Open System Services NFS Management and Operations Guide HP Part Number: 522581-006 Published: February 2013 Edition: J06.03 and subsequent J-series RVUs, H06.03 and subsequent H-series RVUs, G06.00 and subsequent G-series RVUs, and D48.
© Copyright 2010, 2011, 2012, 2013 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Warranty The information contained herein is subject to change without notice.
Contents About This Document.....................................................................................7 Supported Release Version Updates (RVUs)..................................................................................7 Intended Audience....................................................................................................................7 New and Changed Information in the 522581-006 Edition.............................................................
Command Applicability Table.............................................................................................28 SCF Commands for OSS NFS Objects.......................................................................................29 USER Object.....................................................................................................................29 GROUP Object..................................................................................................................
Global ID Space ...............................................................................................................62 Client Authentication .........................................................................................................62 Risks From Eavesdropping...................................................................................................62 Risks From Masquerading...................................................................................................
Figures 1 2 3 4 5 6 7 OSS NFS Components......................................................................................................16 Relationships Between OSS NFS and Other Subsystems........................................................25 SCF Commands and Object Types for OSS NFS..................................................................29 An OSS NFS Fileset Map..................................................................................................
About This Document This manual describes the installation, configuration, and management of the HP NonStop™ Open System Services (OSS) Network File System (NFS). It is intended for system managers, operators, and others who are experienced with HP NonStop operating systems and require a basic understanding of the OSS NFS implementation. Supported Release Version Updates (RVUs) This manual supports J06.03 and all subsequent J-series RVUs, H06.03 and all subsequent H-series RVUs, G06.
New and Changed Information in the 522581-003 Edition Added information about OSS ACLs and the OSS fileset NFSPERMMAP attribute to these sections: • “OSS Fileset Attributes Related to OSS NFS” (page 35) • “NFS Clients and OSS ACLs” (page 61) • “OSS Fileset NFSPERMMAP Attribute” (page 63) Access from NFS V2 clients to objects protected by optional OSS ACL entries is available for OSS filesets on systems running J06.09 or later J-series or H06.20 or later H-series RVUs only.
UPPERCASE LETTERS Uppercase letters indicate keywords and reserved words. Type these items exactly as shown. Items not enclosed in brackets are required. For example: MAXATTACH Italic Letters Italic letters, regardless of font, indicate variable items that you supply. Items not enclosed in brackets are required. For example: file-name Computer Type Computer type letters indicate: • C and Open System Services (OSS) keywords, commands, and reserved words. Type these items exactly as shown.
| Vertical Line A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces. For example: INSPECT { OFF | ON | SAVEABEND } … Ellipsis An ellipsis immediately following a pair of brackets or braces indicates that you can repeat the enclosed sequence of syntax items any number of times.
Italic Text Italic text indicates variable items whose values are displayed or returned. For example: p-register process-name [ ] Brackets Brackets enclose items that are sometimes, but not always, displayed. For example: Event number = number [ Subject = first-subject-value ] A group of items enclosed in brackets is a list of all possible items that can be displayed, of which one or none might actually be displayed.
(SCF) interface for NonStop TCP/IP, including detailed descriptions of the various objects and their associated attributes. Detailed explanations of the information returned by the NonStop TCP/IP subsystem are also included.
RFC # Description 1034 Domain Concepts and Facilities 1035 Domain Names Implementation and Specification RFCs can be obtained from DS.INTERNIC.NET by using file transfer protocol (FTP), Wide Area Information Servers (WAIS), or electronic mail. Through FTP, RFCs are stored as rfc/rfcnnnn.txt or rfc/rfcnnnn.ps, where nnnn is the RFC number. Log in as anonymous and provide your e-mail address as the password. Through WAIS, you can use either your local WAIS client or TELNET to get to DS.INTERNIC.
1 Introduction to OSS NFS This chapter describes the components of the OSS NFS subsystem, lists the services provided, and details the various protocols and interfaces supported. It presents an external view of the OSS NFS subsystem in relation to the operating system and its data communications subsystems. Throughout this manual, the term operating system refers to the HP NonStop operating system. Overview The OSS NFS subsystem provides transparent, remote access to file systems on NonStop systems.
Port Mapper Protocol Clients use the port mapper protocol to find port numbers associated with RPC programs. It also provides a broadcast RPC facility. This fault-tolerant port mapper process implements the protocol specified in the X/Open NFS document. It supports both TCP and UDP clients. PCNFSD Protocol The PCNFS Daemon (PCNFSD) protocol provides authentication and print services to OSS NFS clients.
