From: Jeffrey Altman Date: Mon, 30 Jul 2012 04:43:01 +0000 (-0400) Subject: doc: Remove USA vs International from AdminGuide X-Git-Tag: upstream/1.8.0_pre1^2~2131 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=da9f42d044725ae128feffcfbeaab67b31aaab44;p=packages%2Fo%2Fopenafs.git doc: Remove USA vs International from AdminGuide OpenAFS does not have separate distributions for the United States and the rest of the world. Nor are there any restrictions on the capabilities of the Update Server. Change-Id: I834d86764bb3d8df4cce62b9cbaa33bff455bc30 Reviewed-on: http://gerrit.openafs.org/7902 Tested-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Derrick Brashear --- diff --git a/doc/xml/AdminGuide/auagd007.xml b/doc/xml/AdminGuide/auagd007.xml index b37f9a5c2..97308031a 100644 --- a/doc/xml/AdminGuide/auagd007.xml +++ b/doc/xml/AdminGuide/auagd007.xml @@ -2192,12 +2192,8 @@ The single system control machine distributes common server configuration files to all other - server machines in the cell, in a cell that runs the United - States edition of AFS (cells that use the international edition - of AFS must not use the system control machine for this - purpose). The machine conventionally also serves as the time - synchronization source for the cell, adjusting its clock - according to a time source outside the cell. + server machines in the cell. + @@ -4505,7 +4501,7 @@ - In addition, the United States edition of the Update Server + In addition, the Update Server encrypts sensitive information (such as the contents of KeyFile) when distributing it. Other commands in the bos suite and the commands diff --git a/doc/xml/AdminGuide/auagd008.xml b/doc/xml/AdminGuide/auagd008.xml index 2738f1ec9..21ccc5b18 100644 --- a/doc/xml/AdminGuide/auagd008.xml +++ b/doc/xml/AdminGuide/auagd008.xml @@ -884,23 +884,12 @@ - Cells that run the United States edition of AFS conventionally use the Update Server to distribute a common + Cells conventionally use the Update Server to distribute a common version of each file from the cell's system control machine to other server machines (for more on the system control machine, see The System Control Machine). Run the Update Server's server portion on the system control machine, and the client portion on all other server machines. Update the files on the system control machine only, except as directed by instructions for dealing with emergencies. - - - Cells that run the international edition of AFS must not use the Update Server to distribute the contents of the - /usr/afs/etc directory. Due to United States government regulations, the data - encryption routines that AFS uses to protect the files in this directory as they cross the network are not available to - the Update Server in the international edition of AFS. You must instead update the files on each server machine - individually, taking extra care to issue exactly the same bos command for each machine. - The necessary data encryption routines are available to the bos commands, so - information is safe as it crosses the network from the machine where the bos command is - issued to the server machines. - Never directly edit any of the files in the /usr/afs/etc directory, except as directed @@ -1772,9 +1761,7 @@ The single system control machine distributes common server configuration files to all other - server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international - edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the - time synchronization source for the cell, adjusting its clock according to a time source outside the cell. + server machines in the cell. @@ -1825,8 +1812,8 @@ - A client portion of the Update Server that picks up common configuration files from the system control machine, in - cells running the United States edition of AFS (the upclientetc process) + A client portion of the Update Server that picks up common configuration files from the system control machine + (the upclientetc process) @@ -1987,20 +1974,12 @@ The System Control Machine - In cells that run the United States edition of AFS, the system control machine stores and + The system control machine stores and distributes system configuration files shared by all of the server machines in the cell. Each file server machine keeps its own copy of the configuration files on its local disk, by convention in the /usr/afs/etc directory. For consistent system performance, however, all server machines must use the same files. The easiest way to keep the files consistent is to have the system control machine distribute them. You make changes only to the copy stored on the - system control machine, as directed by the instructions in this document. The United States edition of AFS is available to - cells in the United States and Canada and to selected institutions in other countries, as determined by United States - government regulations. - - Cells that run the international version of AFS do not use the system control machine to distribute system configuration - files. Some of the files contain information that is too sensitive to cross the network unencrypted, and United States - government regulations forbid the export of the necessary encryption routines