-auditlog <log path>

Turns on audit logging, and sets the path for the audit log. The audit log records information about RPC calls, including the name of the RPC call, the host that submitted the call, the authenticated entity (user) that issued the call, the parameters for the call, and if the call succeeded or failed.

-audit-interface (file | sysvmq)

Specifies what audit interface to use. The file interface writes audit messages to the file passed to -auditlog. The sysvmq interface writes audit messages to a SYSV message (see msgget(2) and msgrcv(2)). The message queue the sysvmq interface writes to has the key ftok(path, 1), where path is the path specified in the -auditlog option.

Defaults to file.

-d <debug level>

Sets the detail level for the debugging trace written to the /usr/afs/logs/FileLog file. Provide one of the following values, each of which produces an increasingly detailed trace: 0, 1, 5, 25, and 125. The default value of 0 produces only a few messages.

-p <number of processes>

Sets the number of threads (or LWPs) to run. Provide a positive integer. The File Server creates and uses five threads for special purposes, in addition to the number specified (but if this argument specifies the maximum possible number, the File Server automatically uses five of the threads for its own purposes).

The maximum number of threads can differ in each release of OpenAFS. Consult the OpenAFS Release Notes for the current release.

-spare <number of spare blocks>

Specifies the number of additional kilobytes an application can store in a volume after the quota is exceeded. Provide a positive integer; a value of 0 prevents the volume from ever exceeding its quota. Do not combine this argument with the -pctspare argument.

-pctspare <percentage spare>

Specifies the amount by which the File Server allows a volume to exceed its quota, as a percentage of the quota. Provide an integer between 0 and 99. A value of 0 prevents the volume from ever exceeding its quota. Do not combine this argument with the -spare argument.

-b <buffers>

Sets the number of directory buffers. Provide a positive integer.

-l <large vnodes>

Sets the number of large vnodes available in memory for caching directory elements. Provide a positive integer.

-s <small nodes>

Sets the number of small vnodes available in memory for caching file elements. Provide a positive integer.

-vc <volume cachesize>

Sets the number of volumes the File Server can cache in memory. Provide a positive integer.

-w <call back wait interval>

Sets the interval at which the daemon spawned by the File Server performs its maintenance tasks. Do not use this argument; changing the default value can cause unpredictable behavior.

-cb <number of callbacks>

Sets the number of callbacks the File Server can track. Provide a positive integer.

-banner

Prints the following banner to /dev/console about every 10 minutes.

   File Server is running at I<time>.
-novbc

Prevents the File Server from breaking the callbacks that Cache Managers hold on a volume that the File Server is reattaching after the volume was offline (as a result of the vos restore command, for example). Use of this flag is strongly discouraged.

-implicit <admin mode bits>

Defines the set of permissions granted by default to the system:administrators group on the ACL of every directory in a volume stored on the file server machine. Provide one or more of the standard permission letters (rlidwka) and auxiliary permission letters (ABCDEFGH), or one of the shorthand notations for groups of permissions (all, none, read, and write). To review the meaning of the permissions, see the fs setacl reference page.

-readonly

Don't allow writes to this fileserver.

-hr <number of hours between refreshing the host cps>

Specifies how often the File Server refreshes its knowledge of the machines that belong to protection groups (refreshes the host CPSs for machines). The File Server must update this information to enable users from machines recently added to protection groups to access data for which those machines now have the necessary ACL permissions.

-busyat <redirect clients when queue > n>

Defines the number of incoming RPCs that can be waiting for a response from the File Server before the File Server returns the error code VBUSY to the Cache Manager that sent the latest RPC. In response, the Cache Manager retransmits the RPC after a delay. This argument prevents the accumulation of so many waiting RPCs that the File Server can never process them all. Provide a positive integer. The default value is 600.

-rxpck <number of rx extra packets>

Controls the number of Rx packets the File Server uses to store data for incoming RPCs that it is currently handling, that are waiting for a response, and for replies that are not yet complete. Provide a positive integer.

-rxdbg

Writes a trace of the File Server's operations on Rx packets to the file /usr/afs/logs/rx_dbg.

