draft-ietf-nfsv4-federated-fs-admin-10.txt   draft-ietf-nfsv4-federated-fs-admin-11.txt 
NFSv4 Working Group J. Lentini NFSv4 Working Group J. Lentini
Internet-Draft C. Everhart Internet-Draft C. Everhart
Intended status: Standards Track NetApp Intended status: Standards Track NetApp
Expires: November 25, 2012 D. Ellard Expires: December 16, 2012 D. Ellard
Raytheon BBN Technologies Raytheon BBN Technologies
R. Tewari R. Tewari
M. Naik M. Naik
IBM Almaden IBM Almaden
May 24, 2012 June 14, 2012
Administration Protocol for Federated Filesystems Administration Protocol for Federated Filesystems
draft-ietf-nfsv4-federated-fs-admin-10 draft-ietf-nfsv4-federated-fs-admin-11
Abstract Abstract
This document describes the administration protocol for a federated This document describes the administration protocol for a federated
file system that enables file access and namespace traversal across file system that enables file access and namespace traversal across
collections of independently administered fileservers. The protocol collections of independently administered fileservers. The protocol
specifies a set of interfaces by which fileservers with different specifies a set of interfaces by which fileservers with different
administrators can form a fileserver federation that provides a administrators can form a fileserver federation that provides a
namespace composed of the filesystems physically hosted on and namespace composed of the filesystems physically hosted on and
exported by the constituent fileservers. exported by the constituent fileservers.
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 25, 2012. This Internet-Draft will expire on December 16, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 3, line 8 skipping to change at page 3, line 8
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 5
3. Error Values . . . . . . . . . . . . . . . . . . . . . . . . . 11 2. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3. Error Values . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1. FedFsNsdbName Equality . . . . . . . . . . . . . . . . . . 16 4. Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.1. FedFsNsdbName Equality . . . . . . . . . . . . . . . . . . 18
5.1. FEDFS_NULL . . . . . . . . . . . . . . . . . . . . . . . . 17 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.1.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 17 5.1. FEDFS_NULL . . . . . . . . . . . . . . . . . . . . . . . . 19
5.1.2. Description . . . . . . . . . . . . . . . . . . . . . 17 5.1.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 19
5.1.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 17 5.1.2. Description . . . . . . . . . . . . . . . . . . . . . 19
5.2. FEDFS_CREATE_JUNCTION . . . . . . . . . . . . . . . . . . 17 5.1.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 19
5.2.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 17 5.2. FEDFS_CREATE_JUNCTION . . . . . . . . . . . . . . . . . . 19
5.2.2. Description . . . . . . . . . . . . . . . . . . . . . 17 5.2.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 19
5.2.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 19 5.2.2. Description . . . . . . . . . . . . . . . . . . . . . 19
5.3. FEDFS_DELETE_JUNCTION . . . . . . . . . . . . . . . . . . 19 5.2.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 19 5.3. FEDFS_DELETE_JUNCTION . . . . . . . . . . . . . . . . . . 21
5.3.2. Description . . . . . . . . . . . . . . . . . . . . . 19 5.3.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 21
5.3.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 20 5.3.2. Description . . . . . . . . . . . . . . . . . . . . . 21
5.4. FEDFS_LOOKUP_JUNCTION . . . . . . . . . . . . . . . . . . 21 5.3.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 22
5.4.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 21 5.4. FEDFS_LOOKUP_JUNCTION . . . . . . . . . . . . . . . . . . 23
5.4.2. Description . . . . . . . . . . . . . . . . . . . . . 21 5.4.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 23
5.4.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 23 5.4.2. Description . . . . . . . . . . . . . . . . . . . . . 23
5.5. FEDFS_CREATE_REPLICATION . . . . . . . . . . . . . . . . . 24 5.4.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 24 5.5. FEDFS_CREATE_REPLICATION . . . . . . . . . . . . . . . . . 26
5.5.2. Description . . . . . . . . . . . . . . . . . . . . . 24 5.5.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 26
5.5.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 25 5.5.2. Description . . . . . . . . . . . . . . . . . . . . . 26
5.6. FEDFS_DELETE_REPLICATION . . . . . . . . . . . . . . . . . 26 5.5.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 27
5.6.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 26 5.6. FEDFS_DELETE_REPLICATION . . . . . . . . . . . . . . . . . 28
5.6.2. Description . . . . . . . . . . . . . . . . . . . . . 26 5.6.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 28
5.6.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 27 5.6.2. Description . . . . . . . . . . . . . . . . . . . . . 28
5.7. FEDFS_LOOKUP_REPLICATION . . . . . . . . . . . . . . . . . 27 5.6.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 29
5.7.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 27 5.7. FEDFS_LOOKUP_REPLICATION . . . . . . . . . . . . . . . . . 29
