376 CHAPTER 9. APPLICATION-LEVEL SERVICES share -F nfs -o rw=$hostlist,root=starfleet /iu/mercury/u2 share -F nfs -o rw=$hostlist,root=starfleet /iu/mercury/u3 share -F nfs -o rw=$hostlist,root=starfleet /iu/mercury/u4 share -F nfs -o rw=$hostlist /var/mail This script exports the six named filesystems, read–write to the entire list of hosts named in the variable hostlist. The command shareall runs this script, or it can be run manually by typing sh /etc/dfs/dfstab. The command share without arguments shows the currently exported filesystems. Notice that the hostname daystrom is repeated, once unqualified and again with a fully qualified hostname. This is sometimes necessary in order to make the entry recognized. The mount daemon is not particularly intelligent when it verifies hostnames. Some systems send the fully qualified name to verify and others send the unqualified name. If in doubt, list both like this. 9.9.2 Client-side mounting Clients may mount any subdirectory of the exported directory onto any local directory by becoming root and either executing a shell command of the form mount server : remote-directory local-directory or by adding a line to the filesystem table file, usually called /etc/fstab. On some brands of Unix, this file has been renamed as /etc/checklist or /etc/filesystems. On Solaris systems it is called /etc/vfstab. The advantage of writing the disks in the filesystem table is that the mount commands will not be lost when we reboot our system. The filesystems in the filesystem table file are mounted automatically when the system is booted. All the file systems in this file are mounted with the simple command mount -a. We begin by looking at the manual page on the appropriate file for the system, or better still looking at examples which are already in the file. The form of a typical filesystem table is as below. 3 /dev/sda2 swap swap rw,bg 1 1 /dev/sda1 / ext2 rw,bg 1 1 /dev/sda3 /iu/borg/local ext2 rw,bg 1 1 mercury:/iu/mercury/u1 /iu/mercury/u1 nfs rw,bg mercury:/iu/mercury/u2 /iu/mercury/u2 nfs rw,bg mercury:/iu/mercury/u3 /iu/mercury/u3 nfs rw,bg mercury:/iu/mercury/local /iu/mercury/local nfs rw,bg This example is from GNU/Linux. Notice the left-hand column. These are disks which are to be mounted. The first disks which begin with /dev are local disks, physically attached to the host concerned. Those which begin with a hostname followed by a colon (in this case host mercury) are NFS filesystems which lie physically on the named host. The second column in this table is the name of a directory on which the disk or remote filesystem is to be mounted – i.e. where the files are to appear in the local host’s file-tree. The remaining columns are 3 On older HPUX systems, there is a bug which causes mysterious numbers to appear in the /etc/checklists file. These have no meaning. 9.9. MOUNTING NFS DISKS 377 options and filesystem types: rw means mount for read and write access, bg means ‘background’ which tells mount to continue trying to mount a filesystem in the background if it fails on a first attempt. Editing the /etc/fstab (or equivalent) file is a process which can be automated very nicely with the help of the system administration tool cfengine. We shall discuss this in the next chapter. 9.9.3 Trouble-shooting NFS If you get a message telling you ‘Permission denied’ when you try to mount a remote filesystem, you may like to check the following: • Did you remember to add the name of the client to the export or dfstab file on the server? • Some systems require a fully qualified hostname (i.e. hostname with domain- name appended) in the export file. Try using this. • Did you mis-spell the name of the client or the server? • Are the correct network daemons running which support nfs? On the server side, you must be running mountd or rpc.mountd. This is an authentication daemon. The actual transfer of data is performed by nfsd or rpc.nfsd.On older systems there should be at least four of these daemons running to handle multiple requests. Modern systems use a multi-threaded version of the program, so that only one daemon is required. On the client side, some systems use the block input/output daemon to make transfers more efficient. This is not strictly necessary to get NFS working. This daemon is called biod on older systems and nfsiod on newer systems like FreeBSD. Solaris no longer makes use of this daemon, its activities are now integrated into a kernel thread. • The portmapper (portmap or rpcbind) is a strange creature. On some Unix- like systems, particularly GNU/Linux, the