Figure 1 OSS NFS Components LAN Interface Process The local area network (LAN) interface process accepts incoming requests from NonStop TCP/IP and forwards them to the appropriate servers. It also preprocesses mount protocol requests before passing them to the manager process, traces requests and responses, and responds to SPI requests sent through the manager process.
Files OSS NFS operation requires these types of files: • NFS executable files • RPC executable files • NFS configuration and management files • User ID translation files (ZNFSUSR and ZNFSUSR1) • PCNFSD configuration file • EMS templates for NFS and RPC OSS NFS and RPC Executable Files These OSS NFS executable files can be located anywhere in a NonStop system. The default location after installation is $system.ZOSSNFS.
need to be defined on only one OSS NFS subsystem per node. The ZNFSUSR file must be owned by a member of the super group and secured “N-U-”. This file is not purged when the purgedb option is specified when running NFSMGR. PCNFSD Configuration File The OSS NFS PCNFSD process uses a user-defined configuration file (for example, ZPCDCONF) that can be located anywhere. The default location is $SYSTEM.NFSCONF.
2 OSS NFS Quick Start This chapter provides a quick way to start a configuration that should work correctly on most environments with only minor modifications. The procedure assumes that the underlying operating system is configured and running. For further installation details, see Chapter 4 (page 36). An Initial Test Configuration This example configuration should not be regarded as a recommended configuration.
The SETUP program prompts you for information relating to the host’s environment.
Issue these TACL commands to run the port mapper process over NonStop TCP/IPv6: ADD DEFINE =TCPIP^PROCESS^NAME,CLASS MAP,FILE $ZSAM0TCPIP^HOST^FILE,CLASS MAP, & FILE $SYSTEM.ZTCPIP.HOSTS RUN $SYSTEM.ZRPC.PORTMAP / NAME $ZPM0, NOWAIT/ In this example, $ZSAM0 is the TCP6SAM process for NonStop TCP/IPv6. If OSS NFS is to be run over both conventional NonStop TCP/IP and NonStop TCP/IPv6 or Parallel Library TCP/IP simultaneously, you must start two port mapper processes, one for each NonStop TCP/IP stack.
PROGRAM STYPE PRI $SYSTEM.ZOSSNFS.NFSSVRHP,& OSS,& 190 NOTE: The root server must be started after the OSS root fileset is started. For maximum performance, the OSS NFS QIO monitor must also be started. Adding USER Objects To add a USER object, first add the user’s NonStop user ID (See “USER Object” (page 29)) to the file-security database using either Safeguard or a third-party product such as CA-Unicenter. For examples of this process, see the Open System Services Management and Operations Guide.
#export-name spooler-name where: export-name specifies the name of the printer as it appears on the network. If no export names are specified, printing services are not available. spooler-name specifies the spooler location subdevice name, including the spool collector process name, that corresponds to the exported printer. Values for spooler-name can be in local or remote format. For example: vangogh davinci $S.#VANGOGH \DDS.$S.#DAVINCI.
3 Management Environment for OSS NFS This chapter describes OSS NFS management tools and shows how they fit into the architecture of the OSS NFS subsystem. It also describes OSS NFS subsystem objects and the commands used to manipulate them. OSS NFS Management Introduction OSS NFS Commands and Responses The OSS NFS subsystem is managed using SCF commands that affect the operation of subsystem objects. These commands return responses, event messages, and error messages.
Figure 2 Relationships Between OSS NFS and Other Subsystems NOTE: In a multiple conventional NonStop TCP/IP host system, the port mapper, NFSLAN, and the PCNFSD processes must be configured and running for each NonStop TCP/IP stack to be supported. However, in a multiple NonStop TCP/IPv6 or Parallel Library TCP/IP host system, only one port mapper, NFSLAN, and PCNFSD process must be configured and running for the entire NonStop TCP/IPv6 subsystem.
OSS NFS Object Types The OSS NFS subsystem consists of these object types: SUBSYS Identifies the OSS NFS subsystem as a whole. PROCESS Identifies the OSS NFS manager process. There is only one PROCESS object in an OSS NFS subsystem. EXPORT Identifies a server-controlled fileset that is available to remote NFS clients. Attributes of an EXPORT object specify which clients can access the fileset. GROUP Identifies a group of OSS NFS users who have common access authority.
OSS Object Name Examples SUBSYS SUBSYS objects are specified by the process name of the manager process, namely $ZNFS. PROCESS The manager PROCESS object is specified by the conventional name, $ZNFS. EXPORT The object name is the OSS pathname that identifies the directory being exported. GROUP A GROUP object name is formed by specifying this OSS NFS group name as a subdevice of the manager process; for example, $ZNFS.SOFTWARE.