5.7.2. Description . . . . . . . . . . . . . . . . . . . . . 27 5.7.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 29
5.7.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 28 5.7.2. Description . . . . . . . . . . . . . . . . . . . . . 29
5.8. FEDFS_SET_NSDB_PARAMS . . . . . . . . . . . . . . . . . . 28 5.7.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 30
5.8.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 28 5.8. FEDFS_SET_NSDB_PARAMS . . . . . . . . . . . . . . . . . . 30
5.8.2. Description . . . . . . . . . . . . . . . . . . . . . 29 5.8.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 30
5.8.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 29 5.8.2. Description . . . . . . . . . . . . . . . . . . . . . 31
5.9. FEDFS_GET_NSDB_PARAMS . . . . . . . . . . . . . . . . . . 30 5.8.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 31
5.9.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 30 5.9. FEDFS_GET_NSDB_PARAMS . . . . . . . . . . . . . . . . . . 32
5.9.2. Description . . . . . . . . . . . . . . . . . . . . . 30 5.9.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 32
5.9.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 30 5.9.2. Description . . . . . . . . . . . . . . . . . . . . . 32
5.10. FEDFS_GET_LIMITED_NSDB_PARAMS . . . . . . . . . . . . . . 30 5.9.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 32
5.10.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 31 5.10. FEDFS_GET_LIMITED_NSDB_PARAMS . . . . . . . . . . . . . . 32
5.10.2. Description . . . . . . . . . . . . . . . . . . . . . 31 5.10.1. Synopsis . . . . . . . . . . . . . . . . . . . . . . . 33
5.10.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 31 5.10.2. Description . . . . . . . . . . . . . . . . . . . . . 33
5.10.3. Errors . . . . . . . . . . . . . . . . . . . . . . . . 33
6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
8. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.1. Normative References . . . . . . . . . . . . . . . . . . . 34
9.1. Normative References . . . . . . . . . . . . . . . . . . . 34 8.2. Informative References . . . . . . . . . . . . . . . . . . 35
9.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 36 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction 1. Introduction
A federated filesystem enables file access and namespace traversal in A federated filesystem enables file access and namespace traversal in
a uniform, secure and consistent manner across multiple independent a uniform, secure and consistent manner across multiple independent
fileservers within an enterprise (and possibly across multiple fileservers within an enterprise (and possibly across multiple
enterprises) with reasonably good performance. enterprises) with reasonably good performance.
skipping to change at page 5, line 35 skipping to change at page 5, line 35
The requirements for federated namespaces are described in [RFC5716]. The requirements for federated namespaces are described in [RFC5716].
The filesystem federation protocol described in [FEDFS-NSDB] allows The filesystem federation protocol described in [FEDFS-NSDB] allows
fileservers from different vendors and/or with different fileservers from different vendors and/or with different
administrators to cooperatively build a namespace. administrators to cooperatively build a namespace.
This document describes the protocol used by administrators to This document describes the protocol used by administrators to
configure the fileservers and construct the namespace. configure the fileservers and construct the namespace.
1.1. Definitions
Administrator: user with the necessary authority to initiate
administrative tasks on one or more servers.
Admin Entity: A server or agent that administers a collection of
fileservers and persistently stores the namespace information.
Client: Any client that accesses the fileserver data using a
supported filesystem access protocol.
Federation: A set of server collections and singleton servers that
use a common set of interfaces and protocols in order to provide
to their clients a federated namespace accessible through a
filesystem access protocol.
Fileserver: A server exporting a filesystem via a network filesystem
access protocol.
Fileset: The abstraction of a set of files and the directory tree
that contains them. A fileset is the fundamental unit of data
management in the federation.
Note that all files within a fileset are descendants of one
directory, and that filesets do not span filesystems.
Filesystem: A self-contained unit of export for a fileserver, and
the mechanism used to implement filesets. The fileset does not
need to be rooted at the root of the filesystem, nor at the export
point for the filesystem.
A single filesystem MAY implement more than one fileset, if the
client protocol and the fileserver permit this.
Filesystem Access Protocol: A network filesystem access protocol
such as NFSv2 [RFC1094], NFSv3 [RFC1813], NFSv4 [3530bis], or CIFS
(Common Internet File System) [MS-SMB] [MS-SMB2] [MS-CIFS].
FSL (Fileset Location): The location of the implementation of a
fileset at a particular moment in time. An FSL MUST be something
that can be translated into a protocol-specific description of a
resource that a client can access directly, such as an fs_location
(for NFSv4), or share name (for CIFS). Note that not all FSLs
need to be explicitly exported as long as they are contained
within an exported path on the fileserver.
