Node:sfssd_config, Next:, Previous:sfs_users, Up:SFS configuration



sfssd_config--Meta-server configuration

sfssd_config configures sfssd, the server that accepts connections for sfsrwsd and sfsauthd. sfssd_config can be used to run multiple "virtual servers", or to run several versions of the server software for compatibility with old clients.

Directives are:

BindAddr ip-addr [port]
Specifies the IP address and port on which sfssd should listen for TCP connections. The default is INADDR_ANY for the address and port 4.
RevocationDir path
Specifies the directory in which sfssd should search for revocation/redirection certificates when clients connect to unknown (potentially revoked) self-certifying pathnames. The default value is /var/sfs/srvrevoke. Use the command sfskey revokegen to generate revocation certificates.
HashCost bits
Specifies that clients must pay for connections by burning CPU time. This can help reduce the effectiveness of denial-of-service attacks. The default value is 0. The maximum value is 22.
Server {* | Location[:HostID]}
Specifies a section of the file that applies connection requests for the self-certifying pathname Location:HostID. If :HostID is omitted, then the following lines apply to any connection that does not match an explicit HostID in another Server. The argument * applies to all clients who do not have a better match for either Location or HostID.
Release {* | sfs-version}
Begins a section of the file that applies to clients running SFS release sfs-version or older. * signifies arbitrarily large SFS release numbers. The Release directive does not do anything on its own, but applies to all subsequent Service directives until the next Release or Server directive.
Extensions ext1 [ext2 ...]
Specifies that subsequent Service directives apply only to clients that supply all of the listed extension strings (ext1, ...). Extensions until the next Extensions, Release or Server directive
Service srvno daemon [arg ...]
Specifies the daemon that should handle clients seeking service number srvno. SFS defines the following values of srvno:
1. File server
2. Authentication server
3. Remote execution (not yet released)
4. SFS/HTTP (not yet released)

Service srvno -u path
Operates as the above syntax of Service, only instead of spawning a daemon, connects to the unix-domain socket specified by path to communicate with an already running daemon. This option may be useful when debugging SFS servers, as the server for a particular service on a particular self-certifying pathname can be run under the debugger and receive connections on the usual SFS port without interfering with other servers on the same machine.
Service srvno -t host [port]
Specifies that sfssd should act as a "TCP proxy" for this particular service, relaying any incoming connections to TCP port port on host. If unspecified, port is the default SFS TCP port 4.

This syntax is useful in a NATted environment. For instance, suppose you have two SFS servers with addresses 10.0.0.2 and 10.0.0.3 on a private network, and one machine 10.0.0.1 with an externally visible interface 4.3.2.1. You can use this proxy syntax to export the internal file systems. The easiest way is to pick two DNS names for the new servers, but point them at your outside server. For example:

server-a.mydomain.com.  IN A    4.3.2.1
server-b.mydomain.com.  IN A    4.3.2.1

Then, on your outside machine, you might have the following sfssd_config file:

Server server-a.mydomain.com
  Release *
      Service 1 -t 10.0.0.2
      Service 2 -t 10.0.0.2
      Service 3 -t 10.0.0.2
Server server-b.mydomain.com
  Release *
      Service 1 -t 10.0.0.3
      Service 2 -t 10.0.0.3
      Service 3 -t 10.0.0.3

Then on each of the internal machines, be sure to specify Hostname server-A.mydomain.com and Hostname server-B.mydomain.com in sfsrwsd_config.

The default contents of sfssd_config is:

Server *
  Release *
      Service 1 sfsrwsd
      Service 2 sfsauthd

To run a different server for sfs-0.3 and older clients, you could add the lines:

  Release 0.3
    Service 1 /usr/local/lib/sfs-0.3/sfsrwsd