions This manal ses the following format for all entry instrctions and examples. Bold Text Compter Text Italic Text Example: emphasizes the word or point. specifies a literal entry. Yo shold enter the text exactly as shown. indicates yo shold enter information according to yor reqirements. domainname I Enter the word domainname I Note domain name I - I Enter the name of yor YP domain. Except for the "YP Configration and Maintenance" chapter, all references to servers and clients apply to NFS servers and clients nless otherwise specified. Docmentation Orerview 1-5

17 Docmentation Gide For More Information Read ARPA Services: Daily Use Using ARPA Senlices,(\ ARPA Services: System Installing and Maintaining Administration NS-ARP A Services C Programming Langage C Programming Gide, Jack Prdm, Qe Corporation, Indianapolis, Indiana The C Programming Langage, Brian W. Kernighan, Dennis M. Ritchie; Prentice-Hall, Inc.. ) Commands and System Calls ARP A/Berkeley Services Reference Pages HP-UX Reference Manals NFS Services Reference Pages Network Services Reference Pages HP 92223A Repeater HP 92223A Repeater Installation Manal HP-UX: Installation HP-UX Installation Manal n () 1-6 Docmentation Gide

18 For More Information Read HP-UX: Operating System HP-UX Concepts and Ttorials (HP 9000) HP-UX Installation Manal HP-UX Reference Manals HP-UX Series 300 System Administrator Manal Beginner's Gide series forhp-ux Introdcing UNIX System V HP-UX: System Administration HP-UX Series 300 System Administrator Manal LAN Hardware for Series 300: HP 98643A LAN/300 Link Installation LANIC Installation Manal LAN Cable and Accessories Installation Manal Networking: General Information Networking OvelView: NS-ARP A, NFS SelVices, and X.25 NFS Services: Common Com- Using and Administering NFS mands SeJVices "Common Commands,, Chapter only NFS Services: Programming and Programming and Protocols for Protocols NFS SeJVices Docmentation O;erview 1-7

19 For More Information Read NFS Services: System Administration Configration Installation Maintenance Migrating from NFS to RF A NFS in an HP-UX Clster Environment NFS Services vs. Local HP-UX Network Lock Manager Remote Exection Facility (REX) Trobleshooting Virtal Home Environment Yell ow Pages Using and Administering NFS Services n NS-ARPA: System Administration Installing and Maintaining NS-ARP A Services n 1-8 Docmentation Gide

20 C~~ N FS Services Overview 2 HP's NFS (Network File System) Services prodct allows many systems to share the same files. It is an independent networking prodct, not a distribted operating system. NFS differs from distribted operating systems by not limiting its se to specific hardware and software. Rather, it operates on heterogeneos nodes and in operating systems from a variety of vendors. Explicit file transfers across the network to yor local node are nnecessary. Since access techniqes are transparent, remote file access remains similar to local file access. With NFS all network nodes are either clients or servers or both. U A client is any node or process that accesses a network service. An NFS client can also be configred as any combination of an NFS server, YP (Yellow Pages) client, or YP server. (A YP server mst also be configred as a YP client.) A server is any node that provides one of the network services. A single node can provide more than one service. An NFS server can also be configred as any combination of an NFS client, YP client, or YP server. (A YP server mst also be configred as a YP client.) NFS Services Overview 2-1

21 Servers are passive in that they always wait for clients to call them. The degree to which clients bind to their server varies with each of the network services. However, the client always initiates the binding. The server completes the binding sbject to access control rles specific to each service. NFS servers are stateless; they do not maintain information relating to each client being served. Each file reqest goes to the appropriate server with the parameters attached to it locally (e.g., read and write privileges). One advantage is that yo can reboot servers withot adverse conseqences to the client. n n C) 2-2

22 NFS Services The NFS Services prodct incldes the following components. I \ \.._,/ NFS Remote File Access Remote Exection Facility (REX) Remote Procedre Calls (RPC) Remote Procedre Call Protocol Compiler (RPCGEN) External Data Representation (XDR) Network Lock Manager Yell ow Pages (YP) Virtal Home Environment (VHE) The NFS, REX, Lock Manager, and YP fnctionalities are bilt on top of RPC and XDR library rotines. Note Yo mst recompile programs that access remote directories. Otherwise, these programs will not be able to access remote directories monted throgh NFS since the old directory rotines se a read call instead of a getdirentries call to access those directories. ( ' NFS Services Overview 2-3

23 NFS Remote File Access Before the client can access remote files, on the server, the sper-ser mst export the file system (i.e., make it available) to the client and n on the client, the sper-ser mst mont (import) the file system. Access to remote files is the same as for local files. Yo need to inclde either the complete path name starting with I (slash) or the path name relative to the crrent directory. CLIENT (Before Mont) I li~c SERVER I c,,/,,\k, bin n. EXAMPLE: CLIENT (After Mont) I lib Tete mnt ~ s~ ~n c~y \ (j 2-4 NFS Services

24 1. The sper-ser edits the server's /etc/exports file to make the /sr file system available to the client. server sper-ser% cat /etc/exports /sr client_name 2. On the client, the sper-ser creates a mont point /mnt (empty directory) and monts the file system. c 1 i ent sper-ser% mkd i r /mnt c 1 ient sper-ser% mont server :/sr /mnt 3. The client reads the files in the /mnt directory. client% more /mnt/man/copy Two very important featres of NFS Remote File Access are named pipes and device files. The following sections explain the details of these two featres. Named Pipes A named pipe is a special type of object in the HP-UX file system. A named pipe is one of the many ways in HP-UX that nrelated processes can commnicate. HP-UX processes execting on the same client system are able to commnicate sing named pipes. Yo can se named pipes via normal file operations, e.g. open(), close(), read(), write(). Typically, one process will open the named pipe for reading and another process will open it for writing. To illstrate named pipes, consider the following example: EXAMPLE: Cl and C2 are processes execting on system C. Also assme host C has monted file system I from host S on /mnt. Cl opens /mnt/fifo for reading and C2 opens /mnt!fifo for writing. Cl can now read what C2 wrote to the named pipe. NFS Services Overview 2-5

25 Next, assme a third process (process D3) is rnning on another client D which also has I from S monted on /mnt (on system D), and it opened /mnt/fifo for reading. Is process D3 able to read what process C2 wrote to this named pipe? No, becase no actal NFS activity occrs between the NFS client and NFS server for named ') pipe reads and writes. These are handled entirely by the client. ( Note In certain cases there wold be NFS activity. For example, if yo do a chown(2) on the named pipe, the reqest will go to the server to change the owner. mknod() Named pipes are created with mknod(). Any ser can create a named pipe with mknod(). Use of mknod() to create device files reqires sper-ser privileges. Note If yo attempt to make a directory or a network special file over NFS, mknod() will fail and will retrn with erma set to EINV AL. n Device Files Device files are another type of object in the file system, and are sed to access physical or conceptal devices attached to the system. NFS device files always refer to a device attached to the local system and can generally be sed where a local device file wold be sed. Like named pipes, device files are operated on throgh normal file system operations. For example, to write to the system console, yo can write to the file /dev/console. n '. 2-6 NFS Services

26 EXAMPLE: To illstrate the se of device files, consider the following: System C is an NFS client of the server System S, and has monted file system I from host S on lmnt (Sper-ser on system C exected the command monts: I lmnt). If a process on System C attempts to write to lmntldev/console, a device file representing the system console, the otpt will go to the system console on System C, not on SystemS. If a process on SystemS attempts to write to ldev/console, which is the same "file" that System C wrote to, it will actally write to the console on SystemS. NFS Monts with Device Files NFS device files are not secre. Therefore, the system administrator has the option of trning off device file access on a per-nfs mont basis. The administrator ses the -o nodevs option to the mont( 1m) command. EXAMPLE: mont -o nodevs nfserver:/servermontpoint /clientmontpoint Note The nodevs option does not trn off spport of named p1pes. Monting From NFS Device Files Yo may mont a local disk that is represented by a remote NFS device file. EXAMPLE: mont /mnt/nfs/dev/dsk/oso /localmntpt Access to the newly monted file system will proceed as if the disk had been monted from a local device file. NFS Services Overview 2-7

27 Note Access to the local disk's monted file system will not be affected even if the NFS file system is nmonted. Normally when nmonting a file system, yo can give either the name of the device file or the name of the mont point. However, if the NFS server is down or the NFS file system is down, yo mst give the mont point to nmont the local disk. EXAMPLE: Yo wold enter the following to nmont a local disk: mont /localmntpt instead of: mont /mnt/nfs/dev/dsk/oso The latter case will not fail if the NFS server is down, bt it will hang ntil the server comes back p as any other NFS access does. () Remote Exection Facility (REX) The Remote Exection Facility allows yo to execte commands on a remote host. REX is similar to the Berkeley service remote shell (remsh(l)) with two major differences: Yor environment is simlated on the remote host Yo can execte interactive commands on the remote host Remote Procedre Call (RPC) NFS Services consists of remote programs composed of remote procedres called from the client nodes on the network. Optimally, a remote procedre comptes reslts based entirely on its own parameters. Ths, () 2-8 NFS Services

28 / '\ the procedre (and therefore, the network service) is not tied to any particlar operating system or hardware. \_) NFS clients access server information and processes by making a remote procedre call. RPC allows a client process to execte fnctions on a server via a server process. Thogh these processes can reside on different network hosts, the client process does not need to know abot the networking implementations. The client first calls an RPC fnction to initiate the RPC transaction. The client system then sends an encoded message to the server. This message incldes all the data needed to identify the service and ser athentication information. If the message is valid (i.e., calls an existing service and the athentication passes) the server performs the reqested service and sends a reslt message back to the client. Remote Procedre Call Protocol Compiler (RPCGEN) RPCGEN is a Remote Procedre Call compiler. Yo se it to convert applications rnning on a single compter to ones that rn over a network. It is also sed to assist in writing Remote Procedre Call applications simply and directly. With RPCGEN, yor development time will be redced and yo will spend less time coding and debgging network interface code. Yo prodce three of the files reqired to convert an application to rn on a network. These files are: protocol description file client side file server side fnction file NFS Services Overview 2-9

29 RPCGEN accepts remote program interface definitions (the protocol description file) written in RPC and prodces the following C otpt files, which yo may se as a starting point, rewriting as necessary: header file client side sbrotine file server side skeleton file XDR (External Data Representation) rotine file If yo wish to se the RPCGEN compiler to write RPC applications, refer to the "RPCGEN Programming Gide" chapter in the Programming and Protocols for NFS Services manal. n 2-10 NFS Services

30 External Data Representation (XDR) RPC ses the external Data Representation fnctionality to translate machine dependent data formats (i.e., internal representations) to a niversal format sed by all network hosts sing RPC/XDR. Ths, XDR enables heterogeneos nodes and operating systems to commnicate with each other over the network. Client Node Server Node Client Process Server Process I y I I RPC RPC I A I I (_) ' XDR XDR I I + ' Network.. Network I I I I RPC and XDR Data Transfer Note: This figre does not correspond to the ISO Model. (_) NFS Services Overview 2-11

31 Network Lock Manager NFS Services incldes the Network Lock Manager and the Network Stats Monitor. The Network Lock Manager spports file locking and synchronized access to shared files via lockfandfcntl for NFS. The Net- n) work Stats Monitor is sed by the Network Lock Manager to maintain the statefllocking service within the stateless NFS environment. It allows applications to monitor the stats of other compters and systems. Yellow Pages (YP) The Yellow Pages (YP) is an optional service containing a collection of cooperating YP server processes that provide YP clients access to data. Yo can administer all the databases from one YP master server since it propagates data across the network to other YP servers. YP incldes the following featres. YP manages nlimited databases. Typically these inclde files in /etc: grop, hosts, netgrop, networks, passwd, protocols, rpc, and services. For example, programs previosly read /etc/hosts to find an Internet address that corresponds to a host name. When yo added a new node to the network, yo had to add a new entry to every node's /etc/hosts file, Now programs can se YP to obtain information from other YP servers. n Since the YP master server propagates all maps (databases) to the slave servers, a YP client receives consistent information regardless of which YP server it accesses. If a remote node rnning a YP server process crashes, YP client processes can obtain YP services from another YP server. Since the YP interface ses RPC and XDR, the service is available to other vendors. n 2-12 NFS Services

32 YP Advantages YP has several advantages. r ' YP enables yo to atomatically keep ser IDs and grop IDs ~; consistent among all the nodes participating in NFS file sharing. Withot YP, yo have to manally keep these IDs consistent for NFS. YP provides the convenience of centrally administering the /etc files: password, grop, hosts, netgrop, networks, rpc, services, and protocols. Withot YP, yo mst individally administer these files on each node. YP Disadvantages YP has the following disadvantages. Since YP provides YP clients access to data via the network, YP clients may observe slower performance than if the data were accessed from local files. For example, with YP, logging in may take more time if the YP server is bsy. If any of the YP servers are nstable, remote access to files may be slower since the YP client may have to rebind to another YP server. If no other YP server is available, sers may not be able to login to their nodes withot access to the YP's passwd map. YP does not make changes visible to all sers nless the changes are made on the YP master server. The YP slave servers do not immediately see the changes made to the YP master server maps. The pdated maps become consistent among all YP servers only after each slave server sccessflly copies the maps viaypxfr(lm). NFS Services Overview 2-13

33 YP Concepts Keys grop.byname ho&t4.byaddr ho&tll.byname servioes.byname protocols.bynmber ~ lyp Slave Server I I YP Master Server ~ I yp Clent I I ' ' ~ jyps.,veserverl ~ Copy maps 1o ~Make reqes1s 1o (} Yellow Pages Strctre Refer to the following figre and sbsections for a smmary of how components within Yellow Pages work together: maps, YP domains, YP servers (masters and slaves), and YP clients. (~ \. J 2-14 NFS Services

34 YP Maps The YP system stores information in YP maps (databases). Each map contains a set of keys and associated vales: one key per vale and one vale per key. (A vale may be a string of characters with imbedded blanks or tabs). For example, in the passwd.byname map, all the login names are the keys and their matching lines from /etc/passwd are the vales. Each map has a niqe map name that programs se to access the map. Programs mst know the format of the data in the map. Many of the maps are derived from ASCII files sch as /etc/hosts, /etc/grop, and /etc/passwd. The map format is sally identical to the ASCII file format. Note If sing YP to provide the information stored in the standard maps' ASCII files, yo mst recompile any applications that read data from those files sing standard C library rotines. This recompilation ensres the files can obtain data from the YP maps. If yo do not recompile the applications, they will access only the local files. If the local files are not as crrent as the YP maps, the applications may not work correctly. YP Servers and YP Clients YP servers are nodes that provide access to YP maps via the network. These maps are in /sr/etc/yp sbdirectories named after the appropriate YP domains. (See the next section, "YP Domains.") YP clients are nodes that reqest access to YP maps from a YP server. 1. A YP client that is not bond sends a broadcast to all YP servers on the network. NFS Services Overview 2-15

35 2. The YP client binds to the first YP server that responds. (Each YP client binds to one YP server per YP domain.) 3. If the reqest is the YP client's first attempt to access data, the YP client remembers which YP server responded to the reqest. Sbseqent reqests by this YP client go directly to this YP server. 4. If the bond YP server is down or navailable, the YP client atomatically rebinds to the first YP server that responds to another broadcast. Note A YP client can also be configred as any combination of a YP server, NFS client, or NFS server. A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. () YP Domains A YP domain is a logical groping of the set of maps contained on YP servers. Yo can have different YP domains for mltiple sets of nodes on the LAN withot worrying abot the maps interfering with each other. Each one of the nodes within the same YP domain mst have the same domain name. Maps sing the same name in different YP domains can have different contents. Yo implement a YP domain as a sbdirectory of /sr/etc/yp on each YP server; the name of this sbdirectory is the name of the YP domain. For example, maps in the research YP domain wold be in /sr/etc/yp/research. (Note, YP domain names are case sensitive.) n 2-16 NFS Services

36 The /etc/netnfsrc file sally contains the defalt YP domain name. Yo can change the defalt by execting the domainname(l) command or by editing /etc/netnfsrc and then rebooting the system. U YP Masters and YP Slaves Only two types of nodes have YP databases: master and slave servers. The YP master server is the node on which YP maps are bilt from ASCII files; it therefore, contains the master databases (maps) which other YP servers (slaves) copy. Note, the YP master server may also provide YP clients access to YP maps. Note Yo shold create and modify YP databases only on the YP master server; otherwise, all YP databases will not be consistent across the YP servers. The YP slave servers are the nodes that receive the propagated maps from the YP master server. In trn, they provide YP clients access to YP maps. Thogh a YP server may be master for one map and slave for another, random assignment of maps to YP master servers may case confsion. Therefore, only one YP server shold be the master for all maps within a YP domain. NFS Services Overview 2-17

37 Virtal Home Environment (VHE) Virtal Home Environment (VHE) is an HP-developed service that allows yo to configre yor login environment on remote nodes to mirror the login environment on yor home node. (Home node refers to fj the node on which yor home directory physically resides.) VHE is an. / optional service that is available to any HP-UX system that has the NFS prodct. It may also be sed with other UNIX systems that spport symbolic links and NFS. If yo find that yo never need to work from a remote node, yo may want to skip this section. VHE Advantages VHE's major advantage is that yo can sit down at any remote node (assming yo have login permission), login, and enter into the work environment that is associated with the login on yor home node (yor home directory as specified in /etc/passwd). This incldes: home shell configration (i.e., whichever shell yo are configred to ('j se on yor home node appears when yo login to a remote node). access to files on the file systems exported for VHE on any compters connected with VHE on the network to which yo have a login and file access permission. se of previosly defined aliases (only for C or K shells) and shell variables. se of cstomized shell scripts (assming shells operate similarly on yor home node and the node yo are crrently sing). se of compiled files nder yor home directory from yor home node (assming yor home node and the node yo are logged into are of the same architectre and operating system). Ths, VHE allows yo to minimize the nmber of compter interfaces yo mst learn to be prodctive on the varios compters that are rnning NFS on yor network and yo are no longer tied to a particlar compter to complete yor work tasks NFS Services

38 Another advantage of VHE is that it distribtes comptational work more efficiently between nodes than ARP A/Berkeley terminal emlation services sch as telnet or rlogin. Unlike telnet or rlogin, VHE does not retrn to yor home node, that contains yor home environment login, to execte tasks. Instead, VHE takes advantage of the compting capacity of the machine yo are crrently sing. For example, if yo se VHE on a node other than the home node and perform an ls command of a directory on the home node, the ls command is exected from the local!bin directory. VHE does not retrn to yor home node's!bin directory to execte the ls command. The following figre illstrates this concept. rlogin VHE Is command processed on the local node I User j...,_---1 Local node Local node (rloglnl EJ file access... Ia command processed.. ~~~~--~-~-~todma J no e on the home node '----./ Comparison: VHE and rlogin Performing an Is command NFS Services Overview 2-19

39 VHE Disadvantages VHE has the following disadvantages. Thogh yo can edit sorce code files originating from different types ~~, of compters on the network, yo will not be able to execte object,, ) code files from a compter of a different architectre sing VHE. For example, consider the following: yo are crrently working on an HP 9000 Series 300 and rnning VHE, and yor home node is an HP 9000 Series 800 machine. If yo try to execte an object code file on the HP 9000 Series 300 machine from the Series 800 machine it will not scceed. However, yo can execte a script from the Series 800 machine. If yo specify pathnames or hardware attribtes in yor host's.profile or.login files, yo may have to modify these files to se VHE effectively. For example, the.login file needs to prompt for the terminal type if yo plan to se VHE from more than one terminal or display type. If yo do not already have this capability, then look in the sample /etc/d. login or /etc/d.profile files for samples of how to do ~- n n 2-20 NFS Services

40 How VHE Works The following diagram illstrates the directory strctre of nodes in a network sing VHE. Dave's Machine Mikey's Machine INode AI INode 81 lvhe/a symbolic link to I lvheib mont point lvheic mont point lvheia mont point lvhe/b symbolic link to I lvhe/c mont point Chm's Machine INode cl lvheia mont point lvheib mont point lvheic symbolic link to I Directory Strctres of Nodes Using VHE Each node is connected to the others via NFS Services. In the pictre, each node is a home node for a different ser (Dave, Mikey and Chm). Each ser has a cstomized work environment set p by the login process. Directories on each home node correspond to each of the remote nodes. For example, on node A there is a directory /vhe/b that corresponds to node B. Using these directories as mont points, a mont is done by each node to each remote node. (The definitions of monts and mont points are inclded in the "Glossary." More detailed information is contained in the "NFS Configration and Maintenance" chapter). Using VHE gives each node access to file systems located on the remote nodes. To maintain consistency when an individal is logged in to his or her home node, a symbolic link (a pointer) points to the host's root directory. In a single node HP-UX configration, the /etc/passwd file contains the directory that becomes the home directory for the ser pon logging in. For se with VHE, /etc/passwd is edited sch that all of the home direc- NFS Services Overview 2-21

41 tories are prefixed with a mont point or a symbolic link. When the login program performs a cd to the ser's home directory, the cd and sbseqent reqests are made to the sers home node via NFS Services nless logging in on yor home node. Example Groping n / In the /etc/passwd file, the appropriate mont point or symbolic link is added to the beginning of the pathname of the home directory for each ser. The example below shows how the lines in /etc/passwd wold look for the sers Dave, Mikey and Chm as shown above. dave::ll7:100:dave: fvhe/a/sers/dave:/bin/csh mikey::ll8:100:mikey Porn :fvhe/8/sers/mikey:/bin/sh chm::ll9:200:chm Pom:fvhe/Cfsers/chm:/bin/ksh No matter which node Dave logs in on, his home directory is /sers/dave on node A. When scripts sch as.login or.cshrc are exected, they define the exection environment as cstomized by Dave. n His files, shell variables and aliases are available jst as if he had physically logged in on node A. \ Becase VHE is not a virtal terminal program, when Dave exectes processes, they are exected on the node he is logged into. If he is on node B, processes are exected on node B, not his native host A. For example, consider the following. Dave is working at node B and his system administrator has configred VHE to be rnning. Dave does the following command on node B: cc testfile.c The cc from node B's!bin directory is exected, bt testfile.c is sed from Dave's crrent working directory on node A. n 2-22 NFS Services

42 ( \ \_) Common Commands 3 This chapter describes how to access files sing NFS. It also explains how to se common NFS and Yell ow Pages (YP) commands. Note All references to servers and clients apply to NFS servers and clients nless preceded by YP. Common <Dmmands 3-1

43 Key Terms Client A node that reqests data or services from other nodes (servers). (~ \ J A process that reqests other processes to perform operations. Note: An NFS client can also be configred as any combination of an NFS server, YP client, or YP server. (A YP server mst also be configred as a YP client.) Export File System To make a file system available to remote nodes via NFS. An entire nit (disk) that has a fixed size. Host A node that has primary fnctions other than switching data for the network. () Internet Address Key (YP) A for-byte qantity that is distinct from a link-level address and is the network address of a compter node. This address identifies both the specific network and the specific host on the network. A string of characters (no imbedded blanks or tabs) that indexes the vales within a map so the system can easily retrieve information. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. Map (YP) A file consisting of logical records; a search key and related vale form each record. YP clients can reqest the vale associated with any key within a map. YP map is synonymos with YP database. n 3-2 KeyTerms

44 Map Nickname (YP) A synonym for the YP map name when sing certain YP commands. Master The node on which one or more YP maps are con- Server (YP) strcted from ASCII files. These maps are then copied to the YP slave servers for the YP clients to access. Mont To obtain access to a remote or local file system or directory (import). Mont Point Node Server The name of the directory on which a file system or part of a file system is monted. A compter system that is attached to or is part of a compter network. A node that provides data or services to other nodes (clients) on the network. A process that performs operations as reqested by other processes. Note: An NFS server can also be configred as any combination of an NFS client, YP client, or YP server. (A YP server mst also be configred as a YP client.) Common <Dmmands 3-3

45 Vale (YP) Yellow Pages (YP) A nit of information stored in YP maps; each vale has a corresponding key (index) so the system can easily retrieve it. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. \ An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. n YP may or may not be active; check with yor system administrator. YP Client yp Database A node that reqests data or services from YP servers. A YP process that reqests other YP processes to perform operations. Note: A YP client can also be configred as any combination of a YP server, NFS client, or NFS server. (A YP server mst also be configred as a YP client.) See "Map (YP)." n YP Domain A logical groping of YP maps (databases) stored in one location. YP domains are specific to the YP network service and are not associated with other network domains. YPMap yp Password See "Map (YP)." The password for a ser's login ID that exists in the YP passwd map. The password is the same one as the ser password, bt is administered throgh the YP. Yo do not have to have a password to access the YP databases. n 3-4 Key Terms

46 / ' YP Server A node that provides data (maps) or services to other nodes (YP clients) on the network sing YP. A YP process that performs operations as reqested by other YP processes. Note: A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. 0 0 Common Cbmmands 3-5

47 NFS Commands Use this section to nderstand how to access files via NFS and how to se the following NFS commands. Refer to the NFS Services Reference Pages for detailed explanations of the commands and all their options. () on command rpcinfo(lm) rp(l) rsers(l) showmont(lm) ' / NFS Remote File Access NFS allows many sers to share the same files. Since access techniqes are transparent, remote file access remains similar to local file access. The sper-ser mst perform two actions before yo can access remote files via NFS. On the server, export the file system (i.e., make it available) to the client On the client, mont (import) the file system Access to remote files is the same as for local files. Yo need to inclde either the complete path name starting with I (slash) or the path name relative to the crrent directory. n 3-6 NFS Commands

48 Note If operating in an HP-UX clster environment and accessing a CDF (context dependent file) via an NFS mont, the CDF member is chosen based on the context of the NFS server, not the accessing node. Since this access method may retrn nexpected reslts, HP recommends yo do not se CDFs with NFS. Common (hmmands 3-7

49 EXAMPLE: Exported File System ~ SERVER I originals screens drawings CUENT I modifications ~ designs ~ ~ screens drawings Mont Point ~~ \ I art drafts art drafts Example NFS Remote File Ac- Example Entry cess Edit the drafts file on the serv- server% vi /originals/graphics/screens/drafts er. Edit the drafts file on the client. client% vi /modifications/designs/screens/drafts () I While in the frames directory, the server copies the art file from the screens directory. server% cp /originals/graphics/screens/art art While in the bleprints direc- client% cp /modifications/designs/screens/art art tory, the client copies the art ftle from the screens directory. While in the screens directory, server% cp art /originals/frames the server copies the art file to the frames directory. While in the screens directory, client% cp art /modifications/bleprints the client copies the art file to the bleprints directory. n 3-8 NFS Commands

50 rpcinfo Execte rpcinfo(jm) to determine which remote programs are f \ registered with a system's portmap(jm) daemon. By providing a host name, yo can list the registered RPC programs on a specific host. If yo do not specify a host name, rpcinfo(jm) defalts to the local host. To list the program, version, and protocol nmbers, se the -p option. EXAMPLE: Execte: rpcinfo -p node_7 System Response: program vers proto port dp 2049 nfs dp 1028 ypserv tcp 1027 ypserv tcp 1027 ypserv tcp 1028 ypbind dp 1037 ypbind dp 1069 rstatd dp 1073 rsersd dp 1073 rsersd dp 1076 montd dp 1078 walld dp 1080 sprayd To see if a particlar remote program and version is available sing UDP, se the - option. Common <Dmmands 3-9

51 EXAMPLE: Execte: rpcinfo - node_2 montd 1 System Response: This response indicates that the portmap(lm) daemon that the system knows abot program # and that it is available. program version 1 ready and waiting rr; 3-10 NFS Commands

52 rp Execte rp(l) to list host information, inclding how long they have been rnning, how many sers are logged on to them, and their load average. By providing a host name, yo can list information abot a specific host. Execting rp(l) withot providing a host name cases an RPC broadcast. The local node collects responses ntil the RPC times ot (qits). This process generally takes abot two mintes. EXAMPLE: Execte: rp node_] node_2 node_3 node_4 System Response: The last three colmns of this response show the load averages for 1, 5, and 15 minte intervals. node_1 p 15:53, loadaverage:0.11,0.17,0.15 node_2 p 2 days, 19:42, load average: 0.00, 0.01, 0.01 node_3 p 21 days, 11:34, load average: 1.66, 1.68, 1.60 node_4 p 19:24, loadaverage:0.14,0.18,0.14 To sort the display by "p time," se the -t option. EXAMPLE: Execte: rp -t System Response: collecting responses... node_? p 21days, 11:28, load average: 1.16,1.42, p 12 days, 22:15, load average: 1.08, 0.82, 0.57 node_8 p?days, 18:27, load average:0.12,0.09,0.09 node_12 p 6days, 21:20, load average:0.10,0.08, p 3 days, 3mins, load average: 0.00, 0.01, 0.01 node_6 p 2days, 22:49, load average:0.00,0.00, p 18:14, load average:0.00,0.00, p 0 rim, load average: 014, 004, 002 Common (bmmands 3-11

53 rsers Execte rsers(l) to list the host names and sers logged in for all remote nodes. By providing a host name, yo can list information abot a specific remote node. Execting rsers(l) withot providing a host name cases an RPC broadcast. The local node collects responses ntil the RPC times ot (qits). This process generally takes abot two mintes. :) EXAMPLE: Execte: rsers System Response: This response displays the host name or internet address in the first colmn and the sers in the second colmn root node_6 ser_4 ser_3 ser_8 ser_ll node_3 _2 node_! _ root root node_2 root _5 root node_16 test_ser node_9 rootx root _7 root node_? root n Yo can list more extensive information by sing the -l command: ser, host, tty (terminal), login date and time, and idle time (in mintes and seconds). EXAMPLE: Execte: rsers -1 node 8 node System Response: The last two colmns in this response show the login date and time followed by the idle time. rootx node_8:console ser_3 node_4:tty03 Apr 07 14:00 20:29 Apr 12 08:09 :23 () 3-12 NFS Commands

54 showmont Execte showmont(im) to list all the clients that have remotely monted a file system. By providing a host name, yo can specify the host. If yo do not specify a host name, showmont(im) defalts to the local host. For example, yo might want to determine which nodes have yor file systems monted. To print all remote monts in a client:directory format, se the -a option. The directory listed is the root of the file system that was monted. EXAMPLE: Execte: showmont -a System Response: This response displays the client followed by the directory. node_4:/tmp node_?:/ node_2:/tmp node_12:/sr/tmp/sys_rick node_6:/tmp/y node_8:/ To print a list of exported file systems, se the -e option. EXAMPLE: Execte: showmont -e node 7 System Response: export 1 i st for node_?: I /sers/proj node_31 node_32 node_ll node_6 node_8 node_12 Common Commands 3-13

55 Remote Exection Facility (REX) REX permits yo to execte commands on a remote host in an environment similar to yor own. on command Execte the on command to provide the ser interface for remote exection of commands. The on command simlates yor crrent environment on the server. For information on REX and the on command, refer to the "Remote Exection Facility" chapter in this manal. n n 3-14 NFS Commands

56 Yellow Pages Overview The Yellow Pages (YP) is an optional network database service that enables YP clients to access information from any correctly configred YP server on the network. One YP master server can atomatically propagate modifications across the network. YP Maps The YP system stores information in YP maps (databases) that are consistent across the nodes. Each map has a niqe, case-sensitive map name that is sed for accessing maps. Each map consists of keys (for indexing) and vales (data). Yo can se YP commands for qerying for vales associated with a particlar key within a map and for retrieving key-vale pairs within a map. Common <Dmmands 3-15