FSN (Fileset Name): A platform-independent and globally unique name
for a fileset. Two FSLs that implement replicas of the same
fileset MUST have the same FSN, and if a fileset is migrated from
one location to another, the FSN of that fileset MUST remain the
same.
Junction: A filesystem object used to link a directory name in the
current fileset with an object within another fileset. The
server-side "link" from a leaf node in one fileset to the root of
another fileset.
Namespace: A filename/directory tree that a sufficiently authorized
client can observe.
NSDB (Namespace Database) Service: A service that maps FSNs to FSLs.
The NSDB may also be used to store other information, such as
annotations for these mappings and their components.
NSDB Node: The name or location of a server that implements part of
the NSDB service and is responsible for keeping track of the FSLs
(and related info) that implement a given partition of the FSNs.
Referral: A server response to a client access that directs the
client to evaluate the current object as a reference to an object
at a different location (specified by an FSL) in another fileset,
and possibly hosted on another fileserver. The client re-attempts
the access to the object at the new location.
Replica: A replica is a redundant implementation of a fileset. Each
replica shares the same FSN, but has a different FSL.
Replicas may be used to increase availability or performance.
Updates to replicas of the same fileset MUST appear to occur in
the same order, and therefore each replica is self-consistent at
any moment.
We do not assume that updates to each replica occur
simultaneously. If a replica is offline or unreachable, the other
replicas may be updated.
Server Collection: A set of fileservers administered as a unit. A
server collection may be administered with vendor-specific
software.
The namespace provided by a server collection could be part of the
federated namespace.
Singleton Server: A server collection containing only one server; a
stand-alone fileserver.
2. Protocol 2. Protocol
The RPC protocol used by the administration operations is ONC RPC The RPC protocol used by the administration operations is ONC RPC
[RFC5531]. The data structures used for the parameters and return [RFC5531]. The data structures used for the parameters and return
values of these procedures are expressed in this document in XDR values of these procedures are expressed in this document in XDR
[RFC4506]. [RFC4506].
The XDR definitions below are formatted to allow the reader to easily The XDR definitions below are formatted to allow the reader to easily
extract them from the document. The reader can use the following extract them from the document. The reader can use the following
shell script to extract the definitions: shell script to extract the definitions:
<CODE BEGINS> <CODE BEGINS>
#!/bin/sh #!/bin/sh
grep '^ *///' | sed 's?^ */// ??' | sed 's?^ *///$??' grep '^ *///' | sed 's?^ */// ??' | sed 's?^ *///$??'
<CODE ENDS>
<CODE ENDS>
If the above script is stored in a file called "extract.sh", and this If the above script is stored in a file called "extract.sh", and this
document is in a file called "spec.txt", then the reader can do: document is in a file called "spec.txt", then the reader can do:
<CODE BEGINS> <CODE BEGINS>
sh extract.sh < spec.txt > admin1.xdr sh extract.sh < spec.txt > admin1.xdr
<CODE ENDS> <CODE ENDS>
The effect of the script is to remove leading white space from each The effect of the script is to remove leading white space from each
line, plus a sentinel sequence of "///". line, plus a sentinel sequence of "///".
The protocol definition in XDR notation is shown below. We begin by The protocol definition in XDR notation is shown below. We begin by
defining basic constants and structures used by the protocol. We defining basic constants and structures used by the protocol. We
then present the procedures defined by the protocol. then present the procedures defined by the protocol.
<CODE BEGINS> <CODE BEGINS>
skipping to change at page 13, line 26 skipping to change at page 15, line 32
the appropriate NSDB. the appropriate NSDB.
FEDFS_ERR_NSDB_NOFSN: The fileserver was unable to locate the given FEDFS_ERR_NSDB_NOFSN: The fileserver was unable to locate the given
FSN in the appropriate NSDB. FSN in the appropriate NSDB.
FEDFS_ERR_NSDB_NOFSL: The fileserver was unable to locate any FSLs FEDFS_ERR_NSDB_NOFSL: The fileserver was unable to locate any FSLs
for the given FSN in the appropriate NSDB. for the given FSN in the appropriate NSDB.
FEDFS_ERR_NSDB_RESPONSE: The fileserver received a malformed FEDFS_ERR_NSDB_RESPONSE: The fileserver received a malformed
response from the NSDB. This includes situations when an NSDB response from the NSDB. This includes situations when an NSDB
entry (e.g. FSN or FSL) is missing a required attribute. entry (e.g., FSN or FSL) is missing a required attribute.
FEDFS_ERR_NSDB_FAULT: An unanticipated error related to the NSDB FEDFS_ERR_NSDB_FAULT: An unanticipated error related to the NSDB
occurred. occurred.
FEDFS_ERR_NSDB_PARAMS: The fileserver does not have any connection FEDFS_ERR_NSDB_PARAMS: The fileserver does not have any connection
parameters on record for the specified NSDB. parameters on record for the specified NSDB.
