![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to overview.tex CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.sbin / amd / doc|
Return to overview.tex CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.sbin / amd / doc |
1.1 root 1: % $Id: overview.tex,v 5.2 90/06/23 22:21:50 jsp Rel $
2: %
3: % Copyright (c) 1989 Jan-Simon Pendry
4: % Copyright (c) 1989 Imperial College of Science, Technology & Medicine
5: % Copyright (c) 1989 The Regents of the University of California.
6: % All rights reserved.
7: %
8: % This code is derived from software contributed to Berkeley by
9: % Jan-Simon Pendry at Imperial College, London.
10: %
11: % Redistribution and use in source and binary forms are permitted provided
12: % that: (1) source distributions retain this entire copyright notice and
13: % comment, and (2) distributions including binaries display the following
14: % acknowledgement: ``This product includes software developed by the
15: % University of California, Berkeley and its contributors'' in the
16: % documentation or other materials provided with the distribution and in
17: % all advertising materials mentioning features or use of this software.
18: % Neither the name of the University nor the names of its contributors may
19: % be used to endorse or promote products derived from this software without
20: % specific prior written permission.
21: % THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
22: % WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
23: % MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
24: %
25: % @(#)overview.tex 5.1 (Berkeley) 7/19/90
26:
27:
28: \Chapter{Overview}
29: \pagenumbering{arabic}
30:
31: \Amd\ maintains a cache of mounted filesystems. Filesystems are {\em demand-mounted}
32: when they are first referenced, and unmounted after a period of inactivity.
33: \Amd\ may be used as a replacement for Sun's {\bf automount}(8)
34: \cite{usenix:automounter,sun:automount} program.
35: It contains no proprietary source code and has been ported
36: to numerous flavours of \Unix\ (see table \ref{table:os},~p\pageref{table:os}).
37:
38: \Amd\ was designed as the basis for experimenting with filesystem
39: layout and management. Although \amd\ has many direct applications it
40: is loaded with additional features which have little practical use.
41: At some point the infrequently used components may be removed to
42: streamline the production system.
43:
44: %\Amd\ supports the notion of {\em replicated} filesystems by evaluating
45: %each member of a list of possible filesystem locations in parallel.
46: %\Amd\ checks that each cached mapping remains valid. Should a mapping be
47: %lost -- such as happens when a fileserver goes down -- \amd\ automatically
48: %selects a replacement should one be available.
49:
50: The fundamental concept behind \amd\ is the ability to separate the name used to refer to
51: a file from the name used to refer to its physical storage location.
52: This allows the same files to be accessed with the same name regardless of where
53: in the network the name is used. This is very different from placing
54: {\tt /n/hostname} in front of the pathname since that includes location
55: dependent information which may change if files are moved to another
56: machine.
57: By placing the required mappings in a centrally administered database,
58: filesystems can be re-organised without requiring changes to password
59: files, shell scripts and so on.
60:
61: \Section{Filesystems and Volumes}
62: \Amd\ views the world as a set of fileservers, each containg one or more filesystems
63: where each filesystem contains one or more {\em volumes}.
64: Here the term volume is used to refer to a coherent set of files such as a user's home directory or
65: a \TeX\ distribution.
66:
67: In order to access the contents of a volume, \amd\ must be told in which filesystem
68: the volume resides and which host owns the filesystem.
69: By default the host is assumed to be local and the volume is
70: assumed to be the entire filesystem.
71: If a filesystem contains more than one volume, then a {\em sublink} is used to
72: refer to the sub-directory within the filesystem where the volume can be found.
73:
74: \Section{Volume Naming}
75:
76: Volume names are assumed to be unique across the entire network.
77: A volume name is the pathname to the volume's root as known by the
78: users of that volume. Since this name uniquely identifies the volume contents,
79: all volumes can be named and accessed from each host, subject to
80: administrative controls.
81:
82: Volumes may be replicated or duplicated. Replicated volumes contain identical
83: copies of the same data and reside at two or more locations in the network.
84: Each of the replicated volumes can be used interchangeably.
85: Duplicated volumes each have the same name but contain different, though
86: functionally identical, data. For example, {\tt /vol/tex} might be the
87: name of a \TeX\ distribution which varied for each machine architecture.
88:
89: \Amd\ provides facilities to take advantage of both replicated and
90: duplicated volumes. Configuration options allow a single set of configuration
91: data to be shared across an entire network by taking advantage of replicated
92: and duplicated volumes.