portmapper requires an entry in the TCP wrapper file /etc/hosts.allow in order for it to accept connections. Otherwise, you might see the error RPC service not registered. The portmapper requires numerical IP addresses in the TCP wrapper config- uration. Host names will not do, for security reasons (see section 9.4.5). • The exports file on GNU/Linux hosts is also somewhat unusual. If you are using a non-standard netmask, it is necessary to tell the mount daemon: # /etc/exports: the access control list for filesystems # which may be exported to NFS clients. See exports(5). /site/cube/local *.college.edu/255.255.255.0(rw) /site/cube/local 192.0.2./255.255.255.0(rw) 378 CHAPTER 9. APPLICATION-LEVEL SERVICES 9.10 Samba Samba is a free software solution to the problem of making Unix filesystems available to Windows operating systems. Windows NT uses a system of network file sharing based on their own SMB (Server message block) protocol. Samba is a Unix daemon-based service which makes Unix disks visible to Windows NT. Samba maps usernames, so to use Samba we need an account with the same name on the NT server and on the Unix server. It maps usernames tex- tually, without much security. Samba configuration is in Unix style, by editing the text-file /etc/smb.conf. Here is an example file. Note carefully the ‘hosts allow’ line which restricts access to disks to specific IP addresses, like TCP wrappers. [global] printing = bsd printcap name = /etc/printcap load printers = yes guest account = nobody invalid users = root workgroup = UNIX hosts allow = 128.39. [homes] comment = Home Directories browseable = no read only = no create mode = 0644 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0644 Once the Samba server is active, the disks are available for use with the net use command, e.g. C:\> net use F: \\host\directory This example maps the named directory on the named host to NT drive letter F:. The reverse problem of mounting NT filesystems on a Unix host works only for GNU/Linux hosts at present: gnulinux% smbmount //nthost/directory /mountpoint -U administrator 9.11. THE PRINTER SERVICE 379 9.11 The printer service Printing services vary from single printers coupled to private workstations to huge consolidated spooling services serving large organizations [329, 251]. Host print services need to be told about available printers by registering the printers in a local database. In BSD-like print servers this database is kept in a flat file called /etc/printcap. In System V print servers, a program called lpadmin is used to register printers and it’s anyone’s guess what happens to that information. Thewayinwhichweregisterprintersthusdependson • What kind of operating system we are using • Whether we are running any special network printer software. The main difference is between BSD-like systems and System V. Recently a replacement print service was introduced for a generic heterogeneous network. Called LPRng, this package preserves the simplicity of the BSD system while providing superior functionality to both [243]. Another alternative is the Common Unix Printing System (CUPS). In order to register a printer with a BSD-like printer service, we do the following: • Think of a name for the printer. • Decide whether it is going to be connected directly to a host or stand alone on the network. • Register the printer with the printing system so that the daemons which provide the print service know how to talk to it. This can include manu- ally making a ‘spool’ directory for its queue files. This normally lies under var/spool or /usr/spool. mkdir /var/spool/ printer-name • Most Unix systems assume the existence of a default printer which is referred to by the name ‘lp’. If you do not specify a particular printer when printing, yourdataaresenttothedefaultprinter.Itisuptoustonameoraliasone of our printers ‘lp’. Each printer may have several names or aliases. With some print spoolers, we also need to decide whether to send all data to a common central server, or whether to let each host handle its own negotiations for printing. If we are interested in maintaining a record of how many pages each user has printed, then a centralized solution is a much simpler option. The downside of this is that, if there is a large user base, the traffic might present a considerable load for one host. A central print spooler must have sufficient disk space to temporarily store all the incoming print jobs. 9.11.1 CUPS/LPRng The Common Unix Print System (CUPS) has emerged in the last few years as the favored printing solution on many desktops. It reads information from traditional Unix format files. 