FEDFS_ERR_NSDB_LDAP_REFERRAL: The fileserver received an LDAP FEDFS_ERR_NSDB_LDAP_REFERRAL: The fileserver received an LDAP
referral that it was unable to follow. referral that it was unable to follow.
skipping to change at page 14, line 39 skipping to change at page 16, line 43
FedFsUuid: A universally unique identifier (UUID) as described in FedFsUuid: A universally unique identifier (UUID) as described in
[RFC4122] as a version 1 UUID. The UUID should be formatted in [RFC4122] as a version 1 UUID. The UUID should be formatted in
network byte order. network byte order.
FedFsNsdbName: A (hostname, port) pair. FedFsNsdbName: A (hostname, port) pair.
The hostname is a variable length UTF-8 string that represents an The hostname is a variable length UTF-8 string that represents an
NSDB's network location in DNS name notation. It SHOULD be NSDB's network location in DNS name notation. It SHOULD be
prepared using the server4 rules defined in Chapter 12 prepared using the server4 rules defined in Chapter 12
"Internationalization" of [3530bis]. The DNS name MUST be "Internationalization" of [3530bis]. The DNS name MUST be
represented using a fully qualified domain name. A system (i.e. represented using a fully qualified domain name. A system (i.e.,
fileserver or administrative host) SHOULD resolve the fully fileserver or administrative host) SHOULD resolve the fully
qualified domain name to a network address using the system's qualified domain name to a network address using the system's
standard resolution mechanisms. standard resolution mechanisms.
The port is the NSDB transport port. The port value MUST be in The port is the NSDB transport port for the LDAP interface (see
the range 0 (zero) to 65535. A value of 0 (zero) indicates that [RFC4511]). The value MUST be in the range 0 to 65535. A value
the standard LDAP port number, 389, SHOULD be assumed. of 0 indicates that the standard LDAP port number, 389, SHOULD be
assumed.
FSNs are immutable and invariant. The attributes of an FSN, FSNs are immutable and invariant. The attributes of an FSN,
including the fedfsNsdbName, are expected to remain constant. including the fedfsNsdbName, are expected to remain constant.
Therefore, a FedFsNsdbName SHOULD NOT contain a network address, Therefore, a FedFsNsdbName SHOULD NOT contain a network address,
such as an IPv4 or IPv6 address, as this would indefinitely assign such as an IPv4 or IPv6 address, as this would indefinitely assign
the network address. the network address.
FedFsPathComponent: A case sensitive UTF-8 string containing a FedFsPathComponent: A case sensitive UTF-8 string containing a
filesystem path component. It SHOULD be prepared using the filesystem path component. It SHOULD be prepared using the
component4 rules defined in Chapter 12 "Internationalization" of component4 rules defined in Chapter 12 "Internationalization" of
skipping to change at page 15, line 41 skipping to change at page 17, line 46
FedFsNsdbParams: A set of parameters for connecting to an NSDB. FedFsNsdbParams: A set of parameters for connecting to an NSDB.
Conceptually the fileserver contains a data structure that maps an Conceptually the fileserver contains a data structure that maps an
NSDB name (DNS name and port value) to these LDAP connection NSDB name (DNS name and port value) to these LDAP connection
parameters. parameters.
The secType field indicates the security mechanism that MUST be The secType field indicates the security mechanism that MUST be
used to protect all connections to the NSDB with the connection used to protect all connections to the NSDB with the connection
parameters. parameters.
A value of FEDFS_SEC_NONE indicates that no security mechanism is A value of FEDFS_SEC_NONE indicates that no security mechanism is
necessary. In this case, the secData array will have 0 (zero) necessary. In this case, the secData array will have 0 length.
length.
A value of FEDFS_SEC_TLS indicates that the StartTLS security A value of FEDFS_SEC_TLS indicates that the StartTLS security
mechanism [RFC4513] MUST be used to protect all connections to the mechanism [RFC4513] MUST be used to protect all connections to the
NSDB. In this case, the secData array will contain an X.509v3 NSDB. In this case, the secData array will contain an X.509v3
certificate in binary DER format [RFC5280]. The certificate certificate in binary DER format [RFC5280]. The certificate
SHOULD be used by the fileserver to authenticate the identity of SHOULD be used by the fileserver to authenticate the identity of
the NSDB. In particular, this certificate SHOULD be used to the NSDB. In particular, this certificate SHOULD be used to
validate the NSDB's TLS certificate list chain (see 7.4.2 of validate the NSDB's TLS certificate list chain (see 7.4.2 of
[RFC5246]). The certificate could be that of a certificate [RFC5246]). The certificate could be that of a certificate
authority or a self-signed certificate. authority or a self-signed certificate.