93:
94: \Amd\ can take advantage of replacement volumes by mounting
95: them as required should an active fileserver become unavailable.
96:
97: \Section{Volume Binding}
98:
99: \Unix\ implements a namespace of hierarchically mounted filesystems.
100: Two forms of binding between names and files are provided.
101: A {\em hard link} completes the binding when the name is added to the filesystem.
102: A {\em soft link} delays the binding until the name is accessed.
103: An {\em automounter} adds a further form in which the binding of name to
104: filesystem is delayed until the name is accessed.
105:
106: The target volume, in its general form, is a tuple (host, filesystem, sublink)
107: which can be used to name the physical location of any volume in
108: the network.
109:
110: When a target is referenced, \amd\ ignores the sublink element and determines
111: whether the required filesystem is already mounted. This is done by computing
112: the local mount point for the filesystem and checking for an existing filesystem
113: mounted at the same place. If such a filesystem already exists then it is
114: assumed to be functionally identical to the target filesystem. By default
115: there is a one-to-one mapping between the pair (host, filesystem) and the local
116: mount point so this assumption is valid.
117:
118: \Section{Operational Principles}
119:
120: \Amd\ operates by introducing new mount points into the namespace.
121: The kernel sees these mount points as \NFS\ \cite{sun:nfs} filesystems being served by \amd.
122: Having attached itself to the namespace, \amd\ is now able to control
123: the view the rest of the system has of those mount points.
124: RPC \cite{sun:rpc} calls are received from the kernel one at a time.
125:
126: When a {\em lookup} call is received \amd\ checks whether the
127: name is already known. If it is not, the required volume is mounted.
128: A symbolic link pointing to the volume root is then returned.
129: Once the symbolic link is returned, the kernel will send all
130: other requests direct to the mounted filesystem.
131:
132: If a volume is not yet mounted, \amd\ consults a configuration
133: {\em mount-map} corresponding to the automount point.
134: \Amd\ then makes a runtime decision on what and where to mount
135: a filesystem based on the information obtained from the map.
136:
137: \Amd\ does not implement all the \NFS\ requests; only those
138: relevant to name binding such as {\em lookup}, {\em readlink}
139: and {\em readdir}. Some other calls are also implemented
140: but most simply return an error code; for example {\em mkdir}
141: always returns ``Read-only filesystem''.
142:
143: \Section{Mounting a Volume}
144:
145: Each automount point has a mount map. The mount map contains
146: a list of key--value pairs. The key is the name of the volume to
147: be mounted. The value is a list of locations describing where the
148: filesystem is stored in the network.
149: In the source for the map the value would look like
150: \begin{quote}
151: ${\em location}_1\ \ {\em location}_2\ \ \ldots\ \ {\em location}_n$
152: \end{quote}
153:
154: \Amd\ examines each location in turn. Each location may contain {\em selectors}
155: which control whether \amd\ can use that location. For example, the location
156: may be restricted to use by certain hosts. Those locations which cannot be used
157: are ignored.
158:
159: \Amd\ attempts to mount the filesystem described by each remaining location
160: until a mount succeeds or \amd\ can no longer proceed.
161: The latter can occur in three ways:
162: \begin{itemize}
163: \item
164: If none of
165: the locations could be used, or if all of the locations caused an error,
166: then the last error is returned.
167:
168: \item
169: If a location could be used but was being mounted in the background then \amd\ marks
170: that mount as being ``in progress'' and continues with the next request; no reply
171: is sent to the kernel.
172:
173: \item
174: Lastly, one or more of the mounts may have been {\em deferred}.
175: A mount is deferred if extra information is required before the mount
176: can proceed. When the information becomes available the mount will
177: take place, but in the mean time no reply is sent to the kernel.
178: If the mount is deferred, \amd\ continues to try any remaining locations.
179: \end{itemize}
180:
181: %\Section{Task Scheduling}\label{task scheduler}
182: %
183: %\Amd\ provides a task scheduler to support its non-blocking semantics.
184: %The basic operation of the scheduler is to call a procedure when
185: %a particular event occurs. A general sleep/wakeup mechanism is used
186: %and sub-process support is built on that. The scheduler maintains
187: %two queues: one of blocked calls and one of callbacks waiting to
188: %be made.
189: %When a child process exits, its exit status is picked up by a signal
190: %handler and a wakeup is issued on the internal job descriptor for that sub-process.
191: %A timeout/untimeout mechanism provides for time dependent processing.
