This section briefly describes the different server processes that can run on an AFS server machine. In cells with multiple server machines, not all processes necessarily run on all machines.
An AFS server process is referred to in one of three ways, depending on the context:
The output from the bos status command refers to a process by the name assigned when the bos create command creates its entry in the /usr/afs/local/BosConfig file. The name can differ from machine to machine, but it is easiest to maintain the cell if you assign the same name on all machines. The OpenAFS Quick Beginnings and the reference page for the bos create command list the conventional names. Examples are bosserver, kaserver, and vlserver.
The process listing produced by the standard ps command generally matches the process's binary file. Examples of process binary files are /usr/afs/bin/bosserver, /usr/afs/bin/kaserver, and /usr/afs/bin/vlserver.
In most contexts, including most references in the documentation, a process is referred to as (for example) the Basic OverSeer (BOS) Server, the Authentication Server, or the Volume Location Server.
The following sections specify each name for the process as well as some of the administrative tasks in which you use the process. For a more general description of the servers, see AFS Server Processes and the Cache Manager.
The bosserver process, which runs on every AFS server machine, is the Basic OverSeer (BOS) Server responsible for monitoring the other AFS server processes running on its machine. If a process fails, the BOS Server can restart it automatically, without human intervention. It takes interdependencies into account when restarting a process that has multiple component processes (such as the fs process described in The fs Collection of Processes: the File Server, Volume Server and Salvager).
Because the BOS Server does not monitor or restart itself, it does not appear in the output from the bos status command. It appears in the ps command's output as
/usr/afs/bin/bosserver
.
As a system administrator, you contact the BOS Server when you issue bos commands to perform the following kinds of tasks.
Defining the processes for the BOS Server to monitor by creating entries in the /usr/afs/local/BosConfig file as described in Controlling and Checking Process Status
Stopping and starting processes on the file server machines according to subsequent instructions in this chapter
Defining your cell's database server machines in the /usr/afs/etc/CellServDB file as described in Maintaining the Server CellServDB File
Defining AFS server encryption keys in the /usr/afs/etc/KeyFile file as described in Managing Server Encryption Keys.
Granting system administrator privileges with respect to BOS Server, Volume Server, and Backup Server operations, by adding a user to the /usr/afs/etc/UserList file as described in Administering the UserList File
Setting authorization checking requirements on a server machine as described in Managing Authentication and Authorization Requirements
The buserver process, which runs on database server machines, is the Backup Server. It maintains information about Backup System configuration and operations in the Backup Database.
The process appears as buserver
in the bos status
command's output, if the conventional name is assigned. It appears in the ps command's output
as /usr/afs/bin/buserver
.
As a system administrator, you contact the Backup Server when you issue any backup command that manipulates information in the Backup Database, including those that change Backup System configuration information, that dump data from volumes to permanent storage, or that restore data to AFS. See Configuring the AFS Backup System and Backing Up and Restoring AFS Data.
The fs process, which runs on every file server machine, combines three component processes: File Server, Volume Server and Salvager. The three components perform independent functions, but are controlled as a single process for the following reasons.
They all operate on the same data, namely files and directories stored in AFS volumes. Combining them as a single process enables them to coordinate their actions, never attempting simultaneous operations on the same data that can possibly corrupt it.
It enables the BOS Server to stop and restart the processes in the required order. When the File Server fails, the BOS Server stops the Volume Server and runs the Salvager to correct any corruption that resulted from the failure. (The Salvager runs only in this special circumstance or when you invoke it yourself by issuing the bos salvage command as instructed in Salvaging Volumes.) If only the Volume Server fails, the BOS Server can restart it without affecting the File Server or Salvager.
The File Server component handles AFS data at the level of files and directories, manipulating file system elements as requested by application programs and the standard operating system commands. Its main duty is to deliver requested files to client machines and store them again on the server machine when the client is finished. It also maintains status and protection information about each file and directory. It runs continuously during normal operation.
The Volume Server component handles AFS data at the level of complete volumes rather than files and directories. In response to vos commands, it creates, removes, moves, dumps and restores entire volumes, among other actions. It runs continuously during normal operation.
The Salvager component runs only after the failure of one of the other two processes. It checks the file system for internal consistency and repairs any errors it finds.
The process appears as fs
in the bos status command's
output, if the conventional name is assigned. An auxiliary message reports the status of the File Server or Salvager
component. See Displaying Process Status and Information from the BosConfig File.
The component processes of the fs process appear individually in the ps command's output, as follows. There is no entry for the fs
process
itself.