4.1. FedFsNsdbName Equality 4.1. FedFsNsdbName Equality
Two FedFsNsdbNames are considered equal if both their DNS name and Two FedFsNsdbNames are considered equal if both their DNS name and
port values are the same. As described above, the standard LDAP port port values are the same. As described above, the standard LDAP port
number, 389, SHOULD be assumed if a port number of 0 (zero) is number, 389, SHOULD be assumed if a port number of 0 is specified.
specified. Therefore, the FedFsNsdbName "(nsdb.example.com, 0)" is Therefore, the FedFsNsdbName "(nsdb.example.com, 0)" is considered
considered equal to "(nsdb.example.com, 389)" but not equal to equal to "(nsdb.example.com, 389)" but not equal to
"(nsdb.example.com, 1066)" since the port number is different or "(nsdb.example.com, 1066)" since the port number is different or
"(nsdb.foo.example.com, 389)" since the DNS name is different. "(nsdb.foo.example.com, 389)" since the DNS name is different.
5. Procedures 5. Procedures
The procedures defined in Section 2 are described in detail in the The procedures defined in Section 2 are described in detail in the
following sections. following sections.
Fileservers that participate as "internal" nodes in the federated Fileservers that participate as "internal" nodes in the federated
namespace MUST implement the following procedures: namespace MUST implement the following procedures:
skipping to change at page 20, line 29 skipping to change at page 22, line 29
local namespace. local namespace.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If the path cannot be traversed because of
insufficient permissions, or the parent directory of the junction is insufficient permissions, or the parent directory of the junction is
an unexecutable or unwritable directory, then the operation MAY fail an unexecutable or unwritable directory, then the operation MAY fail
with status FEDFS_ERR_ACCESS. with status FEDFS_ERR_ACCESS.
The removal of the association between the path and the FSN MUST be The removal of the association between the path and the FSN MUST be
durable before the operation returns successfully. If the operation durable before the operation returns successfully. If the operation
return codes indicates success, then the the junction was return codes indicates success, then the junction was successfully
successfully destroyed. destroyed.
The effective permissions and other attributes of the directory that The effective permissions and other attributes of the directory that
is restored by this operation SHOULD be identical to their value is restored by this operation SHOULD be identical to their value
prior to the creation of the junction. prior to the creation of the junction.
After removal of the junction, the fileserver MAY check if any of its After removal of the junction, the fileserver MAY check if any of its
existing junctions reference the NSDB specified in the removed existing junctions reference the NSDB specified in the removed
junction's FSN. If the NSDB is not referenced, the fileserver MAY junction's FSN. If the NSDB is not referenced, the fileserver MAY
delete the connection parameters of the unreferenced NSDB. delete the connection parameters of the unreferenced NSDB.
skipping to change at page 22, line 23 skipping to change at page 24, line 23
with status FEDFS_ERR_ACCESS. with status FEDFS_ERR_ACCESS.
If the junction exists, the resolve parameter allows for testing the If the junction exists, the resolve parameter allows for testing the
fileserver's ability to resolve the junction. If the junction does fileserver's ability to resolve the junction. If the junction does
not exist, the fileserver will ignore the resolve parameter. not exist, the fileserver will ignore the resolve parameter.
If the junction exists and the resolve parameter is set to If the junction exists and the resolve parameter is set to
FEDFS_RESOLVE_NONE, the fileserver MUST NOT attempt to resolve the FEDFS_RESOLVE_NONE, the fileserver MUST NOT attempt to resolve the
FSN. This will allow the administrator to obtain the junction's FSN FSN. This will allow the administrator to obtain the junction's FSN
even if the resolution would fail. Therefore on success, the result even if the resolution would fail. Therefore on success, the result
of a FEDFS_RESOLVE_NONE call will return a 0 (zero) length fsl list of a FEDFS_RESOLVE_NONE call will return a 0 length fsl list in the
in the FedFsLookupResOk structure. FedFsLookupResOk structure.
If the junction exists and the resolve parameter is set to If the junction exists and the resolve parameter is set to
FEDFS_RESOLVE_CACHE, the fileserver MUST attempt to resolve the FSN FEDFS_RESOLVE_CACHE, the fileserver MUST attempt to resolve the FSN
using its FSL cache, if one exists. The fileserver MUST NOT resolve using its FSL cache, if one exists. The fileserver MUST NOT resolve
the FSN by contacting the appropriate NSDB. If the fileserver's the FSN by contacting the appropriate NSDB. If the fileserver's
cache does not have a mapping for the FSN in question, the result of cache does not have a mapping for the FSN in question, the result of
the operation MUST be FEDFS_OK with 0 (zero) elements in the the operation MUST be FEDFS_OK with 0 elements in the
FedFsLookupResOk structure's fsl array. The operation MAY fail with FedFsLookupResOk structure's fsl array. The operation MAY fail with
status FEDFS_ERR_NO_CACHE if the fileserver does not contain an FSN- status FEDFS_ERR_NO_CACHE if the fileserver does not contain an FSN-
to-FSL cache or with status FEDFS_ERR_UNKNOWN_CACHE if the state of to-FSL cache or with status FEDFS_ERR_UNKNOWN_CACHE if the state of
the cache is unknown. the cache is unknown.
