draft-ietf-nfsv4-federated-fs-admin-13.txt   draft-ietf-nfsv4-federated-fs-admin-14.txt 
NFSv4 Working Group J. Lentini NFSv4 Working Group J. Lentini
Internet-Draft NetApp Internet-Draft NetApp
Intended status: Standards Track D. Ellard Intended status: Standards Track D. Ellard
Expires: March 29, 2013 Raytheon BBN Technologies Expires: May 14, 2013 Raytheon BBN Technologies
R. Tewari R. Tewari
IBM Almaden IBM Almaden
C. Lever, Ed. C. Lever, Ed.
Oracle Corporation Oracle Corporation
September 25, 2012 November 10, 2012
Administration Protocol for Federated Filesystems Administration Protocol for Federated Filesystems
draft-ietf-nfsv4-federated-fs-admin-13 draft-ietf-nfsv4-federated-fs-admin-14
Abstract Abstract
This document describes the administration protocol for a federated This document describes the administration protocol for a federated
file system that enables file access and namespace traversal across file system that enables file access and namespace traversal across
collections of independently administered fileservers. The protocol collections of independently administered fileservers. The protocol
specifies a set of interfaces by which fileservers with different specifies a set of interfaces by which fileservers with different
administrators can form a fileserver federation that provides a administrators can form a fileserver federation that provides a
namespace composed of the filesystems physically hosted on and namespace composed of the filesystems physically hosted on and
exported by the constituent fileservers. exported by the constituent fileservers.
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 29, 2013. This Internet-Draft will expire on May 14, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 5, line 37 skipping to change at page 5, line 37
The filesystem federation protocol described in [FEDFS-NSDB] allows The filesystem federation protocol described in [FEDFS-NSDB] allows
fileservers from different vendors and/or with different fileservers from different vendors and/or with different
administrators to cooperatively build a namespace. administrators to cooperatively build a namespace.
This document describes the protocol used by administrators to This document describes the protocol used by administrators to
configure the fileservers and construct the namespace. configure the fileservers and construct the namespace.
1.1. Definitions 1.1. Definitions
Administrator: An user with the necessary authority to initiate Administrator: A user with the necessary authority to initiate
administrative tasks on one or more servers. administrative tasks on one or more servers.
Admin Entity: A server or agent that administers a collection of Admin Entity: A server or agent that administers a collection of
fileservers and persistently stores the namespace information. fileservers and persistently stores the namespace information.
Client: Any client that accesses the fileserver data using a Client: Any client that accesses fileserver data using a supported
supported filesystem access protocol. file-access protocol.
Federation: A set of server collections and singleton servers that Federation: A set of server collections and singleton servers that
use a common set of interfaces and protocols in order to provide use a common set of interfaces and protocols in order to provide
to their clients a federated namespace accessible through a to their clients a federated namespace accessible through a
filesystem access protocol. filesystem access protocol.
Fileserver: A server exporting a filesystem via a network filesystem Fileserver: A server exporting one or more filesystems via a file-
access protocol. access protocol.
Fileset: The abstraction of a set of files and the directory tree Fileset: The abstraction of a set of files and the directory tree
that contains them. A fileset is the fundamental unit of data that contains them. A fileset is the fundamental unit of data
management in the federation. management in the federation.
Note that all files within a fileset are descendants of one Note that all files within a fileset are descendants of one
directory, and that filesets do not span filesystems. directory, and that filesets do not span filesystems.
Filesystem: A self-contained unit of export for a fileserver, and Filesystem: A self-contained unit of export for a fileserver, and
the mechanism used to implement filesets. The fileset does not the mechanism used to implement filesets. The fileset does not
need to be rooted at the root of the filesystem, nor at the export need to be rooted at the root of the filesystem, nor at the export
point for the filesystem. point for the filesystem.
A single filesystem MAY implement more than one fileset, if the A single filesystem MAY implement more than one fileset, if the
client protocol and the fileserver permit this. client protocol and the fileserver permit this.
Filesystem Access Protocol: A network filesystem access protocol File-access Protocol: A network filesystem access protocol such as
such as NFSv3 [RFC1813], NFSv4 [3530bis], or CIFS (Common Internet NFSv3 [RFC1813], NFSv4 [3530bis], or CIFS (Common Internet File
File System) [MS-SMB] [MS-SMB2] [MS-CIFS]. System) [MS-SMB] [MS-SMB2] [MS-CIFS].