57 YP Servers and YP Clients YP servers store and provide access to the YP maps (databases); YP clients reqest data from the maps residing on YP servers. Since different YP servers have consistent YP maps, responses are identical no matter which YP server answers a reqest. A YP client can also be configred as any combination of a YP server, ~-' / ' / \ Maps 1 ~,/~),' 0 0 *//,, \ / / ' "' YP Domain2 YP Domain! = Domain * I ' I = Master Server D =Servers n NFS client, or NFS server. Yellow Pages Overview A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. YP Domains A YP domain is a logical groping of YP maps; each YP server con- n tains a set of maps for at least one YP domain YP domains enable maps with the same names to exist on one LAN; the maps are made niqe by belonging to separate YP domains. With 3-16 Yellow Pages Overview

58 YP domains, yo need not worry abot the maps interfering with each other. Each of the nodes within a YP domain has the same YP domain name. Maps sing the same name in different YP domains may have different contents. YP domains are implemented as sbdirectories of /sr/etc/yp on the YP servers only; the name of each sbdirectory is the name of a YP domain. For example, maps in the research YP domain wold be in /sr/etc/yp/research. (Note, YP domain names are case sensitive.) Common <bmmands 3-17

59 YP Master and Slave Servers Only two types of nodes have YP databases: master and slave servers. The YP master server is the node on which all YP maps within a particlar YP domain are created and modified. As modifications occr, the YP slave servers copy the maps to ensre all YP databases are alike; in trn, they provide resorces to the YP clients. () ' J Note, YP clients can bind to both YP master and slave servers. n C) 3-18 Yellow Pages Overview

60 YP Commands (_) Since YP hides the details of how and where data is stored, yo do not need to know all the configration details to access information. Yo can, however, se the following commands to determine the location and content of YP information. domainname(l) ypcat(l) ypmatch (1) yppasswd(l) ypwhich(l) domain name Execte domainname(l) to display the crrent YP domain name. domainname For example, yo might need to determine the crrent YP domain name to define a netgrop in /etc/netgrop. (Netgrops are networkwide grops of nodes and sers defined in /etc/netgrop on the master server.) Common <Dmmands 3-19

61 ypcat Execte ypcat( 1) to list the contents of a specified YP map. Yo can se either the map name or map nickname to specify the desired map. EXAMPLE: Execte: ypcat grop. byname or ypcat grop System Response: This response displays the grop name, the grop ID (GID), and the members of the grop. daemon: :5:notes,anon,cp sers: :23:window,nowindow other::l:root,daemon,cp,who,date,dooley,sync root : : 0: root mail::6:root sys::3:root.bin,sys,adm rje: :8:rje,shqer bin::2:root,bin,daemon, lp adm: :4:root,adm,daemon To list the map nicknames applicable to the ypcat(l) command, se the -x option. n EXAMPLE: Execte: ypcat -x System Response: Use "passwd" for map "passwd. byname" Use "grop" for map "grop. byname" Use "networks" for map "networks.byaddr" Use "hosts" for map "hosts.byaddr" Use "protocols" for map "protocols.bynmber" Use "services" for map "services.byname" Use "aliases" for map "mail.aliases" Use "ethers" for map "ethers. byname" () 3-20 YP Commands

62 ypmatch Execte ypmatch(l) to print the data (vales) associated with one or more keys in a specified YP map. Yo can se either the map name or map nickname to specify the desired map. To list the map nicknames applicable to the ypmatch(l) command, se the -x option. EXAMPLE: Execte: ypmatch my_node hosts.byname System Response: This response displays the internet address (vale) associated with the hosts.byname map for the node my_ node my_node U yppasswd The YP password is the password for a ser's login ID that exists in the YP passwd map. It is sed as the ser password, bt is administered throgh YP. Note, yo do not have to have a password to access the YP databases. If yo change yor password with the passwd(l) command, yo will change only the entry in yor local /etc/passwd file if the entry exists. If yor password is not in the file, the following error message occrs when singpasswd(l). Permission denied. If this error occrs, execte yppasswd(l). Common (bmmands 3-21

63 VP Password Gidelines Execte yppasswd(l) to change or install a password associated with a specified login name in the YP passwd map. The following list provides the reqirements for creating and changing YP passwords. Note, these gidelines are different from those of passwd(l). (Refer to the "HP NFS Services vs. Local HP-UX" appendix.) Only the owner or sper-ser can change a YP password. The sper-ser mst know the crrent YP password to change another ser's YP password. Only the first eight characters of the YP password are significant; the rest are trncated. A YP password mst contain at least five characters if it incldes a combination of either ppercase and lowercase letters or alphanmeric characters A YP password mst contain at least for characters if it incldes a combination of ppercase letters, lowercase letters, and nmeric characters. n A YP password mst contain at least six characters if it incldes only monocase letters. n 3-22 YP Commands

64 VP Password Use the following steps to create or change yor YP password in the YP passwd map. 1. Execte the yppasswd(jm) command. yppasswd ser _jogin_name 2. The system prompts yo for the old YP password even if one does not exist. If it exists, enter the old YP password; otherwise, press RETURN. Note, the YP password may be different from the one in yor local /etc/passwd file. U '\ 3. The system prompts yo for the new YP password twice to ensre yo enter the correct response. Enter yor new YP password twice, pressing RETURN after each entry. The system now pdates the master server passwd map. EXAMPLE: Execte: yppasswd System Response: Old YP password: New password: Retype new password: The YP passwd has been changed on host_name, the master YP passwd server. Common <bmmands 3-23

65 ypwhich Execte ypwhich(l) to print the host name of the YP server spplying YP services to a YP client. To list all available maps and their YP master server host names, se (} the -m option. Yo can se either the map name or map nickname to determine which YP server is the master server for a specified YP map. To list the map nicknames applicable to the ypwhich(l) command, se the -x option. EXAMPLE: Execte: ypwhich -m SystemResponse: This response displays the available maps and their YP master server host names. services.byname node_1 rpc.bynmber node_1 protocols.bynmber node 1 protocols.byname node_1 passwd.byid node_1 passwd.byname node_1 networks.byname node_1 networks.byaddr node 1 netgrop.byser node_1 netgrop.byhost node_1 net grop node_1 hosts.byname node_1 hosts.byaddr node 1 grop.byname node 1 grop.bygid node_1 vhe_list node_1 ypservers node_1 n () 3-24 YP Commands

66 Installation 4 The following steps are a checklist of NFS installation procedres. Yo may have already completed several of these steps. Yo will most likely start with Step 4. Steps 4 throgh 6 are explained in detail in this chapter. 1. Prepare yor HP 9000 Series 300 system for operation. Refer to Installing and Maintaining NS-ARP A Services docmentation. - Inspect hardware - Create and maintain a network map 2. Ensre yor compter is rnning the HP-UX 6.0 operating system or a later version. If yo do not know which system yor compter is rnning, execte the name -r command. Call yor HP representative if yo do not have HP-UX 6.0 or a later version. If yo are installing HP-UX for the first time, refer to the HP-UX Installation Manal. If yo have HP-UX and are pgrading to a later version, refer to the HP-UX Series 300 System Administrator Manal, Vol. I, or to the AXE User's Manal for information on the pdate procedre. 3. Ensre yor compter is rnning the NS-ARPA Services prodct. Refer to Installing and Maintaining NS-ARP A Services docmentation. Installation 4-1

67 4. Install the NFS Series 300 software. Yo will need to se the pdate procedre to install the NFS Series 300 software. If yo do not already nderstand the pdate procedre, refer to the HP-UX Series 300 System Administrator Manal, Vol. I, or to the AXE User's Manal for detailed pdate information. Refer to the "Install Software" section of this chapter for brief instrctions. - Use the /etc/pdate command - Configre the new kernel n ' ' 5. Add yor HP 9000 Series 300 compter to the network. Refer to Installing and Maintaining NS-ARPA SeJVices docmentation. - Assign an internet address - Create device files for the node 6. Relink programs that access remote directories. If yo will be sing the YP (Yell ow Pages) Service, relink programs that call C library rotines which access YP files. () 4-2

68 Key Terms CDF Context Dependent File. A hidden directory that contains all the versions of a file needed by the different cnodes. Clster One or more workstations linked together with a local area network (LAN), bt consisting of only one root file system. Cnode Any node operating in an HP-UX clster environment, inclding diskless nodes and the root server. Diskless Cnode Internet Address A node in an HP-UX clster that ses networking capabilities to share file systems, bt does not have a file system physically attached. A for-byte qantity that is distinct from a link-level address and is the network address of a compter node. This address identifies both the specific network and the specific host on the network. LAN Local Area Network. NFS Network File System. Node A compter system that is attached to or is part of a compter network. Installation 4-3

69 Root Server Update The only node in an HP-UX clster that has file systems physically attached to it. The HP-UX command that installs software onto the system. n ' / Yellow Pages (YP) An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. n n 4-4 Key Terms

70 Prepare the System To prepare yor HP 9000 Series 300 compter for operation on the LAN, yo mst ensre yor LAN hardware is installed correctly. For LAN hardware installation instrctions for the Series 300 compter, refer to the following docmentation. HP 98643A LAN/300 Link LANIC Installation Manal LAN Cable and Accessories Installation Manal LAN interface card with 15-pin AUI connector OR LAN interface card with BNC connector MAU connections -----c::: AUI cable (" )AUI cable ~-----""----, l,j I I I I I I Backbone Ma or Thin Ma ~~'-~-~~ ~ Backbone tap BNC T Thin coax connector coax (ThickLAN) cable cable or StarLAN 10 Pod (twisted pair Ma) "' \ I ---,.../ Twisted-pair (telephone) wire I I I I I I I I Thin coax Series 300 LAN Interfaces and Cable Connections J Thin coax Becase an AUI connection is not available on the Models 318 & 319, connection to a StarLAN 10 network is not spported. HP 9000 Series 300 Models 318, 330, and 350 are shipped with an installed interface card that is fnctionally eqivalent to an HP 98643A LAN/300 Link Interface card and 28641A Thin MAU. A connector is Installation 4-5

71 available on the backplane of these compters for attaching a T-connector. No MAU or AUI cable is reqired for these Series 300 models. Another step in preparing yor system is to pdate yor network map with all new installation information (e.g., new compters, cable changes). ~~. If yo do not have a network map, HP strongly recommends yo create. ) one. Refer to Installing and Maintaining NS-ARPA Services docmentation for gidelines. n n 4-6 Prepare the System

72 Install Software / ~) Before installing NFS Services software, yo shold ensre the following items are tre. Yor compter is rnning the HP-UX 6.0 operating system or a later version. To check which version of HP-UX yo are crrently rnning, execte the name -r command. The NS-ARP A Services software is installed. To verify whether the NS-ARP A Services have been installed check with yor systems administrator. If yo are the systems administrator, and yo have not already installed the NS-ARPA Services, refer the Installing and Maintaining NS-ARP A Services docmentation for installation and configration instrctions. Use Update Before installing NFS Services, refer to the HP-UX Series 300 System Administrator Manal to familiarize yorself with the men operations and device file information. After yo are certain the reqired HP-UX filesets and NS-ARPA Services software are installed, se the /etc/pdate program to install NFS Services software. The /etc/pdate program takes yo throgh the installation procedre step by step. Note The /etc/pdate command reports a fatal error if too many processes are rnning on the system. Therefore, execte /etc/shtdown before beginning /etc/pdate. Installation 4-7

73 1. From the I (root) directory, execte /etc/shtdown. This command cases all processes to be killed and all file systems bt the root file system to be nmonted. This takes a few mintes to complete. 2. Load the tape (or the first 3 1/2-inch disk) containing NFS Services software. Labels on the tapes and disks indicate which software prodcts are on the media. 3. Execte the /etc/pdate command. This cases the system to atomatically re-boot. 4. If yo are installing the NFS SeJVices stand-alone prodct, skip to the next step. If yo are installing NFS Services as part of a bndled system, Select HP _ NFS from the partition men. () 5. Mark and load the NFS file sets: NFS CMDS and NFS INCL. - - The /etc/pdate program lists each file set as it is loaded. Note: if yo are installing NFS Services as part of a bndled system, yo may notice that other file sets are loaded at this time. This occrs atomatically as part of a bndled system installation. 6. If yo are sing only the AXE prodct, skip to the next step. If yo are sing the Programming Environment, Mark and load the NFS _MAN file set. This cases the nformatted manal pages, for se in the Programming Environment (PE) to be loaded. Note: if yo are installing NFS Services as part of a bndled system, yo may notice that other file sets are n ' ' 4-8 Install Software

74 loaded at this time. This occrs atomatically as part of a bndled system installation. 7. If yo are sing the Programming Environment (PE), skip to the next step. If yo are sing only the AXE prodct, then. Mark and load the NFS MANC file set. This cases the formatted manal pages for the AXE prodct to load. 8. Mter installing the manal pages, select QUIT ntil yo exit /etc/pdate (i.e., yo may need to choose QUIT twice). 9. When yo exit /etc/pdate, the system atomatically reboots. Wait for the system to reboot. 10. Mter the system reboots, login as sper-ser and display the /etc/newconfig directory. The following files were added to the /etc/newconfig directory as a reslt of the installation. Yo will se these /, files when yo configre NFS Services and Yellow Pages, which is U described later in this manal. /etc/newconfig!netgrop /etc/newconfig/yp _ Makefile /etc/newconfig/netnfsrc /etc/newconfig/ypmake /etc/newconfig/rpc /etc/newconfig/ypxfr _lperday /etc/newconfig!vhe _monter /etc/newconfig/ypxfr _lperhor /etc/newconfig!vhe mnt /etc/newconfig/ypxr _2perday /etc/newconfig/ypinit For descriptions of the files listed above and other files in /etc/newconfig, refer to /etc/newconfig!readme. Installation 4-9

75 Note Yo have completed installing the NFS Services prodct. To prepare to configre the services, yo will need to configre a new kernel. To configre a new kernel, refer to the next section. () / n n 4-10 Install Software

76 Configre a New Kernel To prepare the NFS Services prodct for se, yo mst configre a new HP-UX operating system kernel either by execting /etc/reconfig or by editing /etc/conf!dfile and execting /etc/config. Execte the /etc/reconfig command if yo created the existing kernel (!hp-x) either via /etc/reconfig or via /etc/pdate sing /etc/conf/dfile. The /etc/reconfi.g program prompts yo throgh all the necessary steps. Note, execting reconfig moves the existing /etc/conf!dfile to /etc/conf/dfile.bckup. Refer either to the HP-UX Series 300 System Administrator Manal or to the HP-UX Reference manal, config(jm) section. These manals describe how to configre a cstom kernel with special parameters. If yo are adding NFS Services to a /etc/conf!dfile that yo changed (cstomized) to sit to yor needs, edit the /etc/conf/dfile yo are sing to bild the new kernel and add the nfs entry. To avoid losing information, HP recommends that yo first copy the /etc/conf!dfile before making changes to it. Note If operating in an HP-UX clster environment, edit the /etc/conf/dfile for every cnode, inclding the root server, and reconfigre a kernel for each cnode that is based on this /etc/conf/dfile. In an HP-UX clster environment, /etc/conf!dfile is a CDF (context dependent file). Installation 4-11

77 Edit the dfile Refer to the following table if yo are editing a cstomized /etc/conf/dfile, rather than execting /etc/reconfig, to configre NFS into an HP-UX operating system kernel. ~~ Configre Kernel by editing the dfile cd /etc/conf cp dfile dfi/e.save cp dfi le. fll. lan dfile vi dfile /etc/config dfile make -f config.mk cp /hp-x /SYSBCKUP cp hp-x /hp-x /etc/reboot Comments Change the directory to the configration directory. Save yor cstomized dfile by copying it to another file. Copy the dfile.fll.lan into the cstomized dfile. Edit this dfile to inclde yor cstom information. Yo mst also remove the* (asterisk) from the *nfs line. This config command creates two files: conf.c and config.mk. This make command creates the /etc/conf/hp-.x file, yor new kernel. Save yor old kernel. Note: If operating in an HP-UX clster environment, do not save yor old kernel on diskless cnodes. Copy the new kernel to the root directory. Reboot the new kernel. ~~ 4-12 Install Software

78 Add a Compter to the Network If yo have not already done so, refer to Installing and Maintaining NS-ARP A SelVices docmentation for instrctions on adding yor HP 9000 Series 300 compter to the network. Yo will need to perform the following steps. 1. Determine and assign an internet address. 2. Edit netlinkrc. 3. Create device files for the node. Mter rebooting the system, log in as sper-ser and refer to the "NFS Configration and Maintenance," "YP Configration and Maintenance," and "VHE Configration and Maintenance" chapters to configre yor system with NFS, YP (if applicable), and VHE. ( '\ ( \,_) Installation 4-13

79 Relink Programs Yo mst relink programs that access remote directories. Otherwise, these programs will not be able to access remote directories monted throgh NFS since the old directory rotines se a read call instead of a (} getdirentries call to access those directories. If sing YP to provide the information stored in the standard maps' ASCII files, yo mst relink any programs that read data from those files sing standard C library rotines. If yo do not relink the programs, they will access only the local files. If the local files are not as crrent as the YP maps, the programs may not work correctly. Programs compiled with previos ARP NBerkeley libraries get*ent (gethostent, getnetent, getservent, getprotoent and related rotines) will not have access to the YP databases where information in files like /etc/hosts can be stored. Programs compiled with the previos getpwent and getgrent rotines will not have access to information (passwords and grops) stored in the global YP password and grop databases. () ' / r'l ' / 4-14 Relink Programs

80 NFS Configration and Maintenance 5 This chapter describes a basic NFS configration withot Yellow Pages. The latter portion describes how to administer and maintain the NFS service once yo have it configred. For specific NFS information, refer to the following sections. ekeyterms NFS Configration U Refer to the NFS Services Reference Pages for detailed NFS information. Gidelines NFS Maintenance Note All references to servers and clients in this chapter apply to NFS servers and NFS clients nless otherwise specified. NFS Confi211ration and Maintenance 5-1

81 Key Terms Alias Client A term for referencing alternate networks, hosts, and protocols names. A node that reqests data or services from other nodes (servers). A process that reqests other processes to perform operations. Note: An NFS client can also be configred as any combination of an NFS server, YP client, or YP server. (A YP server mst also be configred as a YP client.),r"\, \ ) Clock Skew A difference in clock times between systems. Clster Cnode One or more workstations linked together with a local area network (LAN), bt consisting of only one root file system. Any node operating in an HP-UX clster environment, inclding diskless nodes and the root server. n Daemon Diskless Cnode Export Backgrond programs that are always rnning, waiting for a reqest to perform a task. A node in an HP-UX clster that ses networking capabilities to share file systems, bt does not have a file system physically attached. To make a file system available to remote nodes via NFS. n 5-2 Key Terms

82 File System An entire nit (disk) that has a fixed size.,/ \ ( > \,., / GID Hard Mont Host Import A vale that identifies a grop in HP-UX. A mont that cases NFS to retry a remote file system reqest ntil it scceeds, yo interrpt it (defalt option), or yo reboot the system. A node that has primary fnctions other than switching data for the network. To obtain access to a remote file system from an otside sorce; to mont. Internet Address A for-byte qantity that is distinct from a link-level address and is the network address of a compter node. This address identifies both the specific network and the specific host on the network. Interrpt- A mont that allows yo to interrpt an NFS reqest by able Mont pressing an interrpt key. (Thogh the interrpt key is not standardized, common ones inclde CTRL-C and BREAK.) Mont To obtain access to a remote or local file system or directory (import). NFS Configration and Maintenance 5-3

83 Mont The name of the directory on which a file system is Point monted. Netgrop A network-wide grop of nodes and sers defined in (j /etc/netgrop. NFS Network File System. Node A compter system that is attached to or is part of a compter network. Root The only node in an HP-UX clster that has file systems Server physically attached to it. Server A node that provides data or services to other nodes (clients) on the network. A process that performs operations as reqested by other processes. n Note: An NFS server can also be configred as any combination of an NFS client, YP client, or YP server. (A YP server mst also be configred as a YP client.) Soft An optional mont that cases access to remote file systems Mont to abort reqests after one NFS attempt. UID A vale that identifies a ser in HP-UX. Unmont To remove access rights to a file system or disk that was monted via the mont( 1M) command. n J 5-4 Key Terms

84 Update Yellow Pages (YP) The HP-UX command that installs software onto the system. An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. YP may or may not be active; check with yor system administrator. YP Domain A logical groping of YP maps (databases) stored in one location. YP domains are specific to the YP network service and are not associated with other network domains. NFS Configration and Maintenance 5-5

85 Gidelines Refer to the following gidelines for information regarding network memory, configration files, daemons, and servers. I~ I Network Memory Network memory is configrable sing three parameters: netmeminit, netmemmax and netmemthresh. The defalt vales are generally sfficient for most NFS configrations. However, if yo change these parameters, do not set netmemmax eqal to or less than netmemthresh. For more information, refer to the HP-UX Series 300 System Administrator Manal. lr; n 5-6 Gidelines

86 Configration Files The following table lists the files that mst b~ configred for yor system to operate correctly. (Refer to the NFS Services Reference Pages for detailed information.) Configration File /etc/checklist /etc/exports /etc/inetd.conf /etc/netgrop /etc/netnfsrc Description Contains a list of file systems that are atomatically monted at boot time. Contains a list of file systems that clients may import. Nate, create this file only on servers. Contains information abot servers started by inetd(lm), inclding RPC services. Contains a mapping of network grop names (netgrops) to a set of node, ser, and YP domain names; both /etc/exports and /etc/passwd can se the netgrops defined in /etc/netgrop. Classifies the nodes for remote monts. For ARPA Services, classifies the sers for remote logins and remote shells. Yo can specify netgrops in /etc/hosts.eqiv and $HOME/.rhosts. Atomatically exected at boot time to start the NFS networking (e.g., starts daemons and servers, defines servers and clients). NFS Configration and Maintenance 5-7

87 Configration File /etc/rpc Description Maps the RPC program names to the RPC program nmbers and vice versa. This file is static; it is already correctly configred. () /sr/adm/inetd.sec Checks the internet address of the host reqesting a service against the list of hosts allowed to se the service. Specifies how many remote sers can simltaneosly start remote services in the local system and which remote hosts (or networks) can se the system. () n 5-8 Gidelines

88 Daemons The following table lists the networking daemons (backgrond programs) that are always rnning, waiting for a reqest to perform a task. Daemon biod(jm) Description Asynchronos block I/0 daemons for NFS clients. If operating in an HP-UX clster environment, biod(jm) mst be rnning on all cnodes in the clster. inetd(jm) nfsd(jm) Internet daemon that listens on service ports. Reads /etc/inetd.conf to determine the appropriate server for handling the incoming reqest Listens for and accepts network reqests Invokes the appropriate server Note: Since inetd(jm) contacts portmap(jm) on behalf of the servers it starts, yo mst start portmap(jm) before starting inetd(jm). NFS server daemon that responds to client file system reqests. When a client program needs to read or write in a remote file system, it sends a reqest to that system's nfsd(jm) process. If operating in an HP-UX clster environment, nfsd(jm) shold be rnning on the root server if it is servicing NFS reqests. Any nfsd(jm) daemons rnning on client cnodes are ignored. NFS Configration and Maintenance 5-9

89 Daemon pcnfsd(lm) Description Daemon that athenticates a PC ser's access to files. It takes the ser name and password, and then either scceeds (retrns a valid UID and GID), or fails (indicates the name and password are nacceptable). Note: Thoghpcnfsd enables PC sers to se printer spooling facilities on HP-UX systems, they mst have the appropriate PC networking software prodct for it to work. C) portmap(lm) Daemon that converts RPC program nmbers into port nmbers. When inetd(lm) starts, it tells portmap(lm) which RPC servers it is listening for, on which ports it is listening, and the RPC program nmbers and versions it serves. When a client makes an RPC call to a given program nmber, it first contacts portmap(lm) on the server node to determine the port nmber where RPC reqests shold be sent. Note: Since inetd(lm) contacts portmap(lm) on behalf of the servers it starts, yo mst start portmap(lm) before starting inetd(lm). n n 5-10 Gidelines

90 Servers The following table lists the networking servers (processes that perform operations as reqested by other processes). Server montd(jm) Description Answers file system mont reqests by reading /etc/exports to determine which file systems are available to nodes and sers; invoked by inetd(jm). The showmont(jm) command calls rpc.montd to list the clients with local file systems monted. If operating in an HP-UX clster environment, montd(jm) shold be rnning on the root server if servicing NFS reqests. Any montd(jm) server rnning on a client cnode is ignored. rstatd(jm) Retrns statistics obtained from the kernel; invoked by inetd(jm). The rp(l) program ses rpc.rstatd. rsersd(jm) Lists the sers on the local host; invoked by inetd(jm). The rpc.rsersd server provides the rsers(l) program information abot the local sers. The rsers(l) program then sms and displays the information. NFS Configration and Maintenance 5-11

91 Server rwalld(jm) Description Handles all rwall(jm) reqests; invoked by inetd(jm). The RPC program rwall(jm) sends a message to rpc.rwalld on a given host. Each rpc.rwalld accepts this message and writes it to all sers on the host it is serving sing wall(jm)..~ J sprayd(jm) Records the packets sent by spray(jm); invoked by inetd(jm) Gidelines

92 NFS Configration Configring yor system is the process of setting p yor software so it operates correctly and according to yor specifications. The following list is an overview of the steps yo mst complete to configre the nodes on yor network with NFS Services. The steps are described in more detail after the overview list. 1. Compare the files in the /etc/newconfig directory to their their corresponding existing files. 2. Set UIDs and GIDs 3. Create an NFS server 1. Edit /etc/netnfsrc 2. Edit /etc/inetd.conf 3. Edit /sr/adm/inetd.sec (if necessary) 4. Edit /etc/netgrop 5. Edit /etc/hosts 6. Create and Edit/etc/exports 7. Reboot the system (if necessary) 4. Create an NFS client 1. Edit /etc/netnfsrc 2. Mont file systems 3. Reboot the system (if necessary) 5. If applicable, configre Yellow Pages (YP). (Refer to the "YP Configration and Maintenance" chapter.) 6. If applicable, configre the Virtal Home Environment (VHE) service. (Refer to "VHE Configration and Maintenance" chapter.) 7. Execte/etc/netnfsrc (or reboot) when yo are finished with all of the configration, inclding setting p YP and VHE. NFS Configration and Maintenance 5-13

93 1. Compare /etc/newconfig Files to Existing Files When yor installed the NFS services software, several new files were copied into the /etc/newconfig directory. Perform the following steps to prepare to configre the NFS service. 1. Compare each /etc/newconfig file listed below with its conterpart shown in the following list. n File in /etc/newconfig directory netgrop netnfsrc rpc Conterpart in /etc directory netgrop netnfsrc rpc 2. If the files are the same, then skip to the next section, "2. Set UIDs and GIDs." n 3. If yo have previosly cstomized the files that exist in the /etc directory, or if the files are from an older version of the software they will differ from those in /etc/newconfig. If there are differences, copy the crrent files in/etc to a safe location and do one of the following: OR change the versions in /etc to reflect the differences in the files in /etc/newconfig. copy the files in /etc/newconfig to /etc. Then re-cstomize the files in /etc if necessary. n 5-14 NFS Configration

94 2. Set UIDs and GIDs (_) The UID field from an /etc/passwd entry and the GID field from an /etc/grop entry athenticate NFS sers. The client passes this UID and GID to a server for se when checking file ownership and permission. To ensre only the sers in the correct grop receive the privileges set by the file's owner, edit /etc/passwd and /etc/grop so that each ser has one niqe UID and one niqe GID that is the same on all servers and clients. If sing Yell ow Pages (YP) Service, yo can configre YP so yo can centrally administer /etc/passwd and /etc/grop. Note, local UIDs and GIDs are not reqired if sing YP. If not sing YP, yo can se one of the following two methods to either create new /etc/passwd and /etc/grop files or yo can modify the existing ones. (_) Create one /etc/passwd and one /etc/grop file to ensre UIDs and GIDs are consistent for each NFS ser across the network. Copy these files to all NFS network nodes. When pdating UIDs or GIDs, yo will need to recopy the files to each node. Yo can atomate this process by sing shell scripts and the NS-ARPA Services. A disadvantage of this method is that it gives exactly the same access to all sers across the network. A ser with a valid password for a sper-ser accont wold have sper-ser privileges on all nodes configred in this fashion. Edit /etc/passwd and /etc/grop on each node to ensre UIDs and GIDs are consistent for each ser across the network. If yo modify UIDs or GIDs affecting more than one node, yo will have to modify each node affected by the change. For example, if adding a new ser yo will need to pdate the /etc/passwd and /etc/grop files residing on each system to which the new ser will have access. NFS Configration and Maintenance 5-15

95 Thogh more time consming and error prone, this method allows each system to have a different set of sers. 3. Create an N FS Server Yo mst be sper-ser to create an NFS server. To create an NFS server, complete the following steps. 1. Edit /etc/netnfsrc 2. Edit /etc/inetd.conf 3. Edit/sr/adm/inetd.sec (if necessary) 4. Edit /etc/netgrop 5. Edit/etc/hosts 6. CreateandEdit /etc/exports 7. Reboot the system (if necessary) An NFS server can also be configred as any combination of an NFS n client, YP client, or YP server. (A YP server mst also be configred as a YP client.) Note If operating in an HP-UX clster environment and configring NFS on the root server, yo mst also configre NFS on all clients in the clster. If the root server does not have NFS configred, then none of the clients can. n 5-16 NFS Configration

96 1. Edit /etc/netnfsrc The /etc/netnfsrc file activates the NFS daemons and servers. c) any digit other than zero. - To define the node as an NFS server, set the NFS SERVER variable to If the node is also a client, yo may want to set the NFS CLIENT variable to any digit other than zero now. (Refer to the "4. Create an NFS Client" section to complete client configration procedres.) If the node is also a server for PC-NFS reqests, set the PCNFS_SERVER variable to any digit other than zero. Client Only NFS CLIENT=! NFS_SERVER=O Server Only NFS_CLIENT=O NFS_SERVER=l Both Client and Server NFS_CLIENT=l NFS SERVER=! Neither Client nor Server NFS CLIENT=O NFS SERVER=O PC-NFS Server PCNFS_SERVER=l Yo can refer directly to the comments (lines beginning with # (pond) signs) for editing instrctions and for descriptions of each activity exected by /etc/netnfsrc. Note If yo edit this file other than specified in this docment, HP recommends yo incorporate personal comments for ftre system administration. NFS Configration and Maintenance 5-17

97 #!/bin/sh # netnfsrc NFS startp file ## # # #* # # # # #* # # # ## # # Depending on the configration parameters yo set within, this script sets p some or all of the following: YP specific: domainname -- the YP domain name # # and starts p some or all of the following programs: # portmap nfsd biod pcnfsd YP specific: ypbind ypserv yppasswdd RPC (program_#,version) -> port_# mapper NFS daemons async BID daemons PC-NFS daemon YP client process (all YP nodes) YP server process (YP server only) YP password daemon (YP master server only) NFS_CLIENT NFS_SERVER 1 if this node is an NFS client, 0 if not 1 if this node is an NFS server, 0 if not # Note: it is possible for one host to be a client, a server, both # or neither! This system is an NFS client if yo will be # NFS monting remote file systems; this system is a server # if yo will be exporting file systems to remote hosts. # See Also: nfsd(1m), mont(1m) ## # Note: this has nothing to do with whether or not the system is # a rootserver or diskless client workstation. There is a # test for this later (to set the variable LDISK). ## NFS_CLIENT=O NFS_SERVER=O rt) PCNFS_SERVER=O n 5-18 NFS Configration