If the junction exists and the resolve parameter is set to If the junction exists and the resolve parameter is set to
FEDFS_RESOLVE_NSDB, the fileserver MUST attempt to resolve the FSN by FEDFS_RESOLVE_NSDB, the fileserver MUST attempt to resolve the FSN by
contacting the appropriate NSDB. The FSN MUST NOT be resolved using contacting the appropriate NSDB. The FSN MUST NOT be resolved using
cached information. The resolution MAY fail with cached information. The resolution MAY fail with
FEDFS_ERR_NSDB_ROUTE, FEDFS_ERR_NSDB_DOWN, FEDFS_ERR_NSDB_CONN, FEDFS_ERR_NSDB_ROUTE, FEDFS_ERR_NSDB_DOWN, FEDFS_ERR_NSDB_CONN,
skipping to change at page 29, line 17 skipping to change at page 31, line 17
This operations allows the administrator to set the connection This operations allows the administrator to set the connection
parameters for a given NSDB. parameters for a given NSDB.
If a record for the given NSDB does not exist, a new record is If a record for the given NSDB does not exist, a new record is
created with the specified connection parameters. created with the specified connection parameters.
If a record for the given NSDB does exist, the existing connection If a record for the given NSDB does exist, the existing connection
parameters are replaced with the specified connection parameters. parameters are replaced with the specified connection parameters.
An NSDB is specified using a FedFsNsdbName. The rules in Section 4.1 An NSDB is specified using a FedFsNsdbName. The rules in Section 4.1
define when two FedFsNsdbNames are considered equal define when two FedFsNsdbNames are considered equal.
The given NSDB need not be referenced by any junctions on the The given NSDB need not be referenced by any junctions on the
fileserver. This situation will occur when connection parameters for fileserver. This situation will occur when connection parameters for
a new NSDB are installed. a new NSDB are installed.
The format of the connection parameters is described above. The format of the connection parameters is described above.
On success, this operation returns FEDFS_OK. When the operation On success, this operation returns FEDFS_OK. When the operation
returns, the new connection parameters SHOULD be used for all returns, the new connection parameters SHOULD be used for all
subsequent LDAP connections to the given NSDB. Existing connections subsequent LDAP connections to the given NSDB. Existing connections
skipping to change at page 30, line 17 skipping to change at page 32, line 17
5.9.1. Synopsis 5.9.1. Synopsis
Get the connection parameters for the specified NSDB. Get the connection parameters for the specified NSDB.
5.9.2. Description 5.9.2. Description
This operations allows the administrator to retrieve connection This operations allows the administrator to retrieve connection
parameters, if they exist, for the given NSDB. parameters, if they exist, for the given NSDB.
An NSDB is specified using a FedFsNsdbName. The rules in Section 4.1 An NSDB is specified using a FedFsNsdbName. The rules in Section 4.1
define when two FedFsNsdbNames are considered equal define when two FedFsNsdbNames are considered equal.
A set of connection parameters is considered a match if their A set of connection parameters is considered a match if their
associated NSDB is equal (as defined above) to the operation's NSDB associated NSDB is equal (as defined above) to the operation's NSDB
argument. Therefore, there is at most one set of connection argument. Therefore, there is at most one set of connection
parameters that can match the query described by this operation. parameters that can match the query described by this operation.
The format of the connection parameters is described above. The format of the connection parameters is described above.
On success, this operation returns FEDFS_OK and the connection On success, this operation returns FEDFS_OK and the connection
parameters on record for the given NSDB. parameters on record for the given NSDB.
skipping to change at page 31, line 11 skipping to change at page 33, line 11
FEDFS_ERR_DELAY FEDFS_ERR_DELAY
5.10. FEDFS_GET_LIMITED_NSDB_PARAMS 5.10. FEDFS_GET_LIMITED_NSDB_PARAMS
5.10.1. Synopsis 5.10.1. Synopsis
Get a limited subset of the connection parameters for the specified Get a limited subset of the connection parameters for the specified
NSDB. NSDB.
5.10.2. Description 5.10.2. Description
This operations allows the administrator to retrieve a limited subset This operation allows the administrator to retrieve a limited subset
of information on the connection parameters, if they exist, for the of information on the connection parameters, if they exist, for the
given NSDB. given NSDB.
