[OpenAFS] Re: fileserver user CPS duration
Kim
dhk@ccreinc.com
Fri, 30 Aug 2013 10:16:12 -0500 (CDT)
------=_Part_695_4469486.1377875772847
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The fileserver has an argument that allows this to be set to a
number of hours. The default is 2 (or at least was.)
The argument is:
[-hr <number of hours between refreshing the host cps>]
-bash-4.1$ strings /usr/afs/bin/fileserver | grep built
@(#) OpenAFS 1.6.5 built 2013-08-22
-bash-4.1$ /usr/afs/bin/fileserver -h
Usage: fileserver [-auditlog <log path>] [-audit-interface
<file|sysvmq> (default is file)] [-d <debug level>] [-p <number of
processes>] [-spare <number of spare blocks>] [-pctspare
<percentage spare>] [-b <buffers>] [-l <large vnodes>] [-s <small
vnodes>] [-vc <volume cachesize>] [-w <call back wait interval>]
[-cb <number of call backs>] [-banner (print banner every 10
minutes)] [-novbc (whole volume cbs disabled)] [-implicit <admin
mode bits: rlidwka>] [-readonly (read-only file server)] [-hr
<number of hours between refreshing the host cps>] [-busyat
<redirect clients when queue > n>] [-nobusy <no VBUSY before a
volume is attached>] [-rxpck <number of rx extra packets>] [-rxdbg
(enable rx debugging)] [-rxdbge (enable rxevent debugging)]
[-rxmaxmtu <bytes>] [-rxbind (bind the Rx socket to one address)]
[-allow-dotted-principals (disable the rxkad principal name dot
check)] [-vhandle-setaside (fds reserved for non-cache io [default
128])] [-vhandle-max-cachesize (max open files [default 128])]
[-vhandle-initial-cachesize (fds reserved for cache io [default
128])] [-vattachpar <number of volume attach threads> (default is
1)] [-L (large server conf)] [-S (small server conf)] [-k <stack
size>] [-realm <Kerberos realm name>] [-udpsize <size of socket
buffer in bytes>] [-sendsize <size of send buffer in bytes>]
[-abortthreshold <abort threshold>] [-nojumbo (disable jumbogram
network packets - deprecated)] [-jumbo (enable jumbogram network
packets)] [-sync <always | delayed | onclose | never>][-help]
On Fri Aug 30 09:39:45 CDT 2013, Andrew Deason
<adeason@sinenomine.net> wrote:
> On Fri, 30 Aug 2013 09:16:02 -0400 (EDT)
> stephen@physics.unc.edu wrote:
>
>> I don't see an obvious positive answer to this, but is there any
>> way
>> to change the duration of the fileserver's CPS for users?
>
> No. There is no frequency/duration to change, since we do not
> touch the
> client CPS after the connection has been established.
>
> For anyone reading that doesn't know what "CPS" means, look up
> "Current
> Protection Subdomain". It's basically the list of group ids a
> user is
> in, so you need to recalculate CPS to reflect a change in group
> membership.
>
>> It seems that the ability to shorten this from the token
>> lifetime to a
>> shorter, but still reasonable value -- a few hours -- would be a
>> good
>> idea, at least for fileservers and ptservers that aren't
>> overloaded.
>
> I'm not sure why you want to do this. I believe the design behind
> this
> was to emulate standard unix group calculation; your groups are
> assigned
> when you login, and if you want group changes to take effect, you
> logout
> and login again. (or with AFS, you can just re-aklog)
>
> You can, of course, just lower the maximum token lifetime. Or,
> you can
> trigger it manually. You should be able to manually recalculate
> CPS in
> 1.6.6 by running a command, if you want to trigger it based on an
> event
> (e.g. revoking someone's rights).
>
> -- Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
------=_Part_695_4469486.1377875772847--