98 2. Edit /etc/inetd.conf ( \ \._) To activate the RPC services, remove all # comment marks (pond signs) from /etc/inetd.conf lines beginning with #rpc. If yo want one of these services activated bt the line was removed, yo may need to obtain a new version of /etc/inetd.conf from /etc/newconfig. Note Mter editing /etc/inetd.conf, yo mst reconfigre inetd(jm) as follows. inetd -c RPC Services Secrity The inetd(jm) secrity facility works only when the inetd(jm) exectes a server. For the RPC services that do not exit after each service reqest, inetd(jm) provides a secrity check only for the first reqest. Sccessive reqests bypass the inetd(jm) and are sbject only to the secrity checking performed by the individal RPC services. However, yo can make the inetd(jm) perform a secrity check for every RPC reqest by adding the -e option to the /etc/inetd.conf entry for the RPC service and then specifying the RPC service in the first field of /sr/adm/inetd.sec. (Refer to the next section, "3. Edit /sr/adm/inetd.sec.") Note, adding the -e option makes the RPC server respond slower since it has to restart for each reqest. NFS Configration and Maintenance 5-19

99 RPC Entries Refer to the following list for a brief description of each RPC service line present in /etc/inetd.conf. rpc dgram dp wait root /sr/etc/rpc.montd rpc.montd -e The rpc.montd program reads /etc/exports to see what the available file systems are and to whom they are exported. It also keeps a list of all monted file systems. The program spports version 1. ("\ '. ) The-e option forces inetd(lm) to perform a secrity check for rpc.montd on every reqest. rpc stream tcp nowait root /sr/etc/rpcrexd rpc.rexd The rpc.rexd program is the server for the on(l) program. The program spports version 1. rpc dgram dp wait root /sr/etc/rpc.rstatd rpc.rstatd n The rpc.rstatd program provides kernel statistics. The program spports versions 1 throgh 3. rpc dgram dp wait root /sr/etc/rpc.rsersd rpc.rsersd The rpc.rsersd program provides information abot active sers on remote nodes and the amont of time they have been idle. The program spports versions 1 and 2. rpc dgram dp wait root /sr/etc/rpc.rwalld rpc.rwalld The rpc.rwalld program writes a message sent by rwall(lm) to all sers logged on to the system. The program spports version 1. rpc dgram dp wait root /sr/etc/rpc.sprayd rpc.sprayd The rpc.sprayd program accepts RPC reqests, reads UDP packets, and then tells how fast it read them; yo can se the reslts to gage performance. The program spports version NFS Configration

100 3. Edit /sr/adm/inetd.sec (if necessary) NFS operates nder the assmption yo have a "friendly" network; meaning, yo can trst all sers attached to yor network. Since this ( \ assmption may not apply to everyone, refer to the following sections to \_.;' improve yor file secrity. The /sr/adm/inetd.sec configration file is provided in the NS-ARPA Services prodct. It is not solely for NFS access. This file allows yo to determine how many remote services can rn simltaneosly on the local host and which hosts are allowed to remotely se the local host. Note If inetd(jm) is rnning, it rereads /sr/adm/inetd.sec after yo make changes to it. Yor changes apply only to services started after the file is reread, bt not to any crrently rnning services. Set Maximm Nmber of Remote Connections On the first line in /sr/adm/inetd.sec, enter the maximm nmber of simltaneos remote services to be started by inetd(jm). MAXNUM nmber If yo do not specify a MAXNUM vale, the defalt is Specify Accesses to Services U Each entry in /sr/adm/inetd.sec has the following format. service_ name allow/deny host _specifier( s) (Note: Enter only allow or deny) NFS Configration and Maintenance 5-21

101 /sr/adm/inetd.sec Description Entry Fields selvzce name Name of a valid service (inclding RPC services) with an entry in /etc/inetd.conf. For RPC services, selvice name is the name of the service that matches its program nmber in /etc/rpc. n. J This entry mst have a corresponding entry in /etc/inetd.conf which contains the -e option. For other services,selvice name is the one listed in/etc/selvices. - Specify only one service per entry. If a remote service is not specified in /sr/adm/inetd.sec, then it is not restricted by inetd(jm). If an entry in /sr/adm!inetd.sec specifies the service name and nothing else, inetd(jm) allows all hosts to attempt access. n allow/deny The allow entry instrcts inetd(jm) to approve the host or network for access to the specified service. The deny entry instrcts inetd(jm) to disapprove the host or network for access to the specified service. (~ 5-22 NFS Configration

102 host _specifier( s) Name of a host or a network listed in /etc/hosts or /etc/networks, or an internet address in the standard internet notation. Yo can specify more than one host or network by separating each host _specifier with a blank or tab. Yo can se the* (wild card character) or -(range character) in any field of a network or host address. Yo cannot se aliases. RPC Services Secrity Yo can make inetd(jm) perform its inetd.sec(4) secrity check for every RPC reqest by following these two steps. 1. Add the -e option to the RPC service line in /etc/inetd.conf. (Refer to the "2. Edit /etc/inetd.conf' section or inetd.conf(4).) EXAMPLE: rpc dgram dp wait root /sr/etc/rpc.montd rpc.montd -e 2. Specify the RPC service in the first field in /sr/adm/inetd.sec. /sr/adm/inetd.sec Example RPC Entry montd allow hosta walld deny * Effect on System Secrity Allows only hosta to access rpc.montd Denies access to rpc.rwalld from the following hosts (internet address) all hosts that are part of network 10. * NFS Configration and Maintenance 5-23

103 4. Edit /etc/hosts Note If YP is rnning, do not edit /etc/hosts on any node except the YP master server; otherwise, local changes will not be propagated. n. ) Each file system in /etc/exports may be followed by a netgrop name or a host name. If yo want to export local file systems to a specific host, the host name mst have an entry in /etc/hosts regardless of whether it is specified as part of a netgrop in /etc/netgrop. Ensre that a line with the following format exists in /etc/hosts for each host to which yo will be exporting file systems. internet address host name - - n Thd e inte"!et _ a(drdli 'ess mh qel(y 1). d ent~fies the ndodde an?n mst b~ in )decimal ot notation. e er to osts 4 or mternet a ress 1 ormation. EXAMPLE: node_? The host_ name is the node name. The root ser shold own /etc/hosts with the permission 0444 (r--r--r--) NFS Configration

104 5. Edit /etc/netgrop Note If YP is rnning, do not edit /etc/netgrop on any node except the YP master server; otherwise, local changes will not be propagated. The /etc/netgrop file enables yo to define a specific network-wide grop of nodes as a netgrop. Yo can then limit file system access by exporting file systems (via /etc/exports) to the netgrops defined. The system ses /etc/netgrop to verify host names whenever clients perform remote monts. (Refer to netgrop(4).) For ARPA Services, the system ses /etc/netgrop to verify sers when clients perform remote logins or remote shells. (Refer to hosts.eqiv(4).) Add a line with the following format for each netgrop yo wish to define. The entry may contain any nm ~opnames, netgrop _name] netgrop _ name2 netgrop _ name3... netgrop_namel member] member2... ' thogh yo mst then define "'- these netgrops within /etc/netgrop 0 The member n is eqal to the triple (host_name, ser_name, yp_domain_name) NFS Configration and Maintenance 5-25

105 The entry may contain any nmber of netgrop names, thogh yo mst then define these netgrops within /etc/netgrop. Yo can assign more than one triple to a net grop by enclosing each separate set within parentheses ~ (host_ name, ser_ name, yp _domain_ name). ' J Leave any of these three fields empty to signify a wild card (i.e., blank fields match anything). For example, (,research) matches all hosts and sers in the research YP domain. A- (dash) in any of these three fields means match nothing. For example, (-,mike,graphs) does not match any hosts, bt it does match the ser mike in the graphs YP domain. Each host_ name mst have an entry in /etc/hosts. The yp _domain_ name is the name of the YP domain to which yo crrently belong. To determine yor crrent YP domain name, execte the domainname(l) command. The commands sing /etc/netgrop assme yo are not looking for any n YP domain other than the one assigned on yor node NFS Configration

106 EXAMPLES: /etc/netgrop Example Entry netgropl (,,) The N etgrop Incldes Everyone on the network netgrop2 (,darren,graphic) The ser darren on any host in the graphic YP domain netgrop3 (node_7,,graphic) Any ser on the node _7 host in the graphic YP domain netgrop4 (node_2,john,) The ser john on the node _2 host in any YP domain / \ netgrop5 (,andy,graphic) (node_l,mike,) netgrop6 (-.annette,graphic) The ser andy on any host in the graphic YP domain and the ser mike on the node_) host in any YP domain The ser annette in the graphic YP domain, no host inclded NFS Configration and Maintenance 5-27

107 6. Create and Edit /etc/exports Yo control the available file systems by yor entries in the server's /etc/exports file. Each time a server receives a mont reqest, montd(lm) accesses /etc/exports to see if the file system is exported and which systems / can access it... ) The server mst have the file system monted locally before it can be exported. Yo mst export the entire file system; yo cannot export specific directories (thogh clients can mont specific directories). The path name in /etc/exports mst be the same path name as the directory on which the local file system is monted. If the -async option is set (see exports ( 4)) for a file system, asynchronos writes on the NFS server occr... ~. Cation The -async option increases write performance on the NFS server by allowing asynchronos writes on the NFS server's file system. n However, se cation in deciding whether to se the -async option. An nreported data loss may occr if the option is set and the NFS server hardware experiences a power loss, system panic or other failre. Do not se the -async option with file systems that contain: files which are accessed by the 0 _ SYNCIO flag (which is set bythefnctl(2) or open(2) calls), data that cannot be reconstrcted (e.g., a file system containing database files), n files synchronized withf.\)'nc(2), or 5-28 NFS Configration

108 critical applications reqiring absolte data integrity. ( ' ~I If yo are nsre whether any of the previos conditions apply, do not se the -async option. Yo control the file system's availability by specifying a netgrop or hos1 name; otherwise, the file system becomes available to everyone on the network rnning NFS. After accessing /etc/exports, the system checks /etc/netgrop for the netgrop definition; if it is not present, the system checks /etc/hosts for the host name. (For more information, refer to the previos sections, "4. Edit /etc/hosts" and "5. Edit /etc/netgrop.") Note If importing a file system containing a ser's home directory, the ser may not be able to login if the remote file system is not accessible. If a client has a file system monted and yo edit /etc/exports to change availability of that file system, the client's access will not change. To prevent the client from accessing the server's files, on the client yo mst either nmont the file systems or reboot. NFS C.nnfipnratinn anrl MaintPnstni'P.c:;-?.Q

109 /etc/exports Entry Formats /complete _filesystem _pathname System Response Exports the file system to everyone on the network and defalts to synchronos writes on the NFS server. /complete_filesystem_pathname netgrop_1 netgrop_2 Exports the file system only to specified netgrops /complete _filesystem _pathname client _1 client_ 2 Exports the file system only to specified clients /complete _filesystem _pathname client_ 2 netgrop _1 /complete _filesystem _pathname -async client _1 Exports the file system only to the specified client and netgrop. Exports the file system to the specified client and cases asynchronos writes on the NFS server NFS Configration

110 EXAMPLE: /. File ~ /sorce Systems ~ A /screens /designs ( \ /frame A NFS Configration and Maintenance 5-31

111 I etc/ exports Example System Response Example Entry * I Export I (root) to all clients. Clients will not receive the file system sorce since I is the exported file system. The sorce and designs file systems will not be seen by this mont. Clients will receive the!bin directory since is it part of the I file system. ~~ ) /sorce Export sorce to all clients. Clients will not receive the n file system designs or I since sorce is the exported file system. The designs and I file systems will not be seen by this mont. /sorce/ser2/designs Export designs to all clients. /sorce/ser2/designs -async systeml Export designs to the client systeml and allow asynchronos writes on the NFS server. /sorce/ser2/designs lab Export designs to the n netgrop lab NFS Configration

112 /sorce/ser2/designs systeml lab Export designs to the client systeml and the netgrop lab. *Note: Yo mst define all hosts in /etc/hosts and all netgrops in /etc/netgrop or, if yo are sing YP, ensre that all hosts and netgrops are defined on the master YP server. 7. Reboot System After yo finish the configration procedre, execte /etc/netnfsrc or reboot the system to activate the daemons and servers. The rebooting process does not nmont any of the server's file systems that were remotely monted by other network nodes. However, these nodes will not be able to access any of the server's files ntil the server is operating again. ( ' NFS Configration and Maintenance 5-33

113 4. Create an N FS Client Yo mst be sper-ser to create an NFS client. To create an NFS client, complete the following steps. 1. Edit/etc/netnfsrc 2. Montfilesystems 3. Reboot the system (if necessary). An NFS client can also be configred as any combination of an NFS server, YP client, or YP server. (A YP server mst also be configred as a YP client.) 1. Edit /etc/netnfsrc The /etc/netnfsrc file activates the NFS daemons and servers. To define the node as an NFS client, set the NFS CLIENT variable to any digit other than zero. - If the node is also a server, yo may want to set the NFS _SERVER variable to any digit other than zero now. (Refer to the "Create an NFS Server" section to complete server configration procedres.) If the node is also a server for PC-NFS reqests, set the PCNFS _SERVER variable to any digit other than zero. rfj Client Only NFS CLIENT=l NFS_SERVER=O Server Only NFS_CLIENT=O NFS_SERVER=l Both Client and Server NFS_CLIENT=l NFS_SERVER=l Neither Client nor Server NFS_CLIENT=O NFS_SERVER=O (\ J PC-NFS Server PCNFS_SERVER=l 5-34 NFS Configration

114 (_) Yo can refer directly to the comments (lines beginning with # (pond) signs) for editing instrctions and for descriptions of each activity exected by /etc/netnfsrc. Note If yo edit this file other than specified in this docment, HP recommends yo incorporate personal comments for ftre system administration. NFS Configration and Maintenance 5-35

115 #!/bin/sh # netnfsrc NFS startp file ## # # #* # # Depending on the configration parameters yo set within, this script sets p some or all of the following: YP specific: domainname -- the YP domain name # and starts p some or all of the following programs: # portmap RPC (program_#,version) ->port_# mapper # nfsd NFS daemons biod async BID daemons pcnfsd # # #* # # # ## # # # # YP specific: ypbind ypserv yppasswdd NFS_CLIENT NFS_SERVER PC-NFS daemon YP client process (all YP nodes) YP server process (YP server only) YP password daemon (YP master server only) 1 if this node is an NFS client, 0 if not 1 if this node is an NFS server, 0 if not Note: it is possible for one host to be a client, a server, both or neither! This system is an NFS client if yo will be # NFS monting remote file systems; this system is a server # if yo will be exporting file systems to remote hosts. # See Also: nfsd(lm), mont(lm) ## # Note: this has nothing to do with whether or not the system is # a rootserver or diskless client workstation. There is a # test for this later (to set the variable LDISK). ## NFS_CLIENT=O NFS_SERVER=O ('j PCNFS_SERVER=O 5-36 NFS Configration

116 2. Mont File Systems Review the servers' /etc/exports file on yor LAN to determine the file systems to which yo want the client to have access. Yo will need to mont each of these file systems on the clients. For each file system yo shold determine if yo want it monted atomatically at boot time via /etc/checklist or monted only when manally specified via the mont(im) command. Since an attempt to mont a remote file system reqires sing another node and the network, the mont may not scceed the first time. Yo can vary the nmber of times NFS attempts to mont a file system by sing the retry option. After the mont is sccessfl, the manner in which NFS handles reqests depends on whether the mont is hard (defalt) or soft. NFS Hard Hard monted file systems with the defalt int (interrpt) Mont case NFS to retry a reqest ntil it scceeds, yo interrpt it, or yo reboot the system. If the noint option is activated and an NFS server goes down, the system retries the reqest ntil the server comes p again or yo reboot the system. If the server does not respond to a hard mont reqest, NFS writes the following message in the network error log file. NFS: server host_ name not responding, st i 11 trying Refer to Installing and Maintaining NS-ARP A Services docmentation for more error log information. Note, if a server goes down from which yo previosly performed a hard mont, yo may not be able to access monted file systems on other nodes nless yo reboot the problem server or interrpt all its reqests. NFS Confi2ration and Maintenance 5-37

117 NFS Soft Mont Soft monted file systems abort reqests after one attempt. NFS writes an error to the log file if the server does not respond to a reqest. The message varies depending on what type of reqest is made. NFS server host_name not responding, giving p NFSfnction_name failed for server server_name: TIMED OUT,fj Note If a ser's home directory is in a remote file system, the ser will not be able to login if the remote file system is not accessible (e.g., the server goes down, the network fails). Mont Gidelines Refer to the following gidelines whether monting file systems atomatically via the /etc/checklist file or manally via the mont(im) command. For more specific information, refer to checklist(4) and mont(im). (') Yo cannot mont a remote file system nless the server has an entry for yor node in /etc/exports or nless /etc/exports makes the file system available to everyone on the network. (Execte showmont(im) to list monted file systems.) Thogh yo can export only file systems, yo can mont file systems or directories. When yo mont a new file system on top of a directory already containing files, the directory's files will no longer be accessible nless yo execte mont(im) to nmont the monted file system. To avoid masking a directory, HP recommends yo mont the file system on top of an empty directory. n 5-38 NFS Configration

118 Yo cannot mont or nmont an open directory (a directory in which someone is crrently operating)....,.,, ( i Yo mst specify a mont point (name of a local directory on which the file system will be monted). If operating in an HP-UX clster environment If a cnode monts a remote file system, all cnodes in the clster can access the remote file system. If sing NFS to mont a file system attached to a clster, yo mst se the root server host's name as the node name specified in the mont(jm) command. If a cnode monts a remote file system, any cnode in that clster can nmont the remote file system. Before monting a file system, refer to the following table and determine the options yo want the mont to have. Yo mst specify an option if monting via /etc/checklist; yo do not have to specify an option if monting via mont( 1M). Yo do not have to list options in a specific order; however, yo mst separate the options with commas (not spaces). NFS Configration and Maintenance 5-39

119 NFS Description Mont Options bg Backgrond: If the first reqest to a remote node's montd(lm) fails, the mont process contines retrying the reqest in the backgrond.,,-) I defalts Defalts: The mont takes all the defalt options withot yo having to individally specify them. The defalts are noted within this table by asterisks (*). Yo only need to specify defalts when monting via /etc/checklist; the mont( 1M) command atomatically provides the defalts. fg* Foregrond: If the first reqest to a remote node's montd(lm) fails, the montd(lm) daemon retries thereqests in the foregrond. hard* Hard Mont: NFS retries ntil the reqest scceeds or yo reboot the system. If sing the int defalt option, yo can () interrpt the file system reqest. int* Interrptable Mont: Yo can press an interrpt key to abort an NFS reqest. (Thogh the interrpt key is not defined, common ones inclde CTRL - C and BREAK.) noato No Atomatic Mont: Prevents the file system from being monted when the mont -a option is exected. Yo only need to specify noato when monting via /etc/checklist. nointr No Interrptable Mont: Yo cannot interrpt processes waiting for NFS reqests to complete. *=Defalt nosid No setid: Yo cannot execte files on the remote file systern with either the setid or setgid bits set. () ' ; 5-40 NFS Configration

120 NFS Mont Description Options / I \J port= n Port= n Defalt n = 2049 (the NFS server port) Specifies the UDP port at which the NFS server is contacted. Yo shold not have to reset this vale. retrans= n Retransmit = n Defalt n = 4 When NFS sends a reqest to a remote system, RPC attempts to transmit the reqest n times. If RPC does not receive a response after n attempts, soft monts retrn an error and hard monts retry the reqest. retry= n Retry= n Defalt n = 1 The mont(jm) command retries monting the file system n times; the defalt is one. For example, if a mont( 1M) attempt fails once and the defalt is one, mont( 1M) tries once more before qitting. ro Read Only: Access rights are Read Only. rszze= n Read reqests size = n Defalt n = 8192 (8K) Specifies the maximm read reqest size sed in commnicating with the server. rw* Read/Write: Access rights are Read and Write. NFS Confi211ration and Maintenance 5-41

121 NFS Mont Description Options soft Soft Mont: NFS aborts the reqest after RPC attempts to transmit the reqest n times (as specified by the retrans :--) option). sid* setid: Yo can execte programs on the remote file system timeo= n Timeot= n that have setid as one of their permissions. Defalt n = 7 Specifies the initial timeot (in tenths of seconds) for NFS reqests. When an NFS reqest occrs, RPC sends the reqest, waits 0. 7 seconds for a response, and then retries the reqest. After the initial timeot, the timeot increases by mltiples () nmber of retrans retransmissions have been sent with no reply, soft monts retrn an error and hard monts retry the reqest. of two each time no response is received. When a specified Note: If performing NFS monts throgh a gateway and yo see several server not responding messages within a few mintes, change the timeot defalt vale (7) to a. vale of 10 or greater ntil yo stop seeing the message. wszze= n Write size = n *=Defalt Defalt n = 8192 bytes (8K) Specifies the maximm write reqest size sed in commnicating with the server. n 5-42 NFS Configration

122 Edit /etc/checklist for Atomatic Monts If yo want the file system monted atomatically, add an entry for it in the /etc/checklist file. At boot time, /etc/netnfsrc exectes mont -at nfs to mont all NFS file systems listed in /etc/checklist. Edit /etc/checklist to append the hosts and file systems yo wish to import sing the following format. All of the defalt options are activated when yo specify defalts. Yo mst specify either defalts or at least one option. NFS Hard Monts via /etc/checklist server_name:/imported_filesystem /mont_point nfs defalts 0 0 OR U \. server_name:/imported_filesystem /mont_point nfs [options] 0 0 NFS Soft Monts via /etc/checklist server_name:/imported_filesystem /mont_point nfs soft[.,other options] 0 0 The nfs stands for NFS monts. NFS ignores the two zeros (0 0), thogh they mst be present. Server Client ANDY JOHN File /frame /graph System ~ I Mont Point "' /modification /art.-- ~ /sorce /bleprint /sorce /bleprint NFS Conti211ration and Maintenance 5-43

123 EXAMPLES: /etc/checklist Atomatic Monts /etc/checklist Example Entry on the Client JOHN ANDY:/frame/delta /graph/art nfs defalts 0 0 Reslting Mont Options* Foregrond Hard Mont Interrptable Port = 2049 Read and Write Read Size = 8192 Retransmit = 4 Retry= 1 setid Timeot = 0.7 Write Size = 8192 Note: All of these options are by defalt. (j ANDY:/frame/delta /graph/art nfs ro,retry=6,timeo=3 0 0 ANDY:/frame/delta /graph/art nfs bg,retrans=8,soft 0 0 ANDY:/frame/delta /graph/art nfs noato,noint,nosid 0 0 Read Only Retry= 6 Timeot = 0.3 Backgrond Retransmit = 8 Soft Mont No Atomatic Mont No Interrptable Mont No setid ANDY :/frame/delta /graph/art nfs rs ize=l024,ws ize= Read Size = 1024 bytes Write Size = 1024 bytes n * The defalt options are activated when yo specify defalts. They are also active with other options nless yo specify otherwise. The defalt options are listed only once for this example NFS Configration

124 Execte mont(1 M) for Manal Monts Execte mont(jm) to mont an NFS file system manally. NFS file systems monted via mont(jm) are only monted as long as the client is ( '; rnning or ntil they are nmonted via mont(jm). If the client goes '-..-/ down, yo will have to re-mont the file system. Do not se mont(jm) if yo listed the file system in /etc/checklist since it will have already been monted. Use the following mont (1M) format for NFS monts. All of the defalt options are activated nless yo specify otherwise. NFS Hard Monts via mont(lm) mont [-o options] server_name:!filesystem /mont_point NFS Soft Monts via mont(lm) U mont -o soft[,other_options] server_name:!filesystem /mont_point EXAMPLES: mont(jm) Manal NFS Monts (_) File System ~ /designs Remote Server CHUCK /sorce '/bleprint Local Client CAROLE I /job ~ Mont Point

125 mont(lm) Example Command mont CHUCK:/sorce/frame /job/art mont -o ro,retrans=8,timeo=3 CHUCK:/sorce/frame /job/art mont -o bg,retry=6,rw,soft CHUCK:/sorce/frame /job/art mont -o noato,noint,nosid CHUCK:/sorce/frame /job/art Reslting Mont Options* Foregrond Hard Mont Interrptable Port = 2049 Read and Write Read Size = 8192 Retransmit = 4 Retry= 1 setid Timeot = 0.7 Write Size = 8192 Note: All of these options are by defalt. Read C>nly Retransmit = 8 Timeot = 0.3 Backgrond Read and Write Retry = 6 Soft Mont No Atomatic Mont No Interrptable Mont No setid!~, I I n mont -o rsize=l024,wsize=l024 CHUCK:/sorce/frame /job/art Read Size = 1024 bytes Write Size = 1024 bytes * All of the defalt options are activated nless yo specify otherwise. The defalt op- r-'\ tions are listed only once for this example. 1\ ) 5-46 NFS Configration

126 3. Reboot System After yo finish the configration procedres, execte /etc/netnfsrc or reboot the servers and clients to activate the daemons and servers. U The rebooting process nmonts all local file systems and directories that were manally monted by the client (i.e., were not atomatically monted by /etc/checklist). 5. Configre YP (optional) If yo plan to se the optional Yell ow Pages (YP) service, refer to the "YP Configration and Maintenance" chapter for detailed configration procedres. 6. Configre VHE (optional) If yo plan to se the optional Virtal Home Environment (VHE) service, refer the the VHE Configration and Maintenance" chapter for detailed configration procedres. 7. Execte /etc/netnfsrc To complete the configration procedre, execte /etc/netnfsrc (or reboot) yor system. Note Yo have completed configring the base NFS service. Refer to the remaining part of the chapter for maintenance information.

127 Maintenance To keep NFS rnning correctly and efficiently, refer to the following sections to ensre it stays configred to meet yor changing needs. n Remove NFS File Access Update Software Clock Skew Remove NFS File Access Yo may need to remove file access to NFS either from the client to keep local sers from accessing monted remote file systems or server to keep all clients from accessing file systems via NFS. Unmont File Systems from Client If needed, yo can nmont file systems on a client. Unmonting file systems prevents frther access to the server's files ntil yo remont the file system. Execting the mont(lm) command nmonts file systems monted either via mont(lm) or /etc/checklist. Yo cannot nmont an open directory or a parent of an open directory (i.e., a directory in which someone is crrently operating). n 5-48 Maintenance

128 If operating in an HP-UX clster environment If a cnode monts a remote file system, any cnode in that clster can nmont the remote file system. If a cnode nmonts a file system, all cnodes in the clster will have that file system nmonted. Unmont File Systems on Clients One NFS file system on a client Action On the client, execte mont. mont mont _point_ name All file systems on one client On the client, execte mont -a. mont -a Note: This command nmonts all file systems, not jst NFS file systems. If operating in an HP-UX clster environment, clients shold not execte mont -a. All NFS file systems on all clients On all clients, execte mont -at. mont -at nfs All file systems listed in /etc/mnttab On all clients, execte mont -h. that were remotely monted from a specified server mont -h server_ name NFS Confi211ration and Maintenance 5-49

129 Prevent Access to Server File Systems If needed, yo can prevent clients from accessing file systems on the network servers. Prevent Access to Server File Systems Action I~ I / One NFS file system from a client 1. Yo have two options for step#l. If a netgrop is specified for that file system in /etc/exports, remove the host name from the netgrop entry in the server's /etc/netgrop file. If a host name is specified for that file system in /etc/exports, remove the host name from the server's /etc/exports file. n 2. On the client, execte mont. mont mont _point_ name One NFS file system from a netgrop 1. On the server, remove the netgrop name (associated with that file system) from either the /etc/exports file or from /etc/netgrop. 2. On all members in the netgrop, exectemont. mont mont_point_name 5-SO Maintenance

130 Prevent Access to Server File Systems Action r \ All NFS file systems from all clients 1. On all clients, execte mont. \_) mont mont _point_ name 2. On the server, yo have two options for step #2. Kill the nfsd(lm) daemon or daemons (sally for); the system prohibits NFS accesses only ntil yo restart the nfsd(lm) daemons or yo reboot the system. ( \ Edit /etc/netnfsrc to change the NFS SERVER= vale to zero, and reboot the system. NFS_SERVER=O NFS Configration and Maintenance 5-51

131 Update Software To install a new system release to a server, se the /etc/pdate program to install software. (Refer to the HP-UX Series 300 System Administrator Manal for detailed instrctions.) irj The following list incldes configration files loaded dring the /etc/pdate process. Some of these files contain example entries to help yo configre them correctly. /etc/checklist /etc/netnfsrc /etc/inetd.conf /etc/rpc /etc/netgrop /sr/adm/inetd.sec Note If yo are monting file systems, then load only those file sets that reside on the local file systems. (j When sing /etc/pdate, the system creates new configration files in the /etc/newconfig directory. These files correspond to the original configration files which the system leaves in /etc. Compare each file in /etc/newconfig with its existing conterpart in /etc to determine if yo need to pdate or replace the file. If needed, edit the /etc/newconfig files to meet yor specific needs. Once the /etc/newconfig file sits yor configration needs, replace the existing file in /etc with the new one in /etc/newconfig. Yo might want to save the old configration file for later reference. n 5-52 Maintenance

132 Clock Skew ( ' \..._,) The NFS client and server clocks may not be synchronized since each workstation keeps its own time. Problems may occr becase of these time differences. If yor application depends on the local time or file system timestamps, then it may have to handle clock skew problems if it ses remote files. For example, when giving time(2) a NULL pointer for the times vale, the following process occrs. ( \ 1. The system sets the access time and modification time according to the client node clock. 2. It then sends these times over to the server, which then changes the inode to reflect the new access and modification times. 3. The server node identifies the change in the inode and ths, modifies the inode's stats change time according to its own clock. V The reslt is a high probability of differing times between the file or directory's access and modification times verss its stats change time. Note HP corrected the clock skew problems that existed with the Is command and the sorce code control command sees. If operating in an HP-UX clster environment, all nodes in the clster have the same time as the root server's clock. Therefore, clock skew problems exist only if the root server's clock is different from other NFS servers ~--.._ I!',.....