FSL (Fileset Location): The location of the implementation of a FSL (Fileset Location): The location of the implementation of a
fileset at a particular moment in time. An FSL MUST be something fileset at a particular moment in time. An FSL MUST be something
that can be translated into a protocol-specific description of a that can be translated into a protocol-specific description of a
resource that a client can access directly, such as an fs_location resource that a client can access directly, such as an
(for NFSv4), or share name (for CIFS). Note that not all FSLs fs_locations attribute (for NFSv4), or a share name (for CIFS).
need to be explicitly exported as long as they are contained
within an exported path on the fileserver.
FSN (Fileset Name): A platform-independent and globally unique name FSN (Fileset Name): A platform-independent and globally unique name
for a fileset. Two FSLs that implement replicas of the same for a fileset. Two FSLs that implement replicas of the same
fileset MUST have the same FSN, and if a fileset is migrated from fileset MUST have the same FSN, and if a fileset is migrated from
one location to another, the FSN of that fileset MUST remain the one location to another, the FSN of that fileset MUST remain the
same. same.
Junction: A filesystem object used to link a directory name in the Junction: A filesystem object used to link a directory name in the
current fileset with an object within another fileset. The current fileset with an object within another fileset. The
server-side "link" from a leaf node in one fileset to the root of server-side "link" from a leaf node in one fileset to the root of
skipping to change at page 10, line 42 skipping to change at page 10, line 42
/// typedef ascii_REQUIRED4 FedFsPathComponent; /// typedef ascii_REQUIRED4 FedFsPathComponent;
/// typedef FedFsPathComponent FedFsPathName<>; /// typedef FedFsPathComponent FedFsPathName<>;
/// ///
/// struct FedFsFsn { /// struct FedFsFsn {
/// FedFsUuid fsnUuid; /// FedFsUuid fsnUuid;
/// FedFsNsdbName nsdbName; /// FedFsNsdbName nsdbName;
/// }; /// };
/// ///
/// enum FedFsFslType { /// enum FedFsFslType {
/// FEDFS_NFS_FSL = 0 /// FEDFS_NFS_FSL = 0
/// /* other types TBD */
/// }; /// };
/// ///
/// struct FedFsNfsFsl { /// struct FedFsNfsFsl {
/// FedFsUuid fslUuid; /// FedFsUuid fslUuid;
/// unsigned int port; /// unsigned int port;
/// utf8val_REQUIRED4 hostname; /// utf8val_REQUIRED4 hostname;
/// FedFsPathName path; /// FedFsPathName path;
/// }; /// };
/// ///
/// union FedFsFsl switch(FedFsFslType type) { /// union FedFsFsl switch(FedFsFslType type) {
/// case FEDFS_NFS_FSL: /// case FEDFS_NFS_FSL:
/// FedFsNfsFsl nfsFsl; /// FedFsNfsFsl nfsFsl;
/// }; /// };
/// ///
/// enum FedFsPathType { /// enum FedFsPathType {
/// FEDFS_PATH_SYS = 0, /// FEDFS_PATH_SYS = 0,
/// FEDFS_PATH_NFS = 1 /// FEDFS_PATH_NFS = 1
/// /* other types TBD */
/// }; /// };
/// ///
/// union FedFsPath switch(FedFsPathType type) { /// union FedFsPath switch(FedFsPathType type) {
/// case FEDFS_PATH_SYS: /* administrative path */ /// case FEDFS_PATH_SYS: /* administrative path */
/// FedFsPathName adminPath; /// FedFsPathName adminPath;
/// case FEDFS_PATH_NFS: /* NFS namespace path */ /// case FEDFS_PATH_NFS: /* NFS namespace path */
/// FedFsPathName nfsPath; /// FedFsPathName nfsPath;
/// }; /// };
/// ///
/// struct FedFsCreateArgs { /// struct FedFsCreateArgs {
skipping to change at page 12, line 18 skipping to change at page 12, line 16
/// FedFsNsdbName targetNsdb; /// FedFsNsdbName targetNsdb;
/// case FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL: /// case FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL:
/// FedFsLookupResReferralVal resReferralVal; /// FedFsLookupResReferralVal resReferralVal;
/// default: /// default:
/// void; /// void;
/// }; /// };
/// ///
/// enum FedFsConnectionSec { /// enum FedFsConnectionSec {
/// FEDFS_SEC_NONE = 0, /// FEDFS_SEC_NONE = 0,
/// FEDFS_SEC_TLS = 1 /* StartTLS mechanism; RFC4513, Section 3 */ /// FEDFS_SEC_TLS = 1 /* StartTLS mechanism; RFC4513, Section 3 */
/// /* other mechanisms TBD */
/// }; /// };
/// ///
/// union FedFsNsdbParams switch (FedFsConnectionSec secType) { /// union FedFsNsdbParams switch (FedFsConnectionSec secType) {
/// case FEDFS_SEC_TLS: /// case FEDFS_SEC_TLS:
/// opaque secData<>; /// opaque secData<>;