SCF Command Summary for OSS NFS The SCF commands you can use to configure and control the OSS NFS subsystem come in two varieties: sensitive commands, which affect subsystem operation, and nonsensitive commands, which do not. As described under “SCF Commands for OSS NFS Objects” (page 29), issued commands normally incorporate the object type along with the verbs listed in this topic. Also, not all commands apply to all objects (see Figure 3 (page 29)).
Figure 3 SCF Commands and Object Types for OSS NFS SCF Commands for OSS NFS Objects This topic describes the SCF commands used to create and manage OSS NFS objects. Detailed descriptions of these and other OSS NFS commands, including the syntax, meaning, examples, and operational considerations for each command, are provided in the Open System Services NFS SCF Reference Manual. For yet more detailed information that might apply, see the SCF reference manual appropriate to your system.
DELETE USER Removes the specified USER object from the OSS NFS subsystem. Deleting a USER object from the OSS NFS subsystem does not remove the USER object name from groups where it is listed. See “GROUP Object” (page 30). INFO USER Reports the object attributes of the specified USER object. NAMES USER Reports the names of the USER objects that meet specified criteria. If remote NFS users who do not have a specific user ID are allowed access to server files, you must create a “nobody” USER alias.
but preserves subsystem integrity. The SERVER object is left in the STOPPED state and the RESTART attribute is cleared. To avoid this, see “SUBSYS Object” (page 33). ADD SERVER Adds a SERVER object to the OSS NFS subsystem and allows you to configure it. After you add a SERVER object, it is left in the STOPPED state. ALTER SERVER Modifies certain attributes of a SERVER object. The SERVER object must be in the STOPPED state. DELETE SERVER Removes one or more started servers from the OSS NFS subsystem.
Configuration and Prerequisites A LAN object can be added at any time during the configuration of the OSS NFS subsystem. However, after a LAN object is running, NFS clients can use OSS NFS services even though the OSS NFS subsystem might not be fully configured. Permitting NFS clients such premature access might compromise security by allowing access to directories not yet secured against such access. To avoid this risk, completely configure the OSS NFS subsystem before starting a LAN interface process.
Commands That Operate on NETGROUP Objects You can alter NETGROUP objects as the security requirements of the users and the network change. These SCF commands operate on NETGROUP objects: ADD NETGROUP Allows a group of hosts or other netgroups access to the OSS NFS subsystem under a new netgroup name. ALTER NETGROUP Modifies membership of a netgroup. DELETE NETGROUP Removes the specified NETGROUP object from the OSS NFS subsystem.
command was executed. You can determine whether a LAN interface process or server process is restartable by using the STATUS LAN or STATUS SERVER command. STATUS SUBSYS Reports the current state of the OSS NFS subsystem. You can select the desired level of reporting detail. STOP SUBSYS Stops the operation of all OSS NFS objects in an orderly manner.
OSS Fileset Attributes Related to OSS NFS You can configure how an OSS fileset interacts with NFS clients by configuring these OSS fileset attributes: • Request timeout (NFSTIMEOUT attribute). The NFSTIMEOUT attribute specifies the number of seconds that the OSS name server retains the results of nonretryable Network File System (NFS) operations for the fileset. • Cache (pool) size (NFSPOOL attribute).
4 Installing and Configuring OSS NFS This chapter presents information about planning, installing, and configuring an OSS NFS subsystem. Planning the Configuration Running OSS NFS requires the NonStop TCP/IP subsystem (either conventional NonStop TCP/IP, Parallel Library TCP/IP, or NonStop TCP/IPv6), an appropriate hardware access method subsystem (such as TLAM or SLSA), and the appropriate LAN hardware. OSS NFS also depends on the Open System Services (OSS), the QIO subsystem, and the RPC subsystem.
2. Install one of these NonStop TCP/IP subsystems: • Install conventional NonStop TCP/IP by following the procedure in “Installing the Conventional NonStop TCP/IP Subsystem” (page 37). • Install NonStop TCP/IPv6 by following the procedures in the NonStop TCP/IPv6 Configuration and Management Manual for starting NonStop TCP/IPv6 in INET mode and following the procedures for starting the TELNET and LISTNER applications. • Install Parallel Library TCP/IP.
3. 4. 5. Use SCF commands to add and start Ethernet ports on each TLAM or SLSA line. Start the NonStop TCP/IP process. Use SCF to add each subnetwork with which NonStop TCP/IP communicates. Additional information on NonStop TCP/IP configuration is provided in the TCP/IP configuration and management manuals. Configuring OSS To configure OSS for NFS use: 1.