133 EXAMPLE: This example shows how a command cold be affected by the clock skew. Problem Most programs logically assme an existing file cold not be created in the ftre; one example is ls. (Note, this example shows how HP corrected this problem.) /~ I / The ls -l has two basic forms of otpt, depending on how old the file is. $ date April 7 15:27:31 PST 1987 $ls-lfile* -rw-r--r-- 1 root other -rw-r--r-- 1 root other Ag file Apr 07 15:26 file2 / Form One ~ Form Two :rj Form One of ls prints the month, day, and year of the last file modification if the file is more than six months old. Form 2 prints the month, day, hor, and minte of the last file modification if the file is less than six months old. The ls command calclates the age of a file by sbtracting the modification time of the file from the crrent time. If the reslts are greater than six months, the file is "old." 5-54 Maintenance

134 (_) Now assme that the time on the server is three mintes ahead of the local node's time (April 7, 15:30:31). The following commands demonstrate the effect of this clock skew prior to HP's correction of the problem. $ date April 7 15:27:31 PST 1987 $ toch f i le3 $ ls -1 file* -rw-r--r-- 1 root other 0 Ag file -rw-r--r-- 1 root other 0 Apr 07 15:26 file2 -rw-r--r-- 1 root other 0 Apr file3 The problem is that the difference of the two times is negative, bt the variable in the comptation is nsigned. A signed negative nmber has the same representation (bit pattern) as a very large nsigned nmber. local node time = 15:27:31 modification time = local node time pls 180 seconds local node time - modification time large nsigned nmber which is greater than six months 15:27:31 - (15:27: ) seconds l)

135 Problem HP corrected the problem so that ls now prints the month, Correction day, and minte for files between six months old and one hor ahead of time. Other applications may also reqire sch modification. '~ I, / $ date April 07 15:27:31 PST 1987 $ toch file3 $ ls -1 file* -rw-r--r-- 1 root other -rw-r--r-- 1 root other -rw-r--r-- 1 root other 0 Ag file 0 Apr 07 15:26 file2 0 Apr 07 15:30 file3 n 5-56 Maintenance

136 Remote Exection Facility (REX) 6 Introdction This chapter describes how to configre and execte commands on a remote host sing the Remote Exection Facility (REX). REX consists of: The on(l) command The rexd(lm) (remote exection daemon) The on command provides the REX ser interface on the client. It also commnicates with rexd to execte commands remotely. rexd rns on the server and facilitates the exection of the remote commands. The fnctionality of REX is similar to that of remote shell (remsh(l)) with two important differences: 1. REX exectes commands in an environment similar to that of the invoking ser. Yor environment is simlated by: Copying all of yor environment variables to the remote compter. Monting the file system containing yor crrent working directory on the remote compter via NFS (if it is not already monted on the remote compter). Yor command is then exected on the remote compter in the remote version of yor working directory, sing yor (the invoking ser's) environment variables. Remote Exection Facility (REX) 6-1

137 2. REX allows yo to execte interactive commands sch as vi. In this case yor crrent tty settings (e.g. yor crrent "break" character) are also copied to the remote system. The on Command The on command provides the ser interface for remote exection of commands. When execting the on command, yo specify: a host on which to rn the remote command the command to rn argments for the command The on command then simlates yor crrent environment on the server by passing yor environment variables and information abot yor crrent working directory to the remote host. The rexd daemon on the server monts the file system that contains yor crrent working directory if it is not already monted on the server. After the environment is simlated, the command exectes in the simlated environment on the remote host. Note Yor environment is simlated on the remote host bt not completely recreated. Exection of a given command on a remote host will not always prodce the same reslts as the execting the command on yor local compter. The simlated environment and the environment's limitations are discssed below in "Environment Simlation." 6-2 The on Command

138 1be syntax of the on command is as follows: on [ -i I -n] [ -d] host [ command [argment ]... ] ( \ \_) Host specifies the name of the host on which to execte command. There mst be an entry for host in the local compters's host data base. Command specifies the command to execte on host. If command is not specified, on will start a shell on host. Yo may specify three options ( -i, -n, -d). The -i option mst be sed when invoking interactive commands, the -n option mst be sed when rnning commands in the backgond with job control, and the -d option is sed when yo wish to receive diagnostic messages. Use of the -d option with either -i or -n is permitted. EXAMPLE: on - i -d host or on -n -d host Yo cannot se the -i and -n options at the same time. EXAMPLE: on -i -n host is not permitted. The -i Option (Interactive Mode) The -i option invokes the interactive mode. This option mst be specified for all interactive commands (commands which expect to be commnicating with a terminal). Examples of interactive commands are vi(l), csh(l), and more(l). If this option is specified with a non-interactive command sch as sort(l), it will be exected as an interactive command, bt there may be no difference in behavior. EXAMPLE: on - i node 7 vi Remote Exection Facility (REX) 6-3

139 The-n Option (No Inpt Mode) The -n option sends the remote program an end-of-file when the program reads from standard inpt instead of connecting the standard inpt (stdin) of the on command to the standard inpt (stdin) of the remote command. The -n option is necessary when rnning commands,!) in the backgrond with job control. The -d Option (Debg Mode) The -d option allows yo to receive diagnostic messages dring the start p of the on command. The messages may be sefl in detecting configration problems if the on command is failing while connecting to a given host. Configration Reqirements The following list details the configration reqirements that mst be met for yo to execte the on command from node A to node B: Yo mst be logged into a ser accont (other than root) on node A. Yo mst have an accont on node B, and the UIDs for the acconts on node A and node B mst be the same. If this is not the case, one of two things will happen: If the UID associated with the ser on node A is not associated with any ser on node B, the on command will fail with the error: on hostname: rexd: User id xxxx is not valid. If yor UID on node A is associated with another ser on node B, then the command will be exected on node B as the ser associated with the UID. (The second case is a serios secrity limitation. More details are given in the "Secrity Considerations" section of this chapter). The file system that contains yor crrent working directory mst be r.~ exported in a manner that allows compter B to mont it. Note that.. ) the crrent working directory may be a directory on another remote compter C, which is being accessed via NFS. If yor crrent working The on Command

140 directory is being accessed via RFA, the on command will fail with the following error message: on: crrent directory (<crrent djr>) is remote via RFA RFA directories not spported by on. crrent_ dir is the path name of yor crrent working directory. Node B mst have rexd configred to execte. Environment Simlation As mentioned above, yor environment is simlated on the remote compter, not mirrored. Therefore, certain limitations exist that may case the exection of a given command to prodce different reslts when exected on the local compter and a remote compter via on. These limitations are as follows: If the file system is not already monted on the remote compter, the file system containing yor crrent working directory will be monted on the remote compter in a sbdirectory of /sr/spool/rexd. If the file system is already monted on the remote compter, the mont point is the crrent mont point for the file system. Therefore, the se of absolte path names can case problems. (U. EXAMPLE: User mjk on node A is in his home directory (/sers/mark/mjk) and exectes the on command to start a shell on a remote system. When the shell is started, the crrent directory will be /sr/spool/rexd/rexdaxxxx/sers/mark/mjk (where A is a letter and XXX is a 4 digit nmber). If mjk now types the command cd, one of two events will occr, depending on the configration of the file system on the remote compter: \ If the path /sers/mark/mjk exists on the remote system, the crrent directory will be /sers/mark/mjk on the remote system, which is not eqivalent to /sers/mark!mjk on the local system. Remote Exection Facility (REX) 6-5

141 If the path /sers/mark/mjk does not exist on the remote system then execting cd will retrn an error. This type of behavior cold case a script that exectes cd or ses absolte file names to prodce different reslts when exected ;~ remotely. 1 Another example where the se of absolte path names may occr, withot being obvios, is the se of $PATH. Implicit se of $PATH may case a different version of a command (or a different command) to be exected in the remote case. Relative path names will work if they are within the same file system as yor crrent working directory. If a relative path name crosses a file system bondary it will enconter problems similar to those presented by se of absolte path names. Finally, the on command will fail if yor crrent working directory is being accessed by RF A. This occrs becase REX is nable to simlate yor environment. In this case, yo will receive the following error message: n on: crrent directory (<crrent_dir>) is remote via RFA RFA directories not spported by on. Configring rexd Configring rexd on a system allows the system to act as a server, execting commands for clients that execte an on command. Before configring rexd to rn on a system, yo shold read the "Secrity Considerations" section in this chapter. When rexd is configred, it is started by inetd(jm) when a reqest for remote exection is made by a client. inetd obtains the information it needs to start rexd from the file /etc/inetd.conf. The following entry ~ mst be in the file /etc/inetd.conf in order for inetd to start rexd: ( ; rpc stream tcp nowait root path \ rpc.rexd [ options ] 6-6 Configring rexd

142 Where: / \ \_) path is the path name of the rexd exectable in the file system. The rexd shipped with the HP NFS prodct is located in /sr/etc/rpc.rexd. options are the options that change the behavior of rexd. Each of the possible options is described below: The -1 option Yo can log any errors reported by rexd to a file by adding -!log _file at the end of the configration entry in /etc/inetd.conf, where log _file is the name of the file where errors are logged. If log_file exists, rexd appends messages to the file. If logjile does not exist, rexd creates it. Messages are not logged if the -l option is not specified. The information logged to the file incldes the date and time of the error, the host name, process ID and name of the fnction generating the error, and the error message. Note that different RPC services can share a single log file since enogh information is inclded to niqely identify each error. EXAMPLE: Ths, the entry in /etc/inetd.conf to log errors to the file /sr/adm/rexd.log is: rpc stream tcp nowait root /sr/etc/rpc.rexd \ rpc.rexd -1 /sr/adm/rexd. log The -m option Specifying -m montpoint changes the defalt directory containing mont points. This directory is sed for monting client file systems. The following entry in /etc/inetd.conf cases client file systems to be monted as /client/mnt/rexdaxxxx instead of /sr/spool/rexd/rexdaxxxx (where A is a letter and.xxx.::r is a 4 digit nmber): rpc stream tcp nowait root /sr/etc/rpc.rexd \ rpc.rexd -m /client/mnt Remote Exection Facility (REX) 6-7

143 The owner, grop, and all other sers mst have read and execte permission for montpoint or an on command may fail for a ser that does not have the proper permission to montpoint. The -r option ~) The -r option cases the rexd to se stronger secrity checking than it ses by defalt (see "Secrity Considerations"). When started with the - r option, rexd denies access to a client nless one of the following conditions is met: The name of the client is in the /etc/hosts.eqiv file on the server. The ser on the server, associated with the UID sent by the client, has an entry in $HOME/.rhosts that specifies the client name followed by: white space and an end of line or the ser's name and an end of line. EXAMPLE: If a ser assigned to UID 7 on NODEl exectes the following on(l) command, on NODE2 pwd n \ " then ser mjk (assming ser mjk on NODE2 is assigned UID 7) on NODE2 mst have one of the following entries in $HOME/.rhosts. NODE I NODE! mjk 6-8 Configring rexd

144 ( \ Secrity Considerations The design and implementation of REX incorporates several secrity limitations that yo shold consider before configring rexd. ~) R( EX) restricts access to a system by se of UIDs. That is, the client on passes the invoking ser's UID to the server (rexd) to determine if the invoking ser is a valid ser. This creates several secrity limitations: If the client and the server do not have the same mapping of ser to UIDs, a ser on a client may be able to access the server as some other ser. A malicios ser can set the desired UID in the otgoing packets and access the server as any of the server's valid sers other than root. An individal with their own workstation can set p a ser accont with the desired UID. The impact on system secrity can be redced by sing the file /sr/adm/inetd.sec. The entries in this file specify a set of networks and hosts that are allowed or denied access to a service that is started by inetd. For more details on the se of /sr/adm/inetd.sec see the inetd.sec(4) reference page. The conseqences can also be redced by se of the -r option when starting rexd. See the previos section, "Configring rexd," for more details abot the -r option. Under normal NFS se, only root is allowed to mont remote file systems. However, when rexd is in se, yo can mont a file system on the server by execting the following instrctions: 1. cd to a directory in the file system yo wish to mont. yo wish to mont the file system. 2. Execte the on command to start a shell on the compter on which 3. From another window, shell layer, or system, log into the server and cd to a directory in the file system that rexd monted. Remote Exection Facility (REX) 6-9

145 4. Switch back to the previos window, shell layer, or system and exit the shell created by the on command. Since another ser is bsy in the monted file system, rexd will be nable to nmont the file system. Hence, the ser has monted the file r} system. r) () 6-10 Secrity Considerations

146 Diagnostics / ' \ \,.. / The on Command Error Messages on: nknown host <host> The host name <host> was not fond in the hosts database. on: cannot connect to server on <host> The host <host> is down, nreachable on the network or not rnning rexd(jm). on: can't find <crrent dir> A problem occrred trying to find yor crrent working directory ( <crrent_dir> ). on: can't locate mont point for <crrent_dir> A problem occred trying to determine the mont point of yor crrent working directory (<crrent_ dir > ). on: standard inpt (stdin) is not a tty The standard inpt (stdin) of the on command with the -i option is not a tty. on: crrent directory (<crrent dir>) is remote via RFA RFA directories not spported by on. Yor crrent working directory ( <crrent_dir>) is being accessed from a remote host via RFA, an HP networking prodct. Use of on from a directory accessed in this manner is not spported. Remote Exection Facility (REX) 6-11

147 on <server>: rexd: <message> Errors which occr on the server <server> and are propagated back to the client. These messages are docmented in the "DIAGNOS TICS" section of rexd(lm) fond in the NFS Services Reference Pages. r) rexd Error Messages The following is a sbset of the messages that may appear in the log file if the -l option is sed. Some of these messages are also retrned to the client. rexd: cold not mont <dir> rexd was nable to mont(2) yor crrent working file system. See rexd(lm) in the NFS Services Reference Pages for more details. rexd: montdir (<montdir>) is not a directory The path name < montdir >, nder which temporary mont points are created, is not a directory or does not exist. () / rexd: <command>: Command not fond rexd cold not find < command>. rexd: <command>: Permission denied rexd was denied permission to execte < command >. rexd: <command>: Text file bsy The exectable file is crrently open for writing. rexd: <command>: Can't execte rexd was nable to execte <command>.!r; 6-12 Diagnostics

148 rexd: root exection not allowed Root exection is not allowed by rexd. (.. "'-..J rexd: User ID <UID> not valid The UID < UID > is not assigned to a ser on the server. rexd: User id <UID> denied access rexd was started with the -r option, and the remote exection reqest did not meet either of the conditions reqired by the -r option. rexd: <host> is not rnning montd The host <host> on which the ser's crrent working directory is located is not rnning montd(jm). Therefore, rexd is nable to mont the reqired file system. rexd: not in export list for <file system> The host on which the client's crrent working directory is located does not have the server on the export list for the file system <file_system > containing the client's crrent working directory. Therefore, rexd is nable to mont the reqired file system. Remote Exection Facility (REX) 6-13

149 Remote Exection Facility (REX) 6-14

150 The Network Lock Manager 7 Introdction This chapter explains file and record locking sing the Network Lock Manager and the Network Stats Monitor. It also explains how file locking is sed to synchronize access to shared files. File and record locking allows cooperating processes to synchronize access to shared files. Yo interface with the networking service by way of the standard lockf() system call interface, and rarely reqire any detailed knowledge of how it works. The operating system maps ser calls to lockf() andfcntl() into Remote Procedre Call (RPC)-based messages to the local lock manager. The fact that the file system may be located on a different node is not really a complication-ntil a failre occrs. All compters fail or simply sht down from time-to-time, and in an NFS environment, where mltiple compters can have access to the same file at the same time, the process of recovering from a failre is necessarily more complex than in a non-network environment. Frthermore, locking is inherently statefl. If a server fails, clients with locked files mst be able to recover their locks. If a client fails, the locks will be released when the client comes back p. To preserve the overall transparency of NFS, the recovery of lost locks mst not reqire the intervention of the applications themselves. This is accomplished as follows: Basic file access operations, sch as read and write, se a stateless protocol (the NFS protocol). All interactions between NFS servers and clients are atomic-the server doesn't remember anything abot its clients from one interaction to the next. In the case of a server The Network Lock Manager 7-1

151 failre, client applications will sleep ntil the server recovers and NFS operations can complete. Statefl services (those that reqire the server to maintain client information from one transaction to the next) sch as the locking :,), service, are not part of NFS. They are separate services that se the stats monitor (see "The Network Stats Monitor" section at the end of this chapter) to ensre that their implicit network state information remains consistent with the real state of the network. There are two specific state-related problems involved in providing locking in a network context: If the client has failed, the lock can be held forever by the server. If the server has failed, it loses its state (inclding all its lock information) when it recovers. The Network Lock Manager solves both of these problems by cooperating with the Network Stats Monitor to ensre that it is notified of relevant compter failres. The Lock Manager protocol then allows it to recover the lock information it needs when a compter recovers from a failre. n ' " 7-2 Introdction

152 The following illstration depicts the overall strctre of the network locking service. (_) ~---~oc~l~v!piications Compter A l \ lock reqests I j I I I I I I I I I! I I I I i NFSFiles i i RPCLock, " i Reqests ' ' i Stats,----~-----, 1 Messages stats monitor 1 reqest l I I t j I I I! I I I I I I I I CompterB lock manager stats monitor i ' ' l I.. Architectre of the Network Locking Service At each server site, a lock manager process accepts lock reqests, made on behalf of client processes by a remote lock manager, or on behalf of local processes by the kernel. The client and server lock managers commnicate with RPC calls. When the lock manager receives a remote lock reqest for a compter that it doesn't hold a lock for, the lock manager registers interest in that compter with the local stats monitor. The lock manager then waits for notification from the local stats monitor that the compter is p. The local stats monitor contines to watch the stats of registered compters, and notifies the lock manager when one of them is rebooted (after a failre). If the lock reqest is for a local file, the lock manager tries to satisfy it, and commnicates back to the application along the appropriate RPC path. If the failre of a client is detected, the server releases the failed client's locks, on the assmption that the client application will reqest locks again as needed. If the recovery (and, by implication, the failre) of a server is detected, the client lock manager retransmits all lock reqests previosly granted by the recovered server. This retransmitted The Network Lock Manager 7-3

153 information is sed by the server to reconstrct its locking state. See the "Locking Protocol" section for more detail. The locking service, then, is essentially stateless. Or to be more precise, its state information is careflly circmscribed within a pair of system i~ daemons that are set p for atomatic application-transparent failre ) recovery. If a server fails, and ths loses its state, it expects that its clients will be notified of the failre and send it the information that it needs to reconstrct its state. The key in this approach is the stats monitor, which the lock manager ses to detect both client and server failres. Note Recovery cannot occr ntil the remote system is rebooted. The Locking Protocol 11'1 \ / The lock style implemented by the HP-UX network lock manager spports deadlock detection on a per-server basis only (see the lockf(2) andfcnt/(2) reference pages for details). Despite network lock manager's adherence to the lockf() I JentZ() semantics, a few sbtle points abot its behavior need to be mentioned. They are: When an NFS client goes down and comes back p, the lock managers on all servers are notified by their stats monitors, and the lockds release their locks, on the assmption that the lock managers will reqest locks again when they want them. When a server fails, however, the clients wait for the server to come back p. When it does, the server's lock manager gives the client lock managers a grace period to sbmit lock reclaim reqests. Dring this period the server's lock manager accepts only reclaim reqests from remote lock managers. The client stats monitors notify their respective lock 7-4 The Locking Protocol

154 managers when the server recovers. The defalt grace period is 50 seconds. It is possible that, after a server failre, a client may not be able to recover a lock that it had on a file on that server. This can happen becase another process may have accessed the lock before the recovering application process. In this case, the SIGLOST signal will be sent to the process (the defalt action for this signal is to kill the application). The local lock manager does not reply to the operating system's lock reqest ntil the server lock manager has acknowledged the local lock manager's reqest. Frther, if the lock reqest is on a server new to the local lock manager, the lock manager registers its interest in that server with the local stats monitor and waits for its reply. If either the stats monitor or the server's lock manager are navailable, the reply to a lock reqest for remote data is delayed ntil the server becomes available. Only advisory mode locking is spported. Enforcement mode is not spported for NFS files. The Network Stats Monitor The Network Lock Manager relies heavily on the Network Stats Monitor to maintain the inherently statefllocking service within the stateless NFS environment. However the stats monitor can also be sed to spport other kinds of statefl network services and applications. Normally, failre recovery is one of the most difficlt aspects of network application development, and reqires a major design and installation effort. The stats monitor simplifies this task. (:_) The stats monitor works by providing a general framework for collecting network stats information. Implemented as a daemon that rns on all network compters, it ses a simple protocol that allows applications to monitor the stats of other compters. Its se improves overall robstness, and avoids sitations in which applications rnning on different compters (or even on the same compter) disagree abot the The Network Lock Manager 7-5

155 stats of a site-a potentially dangeros sitation that can lead to inconsistencies in many applications. Applications that se the stats monitor do so by registering the compters they are interested in. The stats monitor then tracks the stats ~ of those compters, and when one of them fails it notifies the inter- i J ested applications of the failre, and the applications may take whatever actions are necessary to reestablish a consistent state. A few advantages of this approach are: Only applications that se statefl services mst pay the overhead-in time and in size-of dealing with the stats monitor. The implementation of statefl network applications is simplified, since the stats monitor shields application developers from the complexity of the network. n / 7-6 The Network Stats Monitor

156 YP Configration and Maintenance 8 The Yellow Pages (YP) is an optional, distribted network lookp service that allows yo to administer databases from one node on the network. With YP yo can maintain a single set of ser and grop IDs for all nodes within a specified set (YP domain). For specific YP information, refer to the following sections. KeyTerms Verify YP YP Databases Disable YP YP Commands YP Maintenance YP Configration Refer to ypfiles(4) for a complete explanation of the YP database and directory strctre. If yo do not have YP administrative responsibilities, refer to the"common Commands" chapter for general YP sage information. Note For this chapter only, all references to servers and clients are YP specific. YP Configration and Maintenance 8-1

157 Key Terms Bind Process by which a client locates and directs all reqests for data to a specific server. I~ Process of establishing the address of a socket that allows other sockets to connect to it or to send data to it. Clster One or more workstations linked together with a local area network (LAN), bt consisting of only one file system. Cnode Diskless Cnode One or more workstations linked together with a local area network (LAN), bt consisting of only one file system. A node in an HP-UX clster that ses networking capabilities to share file systems, bt does not have a file system physically attached. r) Escape Seqence (YP) Export Characters sed within files to force inclsion and exclsion of data from YP databases. The escape seqences are as follows. +(pls) - (mins) _name -@netgrop_name To make a file system available to remote nodes via NFS. ~\ ' ) 8-2 KeyTerms

158 \.._) I \ File System An entire nit (disk) that has a fixed size. GID A vale that identifies a grop in HP-UX. Global (YP) A means of access in which the system always reads YP maps rather than the local ASCII files. Host Internet Address Key (YP) A node that has primary fnctions other than switching data for the network. A for-byte qantity that is distinct from a link-level address and is the network address of a compter node. This address identifies both the specific network and the specific host on the network. A string of characters (no imbedded blanks or tabs) that indexes the vales within a map so the system can easily retrieve information. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. Local (YP) A means of access in which the system first reads the local ASCII file. If it enconters an escape seqence, it then accesses the YP databases. YP Configration and Maintenance 8-3

159 Map (YP) A file consisting of logical records; a search key and related vale form each record. YP clients can reqest the vale associated with any key within a map. YP map is synonymos with YP database. :) Master The node on which one or more YP maps are con- Server (YP) strcted from ASCII files. These maps are then copied to the YP slave servers for the YP clients to access. Netgrop Node Propagate Root Server A network-wide grop of nodes and sers defined in /etc/netgrop. A compter system that is attached to or is part of a compter network. To copy maps (data) from one YP server to another. The only node in an HP-UX clster that has file systems physically attached to it. Slave A node that copies YP maps from the YP master server Server (YP) and then provides YP clients access to these maps. (j UID Vale (YP) A vale that identifies a ser in HP-UX. A nit of information stored in YP maps; each vale has a corresponding key (index) so the system can easily retrieve it. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. n 8-4 Key Terms

160 ( \ '. ) Yellow Pages (YP) An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. YP may or may not be active; check with yor system administrator. YP Client A node that reqests data or services from YP servers. A YP process that reqests other YP processes to performoperations. yp Database Note: A YP client can also be configred as any combination of a YP server, NFS client, or NFS server. (Note, a YP server mst also be configred as a YP client.) See "Map (YP)." YP Domain A logical groping of YP maps (databases) stored in one location. YP domains are specific to the YP network service and are not associated with other network domains. YP Map yp Password See "Map (YP)." The password for a ser's login ID that exists in the YP passwd map. The YP password is the same one as the ser password, bt is administered throgh the YP. Yo do not have to have a YP password to access the YP databases. YP Configration and Maintenance 8-5

161 yp Server A node that provides data (maps) or services to other nodes (YP clients) on the network sing YP. A YP process that performs operations as reqested by other YP processes. Note: A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. n n 8-6 Key Terms

162 (_j YP Databases The ypmake(lm) script creates the standard YP databases from the following ASCII files. Yo can also create additional YP databases. (Refer to ypfiles(4).) /etc/grop /etc/hosts /etc/netgrop /etc/networks /etc/passwd /etc/protocols /etc/rpc /etc/services Other maps may be present, like ethers and mail.aliases, that may be sed by other vendors or applications. Note If the /sr/etc/yp directory is part of a file system that spports only short file names ( 14 characters maximm), then any maps yo create can have only 10 characters. This restriction exists becase the makedbm(lm) command atomatically adds the.dir and.pag sffixes to each map name. Refer to the HP UX System Administrator Manal for more information. ( \ v YP Configration and Maintenance 8-7

163 Local and Global Maps Clients access the above ASCII files and their corresponding YP maps in one of two ways, depending on whether the YP maps are local or global. ~~. / A map is local if the system first accesses the local ASCII file. If the file contains an escape seqence, the system then accesses the YP database. A map is global if the system accesses only the YP database (never accesses the local ASCII file). If a node is not a client, the system accesses only the local ASCII files for information. C) 8-8 YP Databases

164 YPMaEs Type Access c /etc/grop Local If a + (pls) entry exists at /etc/passwd the beginning of a line, the system retrieves data from the corresponding YP map; otherwise, the YP maps are nsed. Occrrences of _name and -@netgrop _name at the beginning of a line case the system to reference YP. passwd(4) for complete infor (Refer to grop(4) and mation regarding these escape seqences.) /etc/hosts Global The system conslts only the /etc/netgrop/ YP for data. If YP is not rn- /etc/networks ning, it looks at the local /etc/protocols ASCII files. /etc/rpc /etc/services YP Configration and Maintenance 8-9

165 Note If sing YP to provide the information stored in the standard maps' ASCII files, yo mst relink any applications that read data from those files. This relinking ensres the files can obtain data from the YP maps. If yo do not relink the applications, they will access only the local files. If the local files are not as crrent as the YP maps, the applications may not work correctly. (~ / Escape Seqences Escape seqences are characters sed within a file at the beginning of a line to force inclsion and exclsion of data from YP databases. (Refer to the following reference pages: passwd(4), hosts(4), netgrop(4), host.eqiv(4), and grop(4).) The escape seqences are as follows. () / +(pls) - (mins) _name -@netgrop _name n 8-10 YP Databases

166 I t. ~ Escape Seqence + (pls) - (mins) _name Description Use + (pls) in /etc/passwd and /etc/grop to retrieve one or more entries from the YP passwd and grop maps, respectively. The pls designates specific entries to be retrieved from YP. Use- (mins) in /etc/passwd and /etc/grop to ignore any sbseqent entries with the same name. This process hides the matching names occrring in the YP passwd and grop maps, respectively. Therefore, it disallows access to particlar entries. Use in /etc/passwd to insert the matching entries from the YP passwd map for all members of a network grop. For ARPA Services Use in /etc/hosts.eqiv and $HOME/.rhosts to inclde a network grop's entries in their lists of allowed sers. Use -@netgrop_name in /etc/passwd to disallow the matching entries from the YP passwd map for all members of a network grop. For ARPA Services Use -@netgrop _name in /etc/hosts.eqiv and $HOME/.rhosts to exclde a network grop's entries from their lists of allowed sers. YP Configration and Maintenance 8-11

167 Netgrops Netgrops are network-wide grops of nodes and sers defined in /etc/netgrop on the master server. Use these grops for permission checking dring login and remote mont. For ARPA Services, yo can also se these grops for permission checking dring remote login (rlogin(l)) and remote shell exection (remsh(l)). The master server ses /etc/netgrop to generate three YP maps in the /sr/etc/yp/domain_name directory: netgrop, netgrop.byser, and netgrop.byhost. The netgrop map contains basic information fond in /etc/netgrop. The other two maps contain more specific information to accelerate the lookp of netgrops given the ser or host. The programs conslting the YP netgrop maps inclde login(l), montd(lm), rlogin(l), and remsh(l). (~ Program login(l) montd(l M) rlogin(l) remsh(l) Description Conslts the maps to resolve netgrop names in /etc/passwd Conslts the maps to resolve netgrop names in /etc/exports For ARPA Services Conslts the netgrop map if netgrop names are in /etc/hosts.eqiv or $HOME/.rhosts n 8-12 YP Databases

168 To limit access to file systems, edit /etc/exports to inclde the appropriate netgrop names. Then define the netgrop in /etc/netgrop sing the following format. (Refer to exports(4) and netgrop(4).) The entry may contain any nmber of netgrop names, ~ netgrop _name 1 net grop_ name2 net grop_ name3... netgrop_namel member] member2... thogh yo mst then define these netgrops within /etc/netgrop The member n is eqal to the triple (host_ name, ser_ name, yp _domain_ name) The entry may contain any nmber of netgrop names, thogh yo mst then define these netgrops within /etc/netgrop. Yo can assign more than one triple to a netgrop by enclosing each separate set within parentheses (host_ name, ser_ name, yp _domain_ name). Leave any of these three fields empty to signify a wild card (i.e., blank fields match anything). For example, (,research) matches all hosts and sers in the research YP domain. A - (dash) in any of these three fields means match nothing. For example, (-,mike,graphs) does not match any hosts, bt it does match the ser mike in the graphs YP domain YP Databases

169 Each host_name mst have an entry in /etc/hosts. (See hosts(4).) The yp _domain_ name is the name of the YP domain to which yo crrently belong. The commands sing /etc/netgrop assme yo are not looking for any YP domain other than the one assigned on yor node. (To list yor crrent YP domain name, execte the domainname(l) command.),f) ' ) n 8-14 YP Databases

170 EXAMPLE: The following example is a sample /etc/netgrop file. (Refer to netgrop(4) for a complete file format description and a definition of lines and fields.) # # Engineering: Everyone, bt mike, has a node. #The node 'testing' does not have any sers associated with it. # engineering hardware software hardware (mercry,jeff,mickie) (vens,dave,mickie) (testing,-,mickie) software (earth,carole,mickie) (mars,darren,mickie) (-,mike,mickie) # #Marketing: Time-sharing on plto # marketing (plto,andy,mickie) (plto,cristina,mickie) (plto,chck,mickie) # # Others # allsers (-,,mickie) allhosts (,-,mickie) YP Configration and Maintenance 8-15

171 The YP domain name for all the example netgrops is mickie. The sers and hosts are classified into netgrops as follows. Netgrop Users Hosts hardware jeff, dave mercry, vens, testing software carole, darren, mike earth, mars engineering jeff, dave, carole, mercry, vens, earth, mars, darren, mike testing marketing andy, cristina, chck plto all sers every ser in the no hosts YP passwd map allhosts no sers all hosts in the YP hosts map Files Related to VP For ARPA Services (j The files /etc/hosts.eqiv and $HOME/.rhosts are not in the YP system; however, they are related to YP. If these files contain a pls (+)or mins (-) entry with the the system conslts the YP netgrop map for data. (Refer to netgrop(4) and hosts.eqiv(4)). For example, a line consisting of +@engineering in /etc/hosts.eqiv will inclde all members of engineering as defined in the local file /etc/netgrop or in the YP database. A line consisting only of a pls ( +) allows access to all hosts. n The same holds tre for $HOME/.rhosts. Also, in /$HOME/.rhosts, a host name followed by a pls ( +) means any ser coming from that host name will be allowed to access this accont throgh rlogin(l) or remsh(l). (See hosts.eqiv(4).) 8-16 YP Databases