/// default: /// default:
/// void; /// void;
/// }; /// };
/// ///
/// struct FedFsSetNsdbParamsArgs { /// struct FedFsSetNsdbParamsArgs {
skipping to change at page 20, line 6 skipping to change at page 19, line 51
namespace, except by coincidence; there is no requirement that the namespace, except by coincidence; there is no requirement that the
global namespace parallel the server namespace, nor is it required global namespace parallel the server namespace, nor is it required
that this path be relative to the server pseudo-root. It does not that this path be relative to the server pseudo-root. It does not
need to be a path that is accessible via NFS (although the junction need to be a path that is accessible via NFS (although the junction
will be of limited utility if the directory specified by the path is will be of limited utility if the directory specified by the path is
not also accessible via NFS). not also accessible via NFS).
If the fileset is read-only, then this operation MUST indicate this If the fileset is read-only, then this operation MUST indicate this
with a status of FEDFS_ERR_ROFS. with a status of FEDFS_ERR_ROFS.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction. If the last component of the path is It MUST NOT contain a junction. If the last component of the path is
a junction (i.e., this operation is attempting to create a junction a junction (i.e., this operation is attempting to create a junction
where one already exists), then this operation MUST return the error where one already exists), then this operation MUST return the error
FEDFS_ERR_EXIST (even if the requested junction is identical to the FEDFS_ERR_EXIST (even if the requested junction is identical to the
current junction). If any other component of the path is a junction, current junction). If any other component of the path is a junction,
then this operation MUST fail with status FEDFS_ERR_NOTLOCAL. The then this operation MUST fail with status FEDFS_ERR_NOTLOCAL. The
path might contain a symbolic link (if supported by the local path might contain a symbolic link (if supported by the local
server), but the traversal of the path MUST remain within the server- server), but the traversal of the path MUST remain within the server-
local namespace. local namespace.
If any component of the path does not exist, then the operation fails If any component of the path does not exist, then the operation fails
with status FEDFS_ERR_INVAL. with status FEDFS_ERR_INVAL.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the final component is an unexecutable be traversed because of insufficient permissions, or the final
or unwritable directory, then the operation MAY fail with status component is an unexecutable or unwritable directory, then the
FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
The operation SHOULD fail with status FEDFS_ERR_NSDB_PARAMS if the The operation SHOULD fail with status FEDFS_ERR_NSDB_PARAMS if the
fileserver does not have any connection parameters on record for the fileserver does not have any connection parameters on record for the
specified NSDB. specified NSDB.
The association between the path and the FSN MUST be durable before The association between the path and the FSN MUST be durable before
the operation returns successfully. If the operation return codes the operation returns successfully. If the operation return codes
indicates success, then the junction was successfully created and is indicates success, then the junction was successfully created and is
immediately accessible. immediately accessible.
skipping to change at page 21, line 51 skipping to change at page 21, line 50
accessible in any other manner (e.g., to a client). This path does accessible in any other manner (e.g., to a client). This path does
not appear in the federated namespace, except by coincidence; there not appear in the federated namespace, except by coincidence; there
is no requirement that the global namespace reflect the server is no requirement that the global namespace reflect the server
namespace, nor is it required that this path be relative to the namespace, nor is it required that this path be relative to the
server pseudo-root. It does not need to be a path that is accessible server pseudo-root. It does not need to be a path that is accessible
via NFS. via NFS.