192:
193: \Section{Automatic Unmounting}
194:
195: To avoid an ever increasing number of filesystem mounts, \amd\ removes
196: volume mappings which have not been used recently. A time-to-live interval
197: is associated with each mapping and when that expires the mapping is removed.
198: When the last reference to a filesystem is removed, that filesystem is unmounted.
199: If the unmount fails, for example the filesystem is still busy, the mapping
200: is re-instated and its time-to-live interval is extended.
201: The global default for this grace period is controlled by the ``-w'' command-line
202: option (\see \Ref{opt:wait}). It is also possible to set this value on a per-mount basis
203: (\see \Ref{opt:utimeout}).
204:
205: \Section{Keep-alives}\label{keepalives}
206:
207: Use of some filesystem types requires the presence of a server on another machine.
208: If a machine crashes then it is of no concern to processes on that machine
209: that the filesystem is unavailable. However, to processes on a remote host using
210: that machine as a fileserver this event is important. This situation is
211: most widely recognised when an \NFS\ server crashes and the behaviour observed
212: on client machines is that more and more processes hang.
213: In order to provide the possibility of recovery, \amd\ implements a {\em keep-alive}
214: interval timer for some filesystem types.
215: Currently only \NFS\ makes use of this service.
216:
217: The basis of the \NFS\ keep-alive implementation is the observation that
218: most sites maintain replicated copies of common system data such as manual
219: pages, most or all programs, system source code and so on.
220: If one of those servers goes down it would be reasonable to mount one of
221: the others as a replacement.
222:
223: The first part of the process is to keep track of which fileservers are up and
224: which are down. \Amd\ does this by sending RPC requests to the servers'
225: \NFS\ {\sc NullProc} and checking whether a reply is returned.
226: While the server state is uncertain the requests are re-transmitted
227: at three second intervals and if no reply is received after four attempts
228: the server is marked down. If a reply is received the fileserver is marked
229: up and stays in that state for 30 seconds at which time another \NFS\ ping is sent.
230:
231: Once a fileserver is marked down, requests continue to be sent every 30 seconds
232: in order to determine when the fileserver comes back up. During this time
233: any reference through \amd\ to the filesystems on that server fail with the
234: error ``Operation would block''.
235: If a replacement volume is available then it will be mounted, otherwise
236: the error is returned to the user.
237:
238: %\Amd\ keeps track of which servers are up and which are down.
239: %It does this by sending RPC requests to the servers' \NFS\ {\sc NullProc} and
240: %checking whether a reply is returned. If no replies are received after a
241: %short period, \amd\ marks the fileserver {\em down}.
242: %RPC requests continue to be sent so that it will notice when a fileserver
243: %comes back up.
244: %ICMP echo packets \cite{rfc:icmp} are not used because it is the availability
245: %of the \NFS\ service that is important, not the existence of a base kernel.
246:
247: %Whenever a reference to a fileserver which is down is made via \amd\, an alternate
248: %filesystem is mounted if one is available.
249: Although this action does not protect
250: user files, which are unique on the network, or processes which do not access files
251: via \amd\ or already have open files on the hung filesystem, it can prevent most new
252: processes from hanging.
253:
254: %With a suitable combination of filesystem management and mount-maps,
255: %machines can be protected against most server downtime. This can be
256: %enhanced by allocating boot-servers dynamically which allows a diskless
257: %workstation to be quickly restarted if necessary. Once the root filesystem
258: %is mounted, \amd\ can be started and allowed to mount the remainder of
259: %the filesystem from whichever fileservers are available.
260:
261: \Section{Non-blocking Operation}
262:
263: Since there is only one instance of \amd\ for each automount point,
264: and usually only one instance on each machine, it is important
265: that it is always available to service kernel calls.
266: \Amd\ goes to great lengths to ensure that it does not block in a system call.
267: As a last resort \amd\ will fork before it attempts a system call that may block
268: indefinitely, such as mounting an \NFS\ filesystem.
269: Other tasks such as obtaining filehandle information for an \NFS\ filesystem,
270: are done using a purpose built non-blocking RPC library which is integrated
271: with \amd's task scheduler.% (\see \Ref{task scheduler}).
272: This library is also used to implement \NFS\ keep-alives (\see \Ref{keepalives}).
273:
274: Whenever a mount is deferred or backgrounded, \amd\ must wait for it to complete
275: before replying to the kernel. However, this would cause \amd\ to block waiting
276: for a reply to be constructed. Rather than do this, \amd\ simply {\em drops}
277: the call under the assumption that the kernel RPC mechanism will automatically
278: retry the request.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.