START START MODE PRIORITY APPLICATION, & 190 PROCESS QIOMON Installing OSS NFS The software distribution tapes for the OSS NFS product contain prebuilt executable object components. Unless you must tailor OSS NFS to meet particular performance or configuration requirements, you need only to restore the contents of the OSS NFS product and run the NFS SETUP program. The default subvolume where OSS NFS executable files should reside is $SYSTEM.ZOSSNFS.
param is one of the following parameters: [ BACKUPCPU ] cpu specifies the processor number of the processor to be used as the backup processor. The BACKUPCPU keyword can be omitted only if this is the first parameter specified in the command. If this parameter is supplied, it must specify an existing processor that is different from the primary processor. If this parameter is not supplied, the port mapper does not run as a process pair.
• A domain name resolver process can be specified using the DEFINE =TCPIP^RESOLVER^NAME. For example: ADD DEFINE =TCPIP^RESOLVER^NAME, FILE resfile This DEFINE cannot be used if the DEFINE =TCPIP^HOST^FILE is specified. For other restrictions on this DEFINE, see the portmap(1) reference page either online or in the Open System Services Shell and Utilities Reference Manual.
Table 1 Configuring OSS NFS Objects Object Type Associated NFS Process Means of Adding Configuration Requirement EXPORT Manager process SCF Required GROUP None SCF Optional LAN LAN process SCF Required NETGROUP None SCF Optional PROCESS Manager process TACL Required SERVER Server process SCF Required SUBSYS Manager process Implicit as result of running the manager process Required USER Manager process SCF Required To configure a new OSS NFS subsystem (assuming Open System
process. If this run option is omitted, the command interpreter pauses while the process runs. PRI priority specifies the execution priority of the OSS NFS manager process. priority is an integer in the range 1 through 199. Specifying a value greater than 199 causes the process to run at priority 199. If this run option is omitted, the priority of the manager process is one less than the priority of the initiating TACL process. OUT out-file specifies the file that receives start-up error messages, if any.
DATAPAGES number-of-pages [ E[XTENSIBLE] ] specifies the amount of virtual memory disk storage, in 2048-byte pages, to be allocated for use as general dynamic memory. If an odd number is specified, DP2 rounds it up to the nearest even number. number-of-pages is an integer in the range 0 through 65280. If you specify the keyword EXTENSIBLE or E, the memory segment will be extensible. If this parameter is omitted, 2040 pages of extensible segment memory are assigned.
The configuration file will be rebuilt when the administrator starts OSS NFS objects to build the new configuration. Considerations • Either the OSS NFS manager process must be run by the super ID or the PROGID attribute of its program file must be set. • OSS NFS object names used with SCF commands must include the name of the OSS NFS manager process. SCF uses the object name to decide which manager process receives the command.
Considerations Consider the following when adding a server: • Mount point When you define the root fileset for OSS NFS, the mount point is /. All other filesets to be made available through OSS NFS (for example, /lab/chem) must be under the root server and the root server must be started before other filesets can be added. • Access by the super ID If the server associated with this fileset sets ROOT-USER-OK to TRUE, a client user mapped to the super ID can be given root access on the fileset.
6. Export the fileset: ADD EXPORT /usr Added EXPORT objects define directories in the OSS NFS hierarchy that can be mounted by OSS NFS clients. A client can mount any directory under any mount point specified by an EXPORT object (for example, /usr/local/bin). Setting Up an OSS NFS Project Fileset This topic describes the configuration of an OSS NFS fileset for use by the members of a project.
PROCESS STYPE CPU PRI 4. $PROJ1,& OSS,& 5,& 190 Start the server: START SERVER PROJ 5. Export the fileset: ADD EXPORT /project Setting Up an OSS NFS Home Directory Fileset This topic describes the configuration of a home directory fileset. Considerations Consider these points when configuring a home directory fileset: • All clients should have read and execute access to the home directory. • A client should own his or her subdirectory below the home directory. Example 1.
Adding a LAN Interface Process A LAN object is a LAN interface process that accepts requests from the LAN and passes them on to other OSS NFS objects for processing. The ADD LAN command is used to add a LAN object to the subsystem. A LAN object can be added at any step during configuration of the OSS NFS subsystem. However, do not start a LAN interface process until the end of the configuration process.