172 U YP Commands Refer to the following table for a brief description of all YP commands. Refer to the "Common Commands" chapter for a more detailed description of the YP commands yo might want to se on a daily basis (i.e., those YP commands that do not reqire sper-ser access). YP Commands Description domainname(l) Use domainname(l) to determine or change a YP domain name. 0 (. makedbm(jm) Note: Use this version of makedbm(jm) only with YP. A tool for bilding YP maps. Use makedbm(jm) to bild or rebild databases not bilt by /sr/etc/yp/ypmake. Use makedbm(jm) to disassemble a map so that yo can see the key-vale pairs comprising it. ypbind(jm) Used by each client to determine to which server it shold bind. Note: This entry exists in the NFS SeJVices Reference Pages as ypselv(lm); it exists online as ypbind(jm). ypcat(l) Lists the contents of a YP map. YP Configration and Maintenance 8-17

173 YP Commands Description ypinit(lm) On YP master servers, ypinit(lm) constrcts maps n from /etc files. I On YP slave servers, ypinit(lm) copies the initial map versions from the master server. ypmake(lm) ypmatch(l) yppasswd(l) yppasswdd(lm) yppoll(lm) A script, initially called by ypinit(lm), that bilds standard YP maps from ASCII files. These files are sally in /etc: passwd, hosts, grop, netgrop, networks, protocols, rpc, and services. Prints the vale for one or more specified keys in a YPmap. Changes the password for yor crrent login ID in the YP passwd map. (Yo do not have to have a YP password to access the YP databases.) A server, rnning only on the master server, that permits sers to change their password in the YP password map. Asks any ypserv(lm) for the information it holds abot a single map. n n 8-18 YP Commands

174 YP Commands yppsh(lm) Description Used by the master server to administer a rnning YP system. The yppsh(lm) command cases a YP map to be copied (singypxfr(lm)) from the maps' master server to each slave server in the YP domain. ypsetv(lm) Provides access to data stored in YP maps on servers. If operating in an HP-UX clster environment, ypsetv(lm) shold be rnning on the root server. ypset(lm) ypwhich(l) ypxfr(lm) Tells the local ypbind(lm) process to obtain YP services for a YP domain from a specific server. Tells yo which server a node is crrently sing or which server is master of a specified map. Transfers a YP map from one server to another. Rnypxfr(lM) one of three ways: yppsh(lm) periodically, ypxfr(lm) interactively, or via cron(lm) periodically. YP Configration and Maintenance 8-19

175 YP Configration Refer to the following checklist for YP configration steps. 1. Create a YP Master Server.~! J 2. Create a YP Client 3. Create a YP Slave Server 4. Propagate the YP Maps Before Configring VP Compare /etc/newconfig Files to Existing Files When yo installed the NFS services software, several new files were copied into the /etc/newconfig directory. Perform the following steps to prepare to configre YP. 1. Compare each /etc/newconfig file listed below with its conterpart shown in the following list. n File in /etc/newconfig Conterpart in /sr/etc/yp directory directory ypinit ypinit yp _ Makefile Makefile ypmake ypmake ypxfr _lperday ypxfr _lperday ypxfr _lperhor ypxfr _lperhor ypxfr _ 2perday ypxfr _ 2perday n 8-20 YP Configration

176 2. If the files are the same, skip to the next section, "1. Create a YP Master Server." U 3. If yo have previosly cstomized the files that exist in the /sr/etc/yp OR directory, or if the files are from an older release of the software, they will differ from files in /etc/newconfig. If there are differences, copy the crrent files in /sr/etc/yp to a safe location and do one of the following: change the versions in /sr/etc/yp to reflect the differences in the files in /etc/newconfig. copy the files in /etc/newconfig to /sr/etc/yp. Then re-cstomize the files in /sr/etc/yp if necessary. YP Configration and Maintenance 8-21

177 1. Create a VP Master Server Yo mst be sper-ser to create a YP master server (i.e., to bild the YP master databases). Yo shold also be in a single ser state of operation.,0, ' I A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. Before Creating a YP Master Server Perform the following steps before creating yor master server. 1. Ensre /etc files are complete and crrent: passwd, hosts, grop, networks, protocols, rpc, and services. (Refer to the NFS Services Reference Pages.) 2. If yo know the correct configration, create the /etc/netgrop file. (Refer to netgrop(4).) Note The YP maps store only the first occrrence if a dplicate ser name or dplicate ser ID exists in /etc/passwd or a dplicate internet address or dplicate host name exists in/etc/hosts. Secrity If yo want to restrict access to the master server to a smaller set of sers than defined by the complete /etc/passwd file, perform the following steps. 1. Copy the entire /etc/passwd file to a different file (e.g., /etc/passwd.yp ). () / 8-22 YP Configration

178 2. Delete ndesired sers from the original /etc/passwd file. To prevent all entries in the YP passwd map from being able to log in, this, \ smaller file shold not inclde the following line. \_) +: :0:0::: 3. Edit /sr/etc/yp/ypinit as follows. Change: PWFILE=/etc/passwd To: PWFILE=/etc/passwd.yp 4. Edit /etc/netnfsrc as follows. Change: /sr/etc/rpc.yppasswdd /etc/passwd -m passwd PWFILE=/etc/passwd To: /sr/etc/rpc.yppasswdd /etc/passwd.yp -m passwd PWFILE=/etc/passwd.yp 5. If yo have rpc.yppasswdd rnning, kill and restart it. /sr/etc/rpc.yppasswdd /etc/passwd.yp -m passwd PWFILE=/etc/passwd.yp If in the ftre yo need to rnypmake(lm) and yo have restricted access to the master server as jst described, enter the following line. /sr/etc/yp/ypmake passwd PWFILE=/etc/passwd.yp Creating a VP Master Server Refer to the following steps to create yor master server. If operating in an HP-UX clster environment, HP recommends that the root server be the master server. 1. Set the YP domain name sing the domainname(l) command. This YP domain name mst be the same one sed for all clients and servers within this YP domain. doma i nname YP _domain_ name YP Configration and Maintenance 8-23

179 2. Execte ypinit(jm) with the-m parameter. /sr/etc/yp/ypinit -m 3. The system asks whether yo want the procedre to qit at the first non-fatal error. Yo may want to answer "no" since yo can later correct the errors. a. Respond no or n for ypinit(jm) to contine regardless of the errors. After the procedre finishes, correct all errors that occrred. b. Respond yes or y for ypinit(jm) to qit at the first error. Correct each error as it occrs. This procedre takes longer since yo have to correct the errors one by one and rnypinit(lm) ntil no more errors occr. ~~ i ) 4. The ypinit(jm) script prompts yo for a list of hosts that will become servers. Note: if yo want this node to serve a YP domain that is different from the one set by the domainname(l) command, se the r---.. DOM = parameter inypinit(jm). (For details, refer to ypinit(lm).) I, ) Note Yo may save time and work later by adding other hosts now that yo expect to have as slave servers. Do not, however, add every host on the network becase when the master server pdates the databases, it wold try to copy its databases to every host. Starting the YP Master Server Yo shold edit /etc/netnfsrc to atomatically start the master server at n boot time. yo can also manally start it now YP Configration

180 Manally Starting YP Master Server 1. If yo have not already done so, set the YP domain name sing the domainname(l) command. This YP domain name mst be the same one sed for all clients and servers within this YP domain. doma i nname YP _domain_ name 2. Execte ypserv( JM). /sr/etc/ypserv Note: If operating in an HP-UX clster environment, start ypserv( 1M) only on the root server, and startypbind(jm) on every cnode. 3. Execte ypbind(jm). /etc/ypbind Atomatically Starting YP Master Server (at Boot Time) Edit /etc/netnfsrc to perform the following actions. Note: A zero in the YP CLIENT, YP_MASTER_SERVER, or YP SLAVE SERVER field disables the node from working as a client, master server, or slave server respectively. Set YPDOMAINto the YP domain name. YPDOMAIN!' _domain_!wme Yo will need to se this same YP domain name for all clients and servers within this YP domain. Set YP MASTER SERVER to a vale other than zero. Changing this variable permits sers to change their YP password. YP_MASTER_SERVER=l Set the YP SLAVE SERVER to zero to disable the node -as a slave server. YP_SLAVE_SERVER=O Set YP CLIENT to a vale other than zero-:- YP _CLIENT=! / '. I ' YP Configration and Maintenance 8-25

181 2. Create a YP Client Yo mst be sper-ser to create a YP client. A YP client can also be configred as an NFS client, NFS server or both. All YP servers mst also be configred as YP clients. (~ J Before Creating a YP Client 1. For the client yo intend to create, determine a YP domain on yor network. 2. Ensre that a server is available in the YP domain in which the client will exist (i.e., YP databases exist and ypserv(lm) is rnning). (Refer to the "1. Create a YP Master Server" section.) If a server is not availabe in the same YP domain as the client, sers will be nable to log into the client. Creating a YP Client To ensre nodes access the YP databases, abbreviate or eliminate the following files which traditionally store the information. (For sggested modifications, refer to the following "Altering a Client's Files" section.) \r) Note Do not abbreviate or eliminate these files if the client is also the master server. /etc/grop /etc/passwd /etc/hosts /etc/protocols /etc/netgrop /etc/rpc :r) /etc/networks /etc/services 8-26 YP Configration

182 Altering a Client's Files The following table provides sggestions for altering the client files. Client File /etc/grop Sggested Modification Yo may want to redce /etc/grop to a single line containing a pls (+)followed by a colon(:). This line forces all translations of grop names and grop IDs to occr via the YP service. +: /etc/hosts Ensre /etc/hosts contains an entry for the local host name. The system accesses these entries when the YP service is not yet available. After the ypbind(jm) process is rnning, the system never accesses /etc/hosts. EXAMPLE: Sample YP client's /etc/hosts entry local_host #Byron W. Donnell /etc/netgrop /etc/networks /etc/protocols /etc/services Move these files to backp names. YP Configration and Maintenance 8-27

183 Client File Sggested Modification /etc/hosts.eqiv The system first accesses /etc/hosts.eqiv directly. If r) For ARPA a or -@netgrop entry exists, the sys- Services tern accesses the YP netgrop map. Note, sing netgrop redces rlogin(l) and remsh(l) problems that occr becase different /etc/hosts.eqiv files exist on different nodes. For more control over logins, edit /etc/hosts.eqiv as follows. l.enter either a pls ( +) or (-) to enable or disable login, respectively. 2.Enter the at (@) character. n 3.Enter the netgrop _name as defined in the global netgrop database. EXAMPLE: +@netgropl_nar.ne (trsted) +@netgrop2 _ nar.ne (trsted) -@netgrop3_nar.ne (distrsted) $HOME/.rhosts The system first accesses $HOME/.rhosts directly. For ARPA If a or -@netgrop entry exists, the Services system accesses the YP netgrop map. (Refer to the above /etc/hosts.eqiv example.) Since the sper-ser's $HOME/.rhosts controls remote sper-ser access to the local node, HP recommends restricted access. To restrict access, either make the list of trsted hosts explicit or se netgrop names. c) 8-28 YP Configration

184 / \ \. ) Client File /etc/passwd Sggested Modification Ensre /etc/passwd contains entries for the root ser, entries for the primary sers, and an escape entry to se the YP service. Entries in the local /etc/passwd file mask identical name entries in the YP passwd maps. Delete all other names and enter + ::0:0::: as the last line. This line cases library rotines looking for a particlar entry to search the YP database. +: :0:0::: EXAMPLES: Sample entries in /etc/passwd +ap::: :Dave Hamil:/sr2/ap:/bin/csh The system plls an entry for ap from the YP passwd map becase of the + (pls) escape character. It obtains the UID, GID, and password from the YP and obtains the comment field, home directory, and defalt shell from the /etc/passwd entry. If no entry for ap exists in the YP, the system reacts as thogh no entry for ap exists anywhere. ap: :140:100:Mike Donn:/sr2/ap:/bin/csh Since the pls ( +) escape character is not present, the system does not access YP. User ap has no password. YP Configration and Maintenance 8-29

185 Client File /etc/passwd Sggested Modification EXAMPLES: Sample entries in /etc/passwd +ap: The system obtains all information from the YP passwd map for ser ap. ~~ r } +: :0:0::: The system obtains all information from the YP passwd map for all sers not already encontered YP Configration

186 Starting the YP Client / \ \_) Yo shold edit /etc/netnfsrc to atomatically start the client at boot time. Yo can also manally start it now. Manally Starting YP Client Atomatically Starting YP Client (at Boot Time) 1. If yo have not already done so, set the YP domain name sing the domainname(l) command. This YP domain name mst be the same one sed for all clients and servers within this YP domain. doma i nname YP _domain_ name 2.Execte ypbind(jm). /etc/ypbind Edit /etc/netnfsrc to perform the following actions. Set YPDOMAIN to the same YP domain name sed on all clients and servers within this YP domain. YPDOMAIN=YP domain name - - Set YP CLIENT to a vale other than zero. YP _CLIENT=l Note: A zero in the YP_CLIENT field disables the node from working as a YP client. Note If yo want the node to be a server also, refer to either the "1. Create a YP Master Server" or "3. Create a YP Slave Server" section for complete instrctions. YP Configration and Maintenance 8-31

187 3. Create a YP Slave Server Yo mst be sper-ser to create a YP slave server. Yo may want to create slave servers to improve the reliability of yor system. A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. Before Creating a YP Slave Server Before creating a slave server, ensre the master server exists (see "1. Create a YP Master Server" section) and ypsejv(lm) is rnning on the master server. (') n ' / 8-32 YP Configration

188 Creating a VP Slave Server Refer to the following steps to create a slave server. ( ' 0 1. Set the YP domain name sing the domainname(l) command. This YP domain name mst be the same one sed for all clients and servers within this YP domain. doma i nname YP _domain_ name 2. Execte ypinit(jm) with the -s parameter. /sr/etc/yp/ypinit -s master_server_name 3. The system asks whether yo want the procedre to qit at the first non-fatal error. Yo may want to answer "no" since yo can later correct the errors. Note: if yo want this node to serve a YP domain that is different from the one set by the domainname(l) command, se the DOM = parameter to ypinit(jm). (For details, refer to ypinti(lm).) If yo se the DOM = parameter, ensre that the master server serves the domain that yo specify. a. Respond no or n for ypinit(lm) to contine regardless of the errors. Mter the procedre finishes, correct all errors that occrred. b. Respond yes or y for ypinit(lm) to qit at the first error. Correct each error as it occrs. This procedre takes longer since yo have to correct the errors one by one and rnypinit(lm) ntil no more errors occr. 4. Since the slave server is also a client, abbreviate or eliminate the files which traditionally implement the database. Refer to the previos table "Altering a YP Client's Files" in the "2. Create a YP Client" section. YP Configration and Maintenance 8-33

189 Starting the VP Slave Server Yo shold edit /etc/netnfsrc to atomatically start the slave server at boot time. Yo can also manally start it now. Manally Starting YP Slave Server Atomatically Starting YP Slave Server (at Boot Time) ~ / 1. If yo have not already done so, set the YP domain name sing the domainname( I) command. This YP domain name mst be the same one sed for all clients and servers within this YP domain. doma i nname YP domain name Execte ypserv( 1M). /sr/etc/ypserv Note: If operating in an HP-UX clster environment, start ypserv( JM) only on the root server, and start ypbind(jm) on every cnode. 3. Execteypbind(JM). /etc/ypbind Edit /etc/netnfsrc to perform the following actions. Note: A zero in the YP CLIENT, YP MASTER SERVER, or YP-SLAVE SERVER field disables the node from working as a client, master server, or slave server respectively. Set YPDOMAINto the same YP domain name sed on all clients and servers within this YP domain. YPDOMAIN=YP domain name - - Set the YP MASTER SERVER to zero to disable the node as a master server. YP_MASTER_SERVER= 0 Set YP SLAVE SERVER to a vale other than-zero. YP_SLAVE_SERVER=l Set YP CLIENT to a vale other than zero-:- YP _CLIENT=l n rtj 8-34 YP Configration

190 4. Propagate YP Maps I ' "'_) "Propagate YP maps" means to copy a map from one server to another. Initially, ypinit(jm) copies the maps when yo create slave servers. Mter the slave servers are initialized, yo will se ypxfr(jm) to transfer pdated maps from the master server to the slaves. Yo can rn ypxfr(jm) three ways: periodically from cron(jm) on each slave server, periodically by execting yppsh(jm) on the master server, or interactively execting ypxfr(jm) on a slave server. crontab(l) Maps have different change rates. For example, protocols.byname may not change for months, bt passwd.byname may change several times a day. Create crontab(l) entries to periodically rnypxfr(jm) at a rate appropriate for each map in the YP database. The ypxfr(jm) command will contact the master server and transfer the map only if the master's copy is more recent than the local copy. To avoid a crontab(l) entry for each map, grop the maps with approximately the same change characteristics. Place these maps in a shell script yo can rn via cron(jm). Sggested gropings, mnemonically named, are in /sr/etc/yp: ypxfr _lperhor, ypxfr _lperday, and ypxfr _2perday. If the rates of change are inappropriate for yor needs, either modify or replace these shell scripts. Execte these shell scripts on each slave server in the YP domain. Alter the exact time of exection from one server to another to prevent this process from slowing down the master. YP Configration and Maintenance 8-35

191 EXAMPLE: crontab(l) entries for sing these scripts # At 9:00PM daily, transfer the grop, networks, protocols, n # rpc, services, and ypservers maps * * * /sr/etc/yp/ypxfr_lperday # At 45 mintes past the hor, transfer the passwd maps. 45 * * * * /sr/etc/yp/ypxfr_1perhor # At 11:30 AM and 11:30 PM daily, transfer the ethers, # hosts,mail.aliases and netgrop maps ,23 * * * * /sr/etc/yp/ypxfr_2perday Yo can check and transfer maps with niqe change characteristics by explicitly invoking ypxfr(jm) from within yor crontab(l) file. EXAMPLE: 25,55 * * * * /sr/etc/yp/ypxfr passwd.byname 8-36 YP Configration

192 yppsh(jm) Execte yppsh(jm) only on the master server to copy a map to each server in the YP domain (retrieved from the ypsetvers map). 1. The yppsh(jm) command sends a "transfer map" reqest to each of the servers. 2. In trn, ypsetv(lm) on each server exectes ypxfr -C. 3. The ypsetv(lm) daemon then passes ypxfr(jm) the m formation needed to identify and transfer the map. ~)(}\J\1}>~~: /sr/etc/yp/yppsh passwd.byname ypxfr(jm) Execte ypxfr(jm) interactively only in exceptional sitations. For example, execte it when creating a temporary server to make a test environment, or when trying to qickly propagate maps to make a server consistent with the other servers. ~)(}\J\1J>L~: /sr/etc/yp/ypxfr map _!tame If yo want the map transferred from a server other than the master, specify it sing the -h option with ypxfr(jm). E)(}\J\1J>LE: /sr/etc/yp/ypxfr -h server_ name passwd. byname YP Configration and Maintenance 8-37

193 VerifyYP To verify a client is bond to a server, login to that client and execte ypwhich(l). If the client is bond, the response will be the host name of that server. r-"\1 / If the client is not bond, yo will receive the following message. YP domain domain name not bond. If yo try ypwhich(l) several times and contine to receive the not bond response, the node is nable to locate a server for that YP domain on the network. Review yor YP configration process. If yo did not make errors, refer to the "Trobleshooting" chapter. To verify the YP is being accessed, login to a client node as a ser whose password entry mst be served by the YP. If the login does not work, review yor YP configration process. If yo did not make er- () rors, refer to the "Trobleshooting" chapter. Note Yo have now completed configring YP. If yo are configring YP for the first time (with NFS Services), and yo plan to se the Virtal Home Environment (VHE), yo can now skip to the "VHE Configration and Maintenance" chapter. If yo do not plan to se VHE, retrn to the section, "7. Execte /etc/netnfsrc" in the "NFS Configration and Maintenance" chapter VerifyYP

194 YP Maintenance To keep YP rnning correctly and efficiently, ensre it stays configred to meet yor changing needs. Refer to the following sections to help yo meet these needs. Diable YP Modify YP Maps Add New YP Servers Add New Users to a Node Make a Different Node the YP Master Change YP Password Log Files Create Non-standard YP Maps Disable YP If yo choose to disable the YP service, se the following steps. 1. Set the YP domain name to nll (no spaces). domainname "" 2. If the YP service is crrently rnning, kill the ypbind(jm) and ypserv(lm) processes. ( ' 0 YP Configration and Maintenance 8-39

195 3. Edit /etc/netnfsrc to change the YP vales. a. Change the YP _MASTER _SERVER, YP _SLAVE _SERVER, and YP CLIENT vales to zero. :) YP_MASTER_SERVER=O YP_SLAVE_SERVER=O YP _CLIENT=O b. Remove the YPDOMAIN variable if one exists. YPDOMAIN= If this YP domain is specified in /etc/netgrop, remove the YP domain name throghot this file. 4. If the above YP domain is specified in /etc/netgrop, remove the YP domain name throghot this file. 5. Restore any files that yo altered for YP se. For example, yo may need to add sers back to the /etc/passwd file. (~ 6. Reboot the system. Modify VP Maps Yo mst be sper-ser to modify YP maps. Note Modify maps only on the master server; otherwise, the changes will not be propagated correctly to the slave servers. () 8-40 YP Maintenance

196 / \._) Yo may change most of the standard YP maps, like /etc/hosts, by first editing the ASCII file and then rnningypmake(jm). Refer to the following "Manal Modifications to YP Maps" section if yo are adding non-standard maps, editing maps for which no ASCII file exists, or changing the set of servers after the system is rnning. Whether sing ypmake(jm) in /sr/etc/yp or one of the following manal procedres, the goal is the same: a new, well-formed database mst reside in the YP domain directory on the master server. (Refer also to makedbm(jm)). Note Never modify a map directly; always se makedbm(jm) to create the map. Manal Modifications to YP Maps Yo may want to change the following maps manally. Non-standard maps (i.e., those that are specific to the applications of a particlar vendor or site, bt are not part of HP's release) Maps that rarely change Maps for which no ASCII file exists (e.g., ypservers map) YP Configration and Maintenance 8-41

197 1. Move to the directory in which the maps yo want to modify exist. cd /ser/etc/yp/yp_domain_name 2. Execte makedbm - to disassemble the map into a form which is modifiable sing HP-UX tools. a. Redirect the makedbm - otpt to a temporary file and modify it. Execte makedbm(jm) sing the temporary file as inpt to create the new versions. EXAMPLE:.. /makedbm - mapname > tmpfile vi tmpfile # (make the reqired changes). /makedbm tmpfile mapname rm tmpfile b. Use a pipe to modify the makedbm(jm) otpt which yo can then direct as inpt to makedbm(jm). Note, yo can se this method only if the disassembled map is pdated via awk, sed, or a cat append. EXAMPLE: Add a new key-vale pair to the map_ name map ('j (.. /makedbm - map_ name; echo newkey newvale ) J \ /makedbm - map_ name,() / 8-42 YP Maintenance

198 EXAMPLE: Sppose yo want to create a non-standard YP map. Yo want it to consist of key-vale pairs in which the keys are 1 strings like al, bl, cl, and dl, and the vales are ar, br, cr, \_) and dr. Mter creating the map, yo notice it is missing dl and dr. Yo cold se one of two procedres to create the new map: one sing an existing ASCII file, the other sing standard inpt. Example: Assme the following sitation. Existing ASCII File An ASCII file exists named /sr/etc/yp!john _ map.asc The file was created with an editor or shell script on the master server john_ map is the name of the map yo want to recreate graphs _domain is the YP domain sbdirectory where the map is located The YP map was created from this file by entering cd /sr/etc/yp./makedbm john_map.asc graphs_domain/john_map Now yo notice the map is missing dl and dr. To correct the error, modify the map by first modifying the ASCII file as follows. cd /sr/etc/yp <make editorial change to john_ map.asc to add the dl and dr line>./makedbm john_ map.asc graphs_ domain/john _map YP Configration and Maintenance 8-43

199 To verify the new map has the changes yo made, enter the following command../makedbm - graphs_domain!john_map I more!~ ) Example: Using Standard Inpt Assme the following sitation. wes _map is the name of the map yo want to create (no ASCII file exists from which the map was bilt) ereports_domain is the YP domain sbdirectory in which yo will create the map First, create the YP map from the keyboard by entering inpt on the master server as follows. cd /sr/etc/yp./makedbm - reports_domain/wes_map alar bl br cl cr CTRL-D To modify the map, se makedbm(lm) to create a temporary ASCII intermediate file that can be edited. cd /sr/etc/yp./makedbm - reports_domain/wes_map > wes_map.temp Now edit wes_map.temp to add the dl and dr line. Create a new version of the database with the following commands.. /makedbm wes _map. temp reports_ domain/wes _map rm wes _map. temp () 8-44 YP Maintenance

200 Add New YP Servers / Yo mst be sper-ser to add new YP servers. ~; If a new slave server is not in the original set, recreate the ypservers map on the master server. If needed, rebild the hosts map also. (Refer to ypmake(lm).) 1. If the server's address is not in /etc/hosts, edit /etc/hosts to inclde the new server's address and then execte ypmake(lm). <Edit /etc/hosts > /sr/etc/yp/ypmake hosts 2. Add the host's name to the ypservers map in the YP domain as follows. c) yppsh cd /sr/etc/yp (./makedbm - home _domain/ypservers; \ echo newypslave_name) I./makedbm- home_domain/ypservers ypservers 3. On the new slave server, complete the steps in the "3. Create a YP Slave Server" section. Add New Users to a Node Yo mst be sper-ser to add new sers to a node. Refer to the HP-UX Series 300 System Administrator Manal to add new sers to a node. The procedre consists of (1) editing the master server's /etc/passwd and /etc/grop files, (2) making a home directory, and (3) defining the new ser's environment. Remember to pdate the YP passwd and grop databases by rnning /sr/etc/yp/ypmake. If yo are sing an alternate file to bild the YP password databases, se its fll path name instead of /etc/passwd. /sr/etc/yp/ypmake grop passwd PWFILE =aftemate_passwd_fi[e YP Configration and Maintenance 8-45

201 Make a Different Node the YP Master Yo mst be sper-ser to change the YP master server to a different node. 1. Copy the following files from yor crrent master server to the node that will be the new master server. /etc/hosts /etc/netgrop /etc/networks /etc/protocols /etc/rpc /etc/setvices 2. Merge /etc/grop and /etc/passwd on the crrent master server with those on the node that will be the new master server. (If sing an alternate password file, yo need only copy it.) This merging creates files sitable for bilding maps for all clients. Merging ensres machine-specific password and grop entries are kept intact. Either save or delete entries taken from the old master server files. For example, in /etc/passwd save ser entries and remove the other node's root entry. 3. If /sr/etc/yp/ypmake, /sr/etc/yp/ypinit, or /sr/etc/yp/makefile was modified on the old master server to bild non-standard maps, copy them and other files from which the non-standard maps are bilt.,fj 4. On the new master server, complete all steps in the "1. Create a YP Master Server" section. n 8-46 YP Maintenance

202 ( 5. To prevent startingyppasswdd(lm) on the old master server, edit its /etc/netnfsrc file to change the YP_MASTER_SERVER vale to zero. \._;i YP_MASTER_SERVER=O 6. If the old master server is to be a slave server, complete the steps in the "3. Create a YP Slave Server" section and the steps in the "2. Create a YP Client" section. 7. Reboot the new master server. 8. Reboot the old master server. 9. To ensre maps are consistent on all servers, execte ypinit(lm) on each slave server sing the new master server's host name. yp in it -s new_ master_ hostname U Create or Change VP Password The YP password is the password for a ser's login ID that exists in the YP passwd map. The YP password is sed as the ser password, bt is administered throgh YP. Note, yo do not have to have a YP password to access the YP database. If yo change yor password with the passwd(l) command, yo will change only the entry in yor local /etc/passwd file if the entry exists. If yor password is not in the file, the following error message occrs. Permission denied. If this error occrs, execte yppasswd(l). YP Configration and Maintenance 8-47

203 YP Password Gidelines The following list provides the reqirements for creating and changing YP passwords. Only the owner or sper-ser can change a YP password. The sper-ser mst know the crrent YP password to change another ser's YP password. i~ I } Only the first eight characters of the YP password are significant; the rest are trncated. A YP password mst contain at least five characters if it incldes a combination of either ppercase and lowercase letters or alpha-nmeric characters. A YP password mst contain at least for characters if it incldes a combination of ppercase letters, lowercase letters, and nmeric (} characters.,' A YP password mst contain at least six characters if it incldes only monocase letters. Note Yo can change a YP password in the YP passwd map sing yppasswd(l) only if rpc.yppasswdd is rnning on the master server. (See yppasswdd(jm).) (). / 8-48 YP Maintenance

204 VP Password (_) Refer to the following steps to create or change yor YP password in the YP passwd map. 1. Execte the yppasswd command. yppasswd ser_login_name 2. The system prompts yo for the old YP password even if one does not exist. If it does exist, enter the old YP password; otherwise, press RETURN. Note, the YP password may be different from the one on yor local node. 3. The system prompts yo for the new YP password twice to ensre yo enter the correct response. Enter yor new YP password twice, pressing RETURN after each entry. L) The system now pdates the master server passwd map. Log Files Using the -l option, yo can execte ypbind(jm), ypse!v(lm), and yppasswdd(jm) so that diagnostic and error messages are written to log files. /etc/ypbind -1 ypbind_1og_fi1e /sr/etc/ypserv -1 ypserv_1og_fi1e /sr/etc/rpc.yppasswdd -1 yppasswdd_1og_fi1e Preceding each message logged to the file are the date, time, host name, process ID, and daemon name generating the message. Since the messages are niqely identified by this information, these daemons can share a single log file. YP Configration and Maintenance 8-49

205 If yo execte the daemons withot the -l option, the following responses occr. Theypbind(JM) daemon writes its messages directly to the system console, /dev/console. The ypserv(jm) daemon writes its messages to the /sr/etc/yp/ypserv.log file if it exists whenypserv(jm) is started. - r ) The yppasswdd(jm) daemon provides no messages. The ypxfr(jm) command appends transfer information (which map from which server and how many entries it has) to the file /sr/etc/yp/ypxfr.log if it exists. The logging occrs only if ypxfr(jm) is not being rn directly by someone at a terminal. EXAMPLE: Logging occrs if the log file exists and cron(jm) is rnningypxfr(jm) directly, sing a crontab(l) entry like the following one. 30 * * * * /sr/etc/yp/ypxfr yp_map,!) All log files cold potentially grow withot limit ntil they se p the available file system space. To avoid this occrrence, periodically check the file sizes. One method of preventing this problem is to create a crontab(l) entry for each log file as follows. 0 1 * * 1,3,5 cat /dev/nll > log_flle This line trncates logjile at 1:00 A.M. every Monday, Wednesday, and Friday YP Maintenance

