[OpenAFS-devel] Solaris afs.rc file damage

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 10 Apr 2007 21:10:46 -0400 

On Tuesday, April 10, 2007 11:56:45 AM -0400 Dean Anderson <dean@av8.com> 
wrote:

> On Mon, 9 Apr 2007, Robert Banz wrote:
>
>>
>> One could go to the OpenSolaris folks and see if you can't get AFS
>> officially allocated a syscall table entry that can be published in
>> name_to_sysnum in future versions.
>
> I'll see if I can't make the contacts to do this. I have some other
> kernel stuff (RFC1788, RFC4620 support) I'm hoping to get into solaris.

We have the contacts to do this; we just haven't done anything about it. 
Unfortunately, part of the problem is that Sun doesn't consider the 
user/kernel boundary to be a committed interface.  The committed interface 
is the ABI between applications and the syscall stubs in libc; your libc 
must match your kernel, and cross-version compatibility is present only for 
dynamically-linked programs.



> [I'm not convinced a reboot is really necessary] Looking at the solaris
> source, I can see that there is a modctl MODREADSYSBIND to read the
> name_to_sysnum file. Unfortunately, I don't see any scriptable utility
> in the solaris distribution to do this...a utility program will be
> necessary.  There are some other alternatives: maybe modload should
> always do MODREADSYSBIND before loading a module.  The kernel could also
> do this all entirely by itself, just by stat'ing the file to see if it
> needs to be re-read when searching for a free syscall entry, which
> checking only happens if the name isn't found.

Hrm.  Doing that to a running system seems really dangerous, and having the 
kernel do so automagically especially so.


> What to do with the other systems?  Do they really need reboots?  POSIX
> extension for probing syscalls?

It really is necessary to reboot when package tells you to, because that 
only happens when package updates a file which appears in its configuration 
with the flag that means "reboot if you update this file".  If that's what 
the admin who wrote the package.proto wants, then the configuration should 
be obeyed.  If you don't ever want package to trigger a reboot, just don't 
use the 'Q' flag.


As for your pontification on why automatic reboots are a bad idea, please 
try to remember that there are as many ways to manage a large distributed 
computing enviroment as there are large distributed computing environments. 
Your believe that automatic reboots during startup are dangerous does not 
mean that they cannot be used as part of a robust, successful 
infrastructure for managing large numbers of systems without large numbers 
of sysadmins.  As proof, I offer the example of the Andrew system, which 
has used that approach since at least the late 1980's with great success.

-- Jeff