RUN [\system.]$SYSTEM.ZOSSNFS.PCNFSD [ / run-option [ , run-option ]... / ] [ param [ , param ]... ] PARAM ZPCD^HOME^DIRECTORY user-home-directory specifies the default root directory for all users’ directories. If supplied, it must specify a valid, existing OSS NFS directory. If not supplied, the default directory is /home. PARAM ZPCD^SPOOL^DIRECTORY spool-directory specifies the default root directory for spool directories. If supplied, it must specify a valid, existing OSS NFS directory.
NOWAIT specifies that the initiating TACL process does not wait while the PCNFSD process runs but instead returns a command input prompt after sending the startup message to the process. If this run option is omitted, the TACL process pauses while the process runs. PRI priority specifies the execution priority of the PCNFSD process. priority is an integer in the range 1 through 199. Specifying a value greater than 199 causes the process to run at priority 199.
spooler-location specifies the name of the spooler location process and subdevice to receive jobs sent to printer-name by PCNFSD clients. This value must refer to a valid spooler location, either local or remote. # comment indicates a comment string that is ignored by PCNFSD. When a # character is preceded by a space or tab character or begins a new line, text following the # is treated as a comment.
1. 2. 3. 4. 5. Stop any LAN interface processes that are still running. Run the port mapper (if it is not already running). Run the OSS NFS manager process. Issue the SCF START SUBSYS command. Run the PCNFSD process. Examples • You can restart OSS NFS directly: STOP $LAN0 VOLUME $SYSTEM.ZOSSNFS RUN $SYSTEM.ZRPC.PORTMAP & /NAME $ZPM0, PRI 148, NOWAIT, CPU 1/0, TCPIP $ZTC0 RUN NFSMGR /NAME $ZNFS, NOWAIT/ RUN SCF /IN SCFIN/ RUN PCNFSD /NAME $PCD0, NOWAIT, IN ZPCDCONF/$SYSTEM.
FILE file1 specifies the Guardian filename of the NonStop TCP/IP host definition file, which contains a list of valid host names, aliases for those names, and the corresponding Internet Protocol (IP) addresses for those hosts. This DEFINE must be specified if a domain name resolver process is not running. For information on creating a NonStop TCP/IP host definition file, see the TCP/IP configuration and management manual appropriate to your system.
Examples • This example shows a verification of OSS NFS connectivity. In this example, the NonStop system is known to the NonStop TCP/IP network as myhost, and a UNIX client host is known as myclient. 1. These TACL commands are issued on the NonStop system: VOLUME $SYSTEM.ZRPC RUN RPCINFO -p The following output is a sample display: program vers proto 100000 2 udp 100000 2 tcp 100004 2 udp 100005 1 udp 150001 1 udp 150001 2 udp 150001 1 tcp 150001 2 tcp 2.
VOLUME $SYSTEM.NFSCONF RUN NFSSTOP CAUTION: 56 Never stop the port mapper, because it might be in use by other RPC-based products.
5 OSS NFS Security This chapter gives an overview of OSS NFS security from a management and operations viewpoint and explains the security weaknesses of a LAN environment. Note that throughout the following discussion, named objects are created by SCF commands. For details of commands and the objects they create, see the Open System Services NFS SCF Reference Manual.
File-Access Control User IDs To access files managed by the OSS NFS servers, a client must have a user ID (either explicitly specified or by default). In addition, if the NULL-ALIAS-OK attribute of the corresponding OSS NFS server is FALSE, an OSS NFS client user ID must be mapped to a specific OS user ID.
Figure 5 Validating Access Requests The items in this table, identified by letters appearing in parentheses in Figure 5, explain the process: A The OSS NFS client user ID is used as the search index for the list of OSS NFS users previously defined by the SCF ADD USER commands.
File-Creation Control The file-creation-control programs and databases are a part of either the Safeguard product or a third-party product such as CA-Unicenter. Either product can authorize audit file-creation accesses to volumes that are part of an exported OSS NFS fileset, using access lists of authorized users set up for each volume, as: • Authorization: the access-control list is checked to determine whether this user has authority to create a file on this volume.
then access files in restricted-access filesets as that ID. See “NFS Clients, Restricted-Access Filesets, and File Privileges” (page 61). NFS Clients, Restricted-Access Filesets, and File Privileges Version 3 catalog OSS filesets on J06.11 and later J-series RVUs, and H06.22 and later H-series RVUs can be configured as restricted-access filesets. A fileset is a restricted-access fileset if the RESTRICTEDACCESS OSS fileset attribute is set to ENABLED or LOCAL.