in the form that the Update Server uses. You - must instead update the configuration files on each file server machine individually. The bos - commands that you use to update the files encrypt the information using an exportable form of the encryption routines. + system control machine, as directed by the instructions in this document. For a list of the configuration files stored in the /usr/afs/etc directory, see Common Configuration Files in the /usr/afs/etc Directory. @@ -2028,8 +2007,8 @@ - The server portion of the Update Server (upserver) process, in cells using the - United States edition of AFS. The client portion of the Update Server (upclientetc + The server portion of the Update Server (upserver) process + The client portion of the Update Server (upclientetc process) runs on the other server machines and references the system control machine. @@ -2232,7 +2211,7 @@ Command 1 is '/usr/afs/bin/upclient fs7.example.com -t 60 /usr/afs/bin' - If you run the United States edition of AFS, a simple file server machine also runs the A simple file server machine also runs the upclientetc process, so the output includes a message like the following. It indicates that fs1.example.com is the system control machine. @@ -2245,7 +2224,7 @@ The Output on the System Control Machine - If you run the United States edition of AFS and have issued the bos status command + If you have issued the bos status command for the system control machine, the output includes an entry for the upserver process similar to the following: @@ -2455,10 +2434,10 @@ a coordinator in each of several subgroups of machines, because the Ubik processes on various machines do not agree on which machines need to participate in the quorum. - If you run the United States version of AFS and use the Update Server, it is simplest to maintain the If you use the Update Server, it is simplest to maintain the /usr/afs/etc/CellServDB file on the system control machine, which distributes its copy to all other server machines. The OpenAFS Quick Beginnings explains how to configure the Update Server. - If you run the international version of AFS, you must update the file on each machine individually. + The only reason to alter the file is when configuring or decommissioning a database server machine. Use the appropriate bos commands rather than editing the file by hand. For instructions, see @@ -3896,12 +3875,9 @@ context. This section explains how to distribute the file to your server machines and how to make other cells aware of the changes if you participate in the AFS global name space. - If you use the United States edition of AFS, use the Update Server to distribute the central copy of the server - CellServDB file stored on the cell's system control machine. If you use the international - edition of AFS, instead change the file on each server machine individually. For further discussion of the system control - machine and why international cells must not use it for files in the /usr/afs/etc directory, - see The System Control Machine. For instructions on configuring the Update Server when using - the United States version of AFS, see the OpenAFS Quick Beginnings. + If you use the Update Server to distribute the central copy of the server + CellServDB file stored on the cell's system control machine. + For instructions on configuring the Update Server, see the OpenAFS Quick Beginnings. To avoid formatting errors that can cause errors, always use the bos addhost and bos removehost commands, rather than editing the file directly. You must also restart the @@ -4111,11 +4087,10 @@ Issue the bos addhost command to add each new database server machine to the - CellServDB file. If you use the United States edition of AFS, specify the system control + CellServDB file. Specify the system control machine as machine name. (If you have forgotten which machine is the system control machine, see - The Output on the System Control Machine.) If you use the international edition of AFS, - repeat the command on each or your cell's server machines in turn by substituting its name for machine - name. + The Output on the System Control Machine.) + % bos addhost <machine name> <host name>+ @@ -4132,8 +4107,7 @@ machine name - Names the system control machine, if you are using the United States edition of AFS. If you are using the - international edition of AFS, it names each of your server machines in turn. + Names the system control machine @@ -4266,11 +4240,10 @@ Issue the bos removehost command to remove each database server machine from the - CellServDB file. If you use the United States edition of AFS, specify the system control + CellServDB file. Specify the system control machine as machine name. (If you have forgotten which machine is the system control machine, see - The Output on the System Control Machine.) If you use the international edition of AFS, - repeat the command on each or your cell's server machines in turn by substituting its name for machine - name. + The Output on the System Control Machine.) + % bos removehost <machine name> <host name>+ @@ -4287,8 +4260,7 @@ machine name - Names the system control machine, if you are using the United States edition of AFS. If you