206 Create Non-standard YP Maps Yo mst be sper-ser to create and propagate non-standard YP (, ) maps. The /sr/etc/yp/ypmake file spports all of the standard maps shipped by HP. Non-standard maps are those maps which yo create that are not originally spported by the /sr/etc/yp/ypmake file. 1. Modify /sr/etc/yp/ypmake on the master server so the map can be rebilt. Modification reqirements vary extensively. Generally, thogh, yo need to filter a hman-readable ASCII file throgh HP-UX tilities. If the file system in which /sr/etc/yp exists spports only short file names (14 characters maximm), limit the new map name lengths to 10 characters maximm. Note, however, the system atomatically handles the longer standard YP map names. 2. If sing Makefile in /sr/etc/yp on the master server to bild the maps, modify it so the new map can be rebilt. (Seeypmake(JM).) 3. Modify /sr/etc/yp/ypinit on the master server to inclde the name of yor new map in the list of MASTER_ MAPS. Copy this modified script to all server nodes. This process ensres that any re-initialized or new slave servers will serve the new map. 4. For a client to access the data in the new map, it mst exist on each of the servers. Execte the newly modifiedypmake(jm) on the master server to bild and copy the map to the crrent slave servers. /sr/etc/yp/ypmake Slave server spport for the propagation of new maps consists of adding crontab(l) entries or adding new entries to one of the ypxfr(jm) shell scripts described in the "Propagate YP Maps" section. YP Configration and Maintenance 8-51

207 EXAMPLE: Initial Example Environment This example spans several pages. Refer to the bold face headings for different sections of the example. Keep a list of the login names and the host names of all nodes on which each ser is allowed to login. The information is stored in /sr/etc/access _list. The cstom YP map yo wish to bild from this file is access. The general form of the ASCII file /sr/etc/access list is as follows. login_name1 [ host_name1 [ host_name login_name2 [ host_name1 [ host_name r) /) ' I login_namen [ # comments 1 Each ser has only one line. After each login name are zero or more host names. The ser can log into any of these hosts. Yo can se both comments with a # (pond sign) in colmn one and blank lines. (~ ' / 8-52 YP Maintenance

208 The following samples cold be in /sr/etc/acc _list. / I. \ carole gerbi 1 alpha catfish catfish handel # bigmak is a new hire who has not yet arrived bigmak mr_jad axesys handel daveysan satie yogrt chm handel speedy handel satie catfish fielding alpha beta catfish / ' All of the sers except for bigmak can login on one or more systems. Yo may want to se the login name as the key for storing this data in the access map so yo can search the map with commands like ypmatch. %ypmatch chm gerbil bigmak carole access The above ypmatch command wold provide otpt like the following. (. chm gerbi 1 bigmak carole handel catfish alpha catfish handel YP Configration and Maintenance 8-53

209 Modify ypmake Modify /sr/etc/yp/ypmake on the master server as follows. 1. Insert a new fnction called access() after the services() fnction. access(){ } grep -v A [ ] *# $1 I grep -v A [ ] *$ I \ awk 'BEGIN { OFS= \t ; } {print $1, $0}' I \ $MAKEDBM- $MAPDIR/access This fnction creates a map that has a key as the first field of each inpt record, creates a vale that is the entire record, and skips over comment lines. 2. Add a new pattern to the case statement that is preceded by "for ARG in $*; do." Yo mst place this information before the pattern *) in the case statement. access) if [ expr $MAPS :.* access.* ' -eq 0 ] ; then MAPS= $MAPS access fi;; 3. Add the new map name to the defalt list of MAPS to bild. This addition ensres all maps are bilt (inclding the access map) if ypmake(lm) is called with no maps specified. MAPS=${MAPS:-'passwd grop hosts networks rpc \ services protocols netgrop access'} ~ ' / n n 8-54 YP Maintenance

210 4. Add a new pattern to the case statement that is preceded by "for MAP in $MAPS; do." access) bild /sr/etc/access_list access;; Modify Makefile If sing the Makefile in /sr/etc/yp on the master server to bild the maps, modify it as follows. 1. Insert a new variable called ACCESS after the SERVICES variable. SERVICES = services services.byname ACCESS = access 2. Add the new ACCESS variable to the definition of the ALL MAPS variable. ALL_MAPS= ${PASSWD} ${GROUP} ${HOSTS} \ ${NETWORKS} ${RPC} ${SERVICES} \ ${PROTOCOLS} ${NETGROUP} ${ACCESS} Modify ypinit 1. Modify the /sr/etc/yp/ypinit shell script on the master server to inclde the new map in list of all maps bilt on the master server. MASTER_MAPS= grop.bygid grop.byname \ hosts.byaddr hosts.byname netgrop netgrop.byhost \ netgrop.byser networks.byaddr networks.byname\ passwd.byname passwd.byid protocols.byname \ protocols.bynmber rpc.bynmber services.byname access 2. Copy this modified script to all crrent and ftre YP servers. YP Configration and Maintenance 8-55

211 Maintain a Crrent Access Map on Each Slave Server 1. Execte the newly modified ypmake(lm) on the master server to bild and copy the access map to the crrent slave servers. /sr/etc/yp/ypmake 2.0n each slave server, modify the appropriate ypxfr(lm) script to periodically copy the access map from the master server. # ypxfr_lperday- Perform daily YP map check and pdates /sr/etc/yp/ypxfr grop.bygid /sr/etc/yp/ypxfr grop.byname /sr/etc/yp/ypxfr access n Check the Map's Contents Execte a few YP commands to verify the sccess of yor work. %ypwhich -m services.byname hostl access hostl This ypwhich -m command shows that the server yo are bond to now serves the access map YP Maintenance

212 Note, the order of the ypcat(l) listing does not match the order of yor file contents. % ypcat access fielding alpha beta catfish daveysan satie yogrt speedy handel satie catfish mr_jad axesys handel gerbi 1 catfish carole alpha catfish handel bigmak chm handel The followingypmatch(l) command shows how yo can selectively retrieve information from yor new access map. ( \ \.._) % ypmatch speedy daveysan fielding mr_jad access speedy handel satie catfish daveysan yogrt alpha beta mr_jad axesys handel fielding satie catfish (.. YP Configration and Maintenance 8-57

213 8-58 YP Maintenance

214 VHE Configration and Maintenance 9 Virtal Home Environment (VHE) is an HP-developed service that allows yo to configre login environments on remote nodes to mirror the login environment on the sers' home nodes. VHE is available to any HP-UX system on a network rnning the NFS Services prodct. Yo can choose whether to configre and se the service, althogh when yo install NFS Services, VHE is also installed. For an overview of how VHE works, refer to the "NFS Services Overview" chapter. Note The Yellow Pages (YP) service is not mandatory for sing VHE, bt this chapter shows how to se VHE assming YP is configred and sed. If yo do not plan to se YP, yo mst have an alternate process for maintaining consistency of the /etc/passwd and /etc/vhe _list files for all nodes in the VHEgrop. CJ VHE Configration and Maintenance 9-1

215 Configration Overview The following list is an overview of the steps yo mst complete to configre the nodes on yor network with VHE. The steps are described in more detail after the overview list. n 1. Prepare for configring nodes with VHE by obtaining node names for the hosts in yor network that will se VHE, installing and configring NFS Services, and installing and configring YP (or institting an alternate mechanism for maintaining consistent ser and grop IDs, internet address to host name mappings, password entries and vhe _list). 2. Compare VHE files in /etc/newconfig directory with existing files in the /sr/etc/vhe directory. 3. For each node, decide which file systems are to be monted and determine the names of mont point directories. 4. Create /etc/vhe Jist on the YP master server sing the information from step 3. n 5. Edit the /etc/passwd file on the YP master server node to contain sers' home directories which, in trn, contain the appropriate mont point directories. 6. Distribte the new /etc/vhe _list and /etc/passwd files by execting ypmake on the master YP server. 7. On each node, edit /etc/exports. 8. On each node sing VHE, execte /sr/etc/vhe/vhe _monter. 9. Verify that VHE is rnning correctly. () 9-2 Configration Overview

216 Configration i ' ( I \._) The following sections describe the configration steps in detail. Note Yo mst be sper-ser to configre VHE. 1. Complete Preparation Steps For each node that will se VHE, perform the following steps: obtain a host name. install and configre NFS Services. ( ) install and configre YP (or institte yor own mechanism for ""-"' maintaining consistent host names, grop and password entries). To obtain the host names for the nodes on yor network that will se VHE, check yor /etc/hosts file. If YP is rnning, yo can se the ypcat hosts command to look at the host information. To install and configre NFS Services, refer to the "NFS Configration and Maintenance" chapter. To install and configre YP, refer to the "YP Configration and Maintenance" chapter. VHE can se YP for file administration. For VHE to fnction, it needs all of the nodes sing VHE to have a consistent view of the /etc/passwd and /etc/vhe _list files. YP provides this; if not sing YP, yo mst ensre consistency by some other method. The /etc/vhe Jist file contains a list of all of the nodes that are sing NFS to do the same remote monts. (This is explained in detail in "4. Create /etc/vhe _list.") VHE Configration and Maintenance 9-3

217 YP maintains single versions of the /etc/passwd and /etc/vhe _list files on the YP master server. From the YP master server, yo can add or delete sers, change sers' home nodes and directories, and add or delete nodes from the VHE grop. Once changes are made to /etc/passwd and /etc/vhe _list, the changes are made in the YP maps and propagated to the YP slave servers throgh the ypmake program. /~ I I ' I 2. Compare /etc/newconfig Files to Existing Files When yo installed the NFS services software, several new files were copied into the /etc/newconfig directory. Perform the following steps to prepare to configre VHE. 1. Compare each /etc/newconfig file listed below with its conterpart shown in the following list. File in /etc/newconfig directory vhe monter vhe_script Conterpart in /sr/etc/vhe directory vhe monter vhe_script 2. If the files are the same, skip to the next section, "Determine File Systems and Mont Point Directories." 3. If yo have previosly cstomized the files that exist in the /sr/etc/vhe directory, they will differ from those in /etc/newconfig. If there are differences, copy the crrent files in /sr/etc/vhe to a safe location and do one of the following: OR change the versions in /sr/etc/vhe to reflect the differences in the files in /etc/newconfig. copy the files in /etc/newconfig to /sr/etc/vhe. Then re-cstomize the newly copied files in /sr/etc/vhe if necessary. () VHE Configration and Maintenance 9-4

218 ( 3. Determine File Systems and Mont Point Directories For each node that is sing VHE, determine and write down the file 1 systems yo want to mont and the directories yo want to se as "--"'/ mont points. Use the following conventions when completing this step. Begin each mont point pathname with a common path component. (In the examples for this manal, /vhe is sed.) Attach to the above pathname the host name of the machine yo plan to mont. For example, for a machine named vic, the mont point pathname is /vhe/vic. The machine name mst match exactly the name retrned by the hostname command (e.g., letters that are in lower case mst be typed as lower case and letters that are pper case mst be typed as pper case). For each file system that will be monted from each machine to be connected with VHE, attach the file system name to the mont point name. To contine with the above example, if the machine vic has two file systems to be monted: I and /sers, this wold reslt in the pathnames for the two mont points to be /vhe/vic/ and /vhe/vic/sers. In the case of /vhe!vic/, yo shold delete the I at the end of the pathname, reslting in the mont point /vhe/vic. VHE Configration and Maintenance 9-5

219 4. Create /etc/vhe_list The /etc/vhe list file contains a list of all directories that are mont points for yor VHE environment. Each node accesses this list for the /) most crrent mont point information via NFS monts. File systems of the remote node are monted on the appropriate mont point sing NFS. To create the /etc/vhe _list file, complete the following items. As sper-ser, edit a file named vhe _list in the /etc directory of the YP master server. The vhe list file is installed at the time the NFS prodct is installed. - For each mont point en each node create a one-line entry with the following form: hostname file_ system mont _point [mont_ options] where hostname is the name of the node whose file system is monted. file_system is the name of the remote file system on the node to be monted. mont _point is the name of the local directory that acts as the mont point for the NFS mont. mont _options is an optional field in vhe _list that contains options that are passed to the mont command. There shold be no spaces between items in the mont_options field, and the items shold be separated by commas. For example, to set the read and write size to 1024 bytes this field wold look like: rsize =1024,wsize =1024 n 9-6 Configration

220 Later, the /sr/etc/vhe/vhe _monter script ses these fields to perform the appropriate NFS monts. This script also creates the directories that will be the mont points, so it is not necessary for yo to create these directories. If a file exists with the same name as one of the mont point directories, the script prodces an error message. In this case, yo need to either change the name of the existing file or change the name of the mont point directory. If yo are not sing YP, after yo create the /etc/vhe_list file yo need to distribte the /etc/vhe_list file to all the nodes in the VHE grop. Example: Simple Configration with Single File System per Node In the simplest case, each node has only one file system which is the root file system. Every node needs to have a set of directories for all members of the grop. For example, consider a grop consisting of the nodes~ B, C and D. A list of mont points for this grop is /vhe/a, /vhe/b, /vhe/c and /vhe/d. Now taking these two lists, an /etc/vhe_list file with the following contents is created: A I lvheia B I lvheib C I lvheic D I lvheid Example: Node with Mltiple File Systems Note If yo do not have mltiple file systems on each node, yo can go to "5. Update /etc/passwd." Doing monts of several file systems from one node reqires some care in creating the /etc/vhe _list file. For example, if /sr is a separate file system on node C, and yo execte the following on node A: VHE Configration and Maintenance 9-7

221 mont C :/ /vhe/c An ls of /vhe/c/sr on node A shows it as an empty directory becase NFS allows access to separate file systems only if they are explicitly.fj monted. This directory can be sed to do a mont of the /sr file system of node C by execting the following on node A: mont C :/sr jvhe/c/sr Now an ls of /vhe/c/sr on node A shows the contents of the /sr file system on node C. The example grop is changed to show this complication with additional file systems: A B c D 1 file system nder "/" 2 file systems one nder "/" and one nder "/sers" 2 file systems one nder "/" and one nder "/sr" 1 file system nder "/" When a node has mltiple file systems, yo may choose to have all the file systems monted (as with C) or to have only some of the file systems monted (as with B). When /sr/etc/vhe/vhe_monter is rn, the mont point directories are created, if necessary, and the NFS monts are made. Using the rles otlined in "4. Create /etc/vhe list," for the above grop of nodes, yo wold create the following /etc/vhe _list file: A I B /sers c I C /sr D I /vhe/a /vhe/b/sers /vhe/c /vhe/c/sr /vhe/d n 9-8 Configration

222 5. Update /etc/passwd Update the /etc/passwd file on the YP master server to force home directory access throgh the mont points. The entries in /etc/passwd shold have the following form: login_ name:encrypted _password:uid:gid:comment:/vhe/hostname/home _ dir:shell The following example shows /etc/passwd file entries before and after the VHE configration. Note If yo are not sing YP, after pdating the /etc/passwd file, yo mst distribte the changes to all nodes in the VHEgrop. Example In this example, the first ser 's home directory is on node A; the second ser's home directory is on node B; and the third ser's home directory is on node C. All of the /sers directories are in the root file systems on their respective nodes. Before VHE configration: andy::ll7:100:andy:/sers/andy:/bin/csh speedy::ll8:100:darren:/sers/speedy:/bin/ksh chm::ll9:200:cris:/sers/chm:/bin/sh After VHE configration: andy::ll7:100:andy: fvhe/a/sers/andy:/bin/csh speedy::ll8:100:darren: fvhe/8/sers/speedy:/bin/ksh chm::ll9:200:cris: fvhe/cfsersjchm:/bin/sh VHE Configration and Maintenance 9-9

223 Example: Nodes with Mltiple File Systems Nodes with mltiple file systems do not change how the home directories are pdated for VHE. For example, consider the following two /) entries in /etc/passwd. Fielding's home node is node B, which has two file systems; Jeffs home node is node C, which has two file systems. The nodes are from the example shown above. Before VHE configration Fielding::l20:200:fielding:/sers/fm:/bin/csh Jeff::l21:100:Jeff:/sers/jbrl:bin/csh After VHE configration Fielding::l20:200:fielding: fvhe/8/sers/fm:/bin/csh Jeff::l21:100:Jeff: fvhe/c/sers/jbrl:/bin/csh For node B, /sers is its own file system and is monted on the directory /vhe/b/sers. This cases no change in the naming convention for ~ () the home directory. For node C, /sers is on the root (I) file system. Node C also has another file system: /sr. If Jeff wants to be able to change the defalt pathname to his mail file from /sr/mailljbrl to /vhe/c/sr/mailljbrl (to read mail via VHE), the /sr file system mst be monted on /vhe/c/sr Update /etc/exports On each node that needs to export file systems, edit the /etc/exports file to reflect all of the file systems that are available for NFS monting from each node. Details on this can be fond in the "NFS Configration and Maintenance" chapter Configration

224 7. Distribte /etc/vhe_list and /etc/passwd To distribte the /etc/vhe _list and /etc/passwd files (i.e., make them ac- /, cessible to all the nodes sing YP that are part of the same YP ~,; domain), execte the following command on the YP master server. /sr/etcjypjypmake This bilds the YP maps and propagates the maps to the YP slave servers. 8. Execte /sr/etc/vhe/vhe_monter Note The /sr/etc/vhe/vhe _monter script shold be rn when all nodes in the VHE grop are powered p and ready for NFS monting. If they are not ready for NFS monting, then error messages are printed. These are not fatal errors; to recover from them yo shold retry vhe monter when the nodes are available for monting. The /sr/etc/vhe/vhe _monter script ses the information in /etc/vhe _list to create the appropriate mont point directories on each node. When vhe _monter notices that it is abot to make a directory with the same name as the node from which vhe _monter is exected, it makes a symbolic link with the same pathname and links it to the node's root directory. When the vhe _monter process completes rnning on each node, the proper mont points and symbolic links are created for each node. The /sr/etc/vhe/vhe _monter script also does NFS monts sing the appropriate directories to the remote machines on each node. When the monts are complete, a node is ready for VHE. VHE Configration and Maintenance 9-11

225 To execte /sr/etc/vhe/vhe _monter for each node separately, execte the following script on each node: lsrletclvhelvhe monter To rn /sr/etc/vhe!vhe _monter for all nodes sing VHE from a single node, execte the following as a batch file. fori in' ypcat vhe_l ist I awk 1 {print $1} 1 I sort -' do remsh $i lsrletclvhelvhe_monter done /~ j Note For this script to execte correctly, all nodes mst be rnning ARP NBerkeley Services with sper-ser capability allowed between the nodes when sing remsh. () ' / Example This example shows the mont points and symbolic links reslting from the following /etc/vhe _list file: A I lvheia B I lvheib C I lvheic D I lvheid 9-12 Configration

226 The listing below shows the mont points and symbolic links for each node after the lsrletc/vhelvhe _monter script completes rnning on each node (symlink =I denotes a symbolic link to the root ( I ) directory): Node A lvheia lvhe/b vheic lvhe/d symlink=l Directory Directory Directory B lvheia lvhe/b lvheic lvhe/d Directory symlink=l Directory Directory c lvheia lvhe/b lvheic vhe/d Directory Directory symlink=l Directory D lvheia lvhe/b lvheic lvhe/d Directory Directory Directory symlink=l 9. Verify that VHE is Correctly Configred To check if VHE is configred correctly, pick a login name that had a mont point added to its home directory. After lsrletclvhelvhe _monter has been rn on each node, go to each node and log in sing that selected login name (with the appropriate password). If VHE is correctly configred, the logins are sccessflly completed, and yo are always placed in the exection environment associated with the selected login name. VHE Configration and Maintenance 9-13

227 Note Yo have now completed configring the VHE service. The following sections describe advanced sage or set-p problems yo may enconter when sing VHE. If yo are configring VHE as part of the NFS Services configration, retrn to the "7. Execte /etc/netnfsrc" section in the "NFS Configration and Maintenance" chapter. /\. ' n i) 9-14 Configration

228 Configration Refinements The configration procedre presented in the previos sections addresses most configration cases. However, yo may wish to refine yor VHE configration. This section explains how to refine yor VHE configration to allow NFS monts to be done in the backgrond. NFS monts in the Backgrond Yo can alter the /sr/etc/vhe/vhe _monter script to allow monts to be done in the backgrond. This eases the sitation where all nodes are not ready to respond when a node tries to mont them. To mont nodes in the backgrond, yo need to edit the /sr/etc/vhe/vhe _monter script. The vhe monter file has a shell variable called BACKGROUND MOUNT whose initial vale is set to 0. To allow nodes to be monted in the backgrond: Use an editor to set the vale to something other than 0. Save the file and execte the /sr/etc/vhe/vhe _monter script. These changes case NFS monts to occr in the backgrond. If the monts are not sccessfl on the first try, the NFS monts contine to execte in the backgrond. Note Becase each mont exectes as a separate process ntil it completes or ntil the retries option for the NFS mont is exceeded, there may be a problem if there are many nodes (more than 30) in the VHE grop. VHE Configration and Maintenance 9-15

229 VHE Maintenance To ~eep VHE rnning correctly and efficiently, refer to the following,~ sections. 1 Unmonting file systems If needed, yo can nmont all of the remotely monted file systems. The easiest method of doing this is to execte the following: mont -a-t nfs This command can only be sed when there are no VHE sers logged on. If VHE is crrently being sed, the mont point directories will be bsy and mont will not nmont a directory that is bsy. Jst as having mltiple file systems available for remote monting reqired monting to be done in a specific order, nmonting file systems mst be done in the proper order. The order is jst the reverse n from the order that the monts were done. The mont command with the "-a-t" options does this atomatically. For example: mont A:/ /vhe/a mont A:/sr /vhe/a/sr mont /vhe/a/sr mont /vhe/a 9-16 VHE Maintenance

230 Adding or Deleting VHE Nodes Yo may need to add or delete nodes from the VHE configration. To (_) do this, yo need to perform the following steps. 1. Update the /etc/vhe _list on the YP master server by either removing file systems that are no longer available (if a node is being deleted) or adding file systems that yo want to become available (if a node is being added). Refer to the section in this chapter called "3. Create /etc/vhe_list" for more information abot how to do this. 2. Edit the /etc/passwd file to show the addition of mont points to the home directory pathname. Refer to the section in this chapter called "5. Update /etc/passwd" for more information on how to do this. If yo are removing file systems, yo need to edit this file to delete mont points from the home directory pathname. 3. To distribte the /etc/vhe jist and /etc/passwd files to the YP servers, execte the following command on the YP master server: /sr/etc/yp/ypmake 4. Then execte the following: /sr/etc/vhe/vhe monter The script ses the information fond in /etc/vhe _list to decide which new file systems to mont. The /sr/etc/vhe/vhe _monter script does not attempt to nmont a node deleted from the grop. vhe _monter needs to be exected on all of the nodes in the grop for all of the nodes to be pdated. VHE Configration and Maintenance 9-17

231 Advanced Usage Adding altlogin and monter Logins The two logins of altlogin and monter can be added to /etc/passwd by the sper-ser. This allows the ser to: log in sing the monter ID to complete NFS monts to a node, if for some reason a node was not monted when vhe monter was exected. log in sing altlogin to access the node where they crrently are. This is sefl if their home node is down. These logins are similar to who and date becase they execte a program. Monter exectes vhe mnt, and altlogin exectes vhe_altlog. The vhe mnt program exected by the monter login only attempts to mont a file system of a node that is fond in the /etc/vhe _list file. r---) This prevents sers from performing monts to arbitrary nodes. Users can only perform monts that cold have been done by /sr/etc/vhe/vhe _monter. If the node name entered at the prompt is not fond in /etc/vhe _list, then an error message is printed and the monts are not completed. The vhe _ altlog program exected by altlogin prompts for a login ID and then attempts to do a s sing the provided login ID. The ser is then prompted for a password by s. If the proper password is given, the ser is logged in with the home directory of /tmp. (If a proper password is not given, the ser is not allowed access to the system.) Once logged in, none of the ser's exection environment is available, bt he or she can se the system. (:) 9-18 Advanced Usage

232 ( ' \. ' -._/ To make these logins valid, yo need to add them to the /etc/passwd file. Do this by adding an entry for each login to the /etc/passwd file. These entries shold be similar to the following: monter::6:1::/:/sr/etc/vhe/vhe mnt altlogin::6:1::/tmp:/sr/etc/vhe/vhe altlog The vales shown in the above lines in UID, GID and home directory can be replaced with other vales. Also note no password is provided in the above lines, bt passwords can be entered if desired. If passwords are entered, tell the sers allowed to se those logins what the associated passwords are becase they mst provide them when logging in. Monter Example In this example, dave attempts to log in from node B when his home node, node A, is not monted on node B. The following seqence wold occr: login: dave Password: Unable to changed i rectory to /vhe/a/sers/dave 1 ogi n: monter Password: Enter the name of the node to mont: A login: dave Password: <Dave gets 7 ogged in> Altlogin Example This section shows an example of sing altlogin. Jlia is crrently working at node B. Her home node A is not p, bt Jlia can gain access to node B in the following way: 9-19 Advanced Usage

233 Altlogin Example This section shows an example of sing altlogin. Jlia is crrently working at node B. Her home node A is not p, bt Jlia can gain access to node B in the following way: login: altlogin Enter yor login name: Jlia Password: % (~ / Jlia is now logged in at node B. $HOME If yo are writing scripts that make reference to files in a home directory, those file names shold be prefixed with $HOME (for Sh or Ksh). n For Csh, file names shold be prefixed with a - character.this allows a file to be accessed in a consistent manner even if the home directory pathname changes. $ROOT To make a distinction between system files (like the password file) for the local and the home nodes, the following can be added to the.profile or.login file (home_ node shold be replaced with the name of the node): ROOT=/vhe/home_node export ROOT This allows easier access to system files on a ser's home node. For example, instead of typing: more/vhe/home_node/etc/passwd 9-20 Advanced Usage

234 The ser types: more $ROOT/etc/passwd Alternate Mont Points The mont examples in this chapter are prefixed with /vhe. In addition to!vhe mont points, there may be other file systems sers in a VHE grop want to reglarly access. For example, in a given VHE grop, node A has file system /Design. To have a consistent view of this file system among all sers in the VHE grop, the /Design file system can be monted on a pathname /Design. To do this, the following line wold be added to the vhe _list file: A/Design /Design Using VHE for Mail To extend VHE to handle mail tasks: change yor defalt mailbox pathname to have a mont point added to the beginning of it (jst as the home directories are changed in /etc/passwd). specify the above pathname as the file to be sed by the mail handler of yor choice. If that mail file is on a separate file system, it mst also be monted to be available. For example, if ser fm's home node is A, this shows how the mailx program can be invoked to read mail over NFS: mailx 1 /vhe/a/sr/maillfm In this example, if /sr was a separate file system on A, then the following wold be added to /etc/vhe _list: A /sr /vhe/a/sr VHE Configration and Maintenance 9-21

235 I~ ) 9-22 Advanced Usage

236 (_) Trobleshooting 10 If a node on the network is not operating correctly, se this chapter to identify and correct the problem. Most problems occr when installing the network changing the network (e.g., adding a node or extending the coaxial cable), or another system on the LAN fails. Before trobleshooting the problem, get or create yor network map as described in the Installing and Maintaining NS-ARP A Se!Vices docmentation. Use this map when checking configration and network layot information. Remember to pdate it any time yo make a change to the network. Note All references to servers and clients apply to NFS servers and clients nless preceded by YP. Trobleshooting 10-1

237 Key Terms Client A node that reqests data or services from other nodes (servers). A process that reqests other processes to perform operations. Note: An NFS client can also be configred as any combination of an NFS server, YP client, or YP server. (A YP server mst also be configred as a YP client.) Clster Cnode Daemon Diskless Cnode Export Hard Mont One or more workstations linked together with a local area network (LAN), bt consisting of only one file system. Any node operating in an HP-UX clster environment, inclding diskless nodes and the root server. Backgrond programs that are always rnning, waiting for a reqest to perform a task. A node in an HP-UX clster that ses networking capabilities to share file systems, bt does not have a file system physically attached. To make a file system available to remote nodes via NFS. A mont that cases NFS to retry a remote file system reqest ntil it scceeds, yo interrpt it (defalt option), or yo reboot the system. r-"\! ) 10-2 KeyTerms

238 Host A node that has primary fnctions other than switching data for the network. / " I \..._,;' Map (YP) A file consisting of logical records; a search key andrelated vale form each record. YP clients can reqest the vale associated with any key within a map. YP map is synonymos with YP database. Master The node on which one or more YP maps are con- Server (YP) strcted from ASCII files. These maps are then copied to the YP slave servers for the YP clients to access. Mont Mont Point Netgrop Node Root Server To obtain access to a remote or local file system or directory (import). The name of the directory on which a file system is monted. A network-wide grop of nodes and sers defined in /etc/netgrop. A compter system that is attached to or is part of a compter network. The only node in an HP-UX clster that has file systems physically attached to it. Trobleshooting 10-3

239 Server A node that provides data or services to other nodes (clients) on the network. A process that performs operations as reqested by other processes. Note: An NFS server can also be configred as any combination of an NFS client, YP client, or YP server. (A YP server mst also be configred as a YP client.) Slave A node that copies YP maps from the YP master server Server (YP) and then provides YP clients access to these maps. Soft Mont Yellow Pages (YP) YP Client An optional mont that cases access to remote file systems to abort reqests after one NFS attempt. An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. YP may or may not be active; check with yor system administrator. A node that reqests data or services from YP servers. A YP process that reqests other YP processes to perform operations. Note: A YP client can also be configred as any combination of a YP server, NFS client, or NFS server. (A YP server mst also be configred as a YP client.) () 10-4 KeyTerms

240 / yp Database See "Map (YP)." ( \..._..) YP Domain A logical groping of YP maps (databases) stored in one location. YP domains are specific to the YP network service and are not associated with other network domains. YPMap yp Password See "Map (YP)." The password for a ser's login ID that exists in the YP passwd map. The YP password is the same one as the ser password, bt is administered throgh the YP. YP Server Yo do not have to have a password to access the YP databases. A node that provides data (maps) or services to other nodes (YP clients) on the network sing YP. A YP process that performs operations as reqested by other YP processes. Note: A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. Trobleshooting 10-5

241 Trobleshooting References Trobleshooting the NFS Services primarily concerns the areas: power p and connectivity, NFS Services, YP Services and VHE. This chapter only addresses NFS, YP and VHE problems. Link diagnostics and trobleshooting are in the Installing and Maintaining NS-ARP A Services docmentation. (~ / If yor system is having problems commnicating with or throgh a non-hp system, refer also to the appropriate ser and system administration docmentation for that system. Power Up and Connectivity Testing Refer to the following docmentation if yor system cannot commnicate with other systems on the network. HP 98643A LAN/300 Link LANIC Installation Manal HP Repeater Installation Manal (only if yo are sing a HP 92223A () repeater) / HP-UX Installation Afanal HP-UX Reference manals HP-UX Series 300 System Administrator Manal LAN Cable and Accessories Installation Manal Installing and Maintaining NS-ARP A Services () 10-6 Trobleshooting RefErences

242 Trobleshooting Sections Refer to the "Trobleshoot NFS" section or the NFS Services Reference Pages if yo cannot mont a remote file system, access a remotely monted file system, or experience other problems with the NFS service. Refer to the "Trobleshoot Yellow Pages" section or the NFS Services Reference Pages if yo configred the system to se YP, bt cannot access files serviced by it. Refer to the "Trobleshoot VHE" section if yo configred the system to se VHE, bt it doesn't fnction as described in the "VHE Configration and Maintenace" chapter. Trobleshooting 10-7