An NSDB is specified using a FedFsNsdbName. The rules in Section 4.1 A NSDB is specified using a FedFsNsdbName. The rules in Section 4.1
define when two FedFsNsdbNames are considered equal define when two FedFsNsdbNames are considered equal.
A set of connection parameters is considered a match if their A set of connection parameters is considered a match if their
associated NSDB is equal (as defined above) to the operation's NSDB associated NSDB is equal (as defined above) to the operation's NSDB
argument. Therefore, there is at most one set of connection argument. Therefore, there is at most one set of connection
parameters that can match the query described by this operation. parameters that can match the query described by this operation.
This operation returns a limited subset of the connection parameters. This operation returns a limited subset of the connection parameters.
Only the FedFsConnectionSec mechanism that is used to protect Only the FedFsConnectionSec mechanism that is used to protect
communication between the fileserver and NSDB is returned. communication between the fileserver and NSDB is returned.
skipping to change at page 32, line 21 skipping to change at page 34, line 21
FEDFS_ERR_NOTSUPP FEDFS_ERR_NOTSUPP
FEDFS_ERR_DELAY FEDFS_ERR_DELAY
6. Security Considerations 6. Security Considerations
The ONC RPC protocol supports authentication, integrity and privacy The ONC RPC protocol supports authentication, integrity and privacy
via the RPCSEC_GSS framework [RFC2203]. Fileservers which support via the RPCSEC_GSS framework [RFC2203]. Fileservers which support
the FedFS administration protocol described above MUST support the FedFS administration protocol described above MUST support
RPCSEC_GSS. RPCSEC_GSS.
FEDFS_GET_LIMITED_NSDB_PARAMS's interaction with the NSDB's
connection parameters is discussed in Section 5.10.2.
7. IANA Considerations 7. IANA Considerations
A range of ONC RPC program numbers were assigned for use by FedFS A range of ONC RPC program numbers were assigned for use by FedFS
using the procedure described in Section 7.3 "Program Number using the procedure described in Section 7.3 "Program Number
Assignment" of [RFC5531]. The FedFS range is: Assignment" of [RFC5531]. The FedFS range is:
IETF NFSv4 Working Group - FedFS 100418 - 100421 IETF NFSv4 Working Group - FedFS 100418 - 100421
This document describes version 1 of the ONC RPC program 100418 with This document describes version 1 of the ONC RPC program 100418 with
short name "fedfs_admin". short name "fedfs_admin".
8. Glossary 8. References
Administrator: user with the necessary authority to initiate
administrative tasks on one or more servers.
Admin Entity: A server or agent that administers a collection of
fileservers and persistently stores the namespace information.
Client: Any client that accesses the fileserver data using a
supported filesystem access protocol.
Federation: A set of server collections and singleton servers that
use a common set of interfaces and protocols in order to provide
to their clients a federated namespace accessible through a
filesystem access protocol.
Fileserver: A server exporting a filesystem via a network filesystem
access protocol.
Fileset: The abstraction of a set of files and the directory tree
that contains them. A fileset is the fundamental unit of data
management in the federation.
Note that all files within a fileset are descendants of one
directory, and that filesets do not span filesystems.
Filesystem: A self-contained unit of export for a fileserver, and
the mechanism used to implement filesets. The fileset does not
need to be rooted at the root of the filesystem, nor at the export
point for the filesystem.
A single filesystem MAY implement more than one fileset, if the
client protocol and the fileserver permit this.
Filesystem Access Protocol: A network filesystem access protocol
such as NFSv2 [RFC1094], NFSv3 [RFC1813], NFSv4 [3530bis], or CIFS
(Common Internet File System) [MS-SMB] [MS-SMB2] [MS-CIFS].
FSL (Fileset Location): The location of the implementation of a
fileset at a particular moment in time. An FSL MUST be something
that can be translated into a protocol-specific description of a
resource that a client can access directly, such as an fs_location
(for NFSv4), or share name (for CIFS). Note that not all FSLs
need to be explicitly exported as long as they are contained
within an exported path on the fileserver.
FSN (Fileset Name): A platform-independent and globally unique name
for a fileset. Two FSLs that implement replicas of the same
fileset MUST have the same FSN, and if a fileset is migrated from
one location to another, the FSN of that fileset MUST remain the
same.
Junction: A filesystem object used to link a directory name in the
current fileset with an object within another fileset. The
server-side "link" from a leaf node in one fileset to the root of
another fileset.
Namespace: A filename/directory tree that a sufficiently authorized
client can observe.
NSDB (Namespace Database) Service: A service that maps FSNs to FSLs.
The NSDB may also be used to store other information, such as
annotations for these mappings and their components.