If the fileset is read-only, then this operation SHOULD indicate this If the fileset is read-only, then this operation SHOULD indicate this
with a status of FEDFS_ERR_ROFS. with a status of FEDFS_ERR_ROFS.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path used to delete a junction might not be the same path that The path used to delete a junction might not be the same path that
was used to create the junction. If the namespace on the server has was used to create the junction. If the namespace on the server has
changed, then the junction might now appear at a different path than changed, then the junction might now appear at a different path than
where it was created. If there is more than one valid path to the where it was created. If there is more than one valid path to the
junction, any of them can be used. junction, any of them can be used.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction, except as the final component, which It MUST NOT contain a junction, except as the final component, which
MUST be a junction. If any other component of the path is a MUST be a junction. If any other component of the path is a
junction, then this operation MUST fail with status junction, then this operation MUST fail with status
FEDFS_ERR_NOTLOCAL. If the last component of the path is not a FEDFS_ERR_NOTLOCAL. If the last component of the path is not a
junction then this operation MUST return status FEDFS_ERR_NOTJUNCT. junction then this operation MUST return status FEDFS_ERR_NOTJUNCT.
The path might contain a symbolic link (if supported by the local The path might contain a symbolic link (if supported by the local
server), but the traversal of the path MUST remain within the server- server), but the traversal of the path MUST remain within the server-
local namespace. local namespace.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the parent directory of the junction is be traversed because of insufficient permissions, or the final
an unexecutable or unwritable directory, then the operation MAY fail component is an unexecutable or unwritable directory, then the
with status FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
The removal of the association between the path and the FSN MUST be The removal of the association between the path and the FSN MUST be
durable before the operation returns successfully. If the operation durable before the operation returns successfully. If the operation
return codes indicates success, then the junction was successfully return codes indicates success, then the junction was successfully
destroyed. destroyed.
The effective permissions and other attributes of the directory that The effective permissions and other attributes of the directory that
is restored by this operation SHOULD be identical to their value is restored by this operation SHOULD be identical to their value
prior to the creation of the junction. prior to the creation of the junction.
skipping to change at page 23, line 41 skipping to change at page 23, line 39
As with FEDFS_CREATE_JUNCTION, the pathname MUST be in the form of an As with FEDFS_CREATE_JUNCTION, the pathname MUST be in the form of an
array of one or more UTF-8 path component strings. It is not array of one or more UTF-8 path component strings. It is not
required that this path be accessible in any other manner (e.g., to a required that this path be accessible in any other manner (e.g., to a
client). This path does not appear in the federated namespace, client). This path does not appear in the federated namespace,
except by coincidence; there is no requirement that the global except by coincidence; there is no requirement that the global
namespace reflect the server namespace, nor is it required that this namespace reflect the server namespace, nor is it required that this
path be relative to the server pseudo-root. It does not need to be a path be relative to the server pseudo-root. It does not need to be a
path that is accessible via NFS. path that is accessible via NFS.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path used to lookup a junction might not be the same path that The path used to lookup a junction might not be the same path that
was used to create the junction. If the namespace on the server has was used to create the junction. If the namespace on the server has
changed, then a junction might now appear at a different path than changed, then a junction might now appear at a different path than
where it was created. If there is more than one valid path to the where it was created. If there is more than one valid path to the
junction, any of them might be used. junction, any of them might be used.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction, except as the final component. If It MUST NOT contain a junction, except as the final component. If
any other component of the path is a junction, then this operation any other component of the path is a junction, then this operation
MUST fail with status FEDFS_ERR_NOTLOCAL. If the last component of MUST fail with status FEDFS_ERR_NOTLOCAL. If the last component of
the path is not a junction then this operation MUST return the status the path is not a junction then this operation MUST return the status
FEDFS_ERR_NOTJUNCT. The path might contain a symbolic link (if FEDFS_ERR_NOTJUNCT. The path might contain a symbolic link (if
supported by the local server), but the traversal of the path MUST supported by the local server), but the traversal of the path MUST
remain within the server-local namespace. remain within the server-local namespace.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the parent directory of the junction is be traversed because of insufficient permissions, or the final
an unexecutable or unwritable directory, then the operation MAY fail component is an unexecutable or unwritable directory, then the
with status FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
If the junction exists, the resolve parameter allows for testing the If the junction exists, the resolve parameter allows for testing the
fileserver's ability to resolve the junction. If the junction does fileserver's ability to resolve the junction. If the junction does
not exist, the fileserver will ignore the resolve parameter. not exist, the fileserver will ignore the resolve parameter.