are using the - international edition of AFS, it names each of your server machines in turn. + Names the system control machine. @@ -5381,7 +5353,7 @@ If the machine is a database server machine, edit its entry in the /usr/afs/etc/CellServDB file on every server machine in the cell to list one of the new IP - addresses. If you use the United States edition of AFS, you can edit the file on the system control machine and wait the + addresses. You can edit the file on the system control machine and wait the required time (by default, five minutes) for the Update Server to distribute the changed file to all server machines. diff --git a/doc/xml/AdminGuide/auagd009.xml b/doc/xml/AdminGuide/auagd009.xml index f04472bde..7b0756207 100644 --- a/doc/xml/AdminGuide/auagd009.xml +++ b/doc/xml/AdminGuide/auagd009.xml @@ -583,7 +583,7 @@ role="bold">upserver process is the server portion of the Update Server. Its function depends on which edition of AFS you use: - With both the United States and international editions, it runs on the binary distribution machine of each system + It runs on the binary distribution machine of each system type you use as a server machine, distributing the contents of each one's /usr/afs/bin directory to the other server machines of that type. This guarantees that all machines have the same version of AFS binaries. (For a list of the binaries, see Binaries in the /usr/afs/bin @@ -591,7 +591,7 @@ - In you use the United States edition of AFS, it also runs on the cell's system control machine, distributing the + It also runs on the cell's system control machine, distributing the contents of its /usr/afs/etc directory to all the other server machines in order to synchronize the configuration files stored in that directory. (For a list of the configuration files, see Common Configuration Files in the /usr/afs/etc Directory.) @@ -608,7 +608,7 @@ - If you use the United States edition of AFS, another instance of the process runs on every server machine except + Another instance of the process runs on every server machine except the system control machine. It references the system control machine as the source for updates to the common configuration files in the /usr/afs/etc directory. The conventional process name to assign is upclientetc. @@ -993,18 +993,12 @@ of the Update Server client portion (by convention called upclientbin) that references the binary distribution machine. - If you run the United States edition of AFS, it is conventional for the first server machine you install to act as the + It is conventional for the first server machine you install to act as the system control machine, running the server portion of the Update Server (upserver process) to distribute the contents of its /usr/afs/etc directory. All other server machines run an instance of the Update Server client portion (by convention called upclientetc) that references the system control machine. - - If you are using the international edition of AFS, do not use the Update Server to distribute the contents of the - /usr/afs/etc directory (you do not run a system control machine). Ignore all references to - the process in this chapter. - - It is simplest not to move binary distribution or system control responsibilities to a different machine unless you completely decommission a machine that is currently serving in one of those roles. Running the Update Server usually imposes very little processing load. If you must move the functionality, perform the following related tasks. diff --git a/doc/xml/AdminGuide/auagd014.xml b/doc/xml/AdminGuide/auagd014.xml index aee9d1b38..961181a28 100644 --- a/doc/xml/AdminGuide/auagd014.xml +++ b/doc/xml/AdminGuide/auagd014.xml @@ -253,8 +253,8 @@ In addition to using server encryption keys when communicating with clients, the server processes use them to protect communications with other server processes. Therefore, all server machines in your cell must have the same - version of the KeyFile file. The easiest way to maintain consistency (if you run the - United States edition of AFS) is to use the Update Server to distribute the contents of the system control machine's + version of the KeyFile file. The easiest way to maintain consistency + is to use the Update Server to distribute the contents of the system control machine's /usr/afs/etc directory to all of the other server machines. There are two implications: @@ -285,13 +285,6 @@ - - If you run the international edition of AFS, do not use the Update Server to distribute the contents of the - /usr/afs/etc directory, particularly the KeyFile file. - The data in the file is too sensitive for transfer in unencrypted form, and because of United States government exports - regulations the international edition of AFS does not include the necessary encryption routines in a form that the - Update Server can use. You must instead modify the file on each server machine individually, taking care to enter the - same key on every server machine. @@ -713,14 +706,11 @@ Issue the bos addkey command to create a new AFS server encryption key in the KeyFile file. - If you run the United States edition of AFS and use the Update Server to distribute the contents of the