-rxdbge

Writes a trace of the File Server's operations on Rx events (such as retransmissions) to the file /usr/afs/logs/rx_dbg.

-rxmaxmtu <bytes>

Defines the maximum size of an MTU. The value must be between the minimum and maximum packet data sizes for Rx.

-jumbo

Allows the server to send and receive jumbograms. A jumbogram is a large-size packet composed of 2 to 4 normal Rx data packets that share the same header. The fileserver does not use jumbograms by default, as some routers are not capable of properly breaking the jumbogram into smaller packets and reassembling them.

-nojumbo

Deprecated; jumbograms are disabled by default.

-rxbind

Force the fileserver to only bind to one IP address.

-allow-dotted-principals

By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid the confusion where principals user/admin and user.admin are both mapped to the user.admin PTS entry. Sites whose Kerberos realms don't have these collisions between principal names may disable this check by starting the server with this option.

-L

Sets values for many arguments in a manner suitable for a large file server machine. Combine this flag with any option except the -S flag; omit both flags to set values suitable for a medium-sized file server machine.

-S

Sets values for many arguments in a manner suitable for a small file server machine. Combine this flag with any option except the -L flag; omit both flags to set values suitable for a medium-sized file server machine.

-k <stack size>

Sets the LWP stack size in units of 1 kilobyte. Do not use this argument, and in particular do not specify a value less than the default of 24.

-realm <Kerberos realm name>

Defines the Kerberos realm name for the File Server to use. If this argument is not provided, it uses the realm name corresponding to the cell listed in the local /usr/afs/etc/ThisCell file.

-udpsize <size of socket buffer in bytes>

Sets the size of the UDP buffer, which is 64 KB by default. Provide a positive integer, preferably larger than the default.

-sendsize <size of send buffer in bytes>

Sets the size of the send buffer, which is 16384 bytes by default.

-abortthreshold <abort threshold>

Sets the abort threshold, which is triggered when an AFS client sends a number of FetchStatus requests in a row and all of them fail due to access control or some other error. When the abort threshold is reached, the file server starts to slow down the responses to the problem client in order to reduce the load on the file server.

The throttling behaviour can cause issues especially for some versions of the Windows OpenAFS client. When using Windows Explorer to navigate the AFS directory tree, directories with only "look" access for the current user may load more slowly because of the throttling. This is because the Windows OpenAFS client sends FetchStatus calls one at a time instead of in bulk like the Unix Open AFS client.

Setting the threshold to 0 disables the throttling behavior. This option is available in OpenAFS versions 1.4.1 and later.

-enable_peer_stats

Activates the collection of Rx statistics and allocates memory for their storage. For each connection with a specific UDP port on another machine, a separate record is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or received. To display or otherwise access the records, use the Rx Monitoring API.

-enable_process_stats

Activates the collection of Rx statistics and allocates memory for their storage. A separate record is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or received, aggregated over all connections to other machines. To display or otherwise access the records, use the Rx Monitoring API.

-syslog [<loglevel]

Use syslog instead of the normal logging location for the fileserver process. If provided, log messages are at <loglevel> instead of the default LOG_USER.

-mrafslogs

Use MR-AFS (Multi-Resident) style logging. This option is deprecated.

-saneacls

Offer the SANEACLS capability for the fileserver. This option is currently unimplemented.

-help

Prints the online help for this command. All other valid options are ignored.

-vhandle-setaside <fds reserved for non-cache io>

Number of file handles set aside for I/O not in the cache. Defaults to 128.

-vhandle-max-cachesize <max open files>

Maximum number of available file handles.

-vhandle-initial-cachesize <initial open file cache>

Number of file handles set aside for I/O in the cache. Defaults to 128.

-vattachpar <number of volume attach threads>

The number of threads assigned to attach and detach volumes. The default is 1. Warning: many of the I/O parallelism features of Demand-Attach Fileserver are turned off when the number of volume attach threads is only 1.

This option is only meaningful for a file server built with pthreads support.

-m <min percentage spare in partition>

Specifies the percentage of each AFS server partition that the AIX version of the File Server creates as a reserve. Specify an integer value between 0 and 30; the default is 8%. A value of 0 means that the partition can become completely full, which can have serious negative consequences. This option is not supported on platforms other than AIX.