For information about the NFSPERMMAP attribute, see “OSS Fileset NFSPERMMAP Attribute” (page 63) and the Open System Services Management and Operations Guide. Special OSS NFS Security Risks Networks introduce particular security risks. This topic describes those risks that can affect OSS NFS operations. Global ID Space The NFS protocol assumes a global ID space.
Programs and Processes All executable OSS NFS programs should be owned by the super ID (255,255), and all OSS NFS processes should be started from the super ID. Configuration Files and Subvolumes The configuration subvolume and those configuration files with names of the form ZZNFSnnn should be owned by the super ID. The ZNFSUSR file must be owned by the super ID, secured “N-U-”, and have its PROGID attribute set.
NOTE: NFS client/server interactions work most efficiently for read-only OSS filesets when the OSS filesets are mounted read-only on the NFS client systems instead of setting the readonly attribute in either the OSS NFS server configuration or OSS fileset configuration. NFS client attempts to write to a read-only OSS fileset are reported immediately to the NFS client application.
Start-Up Considerations When OSS NFS is started, OSS NFS user IDs are preserved in the ZNFSUSR files. To clear all these during a startup, add commands in your OSS NFS startup file to purge these files. For example: FUP PURGEDATA $SYSTEM.ZOSSNFS.ZNFSUSR FUP PURGEDATA $SYSTEM.ZOSSNFS.ZNFSUSR1 NOTE: Starting OSS NFS involves purging all OSS NFS managed files and directories except for the user ID files.
6 OSS NFS Reliability This chapter describes OSS NFS configuration issues and reliability features. How OSS NFS Implements Reliability The operating system implements the underlying component-level reliability for the OSS NFS subsystem. Moreover, the NFS protocol is a reliable message protocol that allows clients and servers to lose connectivity without affecting data integrity.
Configuration and Reliability To increase the reliability of the OSS NFS subsystem: • Configure the OSS NFS manager process and the port mapper process to run as process pairs (specify BACKUPCPU with the RUN command). • Configure the LAN and SERVER objects with the BACKUPCPU attribute to enable automatic restart in case of failure. • Place the subvolumes reserved for OSS NFS configuration files and the OSS data files on mirrored disk volumes.
7 Routine Management Tasks This chapter describes routine management tasks required for OSS NFS servers. Managing NFS Filesets As more users and applications are added to your system, you can add new NFS filesets or change some attributes of an existing fileset.
OSS NFS server into several servers. For example, if the security requirements of new clients conflict with those of existing clients, you must assign separate servers to the new clients. Another situation that calls for server splitting is performance enhancement. If a particular OSS NFS server is used much more than other OSS NFS servers, it can cause performance problems. In this case, replace the overused OSS NFS server with multiple OSS NFS servers and allocate the new servers among clients.
Figure 6 EMS Components and Event-Message Routing Managing event messages involves choosing among these options for viewing them: • Use workstation software with a built-in event viewer, such as the CA-Unicenter product. • Use a Web-based event viewer. • Use the ViewPoint application, which offers several event-display screens and supports methods for changing these screens. For more information, see the ViewPoint Manual.
Displaying Saved Event Messages You can also run a printing distributor to display event messages saved in a log file.
8 Troubleshooting This chapter gives an overview of OSS NFS troubleshooting. When troubleshooting an OSS NFS problem, note these three main points of failure in network services: • The server • The network itself • The client Troubleshooting Quickstart Table 2 lists procedures to try when troubleshooting the OSS NFS subsystem.
Table 2 Quickstart for Troubleshooting OSS NFS (continued) Symptom Recommended Procedure All EDIT files show up with a zero EOF 1. Verify that the Expand file system servers are running. 2. Check in the ZEFSCONF file that the disk volume in question is configured for the Expand subsystem. 3. Make sure the Expand servers are running with the correct process names. An OSS NFS server will not start 1.
Figure 7 Recommended Troubleshooting Flow Client If a client cannot communicate with OSS NFS on the system: 1. Run a network application (RPCINFO, FTP, PING, TELNET, and so forth) to test whether the client can communicate with other clients. If it cannot communicate with other clients, check these components on the client: • Network configuration files • Physical connections to the network If the client can communicate with other clients but the problem still exists, proceed to step 2. 2.
NonStop TCP/IP (Conventional and Parallel Library) To check the NonStop TCP/IP subsystem, perform either of these actions: • Run a TELNET session. • Make an FTP file transfer. If either of these programs runs, the NonStop TCP/IP subsystem is running. If the NonStop TCP/IP subsystem is not running, see the TCP/IP configuration and management manual appropriate to your system. Port Mapper Process To check the port mapper process, run the RPCINFO command.