If the junction exists and the resolve parameter is set to If the junction exists and the resolve parameter is set to
FEDFS_RESOLVE_NONE, the fileserver MUST NOT attempt to resolve the FEDFS_RESOLVE_NONE, the fileserver MUST NOT attempt to resolve the
FSN. This will allow the administrator to obtain the junction's FSN FSN. This will allow the administrator to obtain the junction's FSN
even if the resolution would fail. Therefore on success, the result even if the resolution would fail. Therefore on success, the result
of a FEDFS_RESOLVE_NONE call will return a 0 length fsl list in the of a FEDFS_RESOLVE_NONE call will return a 0 length fsl list in the
skipping to change at page 27, line 14 skipping to change at page 27, line 12
should be used to satisfy fs_locations or fs_locations_info attribute should be used to satisfy fs_locations or fs_locations_info attribute
requests whenever no junction is being accessed; if a junction is requests whenever no junction is being accessed; if a junction is
being accessed, the FSN specified by FEDFS_CREATE_JUNCTION will take being accessed, the FSN specified by FEDFS_CREATE_JUNCTION will take
precedence. Setting the replication FSN on a fileset that already precedence. Setting the replication FSN on a fileset that already
has a replication FSN set is allowed. has a replication FSN set is allowed.
This operation differs from FEDFS_CREATE_JUNCTION in that it controls This operation differs from FEDFS_CREATE_JUNCTION in that it controls
a fileset-wide attribute not associated with a junction. a fileset-wide attribute not associated with a junction.
The server SHOULD permit this operation even on read-only filesets, The server SHOULD permit this operation even on read-only filesets,
but MAY return FEDFS_ERR_ROFS if this is not possible. but MUST return FEDFS_ERR_ROFS if this is not possible.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction. If any component of the path is a It MUST NOT contain a junction. If any component of the path is a
junction, then this operation MUST fail with status junction, then this operation MUST fail with status
FEDFS_ERR_NOTLOCAL. The path might contain a symbolic link (if FEDFS_ERR_NOTLOCAL. The path might contain a symbolic link (if
supported by the local server), but the traversal of the path MUST supported by the local server), but the traversal of the path MUST
remain within the server-local namespace. remain within the server-local namespace.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the final component is an unexecutable be traversed because of insufficient permissions, or the final
or unwritable directory, then the operation MAY fail with status component is an unexecutable or unwritable directory, then the
FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
The operation SHOULD fail with status FEDFS_ERR_NSDB_PARAMS if the The operation SHOULD fail with status FEDFS_ERR_NSDB_PARAMS if the
fileserver does not have any connection parameters on record for the fileserver does not have any connection parameters on record for the
specified NSDB. specified NSDB.
The same FSN value SHOULD be associated with all replicas of a The same FSN value SHOULD be associated with all replicas of a
filesystem. Depending on the underlying representation, the FSN filesystem. Depending on the underlying representation, the FSN
associated with a filesystem might or might not be replicated associated with a filesystem might or might not be replicated
automatically with the filesystem replication mechanism. Therefore automatically with the filesystem replication mechanism. Therefore
if FEDFS_CREATE_REPLICATION is used on one replica of a filesystem, if FEDFS_CREATE_REPLICATION is used on one replica of a filesystem,
skipping to change at page 28, line 35 skipping to change at page 28, line 33
This operation removes any replication information from the fileset This operation removes any replication information from the fileset
in which the path resides, such that NFSv4.x client requests for in which the path resides, such that NFSv4.x client requests for
fs_locations or fs_locations_info in the absence of a junction will fs_locations or fs_locations_info in the absence of a junction will
not be satisfied. not be satisfied.
This operation differs from FEDFS_DELETE_JUNCTION in that it controls This operation differs from FEDFS_DELETE_JUNCTION in that it controls
a fileset-wide attribute not associated with a junction. a fileset-wide attribute not associated with a junction.