-lock

Prevents any portion of the fileserver binary from being paged (swapped) out of memory on a file server machine running the IRIX operating system. This option is not supported on platforms other than IRIX.

-sync <always | delayed | onclose | never>

This option changes how hard the fileserver tries to ensure that data written to volumes actually hits the physical disk.

Normally, when the fileserver writes to disk, the underlying filesystem or Operating System may delay writes from actually going to disk, and reorder which writes hit the disk first. So, during an unclean shutdown of the machine (if the power goes out, or the machine crashes, etc), or if the physical disk backing store becomes unavailable, file data may become lost that the server previously told clients was already successfully written.

To try to mitigate this, the fileserver will try to "sync" file data to the physical disk at numerous points during various I/O. However, this can result in significantly reduced performance. Depending on the usage patterns, this may or may not be acceptable. This option dictates specifically what the fileserver does when it wants to perform a "sync".

There are several options; pass one of these as the argument to -sync. The default is delayed.

always

This causes a sync operation to always sync immediately and synchronously. This is the slowest option that provides the greatest protection against data loss in the event of a crash or backing store unavailability.

Note that this is still not a 100% guarantee that data will not be lost or corrupted during a crash. The underlying filesystem itself may cause data to be lost or corrupt in such a situation. And OpenAFS itself does not (yet) even guarantee that all data is consistent at any point in time; so even if the filesystem and OS do not buffer or reorder any writes, you are not guaranteed that all data will be okay after a crash.

This option may be appropriate if you have reason to believe a server is prone to data loss failures, such as if the server encounters frequent power failures or connectivity issues with network attached storage. Or if the backend storage is temporarily degraded in some way (for example, a battery on a caching controller fails), it may make sense to temporarily use the always option until the situation is fixed. Some servers may also allow for sync operations to occur very quickly, such that the always option is not noticeably slower than any other option. In such a case, there is no downside to specifying always.

This was the only behavior allowed in OpenAFS releases prior to 1.4.5.

delayed

This causes a sync to do nothing immediately, but the sync will happen sometime in the background, within approximately the next 10 seconds. This works by having a separate thread that goes through all open file handles every 10 seconds, and it syncs the ones that have been marked as needing a sync. File handles flagged for sync may also get synced on volume detachment, according to the same behavior as with the onclose option.

This option is currently not recommended, since in the past the code implementing this option has caused rare data corruption during normal operation. However, it is currently the default option to allow consistent behavior from previous OpenAFS releases.

This was the only behavior allowed in OpenAFS releases starting from 1.4.5 up to and including 1.6.2. It is the default starting in OpenAFS 1.6.3. This option will be removed in a future version of OpenAFS, and the default behavior will likely change to the onclose behavior.

onclose

This causes a sync to do nothing immediately, but causes the relevant file to be flagged as potentially needing a sync. When a volume is detached, flagged volume metadata files are synced, as well as data files that have been accessed recently. Events that cause a volume to detach include: performing certain volume operations (restore, salvage, offline, et al), detection of volume consistency errors, a clean shutdown of the fileserver, or during DAFS "soft detachment".

Effectively this option is the same as never while a volume is attached and actively being used, but if a volume is detached, there is an additional guarantee for the data's consistency.

never

This causes all syncs to never do anything. This is the fastest option, with the weakest guarantees for data consistency.

Depending on the underlying filesystem and Operating System, there may be guarantees that any data written to disk will hit the physical media after a certain amount of time. For example, Linux's pdflush process usually makes this guarantee, and ext3 can make certain various consistency guarantees according to the options given. ZFS on Solaris can also provide similar guarantees, as can various other platforms and filesystems. Consult the documentation for your platform if you are unsure.

Which option you choose is not an easy decision to make. Various developers and experts sometimes disagree on which option is the most reasonable, and it may depend on the specific scenario and workload involved. Some argue that the always option does not provide significantly greater guarantees over any other option, whereas others argue that choosing anything besides the always option allows for an unacceptable risk of data loss. This may depend on your usage patterns, your hardware, your platform and filesystem, and who you talk to about this topic.