1. Run the SCF STATUS FILESET command. • If there are problems with the OSS Monitor process ($ZPMON), correct them based on data reported by the SCF STATUS FILESET command. • If the OSS Monitor is functioning correctly, try to run OSS processes locally and access the local file system. 2. If the problem still exists, proceed to “DP2”. • To detect a problem with DP2 on systems running D-series RVUs: 1. Issue a Peripheral Utility Program (PUP) LISTDEV command.
Table 3 Troubleshooting for Client Users (continued) Client Indicates Probable Causes and Possible Corrections 6. You attempted to access an object on a NonStop server that is protected by optional OSS ACL entries, the server is running J06.09 or a later J-series RVU or H06.20 or a later H-series RVU, and one of these conditions is true: • The NFSPERMMAP attribute of the OSS fileset is set to DISABLED.
A OSS NFS Manager Messages This appendix contains the descriptions of the error and warning messages generated by the OSS NFS manager process. Error Messages NFS E00001 Server mounted at directory has not been started directory provides the OSS pathname for the mount point in the OSS file system. Cause An attempt was made to access a file located under the specified mount point, but the server responsible for that file is not in the STARTED state.
errnum provides an NFS protocol version 2 (NFS2) or mount protocol version 1 (MNT1) error number. See the corresponding NFS2 or MNT1 error message descriptions in Appendix C (page 85). meaning provides the corresponding error message text for the NFS2 or MNT1 error number. See the corresponding NFS2 or MNT1 error message descriptions in Appendix C (page 85), to see the possible error message text.
Cause The specified attribute is obsolete and is ignored. Effect The supplied value is ignored. Recovery This is a warning and no corrective action is required. It is recommended that the attribute not be specified. NFS W00515 NFS W00515 Userid userid does not exist. userid identifies the OSS mapped user ID that caused the message. Cause This warning is generated when a user was added with an OSS mapped user ID that does not exist. Effect The supplied value is ignored.
B PCNFSD Error Messages This appendix contains the descriptions of the error messages generated by the PCNFSD process. *PCNFSD* Invalid startup parameter: param Cause PCNFSD detected an invalid startup parameter, specified by param. Effect The PCNSFD startup process terminates. Recovery Correct the parameter in error and restart the PCNFSD process. *PCNFSD* Not running as a SUPER group Cause The process access ID for PCNFSD is not in the super group.
Effect PCNFSD services cannot be started. Recovery Correct the entry in error and restart the PCNFSD process. *PCNFSD* Cannot launch or access PCAUTHD Cause PCNFSD launches PCAUTHD at initialization time and restarts it if it fails. This message indicates that either PCAUTHD could not be created or it could not communicate with PCNFSD to receive its startup message. Effect PCNFSD services cannot be started. Recovery Follow these steps: 1.
started PCNFSD. Next, make sure that there are sufficient system resources to create the SCP process, such as swap space, low PINs, memory, and so on. If $ZNET exists, try sending an SPI command, such as INFO PROCESS, through SCF to the OSS NFS manager process. If the command succeeds within 15 seconds, contact your service provider. *PCNFSD* Cannot create or access spooling directory: name Cause PCNFSD verifies the existence of its spooling directory.
Cause PCNFSD could not allocate memory. This error message might indicate a programming error or a legitimate lack of memory space. Effect Unknown. Recovery Verify that the swap volume for PCNFSD is not full. If there is sufficient disk space, log the circumstances that led to this error and contact your service provider. *PCNFSD* Unable to create RPC service over: transport Cause PCNFSD was not able to create an RPC service over UDP or TCP, as specified in transport. Effect Unknown.
C NFS Protocol Version 2 Errors and Mount Protocol Version 1 Errors This appendix contains the message text, causes, recovery actions, and corresponding error numbers for NFS protocol version 2 (NFS2) and mount protocol version 1 (MNT1) errors. These errors are not returned in individual EMS messages from the OSS NFS manager process. Instead, all these errors are reported in a single EMS message type, NFS E00003 (see Appendix A (page 78)).
the pathname and directory structure should be examined to ensure that the name is correct (that is, that all pathname components exist). NFS2 Error 5 I/O error. An I/O error occurred during the requested operation or the requested operation is not supported Cause There are several possible causes for this error: • An I/O error occurred during the requested operation. • The requested operation is not supported.
There are several possible reasons why access is denied: • The permissions kept by the NFS file system do not allow the caller to access the file. • The security attributes do not allow the caller to access the file. • The file type is not a type supported by the OSS NFS subsystem (for example, an SQL table). Effect Attempted operation fails.