243 Gidelines Trobleshooting is an elimination process that narrows a problem. If a process worked before bt does not work now, first consider what has changed. For example, have yo moved hardware or modified configration files? n Start with the minimm nmber of variables, then gradally and selectively add other variables sch as the following. If yo cannot commnicate with one system, try another one. If the second system works, the problem may be with the first remote system and not yor system. If one system cannot commnicate with yors, try another one. If neither system can commnicate with yors bt they can commnicate with each other, the problem may be with yor system. If one service does not work, try another one. The problem may be with a particlar service to a particlar system and not a problem with the system itself. (} Common Network Problems Network problems generally occr nder the following circmstances. File permissions on the client or server restrict the operation. Network services on the client or server are misconfigred or malfnctioning. Network LAN software or hardware is misconfigred or malfnctioning Gidelines

244 Initial Trobleshooting Yo shold first check the following sitations to ensre they are not the case. If they are not, refer to the flowcharts in this chapter. Configration 1. Is yor host rnning HP-UX 6.0 or later? Execte name -a or name -r to check the HP-UX version nmber. 2. Does yor system have the recommended 256K additional memory for networking software? 3. Is yor Series 300 a spported configration? If yo are nsre, contact yor HP spport representative. 4. Does the error occr on a node other than a Series 300? If so, refer to the appropriate system docmentation. Hardware The Installing and Maintaining NS-ARP A Services docmentation contains details abot trobleshooting hardware problems. 1. Are all connections along the network cabling tight? 2. Is each cable segment less than 500 meters for ThickLAN and less than 100 meters for ThinLAN? 3. Are there no more than two repeaters between yo and the node with which yo want to commnicate? Trobleshooting 10-9

245 4. Are yo mixing Ethernet 1 hardware with IEEE hardware? This is not an acceptable combination since they do not have the same electrical characteristics. 5. Is there a 50 ohm terminator at the end of each cable? 6. Is the MAU tapped correctly into the cable? 7. Is the cable gronded in only one place? 8. Is the A UI solidly connected to the interface card? 9. Is the host hardware working correctly? Network Commnication 1. Is the remote node HP certified? If yo are nsre, contact yor HP spport representative. 2. Can any other two nodes on the network commnicate? If not, the ('j problem may be global. Refer to the LAN Cable and Accessories ~ Installation Manal and the Installing and Maintaining NS-ARP A Services docmentation. 3. Have yo performed the corrective action spplied with the error message yo received? Conslt the appropriate entry in the network reference pages. n (1) EthelrCnet is a l<?cal aredaxnetworck system.developed by Digital Eqipment Corporation, 1 nte orporahon, an erox orporahon., (2) IEEE is a networking standard that is accepted by the Institte of Electrical and Electronic Engineers Gidelines

246 4. If sing gateways, do both hosts have roting information to each other? Refer to thearpa/berkeley Sen;ices Reference Pages, rote(jm) section. 5. If operating in an HP-UX clster environment and trying to mont an NFS file system, ensre yo are sing the root server's host name as the node specified in the mont( 1M) command. Note, yo can trobleshoot NFS specific problems from the root server. 6. If operating in an HP-UX clster environment and having Link problems, cnodes will not be able to boot. Since Link diagnostics reside on the root disk, first test the Link from the root server. (Refer to Installing and Maintaining NS-ARP A docmentation.) NFS and Yellow Pages 1. Is the client system trying to perform tasks as sper-ser on the remote system? Execting setid root programs cannot access files or directories nless the permission other allows it. 2. Was network commnication established between the client and server sing the procedres otlined in the HP-UX Series 300 System Administrator Manal and in the "NFS Configration and Maintenance" and "YP Configration and Maintenance" chapters? 3. Is the problem associated with remote file locking? The lockf(2) call fails when attempting to lock a remote file. Prior to HP-UX release 6.5, NFS Services did not spport file locking on remote file systems. 4. Is the problem associated with attempts to access remote device files? Prior to release 6.5, HP-UX did not spport remote access to device files. v ( \ 5. Does the inetd secrity file (!sr/adm/inetd.sec) on the remote system limit access to the remote system for the RPC service yo are trying to access? 6. Is the file system listed in the server's /etc/exports? Trobleshooting 10-11

247 7. Does /etc/exports restrict file system access to a specific netgrop or host? a. The /etc/netgrop file mst list the netgrop if it is specified in /etc/exports. b. The /etc/hosts file mst contain the host if it is specified either in /etc/exports or in /etc/netgrop. 8. Is the file system or directory monted? To check, execte the mont(lm) command. 9. If the file system is sppose to be atomatically monted, is it listed in /etc/checklist? lo.ifprograms accessing remote files hang, is the NFS or YP server down? ll.is data on remote nodes corrpted? Ensre only one system is writing ~ f ) to the file at a time; NFS allows more than one client to write to a file () simltaneosly. Error Messages The problem can exist on the server even thogh the error message may not occr on it. Since most of the error messages are self-explanatory, yo can determine the necessary corrective action when simple errors occr. For the other error messages, follow the corrective action spplied in the NFS Services Reference Pages for that service. (These error messages are preceded by the name of the service.) I~ ' ) Gidelines

248 Errnos NFS provides two errno vales: ESTALE and EREMOTE. EST ALE Yo cannot reference the file becase it no longer exists. This sitation can occr since NFS allows a file opened by a client to be removed by a ser on another node. EREMOTE Yo cannot mont file systems from a server that the server has remotely monted (i.e., yo cannot se NFS servers as NFS gateways). Unsolved Problems If yo do not solve the problem after working throgh the previos trobleshooting steps and following flowcharts, call yor HP spport representative for assistance. Provide as mch information abot the problem as possible, inclding information from yor network map and the following items. U The activity yo were attempting when the error occrred. Describe the HP-UX commands, job streams, reslt codes, and events leading to and inclding the problem. The version or pdate information for all software yo are rnning. Yo shold be able to find this information on yor Install or Update media. The error messages yo received. Record all error messages and nmbers that appeared both on all nodes. The trobleshooting steps yo tried. The problems yo rled ot and why. Trobleshooting 10-13

249 Flowchart Format Each of the following flowcharts have a corresponding set of labelled explanations. Yo can se the flowcharts alone or with the explanatory text for more detail. :'-.) Start of Flowchart # Go to and enter specified Flowchart Make a decision Perform an action Exit Flowchart 0 ~ 0 D c=> n Flowchart Symbols Note These flowcharts are for HP systems. Processes referenced in the flowcharts may not be part of NFS prodcts from other vendors (e.g., portmap (1M)) Flowchart Format

250 ( ' \ ) ( \ \_) Trobleshooting 10-15

251 Trobleshoot NFS '~ ) Flowchart 1: Initial Steps to Narrowing the Problem Trobleshoot NFS

252 Initial Steps to Narrowing the Problem (Flowchart 1) Begin yor trobleshooting efforts with Flowchart 1 since it helps yo determine the best trobleshooting path based on the problem's symptoms. Qestion A. Does the system hang dring boot when monting remote files? Yes: Action See Flowchart 2. No: Action See B. Systems hanging dring boot where remote monts generally occr may indicate one or more servers are down or the network connection to one or more servers is falty. B. Are yo able to login? See C. Yo will receive error messages or the system will fail to respond if yo cannot log in to it. See D. C. When trying to See Flowchart 2. mont a remote file system, do error messages indicate the attempt failed? D. Are yo sing YP? See Flowchart 7. E. Do programs per- See Flowchart 5. forming remote file accesses hang? See E. See I. See F. Trobleshooting 10-17

253 F. Does the system See G. See H. report nknown host errors dring exection of commands or programs? /)! G. Are yo sing YP? See Flowchart 7. Edit /etc/hosts to add remote host, and then see K. H. Does everything See Flowchart 6. See J. work, bt slowly? I. Do yor login scripts See Flowchart 2. The problem is probably perform NFS remote nassociated with the netme accesses? work services. Refer to the system login information in the HP-UX Series 300 Systern Administrator Manal. M Does the following The me was removed See L. message occr? by another ser. NFS EST ALE allows me removal at any time. () K. Does the system Restart Flowchart 1. Problem solved. hang dring boot? L. Are yo receiving SeeM. Call yor HP spport npredictable reslts representative. when execting programs or commands? M. Are the server and Call yor HP spport Reset the clocks sing the client clocks representative. date(l) command, and then synchronized? seen. N. Do yo receive n- Call yor HP spport Problem solved. predictable reslts representative. to commands or programs? (j Trobleshoot NFS

254 l) Trobleshooting 10-19

255 n Problem solved Flowchart 2: Mont Fails Trobleshoot NFS

256 Mont Fails (Flowchart 2) / ' \J' I \ Use Flowchart 2 if yor system hangs dring the booting process when remote file systems are monted or if yor remote mont attempts are nsccessfl. Before sing Flowchart 2, remember to check the mont( 1M) command syntax and correct errors according to the error messages. Qestion A. Does the following error message occr on the client? server not responding Yes: Action See Flowchart 3. No: Action See B. ( \ B. Does the following error message occr on the client? /etc/mnttab: no sch file or directory C. Can yo mont the remote system? Create /etc/mnttab on the client, and then see C. The system ses /etc/mnttab to log all monted file systems. Note: Generally, at boot time /etc/rc creates /etc/mnttab. Problem solved. See D. Restart Flowchart 2. D. Does the following error message occr on the client? mont: server not in hosts database See E. See G. E. Are yo sing YP? See Flowchart 8. Edit /etc/hosts on the client to inclde the desired remote host, and then see F. Trobleshooting 10-21

257 F. Can yo mont the Problem solved. Restart Flowchart 2. remote system? G. Does the following See H. See Flowchart 4. error message occr ~ on the client? I } mont: server device bsy H. Can yo access a Yo do not need to On the client, remove the remote directory in mont the ftle system incorrect entry in the desired remote since it is already /etc/mnttab for the remote ftle system? monted; problem ftle system yo are trying to solved. mont, and then see I. I. Can yo mont the Problem solved. Restart Flowchart 2. remote system? lry Trobleshoot NFS

258 .. \ Trobleshooting 10-23

259 n If) Flowchart 3.1: Server Not Responding Trobleshoot NFS

260 Server Not Responding (Flowchart 3.1) Qestion / This flowchart and corresponding instrctions consist of two parts: Flowchart 3.1 and 3.2. Yes: Action No: Action A. Does the following See Flowchart 3.2. See B. error message occr? RPC_PROG_NOT_REGISTERE D B. Does the following See C. See Flowchart 3.2. error message occr? RPC_PMAP_FAILURE: RPC_TIMED_OUT C. Are yo sing YP? See Flowchart 8. See D. ( \ \.._,;) D. Is the server's See E. Edit the client's /etc/hosts address correct in to inclde the correct adthe client's /etc/hosts? dress for the server yo are trying to mont. See G. E. Is the server yo are Yo have two options: See H. trying to mont down? To check, ask Do nothing on the yor system system ntil the servadministrator or try er reboots. other network services to that system. Edit the client's /etc/checklist to remove the NFS entry for that server; reboot the system. See F. F. Can yo mont the Problem solved. See Flowchart 2. remote system? remote system? \ G. Can yo mont the Problem solved. See Flowchart 2. Trobleshooting 10-25

261 H. Can yo contact the server sing the ping diagnostic? Refer to the Installing and Maintaining NS ARP A Services manal for ping diagnostic information See Flowchart 3.2. Refer to the Installing and Maintaining NS-ARPA Services manal to verify Link connectivity, and then see I. r) I. Can yo mont the remote system? Problem solved. See Flowchart 2.,!) ' ' Trobleshoot NFS

262 / I ' Trobleshooting 10-27

263 ~~ I Yes Kill & restart pl)dmep JP/;fllli. ~rv. Yf X1SSIId, ilijjd. ' mtlllnjd. Retry noon! ~No Start lnetd on server and retry mort Execte lnetd-c on server Execte lne t!i-c on :'!erver n ' / -? <$Yes e Flowchart 3.2: Server Not Responding Trobleshoot NFS

264 Server Not Responding (Flowchart 3.2) Qestion Yes: Action No: Action K. Is inetd(im) rn- SeeL. Start /etc/inetd on the servl) ning on the server? er, retry the mont, and then seep. L. Is montd(jm) rn- Kill and restart the SeeN. ning on the server? following daemons on the server in the order specified. portmap( IM) eypbind(im) * ypserv( IM) * yppasswdd( IM) * inetd( IM) montd( IM) * only if sing YP Retry the mont, and then seem. (J remote system? representative. / ' M. Can yo mont the Problem solved. Call yor HP spport / ' N. Is the correct Execte inetd -c on 1. Edit the server's montd( IM) entry in the server, and then /etc/inetd.conf file to ininet d.conf on the see 0. elde the correct server? Ensre the montd(im) entry. entry is not com- 2. Execte inetd -c on the mented ot with a # server to read changes in (pond sign). /etc/inetd.conf. 3. Execte rpcinfo - on the client. rpcinfo - server montd 4. SeeR. 0. Can yo mont the Problem solved. Call yor HP spport remote system? representative. P. Can yo mont the Problem solved. SeeQ. remote system? Trobleshooting 10-29

265 Q. Is this the first time Restart Flowchart 3.1. Call yor HP spport yo sed this flow- representative. chart for this problem? R. Do the reslts from SeeS. Kill and restart the followrpcinfo - indicate a ing daemons on the server montd (JM) in the order specified. process is available on the server? portmap(jm) ypbind( JM) * ypsejv( JM) * eyppasswdd(jm) * einetd(jm) emontd(jm) /~ \ / * only if sing YP Retry the mont, and then see T. S. Can yo mont the Problem solved. Call yor HP spport remote system? representative. T. Can yo mont the Problem solved. Call yor HP spport remote system? representative. n Trobleshoot NFS

266 ( \ 0 Trobleshooting 10-31

267 No B ~~EdltA;>~} on server E n Yes Flowchart 4: Restricted Access Trobleshoot NFS

268 I, Restricted Access (Flowchart 4) Qestion Yes: Action ~o: Action A. Does the following Login as sper-ser, See C. ', error message occr execte mont( 1M), ~) on the client? and then see B. Mst be root to se mont B. Can yo mont the Problem solved. See Flowchart 1. remote system? C. Does the following SeeD. Call yor HP spport error message occr representative. on the client? mont: access denied for server D. Does the server's Edit the server's See F. /etc/exports file list a /etc/exports to contain directory rather than the file system rather a file system? than a directory, and then see E. E. Can yo mont the Problem solved. See Flowchart 2. remote system? F. Are yo sing YP? See Flowchart 7. See G. G. If hosts are listed in See H. SeeJ. /etc/exports, is the client among the hosts listed for the desired file system? H. Is the client listed in Call yor HP spport Add client to server's the server's representative. /etc/hosts, and then see I. /etc/hosts? remote system? I. Can yo mont the Problem solved. See Flowchart 2. Trobleshooting 10-33

269 J. Are netgrops listed for this file system in server's /etc/exports? SeeK. Access for this client is deliberately denied. K. Is the client listed in the appropriate netgrop for this file system in /etc/netgrop? See H. Access for this client is deliberately denied. '~ ' j Trobleshoot NFS

270 Trobleshooting 10-35

271 ~~ \ ) - Yes - Yes Kill and restart 4 nfsds on server Wait for server to reboot, connection to timeot, or interrpt mont. Verify network connectivity to server. Start 4 nfsds on server () ' / Call HP No Problem solved Flowchart 5: Programs Hang Trobleshoot NFS

272 / ' Programs Hang (Flowchart 5) Programs are most likely to hang if network commnication is lost to the server, if the server is down, or if daemons are hng. l_) Qestion Yes: Action No: Action A. Is the server node See B. For hard monts, either rnning? wait for the server to reboot or interrpt the mont. For soft monts, wait for the mont to time ot. See D. C. B. Are other client See C. Verify the network connecnodes having tivity. Refer to the Installtroble? ing and Maintaining NS- ARPA Services manal. See D. Are nfsd( JM) Kill and restart for Start for nfsd( IM) daemons rnning on nfsd( IM) daemons on daemons on the server, and the server? the server, and then then see D. see D. D. Do the programs Call yor HP spport Problem solved. hang? representative. Trobleshooting 10-37

273 ,r) ' ' bkxis Start 4 blod processes n Flowchart 6: Performance Problems Trobleshoot NFS

274 ( I Performance Problems (Flowchart 6) Qestion Yes: Action No: Action A. Are the biod(im) See B. Start for biod(im) proces- daemons rnning on ses on the client, and then.._) the client? see D. B. Are the client Redce the client's See C. biod(lm) daemons load to fewer NFS accmlating large transactions by redcamonts of CPU ing the nmber of time? sers or storing more files locally. 1. List the client processes sing ps. 2. Copy a large file to the server system, and list the client biod processes again. 3. Compare the CPU time for the biod(lm) processes before and after the file copy. C. Are processes on Consider whether yo See E. the server accmlat- need to distribte ing large amonts of yor processing by CPU time (especially adding additional sysnfsd(im ), terns. inetd(im), andportmap(im)? D. Has performance Problem solved. See C. improved? E. Are the same perfor- Redce the network Redce the server's load by mance problems load. adding more servers. evident with other servers? Trobleshooting 10-39

275 Trobleshoot Yellow Pages ~ ( ) / n Flowchart 7: Initial Steps to Trobleshooting YP Trobleshoot Yellow Pages

276 Initial Steps to Trobleshooting YP (Flowchart 7) Qestion A. Can yo login as root on the YP client? Yes: Action See B. No: Action SeeD. B. Does the following error message occr on the console or in the ypbind log file? yp: server not responding for domain domain_ name See C. See Flowchart 8. C. Is the YP client's YP domain name the same as the YP server's? See Flowchart 9. Change the YP client's YP domain name to be the same as the YP server's, and then see E. D. Does the local!etc/passwd file contain an entry for root? E. Is YP working? If yo can access the YP server's maps sing ypcat or ypmatch, YP is probably fnctioning correctly. The problem is not associated with YP or NFS. Refer to the HP UX Series 300 System Administrator Manal. Problem solved. doma i nname domain_ name Yo cannot login to the YP client ntil YP is fnctioning nless yo have an entry for a ser in the local /etc/passwd file. See Flowchart 9. See Flowchart 9. Trobleshooting 10-41

277 () / Flowchart 8: Incorrect YP Maps Trobleshoot Yellow Pages

278 Incorrect VP Maps (Flowchart 8) / ' Login to the YP master server as root before starting Flowchart 8. Qestion A. On the YP master server, does the ASCII file associated with the YP map need to be pdated (e.g., pdate /etc/hosts)? Yes: Action 1. Edit the ASCII file associated with the incorrect YP map. 2. Execte ypmake( JM) to create and distribte a new map to the YP slave servers. No: Action Execte yppsh(jm) on the!'p master server, and then see C. y:jpsh map_name 3. See B. B. Are all YP server's maps consistent? Yo can determine this by execting yppoll and then comparing order nmbers. C. Doesyppsh(JM) work correctly? If yo do not receive error messages associated with the command, it probably exected sccessflly. Problem solved. 1. Create the log file /sr/etc/yp!ypxfr.log to trap ftre errors associated with yppsh(jm) on each YP slave server. 2. Verify that crontab(jm) scripts (on each slave server) copying the maps are correct. Call yor HP spport representative. See F. 3. See D. Trobleshooting 10-43

279 D. Does the ypservers See E. 1. Add any missing YP map list all YP slave slave server to the ypservers servers? map. ypcat -k ypservers 2. Execte yppsh(jm) on the YP master server to :tj pdate all YP slave servers. 3. See G. E. Does Correct the errors, See G. /sr/etc/yp!ypxfr.log trncate the log file, on the slave server and then see G. list errors? F. Can yo correct the 1. Create the log file Call yor HP spport problem indicated /sr/etc/yp!ypxfr.log to representative. by the error mes- trap ftre errors sage? associated with yppsh(jm) on each YP slave server. 2. Verify that cron- tab(jm) scripts (on each slave server) distribting the maps are correct. n 3. See D. G. Are the YP maps Problem solved. Call yor HP spport correct? representative. n Trobleshoot Yellow Pages

280 ( : ~ Trobleshooting 10-45

281 (~ I No Yes~ ~ n No n Flowchart 9: ypserv(1 M) Problems Trobleshoot Yellow Pages

282 ypserv(1 M) Problems (Flowchart 9) Qestion A. Is at least one YP server in the YP domain rnning ypserv(1m)? B. Does ypserv( 1M) fail immediately after starting it? C. Is the problem solved? Yes: Action See Flowchart 10. Reboot the YP server, and then see flowchart 7. Problem solved. No: Action Start ypserv( 1M) on at least one YP server in the YP domain, and then see B. See C. See Flowchart 10. Trobleshooting 10-47

283 Yes Reboot YP client Yes cv No Flowchart 10: ypbind(1m) Problems n Trobleshoot Yellow Pages

284 client? ypbind(1 M) Problems (Flowchart 1 0) Qestion Yes: Action No: Action A. Is ypbind(jm) rn- See B. Execteypbind(JM) on the ' ning on the YP TiP client, and then see C. I \ B. Are other YP clients See Flowchart 11. Call yor HP spport having troble with representative. this YP server? C. Does ypbind( JM) Reboot the YP client, See D. crash immediately and then see Flowafter starting it? chart 7. D. Are other YP See Flowchart 11. Call yor HP spport clients having representative. troble with this YP server? (j (j Trobleshooting 10-49

285 ~ ' ) I~ Yes~ ~ n Flowchart 11: Mltiple YP Client Problems Trobleshoot Yellow Pages

286 ~ '-" Mltiple YP Client Problems (Flowchart 11) Qestion Yes: Action No: Action A. Are all YP clients Reboot the YP serv- Execte ypwhich( 1) on the having troble with er, and then see Flow- YP client nodes not having ) this YP server? chart 7. problems, and then see B. B. Does theypwhich(1) See Flowchart 10. Kill ypwhich( 1) commands command retrn that are hng on YP reslts on the YP clients, and then see C. client? C. Is ypserv( 1M) rn- Execte ypwhich ( 1) Execte ypserv( 1M) on the ning on the YP serv- on the YP server, and YP server, and then see E. er? then see D. D. Doesypwhich(1) See Flowchart Killypwhich(l) on the retrn reslts on the YP server. YP server? 2. Kill and restart ypserv(1m). 3. See F. ning on the YP serv- YP server, and then see F. ( \ E. Is ypbind( 1M) rn- See Flowchart 9. Execte ypbind(1m) on the er? F. Is YP fnctioning Problem solved. Call yor HP spport reprecorrectly on all YP sentative. clients? / \ Trobleshooting 10-51

287 Trobleshoot VHE Yes Retry file access ~----t when home node p If) I~ \ / Flowchart 12: Initial Steps to Trobleshooting VHE Trobleshoot VHE

288 Initial Steps to Trobleshooting VHE (Flowchart 12) Qestion Yes: Action No: Action I A. Are yo able to log See B. See C.? m. '0 B. Are yo able to No problem. See D. access files on the home node? C. Does the machine See Flowchart 13. See E. hang dring login? D. Is the home node Retry accessing files See Flowchart 14. down? when the home node is p; then see F. E. Do yo receive the following error message? F. Unable to change direc- See Flowchart 14. Call yor HP spport tory to home directory representative. Are yo able to Problem solved. Call yor HP spport access files on the representative. home node? Trobleshooting 10-53

289 ..!'\ ' I B No Yes Login completes when home node p'? Problem solved :) Flowchart 13: Home Node Goes Down After Mont Done Trobleshoot VHE

290 Home Node Goes Down After Mont Done (Flowchart 13) Qestion A. Is the home node down? B. Does the login complete once the home node comes p? Yes: Action Try logging in again once the home node comes p; then see B. Problem solved. No: Action Call yor HP spport representative. Call yor HP spport representative. Trobleshooting 10-55

291 I~ I ) A Yes No Update /etc/passwd Yes n Correct VhE_Iist information Flowchart 14: Checking /etc/passwd and /etc/vhe_list Files Trobleshoot VHE

292 \_;i ' \ Checking /etc/passwd and /etc/vhe_list Files (Flowchart 14) Qestion A. Is the /etc/passwd file pdated to prefix the home directory with the NFS mont points? Yes: Action See B. No: Action Update the /etc/passwd file as described in the "VHE Configration and Maintenance" chapter; go to B. B. Is the information in the /etc/vhe _list file correct? See Flowchart 15. Correct the /etc/vhe list file information; see Flowchart 15. Trobleshooting 10-57

293 Yes Ensre coosistency of /etc/passwd and /etc/vhe _list sing ypmake Ensre coosistency of /etc/passwd and /etc/vhe _list Yes Trobleshoot YP Flowchart 7 () 16 Flowchart 15: Consistency of /etc/passwd and /etc/vhe_list n Trobleshoot VHE

294 Consistency of /etc/passwd and /etc/vhe_list (Flowchart 15) (j Qestion A. Are yo sing Yellow Pages (YP) to ensre consistency of /etc!passwd and /etc/vhe list information? - Yes: Action Ensre consistency of the /etclpasswd and /etc/vhe list files on all nodes in the VHE grop by execting the following command: /sr/etc/yp/ypmake passwd vhe_l ist See B. No: Action Ensre consistency of the /etc/passwd and /etc/vhe_list files on all nodes in the VHEgrop B. Did yo receive any errors when exectingypmake (JM)? Go to the YP Flowchart 7 and complete trobleshooting steps; then retrn to VHE Flowchart 16. Go to Flowchart 16. Trobleshooting 10-59

295 Execte vhe_monter n Flowchart 16: Exection of vhe_monter n Trobleshoot VHE

296 Exection of vhe_monter (Flowchart 16) Qestion A. Did yo receive any errors while execting vhe _monter (JM)? B. Are yo able to log.? m. C. Is the information for the home node entered into the /etc/passwd and /etc/vhe _jist files? Yes: Action See Flowchart 17. Problem Solved. Call yor HP spport representative. No: Action See B. See C. See Flowchart 14. Trobleshooting 10-61

297 A Mont errors received? Yes Trobleshoot NFS Error= no vhe_list available Yes No Follow instrctions Yes t in error message Flowchart 17: Error Message from vhe_monter Trobleshoot VIlE

298 Error Message from vhe_monter (Flowchart 17) Qestion A. Were any mont errors encontered (mont errors begin with mont:)? B. Does the following error message occr? no vhe_l ist available Yes: Action Trobleshoot NFS (Flowchart 1); then see Flowchart 16. See Flowchart 14. No: Action See B. If an error message other than those mentioned is printed, follow the instrctions in that error message; then re-enter Flowchart 12 to see if problem is solved. / \ \_) Trobleshooting 10-63

299 ,f) \ / TrobleshootVHE

300 / \ HP NFS Services vs. Local HP-UX A If yo have applications rnning on HP-UX, they may behave differently over NFS Services. Use this appendix to nderstand the basic differences between NFS Services and local HP-UX operations. HP NFS Services Networking Append Mode Operation If two processes operating on different clients open the same file sing O_APPEND, the write operation may not append data to the file. chacl(l) Yo can only se the -F option. The other options of chacl(l) are not spported over NFS. Device Files NFS does not spport remote access to device files, bt does spport local access to device files via NFS. Local HP-UX Operation Append Mode If two processes open the same file sing 0 _APPEND, the write operation shold append information to the file. chacl(l) Yo can se all options locally. Device Files HP-UX spports local access to device files. HP NFS Services vs. Local HP-UX A -1

301 HP NFS Services Networking File Locking Operation NFS spports remote file locking for NFS reads and writes in advisory mode only. getacl(2) system call Is not spported over NFS. Grop Membership A ser may be a member of eight grops. If a ser who is a member of more than eight grops attempts to access a file, the system accesses only the first eight grops for permission checking. Long File Names NFS can access file names p to 255 characters in length if the remote NFS file systeo spports. them. Note: Since the local file system trncates long file names to 14 characters, conflicting file names might occr when accessing a file system that spports long file names. Local HP-UX Operation File Locking HP-UX spports local file locking in advisory and enforcement modes. getac1(2) system call Is spported locally. Grop Membership A ser may be a member of p to 20 grops. Long File Names The local HP-UX file system both short and long file name file systems. On short file name systems, HP-UX silently trncates file names that are longer than 14 characters in length. () n / A-2

302 ( \ HP NFS Services Networking Operation Local HP-UX O~eration \.../ mknod(lm) Command mknod(lm) Command The mknod command will work Yo can se the mknod comonly with named pipes over NFS. mand locally for all file types. Named Pipes Named Pipes NFS named pipes cannot be Named pipes can be sed to sed to commnicate between commnicate among clients in a machines in the same discless discless clster. clster. Reading Directories Reading Directories Yo cannot se the read(2) call Yo can se the read(2) call to to read a remote directory, read a local directory. However, rather yo shold se readdir(3). to do so can restrict migration of P.rograms to ftre HP-UX ver- SlOllS. RFA RFA Using a network special file on Is spported locally. an NFS file system is not spported. setacl(2) system call setacl(2) system call Is not spported over NFS. Is spported locally. setaclentry(3) library rotine setaclentry(3) library rotine Is not spported over NFS. Is spported locally. UP NFS Services vs. Local HP-UX A-3

303 HP NFS Services Networking Operation Sper-ser Permission The sper-ser UID 0 is mapped to -2 by defalt. Anything reqiring sper-ser permission may not work over NFS. For example, a sper-ser may not be able to perform the following tasks. Link and nlink directories Alter directories sch as /, /etc, and!bin Use chmod to set sticky or setid bits mknod of device files Local HP-UX Operation Sper-ser Permission Sper-ser has permission to perform any operation locally (by definition). (~ n A-4

304 l) HP NFS Services Networking System Time Operation Commands that access clocks on different systems may not provide consistent times since system clocks differ For example, if yo give the time(2) command a NULL pointer for the times vale, the following process occrs. 1. The system sets the access time and modification time according to the client node clock. 2. It then sends these times over to the server which changes the inode to reflect the new access and modification times. 3. The server node identifies the change in the inode and ths, modifies the inode's stats change time according to its own clock. The reslt is a high probability of differing times between the server's access and modification times verss its stats change time. Local HP-UX Operation System Time Commands that access clocks on the local system provide consistent times. HP NFS Services vs. Local HP-UX A-5

305 HP NFS Services Networking System Time Operation Note: If operating in an HP-UX clster environment, all nodes in the clster have the same time as the root server's clock. Therefore, clock skew problems exist only if the root server's clock is different from other NFS servers. Unlinking The server does not keep state information and does not know if a process has a file open. The server will nlink a file if it receives a reqest to do so; ths, sbseqent reqests for the file will reslt in an error. If a process opens a file and then nlinks it, the client renames the file so it appears to be gone. When the process qits, the client then nlinks the renamed file. If the nlink reqest comes from a different node than from where the open reqest came from, the file is deleted. Local HP-UX Operation System Time Unlinking If yo open a local file and nlink it before yo close the file, the file descriptor for the open file will still be valid to access the file. () n () / A-6

306 HP NFS Services Networking Operation yppasswd(l) Command This command does not have a password aging featre. The sper-ser mst know the crrent password to change another ser's password. A password mst contain at least five characters if it incldes a combination of either: ppercase and lowercase letters, or alphanmeric characters. A password mst contain at least for characters if it incldes a combination of ppercase letters, lowercase letters, and nmeric characters. A password mst contain at least six characters if it incldes only monocase letters. Local HP-UX Operation passwd(l) Command This command has a password aging featre. Sper-ser does not have to know the password to change another ser's password. Each password mst have six or more characters: at least two alpha characters and at least one nmeric or special character. Each password mst differ from the ser's login name and any reverse or circlar shift of that name.. enew passwords mst differ from the old by at least three characters. HP NFS Services vs. Local HP-UX A -7