380 CHAPTER 9. APPLICATION-LEVEL SERVICES LPRng is a rival attempt that is configured quite simply in a manner very similar to (but not identical to) the old Berkeley printcap system. Suggestion 12 (Unix printing). Install LPRng on all hosts in the network. Forget about trying to understand and manage the native printing systems on system V and BSD hosts. LPRng can replace them all with a system which is at least as good. Another alternative system is the Common Unix Printing System. a a Theauthor’sexperiencewithCUPsisthatitisnotyetarobustalternative. If one follows this suggestion there is only a single printer system to worry about. Note that most GNU/Linux distributions (e.g. Debian) have packages for this system, so it will not need to be installed from scratch. The software uses a printcap file and two other optional files called lpd.conf and lpd.perms. The printcap file is like a regular printcap file but without the backslash continuation characters. LPRng provides effectively both lpr, lpd, lpq and lprm commands from Berkeley and lp, lpstat and cancel commands from System V. The daemon reads the three configuration files and handles spooling. The configuration is challenging but straightforward and there is extensive docu- mentation. Here is a simple example for a network printer (with its own IP address) which allows logged on users to start and delete their own printjobs: # /etc/printcap (lprng) myprinter|lp :if=/local/bin/lpf # LF/CR filter :af=/var/spool/lpd/acctfil :lf=/var/spool/lpd/printlog :sd=/var/spool/myprinter :lp=xxx.yyy.zzz.mmm%9100 :rw :sh The IP address of the printer is xxx.yyy.zzz.mmm anditmustbewrittenin numerical form. The percent symbol marks the standard port 9100. The lpd.conf file is slightly mysterious but has a number of useful options. Most, if not all, of these can be set in the printcap file also, but options set here apply for all printers. One nice feature for instance is the ability to reject printouts of binary (non-printable) files. This can save a few rain forests if someone is kind enough to dump /bin/ls to the printer. # # lpd.conf # # Purpose: name of accounting file (see also la, ar) af=/var/spool/lpd/acctfil # Purpose: accounting at start (see also af, la, ar) 9.11. THE PRINTER SERVICE 381 as=jobstart $H $n $P $k $b $t # Purpose: check for nonprintable file check_for_nonprintable # Purpose: default printer default_printer=local # Purpose: error log file (servers, filters and prefilters) lf=/var/adm/printlog # Purpose: lpd lock file lockfile=/var/spool/lpd/lpd.lock.%h # Purpose: lpd log file logfile=/var/spool/lpd/lpd.log.%h # Purpose: /etc/printcap files printcap_path=/etc/printcap # Purpose: suppress headers and/or banner page sh The lpd.perms file sets limits on who can access the printers and from where, unlike the traditional services which are open to everyone. # # lpd.perms # # allow root on server to control jobs ACCEPT SERVICE=C SERVER REMOTEUSER=root # allow anybody to get status ACCEPT SERVICE=S # reject all others, including lpc commands permitted by user_lpc REJECT SERVICE=CSU # # allow same user on originating host to remove a job ACCEPT SERVICE=M SAMEHOST SAMEUSER # allow root on server to remove a job ACCEPT SERVICE=M SERVER REMOTEUSER=root REJECT SERVICE=M # All other operations disallowed DEFAULT REJECT # orACCEPT LPRng claims to support Berkeley printcap files directly. However, in trials its behavior has been quirky, with some things working and others not. In any event, LPRng is a highly welcome piece of software which works supremely well, once configured. 382 CHAPTER 9. APPLICATION-LEVEL SERVICES 9.11.2 Environment variable PRINTER The BSD print command and some application programs read the environment variable PRINTER to determine which printer destination to send data to. The System V print command lp does not. 9.11.3 BSD print queue • lpr -p printer file Send file to named print queue. • lpq Show the printer queue for the default printer, or the printer specified in the environment variable PRINTER if this is set. This lists the queue-ids. • lprm queue-id Remove a job from the print queue. Get the queue-id using lpq. • lpd Start the print service. (Must be killed to stop again.) • lpc An old and unreliable interface to the print service. 