The server SHOULD permit this operation even on read-only filesets, The server SHOULD permit this operation even on read-only filesets,
but MAY return FEDFS_ERR_ROFS if this is not possible. but MUST return FEDFS_ERR_ROFS if this is not possible.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction. If any component of the path is a It MUST NOT contain a junction. If any component of the path is a
junction, then this operation MUST fail with status junction, then this operation MUST fail with status
FEDFS_ERR_NOTLOCAL. FEDFS_ERR_NOTLOCAL.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the parent directory of the junction be traversed because of insufficient permissions, or the final
unexecutable or unwritable directory, then the operation MAY fail component is an unexecutable or unwritable directory, then the
with status FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
5.6.3. Errors 5.6.3. Errors
FEDFS_ERR_ACCESS FEDFS_ERR_ACCESS
FEDFS_ERR_BADCHAR FEDFS_ERR_BADCHAR
FEDFS_ERR_BADNAME FEDFS_ERR_BADNAME
FEDFS_ERR_NAMETOOLONG FEDFS_ERR_NAMETOOLONG
FEDFS_ERR_LOOP FEDFS_ERR_LOOP
FEDFS_ERR_BADXDR FEDFS_ERR_BADXDR
FEDFS_ERR_INVAL FEDFS_ERR_INVAL
skipping to change at page 29, line 40 skipping to change at page 29, line 40
5.7.2. Description 5.7.2. Description
This operation queries a server to determine whether a fileset This operation queries a server to determine whether a fileset
containing the given path has replication information associated with containing the given path has replication information associated with
it, and if so, the FSN for that replication information. it, and if so, the FSN for that replication information.
This operation differs from FEDFS_LOOKUP_JUNCTION in that it inquires This operation differs from FEDFS_LOOKUP_JUNCTION in that it inquires
about a fileset-wide attribute not associated with a junction. about a fileset-wide attribute not associated with a junction.
If the path contains an invalid UTF-8 character, then status If the path contains a character that is not supported by the server,
FEDFS_ERR_BADCHAR MUST be returned. then status FEDFS_ERR_BADCHAR MUST be returned.
The path is REQUIRED to exist and be completely local to the server. The path is REQUIRED to exist and be completely local to the server.
It MUST NOT contain a junction. If any component of the path is a It MUST NOT contain a junction. If any component of the path is a
junction, then this operation MUST fail with status junction, then this operation MUST fail with status
FEDFS_ERR_NOTLOCAL. FEDFS_ERR_NOTLOCAL.
The server MAY enforce the local permissions on the path, including The server MAY enforce the local permissions on the path, including
the final component. If the path cannot be traversed because of the final component. If a server wishes to report that a path cannot
insufficient permissions, or the parent directory of the junction is be traversed because of insufficient permissions, or the final
an unexecutable or unwritable directory, then the operation MAY fail component is an unexecutable or unwritable directory, then the
with status FEDFS_ERR_ACCESS. operation MUST fail with status FEDFS_ERR_ACCESS.
Interpretation of the 'resolve' parameter and the procedure's results Interpretation of the 'resolve' parameter and the procedure's results
shall be the same as specified in Section 5.4 for the shall be the same as specified in Section 5.4 for the
FEDFS_LOOKUP_JUNCTION operation. FEDFS_LOOKUP_JUNCTION operation.
5.7.3. Errors 5.7.3. Errors
FEDFS_ERR_ACCESS FEDFS_ERR_ACCESS
FEDFS_ERR_BADCHAR FEDFS_ERR_BADCHAR
FEDFS_ERR_BADNAME FEDFS_ERR_BADNAME
skipping to change at page 31, line 33 skipping to change at page 31, line 33
The format of the connection parameters is described above. The format of the connection parameters is described above.
On success, this operation returns FEDFS_OK. When the operation On success, this operation returns FEDFS_OK. When the operation
returns, the new connection parameters SHOULD be used for all returns, the new connection parameters SHOULD be used for all
subsequent LDAP connections to the given NSDB. Existing connections subsequent LDAP connections to the given NSDB. Existing connections
MAY be terminated and re-established using the new connection MAY be terminated and re-established using the new connection
parameters. The connection parameters SHOULD be durable across parameters. The connection parameters SHOULD be durable across
fileserver reboots. fileserver reboots.
On failure, an error value indicating the type of error is returned. On failure, an error value indicating the type of error is returned.
The operation MAY return FEDFS_ERR_ACCESS if the operation's If the operation's associated user does not have sufficient
associated user does not have sufficient permissions to create/modify permissions to create/modify NSDB connection parameters, the
NSDB connection parameters. operation MUST return FEDFS_ERR_ACCESS.