Effect Attempted operation fails. Recovery If the specified device does not exist, correct the device name (specify a device that does exist) and retry the operation. If the attempted operation is illegal on the device, corrective action is application-dependent. Either the type of operation must be changed or the operation must be retried on a device on which the operation is valid. NFS2 Error 20 Not a directory. The caller specified a nondirectory in a directory operation.
Cause The attempted operation would increase the size of the affected file beyond the maximum file size. Effect Attempted operation fails. Recovery Either create a new file with larger extents and reload it, or increase the current file’s maximum number of extents by using the File Utility Program (FUP) ALTER command.
Cause The caller attempted to perform an NFSPROC_ROOT (Get Filesystem Root) or NFSPROC_WRITECACHE (Write to Cache) call using NFS protocol version 2; both calls are obsolete in NFS protocol version 2. Effect Attempted operation fails. Recovery To avoid the error, the caller’s logic must be altered to eliminate all NFSPROC_ROOT and NFSPROC_WRITECACHE calls. In place of the NFSPROC_ROOT call, use the MNTPROC_MNT call to look up the root file handle. There is no alternative for the NFSPROC_WRITECACHE call.
MNT1 Errors MNT1 Error 2 No such directory. The specified mount point does not exist. Cause The directory specified as the mount point for the fileset does not exist. Effect Attempted operation fails. Recovery Corrective action is application-dependent. If you are attempting to unmount a fileset, this error can be ignored. Otherwise, the pathname and directory structure should be examined to ensure that the name is correct (that is, that all pathname components exist).
Effect Attempted operation fails. Recovery The recommended action depends on the cause of the error: • If dynamically allocated memory was unavailable, retry the operation after a reasonable period of time. • If an internal table is full, the only recourse is to perform an operation that makes space available in the table or to periodically retry the operation until some other operation causes space to become available. MNT1 Error 13 Access permission denied.
Recovery The recommended action depends on the cause of the error: • If an incorrect object name was specified, correct the object name and retry the SCF START SERVER command. • If the SERVER object was configured incorrectly, alter the mount point of the server to another directory within the existing fileset structure and retry the SCF START SERVER command. • If more than one server is configured with the same local mount point, you can start only one of them, so the configuration should be changed.
Recovery The pathname should be examined. If no condition exists where a symbolic link points to a previously encountered symbolic link, the pathname should be respecified without the offending symbolic link (ideally, by specifying the actual directory entry where the chain of symbolic links was supposed to lead). If a loop condition exists, correct the condition and retry the request. MNT1 Error 63 Name too long. The specified name contains more than the maximum number of characters allowed.
Index Symbols $SYSTEM.ZTCPIP.
Files access control, 58 executable NFSLAN, 17 NFSMGR, 17 NFSMGR2, 17 NFSSVRHP, 17 NFSSVRWP, 17 PCAUTHD, 17 PCLPRD, 17 PCNFSD, 17 PORTMAP, 17 RPCINFO, 17 managing, 69 PCNFSD configuration, 18 permissions, 58 UNIX, security of, 58 user ID translation, 18 ZNFSUSR, 17 ZNFSUSR1, 17 ZPCDCONF, 18, 22 ZZNFSnnn, 43 Fileset, setting up See also Server objects, 46 adding, 68 configuration, 46 home directory, 48 project, 47 read-only, 46 G GROUP objects commands for, 30 description of, 26 naming example, 27 I INFO c
See GROUP objects, 26 LAN see LAN objects list of, 26 managing, 29 names, 26 NETGROUP see NETGROUP objects PROCESS see PROCESS object SERVER see SERVER objects states, 27 SUBSYS see SUBSYS object See SUBSYS object, 33 types, 25, 26 USER See USER objects, 29 Open System Services (OSS) configuration, 38 Open System Services (OSS) NFS see OSS NFS Open System Services (OSS) NFS server see SERVER objects OSS configuration, 38 OSS files access control lists (ACLs), 61 in restricted-access filesets, 61 OSS NFS arc
considerations when configuring, 62 data, 57 EXPORT objects, 57 file permissions required, 60 file-creation control, 60 groups, 58 host level, 57 NULL-ALIAS-OK attribute, 58 of UNIX files, 58 privileged ports, 57 restricted-access filesets, 61 special risks , 62 TCP/IP, 57 user ID, 58 user level, 57 validating access requests, 58 SEEPPROTECTED attribute security considerations, 64 Sensitive commands, 28 SERVER objects adding, 21, 45 commands for, 30 definition of, 30 description of, 26 example of configurin