/usr/afs/bin/fileserver
/usr/afs/bin/volserver
/usr/afs/bin/salvager
The Cache Manager contacts the File Server component on your behalf whenever you access data or status information in an AFS file or directory or issue file manipulation commands such as the UNIX cp and ls commands. You can contact the File Server directly by issuing fs commands that perform the following functions
Administering the ACL of any directory in the file system as described in Managing Access Control Lists
Installing new partitions for housing AFS volumes, in which case you must restart the fs process for it to recognize the new partition; for instructions, see Adding or Removing Disks and Partitions
Creating and deleting volume mount points in the AFS filespace as described in Mounting Volumes
Setting volume quota and displaying information about the space used and available in a volume or partition as described in Setting and Displaying Volume Quota and Current Size
You contact the Volume Server component when you issue vos commands that manipulate volumes in any way--creating, removing, replicating, moving, renaming, converting to different formats, and salvaging. For instructions, see Managing Volumes.
The Salvager normally runs automatically in case of a failure. You can also start it with the bos salvage command as described in Salvaging Volumes.
The kaserver process, which runs on database server machines, is the Authentication Server responsible for several aspects of AFS security. It verifies AFS user identity by requiring a password. It maintains all AFS server encryption keys and user passwords in the Authentication Database. The Authentication Server's Ticket Granting Service (TGS) module creates the shared secrets that AFS client and server processes use when establishing secure connections.
The process appears as kaserver
in the bos status
command's output, if the conventional name is assigned. The ka string stands for
Kerberos Authentication, reflecting the fact that AFS's authentication protocols are based on Kerberos,
which was originally developed at the Massachusetts Institute of Technology's Project Athena.
It appears in the ps command's output as
/usr/afs/bin/kaserver
.
As a system administrator, you contact the Authentication Server when you issue kas commands to perform the following kinds of tasks.
Setting a user's password. Users normally change their own passwords, so you probably perform this task only creating a new user account as described in Creating AFS User Accounts and Changing AFS Passwords.
Setting the AFS server encryption key in the Authentication Database, which the TGS uses to seal server tickets; see Managing Server Encryption Keys.
Granting or revoking system administrator privileges with respect to the Authentication Server as described in Granting Privilege for kas Commands: the ADMIN Flag.
The ptserver process, which runs on database server machines, is the Protection Server. Its main responsibility is maintaining the Protection Database which contains user, machine, and group entries. The Protection Server allocates AFS IDs and maintains the mapping between them and names. The File Server consults the Protection Server when verifying that a user is authorized to perform a requested action.
The process appears as ptserver
in the bos status
command's output, if the conventional name is assigned. It appears in the ps command's output
as /usr/afs/bin/ptserver
.
As a system administrator, you contact the Protection Server when you issue pts commands to perform the following kinds of tasks.
Creating a new user, machine, or group entry in the Protection Database as described in Administering the Protection Database
Adding or removing group members or otherwise manipulating Protection Database entries as described in Administering the Protection Database
Granting or revoking system administrator privilege by changing the membership of the system:administrators group as described in Administering the system:administrators Group
The Update Server has two separate parts, each of which runs on a different type of server machine. The upserver process is the server portion of the Update Server. Its function depends on which edition of AFS you use:
It runs on the binary distribution machine of each system type you use as a server machine, distributing the contents of each one's /usr/afs/bin directory to the other server machines of that type. This guarantees that all machines have the same version of AFS binaries. (For a list of the binaries, see Binaries in the /usr/afs/bin Directory.)
It also runs on the cell's system control machine, distributing the contents of its /usr/afs/etc directory to all the other server machines in order to synchronize the configuration files stored in that directory. (For a list of the configuration files, see Common Configuration Files in the /usr/afs/etc Directory.)
The upclient process is the client portion of the Update Server, and like the server portion its function depends on the AFS edition in use.
It runs on every server machine that is not a binary distribution machine, referencing the binary distribution machine of its system type as the source for updates to the binaries in the /usr/afs/bin directory. The conventional process name to assign is upclientbin.
Another instance of the process runs on every server machine except the system control machine. It references the system control machine as the source for updates to the common configuration files in the /usr/afs/etc directory. The conventional process name to assign is upclientetc.
In output from the bos status command, the server portion appears as
upserver
and the client portions as upclientbin
and
upclientetc
, if the conventional names are assigned. In the output from the ps command, the server portion appears as /usr/afs/bin/upserver
and
the client portions as /usr/afs/bin/upclient.
You do not contact the Update Server directly once you have installed it. It operates automatically whenever you use bos commands to change the files that it distributes.
The vlserver process, which runs on database server machines, is the Volume Location (VL) Server that automatically tracks which file server machines house each volume, making its location transparent to client applications.
The process appears as vlserver
in the bos status
command's output, if the conventional name is assigned. It appears in the ps command's output
as /usr/afs/bin/vlserver
.
As a system administrator, you contact the VL Server when you issue any vos command that changes the status of a volume (it records the status changes in the VLDB).