NSDB Node: The name or location of a server that implements part of
the NSDB service and is responsible for keeping track of the FSLs
(and related info) that implement a given partition of the FSNs.
Referral: A server response to a client access that directs the
client to evaluate the current object as a reference to an object
at a different location (specified by an FSL) in another fileset,
and possibly hosted on another fileserver. The client re-attempts
the access to the object at the new location.
Replica: A replica is a redundant implementation of a fileset. Each
replica shares the same FSN, but has a different FSL.
Replicas may be used to increase availability or performance.
Updates to replicas of the same fileset MUST appear to occur in
the same order, and therefore each replica is self-consistent at
any moment.
We do not assume that updates to each replica occur
simultaneously. If a replica is offline or unreachable, the other
replicas may be updated.
Server Collection: A set of fileservers administered as a unit. A
server collection may be administered with vendor-specific
software.
The namespace provided by a server collection could be part of the
federated namespace.
Singleton Server: A server collection containing only one server; a
stand-alone fileserver.
9. References
9.1. Normative References 8.1. Normative References
[3530bis] Haynes, T. and D. Noveck, "NFS Version 4 Protocol", [3530bis] Haynes, T. and D. Noveck, "NFS Version 4 Protocol",
draft-ietf-nfsv4-rfc3530bis (Work In Progress), 2010. draft-ietf-nfsv4-rfc3530bis (Work In Progress), 2010.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2203] Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol [RFC2203] Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol
Specification", RFC 2203, September 1997. Specification", RFC 2203, September 1997.
skipping to change at page 35, line 27 skipping to change at page 35, line 28
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC5531] Thurlow, R., "RPC: Remote Procedure Call Protocol [RFC5531] Thurlow, R., "RPC: Remote Procedure Call Protocol
Specification Version 2", RFC 5531, May 2009. Specification Version 2", RFC 5531, May 2009.
9.2. Informative References 8.2. Informative References
[FEDFS-NSDB] [FEDFS-NSDB]
Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M. Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M.
Naik, "NSDB Protocol for Federated Filesystems", Naik, "NSDB Protocol for Federated Filesystems",
draft-ietf-nfsv4-federated-fs-protocol (Work In Progress), draft-ietf-nfsv4-federated-fs-protocol (Work In Progress),
2010. 2010.
[MS-CIFS] Microsoft Corporation, "Common Internet File System (CIFS) [MS-CIFS] Microsoft Corporation, "Common Internet File System (CIFS)
Protocol Specification", MS-CIFS 2.0, November 2009. Protocol Specification", MS-CIFS 2.0, November 2009.
skipping to change at page 36, line 17 skipping to change at page 36, line 18
System (NFS) Version 4 Minor Version 1 External Data System (NFS) Version 4 Minor Version 1 External Data
Representation Standard (XDR) Description", RFC 5662, Representation Standard (XDR) Description", RFC 5662,
January 2010. January 2010.
[RFC5716] Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M. [RFC5716] Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M.
Naik, "Requirements for Federated File Systems", RFC 5716, Naik, "Requirements for Federated File Systems", RFC 5716,
January 2010. January 2010.
Appendix A. Acknowledgments Appendix A. Acknowledgments
We would like to thank Robert Thurlow of Sun Microsystems for helping We would like to thank Robert Thurlow for helping to author this
to author this document, including drafting the replication procedure document, including drafting the replication procedure text.
text.
We would also like to thank Paul Lemahieu of EMC and Mario Wurzl of We would also like to thank Paul Lemahieu and Mario Wurzl for helping
EMC for helping to author this document. to author this document.
We would also like to thank Trond Myklebust for suggesting We would also like to thank Trond Myklebust for suggesting
improvements to the FSL pathname format, Chuck Lever for suggesting improvements to the FSL pathname format, Chuck Lever for suggesting
improvements to the XDR type definitions and error codes, David improvements to the XDR type definitions and error codes, David
Noveck for his suggestions on internationalization and path encoding Noveck for his suggestions on internationalization and path encoding
rules, and Nicolas Williams for his suggestions. rules, and Nicolas Williams for his suggestions.
Finally, we would like to thank Tom Haynes for his editing of the
final stages of the draft.
The extract.sh shell script and formatting conventions were first The extract.sh shell script and formatting conventions were first
described by the authors of the NFSv4.1 XDR specification [RFC5662]. described by the authors of the NFSv4.1 XDR specification [RFC5662].
Authors' Addresses Authors' Addresses
James Lentini James Lentini
NetApp NetApp
1601 Trapelo Rd, Suite 16 1601 Trapelo Rd, Suite 16
Waltham, MA 02451 Waltham, MA 02451
US US
 End of changes. 30 change blocks. 
187 lines changed or deleted 192 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/