[OpenAFS] Re: fileserver user CPS duration

Kim dhk@ccreinc.com
Fri, 30 Aug 2013 10:16:12 -0500 (CDT)

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

The fileserver has an argument that allows this to be set to a 
number of hours.  The default is 2 (or at least was.)

The argument is:
[-hr <number of hours between refreshing the host cps>]

-bash-4.1$ strings /usr/afs/bin/fileserver  | grep built
@(#) OpenAFS 1.6.5 built  2013-08-22
-bash-4.1$ /usr/afs/bin/fileserver  -h
Usage: fileserver [-auditlog <log path>] [-audit-interface 
<file|sysvmq> (default is file)] [-d <debug level>] [-p <number of 
processes>] [-spare <number of spare blocks>] [-pctspare 
<percentage spare>] [-b <buffers>] [-l <large vnodes>] [-s <small 
vnodes>] [-vc <volume cachesize>] [-w <call back wait interval>] 
[-cb <number of call backs>] [-banner (print banner every 10 
minutes)] [-novbc (whole volume cbs disabled)] [-implicit <admin 
mode bits: rlidwka>] [-readonly (read-only file server)] [-hr 
<number of hours between refreshing the host cps>] [-busyat 
<redirect clients when queue > n>] [-nobusy <no VBUSY before a 
volume is attached>] [-rxpck <number of rx extra packets>] [-rxdbg 
(enable rx debugging)] [-rxdbge (enable rxevent debugging)] 
[-rxmaxmtu <bytes>] [-rxbind (bind the Rx socket to one address)] 
[-allow-dotted-principals (disable the rxkad principal name dot 
check)] [-vhandle-setaside (fds reserved for non-cache io [default 
128])] [-vhandle-max-cachesize (max open files [default 128])] 
[-vhandle-initial-cachesize (fds reserved for cache io [default 
128])] [-vattachpar <number of volume attach threads> (default is 
1)] [-L (large server conf)] [-S (small server conf)] [-k <stack 
size>] [-realm <Kerberos realm name>] [-udpsize <size of socket 
buffer in bytes>] [-sendsize <size of send buffer in bytes>] 
[-abortthreshold <abort threshold>] [-nojumbo (disable jumbogram 
network packets - deprecated)] [-jumbo (enable jumbogram network 
packets)] [-sync <always | delayed | onclose | never>][-help]

On Fri Aug 30 09:39:45 CDT 2013, Andrew Deason 
<adeason@sinenomine.net> wrote:

> On Fri, 30 Aug 2013 09:16:02 -0400 (EDT)
> stephen@physics.unc.edu wrote:
>> I don't see an obvious positive answer to this, but is there any 
>> way
>> to change the duration of the fileserver's CPS for users?
> No. There is no frequency/duration to change, since we do not 
> touch the
> client CPS after the connection has been established.
> For anyone reading that doesn't know what "CPS" means, look up 
> "Current
> Protection Subdomain". It's basically the list of group ids a 
> user is
> in, so you need to recalculate CPS to reflect a change in group
> membership.
>> It seems that the ability to shorten this from the token 
>> lifetime to a
>> shorter, but still reasonable value -- a few hours -- would be a 
>> good
>> idea, at least for fileservers and ptservers that aren't 
>> overloaded.
> I'm not sure why you want to do this. I believe the design behind 
> this
> was to emulate standard unix group calculation; your groups are 
> assigned
> when you login, and if you want group changes to take effect, you 
> logout
> and login again. (or with AFS, you can just re-aklog)
> You can, of course, just lower the maximum token lifetime. Or, 
> you can
> trigger it manually. You should be able to manually recalculate 
> CPS in
> 1.6.6 by running a command, if you want to trigger it based on an 
> event
> (e.g. revoking someone's rights).
> -- Andrew Deason
> adeason@sinenomine.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info