307 HP NFS Services Networking O~eration Local HP-UX O~eration pathconf/fpathconf pathconf/fpathconf r) The following variables for the All variables are spported localpathconf!fpathconf system calls ly for the pathconf!fpathconf sysare not spported over NFS: tern calls: _PC_ CHOWN_RESTRICTED _PC_ CHOWN_RESTRICTED variable variable _PC_LINK_MAX variable _PC_LINK_MAX variable _PC_NAME_MAX variable _PC_NAME_MAX variable _PC_NO_TRUNC variable _PC_NO_TRUNC variable _PC_PATH_MAX variable _PC_PATH_MAX variable n The following variables for the pathconf/fpathconf system calls retrn local information over NFS. _PC_MAX_CANON variable _PC_MAX_CANON variable _PC_MAX_INPUT variable _PC _MAX_INPUT variable _PC_ VDISABLE variable _PC_ VDISABLE variable The following variable for the pathconf!fpathconf systems calls is spported over NFS: _PC_PIPE_BUF variable - PC_PIPE_BUF variable :'), I A-8

308 \_j I \ Migrating from RFA to NFS B When sing networks consisting of all HP systems, the Remote File Access (RF A) service provides distribted file access among Series 300 and 800 compters. Use this appendix if yo wish to translate yor RFA applications to NFS applications. Why Migrate to NFS Services? Using NFS Services has several advantages. NFS works with other vendors' eqipment and other operating systems. NFS is a defacto indstry standard. NFS allows transparent file access. NFS with YP provides a centrally administered database. (j Migrating from RF A to NFS B -1

309 Similarities HP NFS and RF A have the following similarities. No remote device access No remote command exection Not all UNIX 1 semantics are flly spported Differences Refer to the following table for a list of differences between HP NFS and RFA. NFS Services RFA Yo can rn setid programs accessing data on remote file systems. NFS operates in a heterogeneos operating system environment. Yo cannot rn setid programs accessing data on remote file systems. RFA operates on HP-UX operating systems only. n / Only the sper-ser can perform remote NFS monts. All sers can establish access to remote file systems. Yo can centrally administer yor database sing YP service. Yo have no centrally administered database. (1) UNIX (R) is a U.S. registered trademark of AT&T in the U.S.A. and other contries. B-2

310 NFS Services All sers with read access to the mont point can read the remote file system. Read and write file caching occrs on the clients; read caching occrs on the servers. RFA Only sers performing netnam can access the remote file systems. Read and write file caching occrs on the servers; caching does not occr on the clients. The servers are stateless (do not remember client activities) and therefore, can be rebooted withot interfering with client activities. (The client can resme access to the server when it is rebooted.) One mont gives yo access to only one file system. The servers have state and therefore, remember the activities in which the client is involved. One netnam gives yo access to all file systems nder the root directory. ( ) Migrating from RF A to NFS B-3

311 Changing Scripts from RFA to NFS Changing RF A scripts to NFS reqires only minor changes. Yo can change both shell scripts that accept different path names and those that ~~ se hard-coded path names... ) Shell Scripts that Accept Different Paths Shell scripts that accept different paths reqire only minor modifications. Yo mst perform a remote mont of a file system or directory either as part of the script or before execting the script. Since sper-ser mst execte monts, the script mst be setid root if the mont is performed as part of the script. If the script's owner does not have sper-ser permissions, the sper-ser can configre /etc/checklist to atomatically mont the remote file systems at boot time. This process allows sers to execte scripts withot checking to see if the remote file system is accessible. n. J If RF A is not being sed, remove any calls to netnam from the script. Removing these calls prevents netnam failres from casing the scripts to fail. B-4 Changing Scripts from RFA to NFS

312 Shell Scripts with Hard-coded Paths Yo can handle shell scripts with hard-coded path names in two ways. Change the path name in the script to correspond to the NFS mont point. Create a path name for the NFS mont point which corresponds to the path name in the script. To mont the remote file system either as part of the script or atomatically via /etc/checklist, yo mst modify the shell scripts as described above in "Shell Scripts that Accept Different Paths." Change Pathnames Change the path name in the script to correspond to the NFS mont point. EXAMPLE: The script has a hard-coded path name of /net/systemb/project, and yo want to mont the remote directory /project on /ser/project as follows. mont systemb:/project /ser/project Now change the script to se the path name /ser/project in place of /net/systemb/project. Migrating from RF A to NFS B-5

313 Create New Pathnames Create a path name for the NFS mont point that corresponds to the path name in the script. EXAMPLE: The script has a hard-coded path name of /net/systemb/project which accesses the remote directory /project. 1. Remove the network special file /net/systemb. 2. Create the directories /net/systemb and /net/systemb/project. mont systemb :/project /net/systemb/project The path name, therefore, remains the same. Note For RF A, access to the remote system is via a network special file. Creating an NFS mont point with the same name as the network special file for the remote system cold case confsion. Problems will not occr if the system does not se RF A and if yo remove the network special file. n All remote access will then be via mont points that have the same names as the network special files that were removed. n B-6 Changing Scripts from RF A to NFS

314 RFA throgh NFS ( \ ~) RFA fnctions are operational throgh NFS. For example, an RFA node can access a remote directory by going throgh an NFS client. Note, however, NFS fnctions cannot operate throgh RFA becase NFS parses the path names differently than RF A. Therefore, an NFS node cannot access a remote node by going throgh RF A. EXAMPLE: RF A remote mont throgh an NFS client RFA Node A (2.) netnam /net/8 (3.) l s /net/8/mnt NFS Client Node B (lj mont C:/ /mnt Node C U 1. Node B performs an NFS mont to Node C. 2. Node A then performs a netnam to Node B. 3. Node A lists (Is) the contents of Node C's root directory. (., I I \.,_./ Migrating from RF A to NFS B-7

315 ~~ \ I n B-8 RF A throgh NFS

316 ( ' \_) NFS in an HP-UX Clster Environment c Reference this appendix for interactions between NFS Services and HP-UX clster environments sing diskless capabilities. HP-UX Clster Terms CDF Clster Context Dependent File: a hidden directory which contains all the versions of a file needed by the different cnodes. One or more workstations linked together with a local area network (LAN), bt consisting of only one file system. Cnode Diskless Cnode Root Server Any node operating in an HP-UX clster environment, inclding diskless nodes and the root server. A node in an HP-UX clster that ses networking capabilities to share file systems, bt does not have a file system physically attached. The only node in an HP-UX clster that has file systems physically attached to it. / '\ NFS in an HP-UX Clster Environment C -1

317 NFS Configration and Maintenance Configre Daemons If yo configre NFS on the root server, yo mst also configre NFS on all clients in the clster. If the root server does not have NFS configred, then none of the clients can : se NFS. The nfsd(lm) daemon shold be rnning on the root server if it is servicing NFS reqests. Any nfsd(lm) daemons rnning on client cnodes are ignored... ~ ) Mont Unmont The montd(lm) daemon shold be rnning on the root server if servicing NFS reqests. Any montd(lm) daemons rnning on client cnodes are ignored. The biod(lm) daemon mst be rnning on all cnodes in the clster. If a cnode monts a remote file system, all cnodes in the clster can access the remote file system. If sing NFS to mont a file system attached to a clster, yo mst se the root server host's name as the node name specified in the mont(lm) command. If a cnode monts a remote file system, any cnode in that clster can nmont the remote file system. If a cnode nmonts a file system, all cnodes in the clster will have that file system nmonted. Clients shold not execte mont -a. n (). / C-2

318 ( ) '\..._..,' Context Dependent Files (CDF) Clock Skew When accessing a CDF via an NFS mont, the CDF member is chosen based on the context of the NFS server, not the accessing node. Since this access method may retrn nexpected reslts, HP recommends yo do not mix CDFs with NFS. All nodes in the HP-UX clster have the same time as the root server's clock. Therefore, clock skew problems exists only if the root server's clock is different from other NFS servers. YP Configration and Maintenance HP recommends that yo execte ypserv(im) only on the root server for better performance and to ensre the root server is the only YP server for that clster. Trobleshooting Yo can trobleshoot NFS specific problems from the root sever. If trying to mont an NFS file system, ensre yo are sing the root server's host name as the node specified in the mont(im) command. If problems exist in the Link, cnodes will not be able to boot. Since Link diagnostics reside on the root disc, first test the Link from the root server. (Refer to the Installing and Maintaining NS-ARPA Services manal.) NFS in an HP-UX Clster Environment C -3

319 (~ n C-4

320 / ~-) Password Secrity D This appendix explains the restrictions and limitations on the se of encrypted passwords and the secre password file with Yellow Pages. If yo wish to review the normal se of passwords with Yell ow Pages, see the "YP Configration and Maintenance" section in this manal. If yo reqire additional information on the secre password file, see passwd(4) in the HP-UX Reference manal. HP-UX S300 now spports a secre password file (!.secre/etc/passwd) sed to hide yor encrypted passwords from non-privileged sers. Therefore, it is probable that if yo se the secre password file, yor /etc/passwd file will probably contain (in the password field) a character that is not part of the set of characters sed in an encrypted password (.e.g. *). The YP database will not contain encrypted passwords if yo se this /etc/passwd file to bild yor Yellow Pages (YP) password database. This prevents non-privileged sers from reading yor passwords, as anyone with access to YP commands sch as ypcat or YP library rotines sch as yp _first and yp _next can read the YP database. If yo are sing the secre password file only to se the aditing sbsystem and yo do not need to hide yor encrypted passwords, yo can maintain an /etc/passwd file that contains encrypted passwords that match those in yor secre password file. Yo can then se this /etc/passwd file to bild yor Yell ow Pages (YP) database. Note A password in the /.secre/etc/passwd file takes precedence over the password stored in Yell ow Pages (YP). Password Secrity D -1

321 If yo wish to hide the encrypted passwords in yor HP systems and wish to contine to se the YP password database to maintain other information kept on the password file, yo can do the following: Bild yor YP password database on the HP YP master server sing a password file that does not contain encrypted passwords (e.g. ses "*" in the password field). On an HP YP client, maintain a copy of the secre password file so the passwords in that file will be sed at login. and/or On an HP or non-hp Yellow Pages client, maintain the encrypted password in the /etc/passwd file throgh a YP escape. EXAMPLE: +sername:encrypted passwd::::: n n Password Secrity D-2

322 Glossary Alias ARPA A term for referencing alternate networks, hosts, and protocols names. Advanced Research Projects Agency Bind CDF Client A U.S. government agency that was instrmental in developing and sing the original ARPA Services networking standards. Process by which a client locates and directs all reqests for data to a specific server. Process of establishing the address of a socket that allows other sockets to connect to it or to send data to it. Context Dependent File. A hidden directory that contains all the versions of a file needed by the different cnodes. A node that reqests data or services from other nodes (servers). A process that reqests other processes to perform operations. Note: An NFS client can also be configred as any combination of an NFS server, YP client, or YP server. (A YP server mst also be configred as a YP client.) G-1

323 Clock Skew A difference in clock times between systems. Clster One or more workstations linked together with a local area network (LAN), bt consisting of only one file system. Cnode Any node operating in an HP-UX clster environment, inclding diskless nodes and the root server. :) Daemon Backgrond programs that are always rnning, waiting for a reqest to perform a task. Diskless A node in an HP-UX clster that ses networking Cnode capabilities to share file systems, bt does not have a file system physically attached. Escape Characters sed within files to force inclsion and Seqence exclsion of data from YP databases. The escape (YP) seqences are as follows.. - (mins) + (pls) n _name -@netgrop _name Export To make a file system available to remote nodes via NFS. File An entire nit (disk) that has a fixed size. System GID A vale that identifies a grop in HP-UX. Global A means of access in which the system always (YP) reads YP maps rather than the local ASCII files. Hard A mont that cases NFS to retry a remote file () Mont system reqest ntil it scceeds, yo interrpt it \ / (defalt option), or yo reboot the system. G-2

324 Horne Node A term sed in Virtal Home Environment (VHE) to refer to the machine on which a ser's home directory physically resides. L) switching data for the network. / Host A node that has primary fnctions other than Host Node A term sed in Virtal Home Environment (VHE) to refer to the node a ser is logged in to. This node environment is set p from the configration files fond on the ser's home node. Import To obtain access to a remote file system from an otside sorce; to mont. Internet A for-byte qantity that is distinct from a link- Address level address and is the network address of a compter node. This address identifies both the specific network and the specific host on the network. Interrpt- A mont that allows yo to interrpt an NFS reable Mont qest by pressing an interrpt key. (Thogh the interrpt key is not standardized, common ones inelde CTRL - C and BREAK.) Key (YP) A string of characters (no imbedded blanks or tabs) that indexes the vales within a YP map so the system can easily retrieve information. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. ( ) Local (YP) A means of access in which the system first reads the local ASCII file. If it enconters an escape seqence, it then accesses the YP databases. G-3

325 Map (YP) Map Nickname (YP) Master Server (YP) Mont Mont Point Netgrop NFS Network Lock Manager Network Stats Monitor A file consisting of logical records; a search key and related vale form each record. YP clients can reqest the vale associated with any key within a map. YP map is synonymos with YP database. A synonym for the YP map name when sing certain YP commands. The node on which one or more YP maps are constrcted from ASCII files. These maps are then copied to the YP slave servers for the YP clients to access. To obtain access to a remote or local file system or directory (import). The name of the directory on which a file system is monted. A network-wide grop of nodes and sers defined in /etc/netgrop. Network File System. A facility for locking files and synchronizing access to shared files. A daemon rnning on all network compters to maintain statefllocking service within NFS. It also allows applications to monitor the stats of other compters. () (~ Node Propagate A compter system that is attached to or is part of a compter network. r) To copy maps (data) from one YP server to another. G-4

326 Protocol The rles and steps by which servers and clients exchange data and control information. (_) Remote A facility which allows a ser to execte com- Exection mands on a remote node. Facility (REX) Remote A call made by clients either to access server infor- Procedre mation or to reqest action from servers. Call (RPC) Remote A remote procedre call compiler sed to help Procedre programmers write RPC applications by atomati- Call Protocol cally generating necessary programs and code frag- Compiler ments. (RPCGEN) Root The only node in an HP-UX clster that has file Server systems physically attached to it. Server A node that provides data or services to other nodes (clients) on the network. A process that performs operations as reqested by other processes. Note: An NFS server can also be configred as any combination of an NFS client, YP client, or YP server. (A YP server mst also be configred as a YP client.) Slave A node that copies YP maps from the YP master Server (YP) server and then provides YP clients access to these maps. (_) Soft An optional mont that cases access to remote Mont file systems to abort reqests after one NFS attempt. G-5

327 Stateless Servers do not maintain (preserve) information relating to each file being served. Each file reqest moves across the network with the parameters attached to it locally (e.g., read and write privileges). r') Steady Servers maintain (preserve) information relating State to each file being served. For YP, the information contained in a YP map is consistent among all YP servers within a given YP domain (i.e., is not in the process of being pdated). UID A vale that identifies a ser in HP-UX. Unmont To remove access rights to a file system or disk that was monted via the mont(lm) command. Update The HP-UX command that installs software onto the system. () Vale (YP) A nit of information stored in YP maps; each vale has a corresponding key (index) so the systern can easily retrieve it. For example, in the passwd.byname map, the sers' login names are the keys and the matching lines from /etc/passwd are the vales. VHE See "Virtal Home Environment." Virtal A network service that allows sers to log in at Home host nodes and tilize their home nodes' exec- Environment tion environments. (VHE) () \ / G-6

328 ( ' External Data Representation (XDR) Yellow Pages (YP) YP Client yp Database YP Domain YPMap A protocol that translates machine-dependent data formats (i.e., internal representations) to a niversal format sed by other network hosts sing XDR. An optional network service composed of databases (maps) and processes that provide YP clients access to the maps. The YP service enables yo to administer these databases from one node. YP may or may not be active; check with yor system administrator. A node that reqests data or services from YP servers. A YP process that reqests other YP processes to perform operations. Note: A YP client can also be configred as any combination of a YP server, NFS client, or NFS server. (A YP server mst also be configred as a YP client.) See "Map (YP)." A logical groping of YP maps (databases) stored in one location. YP domains are specific to the YP network service and are not associated with other network domains. See "Map (YP)." G-7

329 yp Password YP Server The password for a ser's login ID that exists in the YP passwd map. The YP password is the same one as the ser password, bt is administered throgh the YP. Yo do not have to have a YP password to access the YP databases. A node that provides data (maps) or services to other nodes (YP clients) on the network sing YP. A YP process that performs operations as reqested by other YP processes. Note: A YP server mst also be configred as a YP client. It can also be configred as an NFS server, NFS client, or both. () :r), I G-8

330 U Index /. (~ A Adding Compters 4-13 Append Mode A-1 Atomatic Monts 5-43 B bg Mont Options 5-40 Binding 2-2 biod(jm) 5-9 c chacl(l) A-1 Clients NFS 2-1 Unmont File Systems 5-48 yp 2-15, 3-16 Clock Skews 5-53 Clsters C-1 CDFs C-1, C-3 Clock Skews C-3 cnodes C-1 Daemons C-2 Diskless Cnodes C-1 Monts C-2 NFS Configration C-2 NFS Maintenance C-2 Root Servers C-1 Trobleshooting C-3 Unmonts C-2 YP Configration C-3 YP Maintenance C-3 Cnodes C-1 Commands Common NFS 3-6 Common YP 3-19 domainname(l) 3-19, 8-17 makedbm(jm) 8-17 on command 6-3 on() 6-1 rpcinfo(jm) 3-9 rp(jm) 3-11 rsers(jm) 3-12 showmont(jm) 3-13 yp 8-17 ypbind(jm) 8-17 ypcat(l) 3-20, 8-17 ypinit(jm) 8-19 ypmake(jm) 8-19 ypmatch(l) 3-21, 8-19 yppasswd(l) 3-21, 8-19 yppasswdd(jm) 8-19 yppoll(jm) 8-19 yppsh(jm) 8-20 ypserv(jm) 8-20 ypsetlm) 8-20 ypwhich(l) 3-24, 8-20 ypxfr(jm) 8-20 Configration 5-16 Index 1

331 NFS 5-1, 5-13 yp 8-21 Configration Files /etc/checklist 5-1, 5-43 /etc/exports 5-1, 5-28 /etc/hosts 5-24 /etc/inetd.conf 5-1, 5-19 /etc/netgrop 5-1, 5-25 /etc/netnfsrc 5-1, 5-17, 5-34 /etc/rpc 5-8 /sr/adm/inetd.sec 5-8, 5-21 NFS 5-7 Configre Kernel 4-11 crontab(l) 8-36 D Daemons biod(jm) 5-9 Clsters C-2 inetd(jm) 5-9, 5-19 NFS 5-9 nfsd(jm) 5-9 pcnfsd(jm) 5-10 portmap(jm) 5-10 rexd(jm) 6-1 Device Files A-1, 2-6 dfile 4-12 Diagnostics 6-11, 6-13 Diskless Cnodes C-1 Docmentation Contents 1-2 Conventions 1-5 Gide 1-6 Overview domainname(l) 3-19, 8-17 E Editing /etc/checklist Index /etc/exports 5-28 /etc/hosts 5-24 /etc/inetd.conf 5-19 /etc/netfsrc 5-34 /etc/netgrop 5-25 /etc/netgrops 8-12 /etc/netnfsrc 5-17 /sr/adm/inetd.sec 5-21 Environment Simlation 6-5 EREMOTE Errnos EREMOTE EST ALE Error Messages on command 6-5, 6-11 rexd 6-12 Escape Seqences 8-10 EST ALE /etc/checklist 5-1, 5-43 /etc/exports 5-1, 5-28 /etc/grop 8-28 /etc/hosts 5-24, 8-28 /etc/hosts.eqiv 6-8 /etc/hosts.eqiv 8-16, 8-29 /etc/inetd.conf 5-1, 5-19, /etc/netgrop 5-1, 5-25, 8-28 /etc/netgrops 8-12 /etc/netnfsrc 5-1, 5-17, 5-34 /etc/networks 8-28 /etc/passwd 8-30 /etc/protocols 8-28 /etc/rpc 5-8 /etc/services 8-28 Export File Systems 5-28 External Data Representation 2-11 F fcntl() 7-1 fg Mont Defalts 5-40 n

332 / ' ~) File Access A-2, 2-4, 3-6 Limiting , 5-28 Removing 5-48 File Locking A-2 File Names A-2 File Systems Atomatic Monts 5-43 Availability of Manal Monts 5-45 Monting of 5-37 Preventing Access 5-50 Removing Access 5-48 Unmont 5-48 Files NFS Configration 5-7 Flowchart Formats fpathconf A-8 G getac/(2) A-2 GIDs, Setting of 5-15 Global Maps 8-8 Grop Membership A-2 H Hard Monts 5-37, 5-40, 5-43, 5-45 $HOME/.rhosts 6-8, 8-16, 8-29 HP-UX Clsters C-1 I inetd(jm) 5-9, 5-19 Installation 4-1 Adding Compters 4-13 Configre Kernel 4-11 dfile 4-12 Preparing the System 4-5 Recompile Programs 4-14 Software 4-7 pdate 4-7 int Mont Defalts 5-40 L Local Maps 8-8 lockf() 7-1 Locking Protocol 7-4 Log Files 8-49 M Maintenance NFS 5-48 yp 8-40 makedbm(jm) 8-17 Manal Monts 5-45 Maps 2-15, 3-15 Global 8-8 Local 8-8 Maintenance 8-41 Manal Modifications 8-42 Modification 8-41 Non-standard 8-42, 8-51 Propagation 8-36 Master Server Changing of 8-46 Master Servers Atomatic Start 8-25 Configration 8-23 Manal Start 8-25 Secrity 8-23 MAX INPUT A-8 Memory 5-6 mkdnod A-3 Mont Defalts fg 5-40 hard 5-40 Index 3

333 int 5-40 port 5-41 retrans 5-41 retry 5-41 rsize 5-41 rw 5-41 setid 5-42 timeo 5-42 wsize 5-42 Mont Options bg 5-40 noato 5-40 noint 5-40 nosid 5-40 ro 5-41 soft 5-42 mont(lm) 5-45 montd(lm) 5-11 Monts N /etc/checklist 5-43 Atomatic 5-43 Gidelines 5-38 Hard 5-37, 5-40, 5-43, 5-45 Manal 5-45 Options 5-40 Soft 5-38, , 5-45 Wide Area Networks 5-42 NAME MAX A Named Pipes A-3, 2-5 Netgrops 5-25, 8-12 Network Lock Manager 2-12, , 7-4, 7-6 Network Memory 5-6 Network Stats Monitor 7-5 NFS Common Commands 3-6 Daemons 5-9 Servers 5-11 NFS Client ConfigratiOn ~-J4 NFS Clients 2-1 NFS Configration 5-1, 5-13 Clients 5-34 Clsters C-2 Edit /etc/checklist 5-43 Edit /etc/exports 5-28 Edit /etc/hosts 5-24 Edit /etc/inetd.conf 5-19 Edit /etc/netfsrc 5-34 Edit /etc/netgrop 5-25 Edit /etc/netnfsrc 5-17 Edit /sr/adm/inetd.sec 5-21 Files 5-7 Gidelines 5-6 Memory 5-6 Reboot System 5-33, 5-47 Secrity 5-19, 5-21 Servers 5-17 Set UIDs and GIDs 5-15 NFS Maintenance 5-48 Clock Skews 5-53 Clsters C-2 Remove NFS File Access Update Software 5-52 NFS Servers 2-1 Configration 5-17 Secrity 5-19, 5-21 NFS Services Overview 2-1, 2-3 NFS to RFA Changing Scripts B-4 NFS Trobleshooting 10-11, nfsd(lm) 5-9 noato Mont Options 5-40 noint Mont Options 5-40 Non-standard Maps 8-42 nosid Mont Options 5-40 NO TRUNC A-8 t) 5-48 n if) ) 4 Index

334 p pathconf A-8 _PC_CHOWN RESTRICTED A-8 _PC_LINK MAx A-8 _PC_MAX CANON A-8 _PC_PATil_MAX A-8 PC PIPE BUF A-8 =PC=VDisABLE A-8 PC NFS Servers 5-17, 5-34 pcnfsd(jm) 5-10 port Mont Defalts 5-41 portmap(jm) 5-10 Program Recompiling 4-14 Propagate Maps 8-36 R Reading Directories A-3 Reboot System 5-33, Recompile Programs 4-14 Remote Exection Facility 2-8, , 6-4, 6-6, 6-8, Remote File Access A-2, 2-4' 3-6 Limiting , 5-28 ' Removing 5-48 Remote Procedre Call 2-8, 7-1 Remote Services Setting Access to 5-21 Setting Maximm Nmber of 5-21 Remove NFS File Access 5-48 retrans Mont Defalts 5-41 retry Mont Defalts 5-41 RFA A-3 RFA throgh NFS B-7 ro Mont Options 5-41 Root Servers C-1 RPC Services /etc/inetd.conf Entries 5-20 /sr/adm/inetd.sec Entries 5-23 Activation of 5-19 Secrity 5-19, 5-23 RPCGEN 2-9 rpcinfo(jm) 3-9 rsize Mont Defalts 5-41 rstatd(jm) 5-11 rp(jm) 3-11 rsers(jm) 3-12 rsersd(jm) 5-11 rw Mont Defalts 5-41 rwalld(jm) 5-12 s Secrity 5-19, 5-21, 5-23 Considerations 6-9 Limitations 6-9 Master Servers 8-23 Servers montd(jm) 5-11 NFS 2-1, 5-11 PC NFS 5-17, 5-34 Preventing Access 5-50 rstatd(jm) 5-11 rsersd(jm) 5-11 rwalld(jm) 5-12 sprayd(jm) 5-12 Stateless 2-2 yp 2-15, 3-16 YP Masters 2-17, 3-18 YP Slaves 2-17, 3-18 setacl(2) A-3 settple(3) A-3 setid Mont Defalts 5-42 showmont(jm) 3-13 Slave Servers Atomatic Start 8-35 Configration 8-33 Manal Start 8-35 Soft Monts 5-38, , 5-45 Index 5

335 Software Installation 4-7 Software Update 5-52 sprayd(lm) 5-12 Stateless Servers 2-2 Sper-ser Permission A-4 System Time A-5 T timeo Mont Defalts 5-42 Trobleshooting 10-1 Clsters C-3 Configration 10-9 Errnos Error Messages llardvvare 10-9 Incorrect YP Maps Initial Steps 10-9, Initial YP Steps Mont Fails Network Commnication Network Problems 10-8 NFS 10-11, Performance Problems Programs Hang References 10-6 Restricted Access Server Not Responding Unsolved Problems VIlE 10-52, 10-54, 10-56, 10-58, 10-60, 10-62, yp 10-11, YP Clients ypbind(lm) ypserv(jm) UID, Setting of 5-15 mont(jm) 5-48 Unlinking A-6 Unmont File Systems 5-48 pdate 4-7, 5-52 /sr/adm/inetd.sec 5-8, 5-21, 6-9 /sr/etc/rpc.rexd 6-7 /sr/spool/rexd 6-5 v VIlE Advanced Usage Alternate Mont Points 9-21 altlogin Login 9-18 monter Login 9-18 Using VHE for Mail 9-21 VIlE Configration 9-3 /etc/exports 9-10 /etc/passwd 9-3, 9-9 /etc/vhe list 9-3, 9-6 Monts- in Backgrond 9-15 Overvievv 9-2 Refinements 9-15 Using YP 9-4 vhe monter 9-11 VIlE-Maintenance 9-16 Adding or Deleting Nodes 9-17 Unmonting File Systems 9-16 Virtal llome Environment Advanced Usage , 9-21 Advantages 2-18 Concepts Configration 9-3 Disadvantages 2-20 Maintenance 9-16 Overvievv 2-18, 9-1 Trobleshooting 10-52, 10-54, 10-56, 10-58, 10-60, 10-62, Index

336 / ' ~) w Wide Area Network Monts 5-42 wsize Mont Defalts 5-42 y Yell ow Pages 2-12 Advantages 2-13 Clients 3-16 Commands 3-19 Concepts 2-14 Configration 8-21 Databases 8-7 Disabling of 8-40 Disadvantages 2-13 Domains 2-16, 3-16 Escape Seqences 8-10 Log Files 8-49 Maps 2-15, 3-15, 8-8 Masters 2-17, 3-18 Overview 3-15 Servers 3-16 Slaves 2-17, 3-18 Strctre 2-14 Trobleshooting 10-11, Verification of 8-39 YP Clients 2-15 Alteration of 8-28 Atomatic Start 8-32 Configration 8-27 Manal Start 8-32 Trobleshooting YP Configration 8-21 $HOME/.rhosts 8-29 /etc/grop 8-28 /etc/hosts 8-28 /etc/hosts.eqiv 8-29 /etc/netgrop 8-28 /etc/networks 8-28 /etc/passwd 8-30 /etc/protocols 8-28 /etc/services 8-28 Clients 8-27 Clsters C-3 Master Servers 8-23 Propagate Maps 8-36 Slave Server 8-33 YP Domains 2-16, 3-16 YP Maintenance 8-40 Add New Users 8-45 Adding Servers 8-45 Changing Master Servers 8-46 Log Files 8-49 Manal Modification to Maps 8-42 Master Servers 8-46 Modify YP Maps 8-41 Non-standard Maps 8-51 Password 8-47 YP Password , 8-47 YP Servers 2-15 Adding of 8-45 Maintenance 8-45 ypbind(jm) 8-17 ypcat(l) 3-20, 8-17 ypinit(jm) 8-19 ypmake(jm) 8-19 ypmatch(l) 3-21, 8-19 yppasswd(l) A-7, , 8-19, 8-47 yppasswdd(im) 8-19 yppoll(im) 8-19 yppsh(jm) 8-20, 8-38 ypserv(jm) 8-20 ypset(im) 8-20 ypwhich(l) 3-24 ypxfr(jm) 8-20, 8-36, 8-38 Index 7

337 () / n 8 Index

338 Reader Comment Card I r--', ' HP 9000 Series 300 Using and Administering NFS Services , E0189 We welcome yor evalation of this manal. Yor comments and sggestions will help s improve or pblications. Please tear this card ot and mail it in. Use and attach additional pages if necessary. Please circle the following Yes or No: Is this manal well organized? Yes No Is the information technically accrate? Yes No Are instrctions complete? Yes No Are concepts and wording easy to nderstand? Yes No Are examples and pictres helpfl? Yes No Are there enogh examples and pictres? Yes No Comments: Name: Title: Company:. Address: City & State: Zip: FJ/OW. HEWLETT a!~ PACKARD Printed in USA

339 I IIIII BUSINESS REPLY MAIL FIRST CLASS PERMIT NO. 37 LOVELAND,CO POSTAGE WILL BE PAID BY ADDRESSEE NO POSTAGE NECESSARY IF MAILED IN THE UNITED STATES Hewlett-Packard Company Colorado Networks Division 3404 East Harmony Road Fort Collins, CO ATTN: User Information Development Department \...,./ Fold Here Tape Please do not staple Tape

340 Ff/;. HEWLETT ~~PACKARD ~-~~~ber l\ll\l\ll\l\lll\l\ll\lll\\l\ll\1\ll\1\ll\\lll\\lll\\ll\l\l\l\\ll\ Printed in U.S.A. E