5.8.3. Errors 5.8.3. Errors
FEDFS_ERR_ACCESS FEDFS_ERR_ACCESS
FEDFS_ERR_BADCHAR FEDFS_ERR_BADCHAR
FEDFS_ERR_BADNAME FEDFS_ERR_BADNAME
FEDFS_ERR_BADXDR FEDFS_ERR_BADXDR
FEDFS_ERR_INVAL FEDFS_ERR_INVAL
FEDFS_ERR_IO FEDFS_ERR_IO
FEDFS_ERR_NOSPC FEDFS_ERR_NOSPC
skipping to change at page 32, line 30 skipping to change at page 32, line 30
associated NSDB is equal (as defined above) to the operation's NSDB associated NSDB is equal (as defined above) to the operation's NSDB
argument. Therefore, there is at most one set of connection argument. Therefore, there is at most one set of connection
parameters that can match the query described by this operation. parameters that can match the query described by this operation.
The format of the connection parameters is described above. The format of the connection parameters is described above.
On success, this operation returns FEDFS_OK and the connection On success, this operation returns FEDFS_OK and the connection
parameters on record for the given NSDB. parameters on record for the given NSDB.
On failure, an error value indicating the type of error is returned. On failure, an error value indicating the type of error is returned.
This operation MAY return FEDFS_ERR_NSDB_PARAMS to indicate that This operation MUST return FEDFS_ERR_NSDB_PARAMS to indicate that
there are no connection parameters on record for the given NSDB. The there are no connection parameters on record for the given NSDB. If
operation MAY return FEDFS_ERR_ACCESS if the operation's associated the operation's associated user does not have sufficient permissions
user does not have sufficient permissions to view NSDB connection to view NSDB connection parameters, the operation MUST return
parameters. FEDFS_ERR_ACCESS.
5.9.3. Errors 5.9.3. Errors
FEDFS_ERR_ACCESS FEDFS_ERR_ACCESS
FEDFS_ERR_BADCHAR FEDFS_ERR_BADCHAR
FEDFS_ERR_BADNAME FEDFS_ERR_BADNAME
FEDFS_ERR_BADXDR FEDFS_ERR_BADXDR
FEDFS_ERR_INVAL FEDFS_ERR_INVAL
FEDFS_ERR_IO FEDFS_ERR_IO
FEDFS_ERR_SVRFAULT FEDFS_ERR_SVRFAULT
skipping to change at page 33, line 41 skipping to change at page 33, line 41
connection parameters could contain sensitive information for some connection parameters could contain sensitive information for some
security mechanisms. FEDFS_GET_LIMITED_NSDB_PARAMS allows the security mechanisms. FEDFS_GET_LIMITED_NSDB_PARAMS allows the
fileserver to communicate a subset of the connection parameters (the fileserver to communicate a subset of the connection parameters (the
security mechanism) to users with sufficient permissions without security mechanism) to users with sufficient permissions without
revealing more sensitive information. revealing more sensitive information.
On success, this operation returns FEDFS_OK and the On success, this operation returns FEDFS_OK and the
FedFsConnectionSec value on record for the given NSDB. FedFsConnectionSec value on record for the given NSDB.
On failure, an error value indicating the type of error is returned. On failure, an error value indicating the type of error is returned.
This operation MAY return FEDFS_ERR_NSDB_PARAMS to indicate that This operation MUST return FEDFS_ERR_NSDB_PARAMS to indicate that
there are no connection parameters on record for the given NSDB. The there are no connection parameters on record for the given NSDB. If
operation MAY return FEDFS_ERR_ACCESS if the operation's associated the operation's associated user does not have sufficient permissions
user does not have sufficient permissions to view the subset of NSDB to view the subset of NSDB connection parameters returned by this
connection parameters returned by this procedure. procedure, the operation MUST return FEDFS_ERR_ACCESS.
5.10.3. Errors 5.10.3. Errors
FEDFS_ERR_ACCESS FEDFS_ERR_ACCESS
FEDFS_ERR_BADCHAR FEDFS_ERR_BADCHAR
FEDFS_ERR_BADNAME FEDFS_ERR_BADNAME
FEDFS_ERR_BADXDR FEDFS_ERR_BADXDR
FEDFS_ERR_INVAL FEDFS_ERR_INVAL
FEDFS_ERR_IO FEDFS_ERR_IO
FEDFS_ERR_SVRFAULT FEDFS_ERR_SVRFAULT
 End of changes. 29 change blocks. 
69 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/