system + If you use the Update Server to distribute the contents of the system control machine's /usr/afs/etc directory, substitute the system control machine for the machine name argument. (If you have forgotten which machine is the system control machine, see To locate the system control machine.) - If you run the international edition of AFS or do not use the Update Server, repeat the bos - addkey command, substituting each server machine in your cell for the machine name argument in turn. - To avoid visible echoing of the string that corresponds to the new key, omit the -key argument from the command line; instead enter the string at the prompts that appear when you omit it, as shown in the following syntax specification. @@ -755,8 +745,7 @@ Specifies the new key's key version number as an integer from the range 0 (zero) through 255. - Remember the number. You need to use it again in Step 6. If you are using the - international edition of AFS, be sure to type the same number each time you issue this command. + Remember the number. You need to use it again in Step 6. @@ -766,8 +755,7 @@ Is a character string similar to a user password, of any length from one to about 1,000 characters. To improve security, include nonalphabetic characters and make the string as long as is practical (you need to type - it only in this step and in Step 6). If you are using the international edition of - AFS, be sure to type the same string each time you issue this command. + it only in this step and in Step 6). Do not enter an octal string directly. The BOS Server scrambles the character string into an octal string appropriate for use as an encryption key before recording it in the KeyFile @@ -1006,14 +994,11 @@ Issue the bos removekey command to remove one or more server encryption keys from the KeyFile file. - If you run the United States edition of AFS and use the Update Server to distribute the contents of the system + If you use the Update Server to distribute the contents of the system control machine's /usr/afs/etc directory, substitute the system control machine for the machine name argument. (If you have forgotten which machine is the system control machine, see To locate the system control machine.) - If you run the international edition of AFS or do not use the Update Server, repeat the bos - removekey command, substituting each server machine in your cell for the machine name argument in turn. - % bos removekey <machine name> <key version number> @@ -1173,7 +1158,7 @@ system control machine first. If the Update Server is working, then it is distributing the same change as you are making on each server machine individually. - If your cell does not use the Update Server, or uses the international edition of AFS, you always change keys on server + If your cell does not use the Update Server or you always change keys on server machines individually. The following instructions are also appropriate for you. diff --git a/doc/xml/AdminGuide/auagd021.xml b/doc/xml/AdminGuide/auagd021.xml index c98484350..3caa79ba5 100644 --- a/doc/xml/AdminGuide/auagd021.xml +++ b/doc/xml/AdminGuide/auagd021.xml @@ -713,14 +713,11 @@ as distributor of UserList file - If your cell runs the United States edition of AFS and uses the Update Server to distribute the contents of the system + If your cell uses the Update Server to distribute the contents of the system control machine's /usr/afs/etc directory, then edit only the copy of the UserList file stored on the system control machine. If you have forgotten which machine is the system control machine, see The Four Roles for File Server Machines. - If your cell runs the international edition of AFS, or does not use a system control machine, then you must edit the - UserList file on each server machine individually. - To avoid making formatting errors that can result in performance problems, never edit the UserList file directly. Instead, use the bos adduser or bos removeuser commands as described in this section. @@ -830,12 +827,9 @@ Names the system control machine if you use the Update Server to distribute the contents of the /usr/afs/etc directory (possible only in cells running the United States edition of AFS). + role="bold">/usr/afs/etc directory. By default, it can take up to five minutes for the Update Server to distribute the changes, so newly added users must wait that long before attempting to issue privileged commands. - - If you are running the international edition of AFS, or do not use the Update Server, repeat the command, - substituting the name of each AFS server machine for machine name in turn. @@ -909,12 +903,9 @@ Names the system control machine if you use the Update Server to distribute the contents of the /usr/afs/etc directory (possible only in cells running the United States edition of AFS). + role="bold">/usr/afs/etc directory. By default, it can take up to five minutes for the Update Server to distribute the change, so newly removed users can continue to issue privileged commands during that time. - - If you are running the international edition of AFS, or do not use the Update Server, repeat the command, - substituting the name of each AFS server machine for machine name in turn.