9.11.4 SysV print queue • lp -d printer file Send a file to the named print queue. • lpstat -o all Show the printer queue for the default printer. This lists the queue-ids. • lpstat -a Tells lies about when the print service was started. • lpsched Start the print service. • lpshut Stop the print service. • cancel queue-id Remove a job from the print queue. Get the queue-id using lpstat. The Solaris operating system used to have an optional printing system called Newsprint in addition to the SVR4 printing commands. 9.12 Java web and enterprise services Java services are becoming increasingly important in the world of the network. The most important services are those connected to the Web, but any Java program can, in principle, make use of Java services. Java Server Pages (JSP) are Java’s dynamical web page framework. Accompanying this are Java Servlets (the server counterpart of Applets) that house JSP-based services, mediated by the Web on port 80 or 8080. Java servlets are applications, based on the standard Java libraries and a class/object approach to services, in which services are objects called by object invocation. 9.12. JAVA WEB AND ENTERPRISE SERVICES 383 The naming service attaches objects to services and routes requests to depen- dent services, such as databases to the correct host and port number. Enterprise Beans are essentially wrappers that provide transaction locking and security of data transfer for Java services that employ them. They are the ‘heavyweight’ side of Java services and are mediated by an enterprise application server. Java has a close relationship with XML, and the configuration files that con- figure Java software and services are generally written in this eclectic framework. In spite of what XML followers would have us believe, XML was designed to be parsed by machines, not humans, and some of the XML configuration files one finds strain the credibility of their claims. Java services require the Java Runtime Environment in order to work. Java virtual machines are provided by several sources, including Sun Microsystems, IBM, Microsoft and others, so there is no single recipe for making Java work. However, the basic Java compiler and virtual machine have to be installed and working in order for the related services to work. 9.12.1 Java development kit As an example, we consider the Java Development Kit from Sun Microsystems. It is collected as an archive from the net. Once installed in some location, e.g. /usr/local, it lives in a directory that needs to be pointed to by the environment variable JAVA HOME. Java’s libraries are called classes and they have a library path analogous to LD LIBRARY PATH. For example, JAVA_HOME=/local/jdk1.3.1 CLASSPATH=/usr/local/mm.mysql.jdbc-1.2c: \ /usr/lib/jdk1.3.1/lib/classes.zip: \ /usr/local/iu/JSDK2.0/lib/jsdk.jar: \ /usr/local/jserv/lib/ApacheJServ.jar:. Once these variables have been set, the compiler javac and runtime environ- ment java can be tested with the following test-program: // File has same name as class, i.e. JavaTest.java public class JavaTest { // An application class must include a ‘‘main’’ method public static void main ( String args[] ) { System.out.println("This is a compiler test program\n"); } } This program is compiled and run as follows: host% /usr/lib/jdk1.3/bin/javac JavaTest.java host% /usr/lib/jdk1.3/bin/java JavaTest This is a compiler test program 384 CHAPTER 9. APPLICATION-LEVEL SERVICES 9.12.2 Web containers: Jserv and Tomcat A Java ‘web container’ is an executable environment for Java Server Pages (JSP). Java Server Pages are Java program elements that are embedded into HTML pages, in order to create dynamic content. These are stripped out and compiled on the fly as mini-servers or ‘servlets’, Java programs linked to HTML pages, allowing dynamic content in HTML pages, with ‘custom tag’-technology. Tomcat is the reference Java example of such a container; another example container is Jserv. Tomcat can be used ‘stand-alone’ or as a module for an Apache web server. The connection between Tomcat and Apache is managed by an Apache Dynamic Share Object (DSO). The Tomcat server goes by the name of CATALINA and it has environment variables that correspond to the Java variables: CATALINA_HOME=/usr/local/jakarta-tomcat CATALINA_TMPDIR=/var/run/tomcat Installing Tomcat is simply a matter of unpacking it under /usr/local,for instance, and starting the server. A non-privileged tomcat user should be created: host% cd /usr/local/jakarta-tomcat/bin/ host% ./startup.sh or on Windows: host% ./startup.bat Somewhat inconveniently, executable code for servlets is placed under the distri- bution itself: host% ls webapps/examples/ total 4 drwxr-xr-x 4 root root 1024 Feb 21 2002 WEB-INF drwxr-xr-x 2 root root 1024 Feb 21 2002 images drwxr-xr-x 17 root root 1024 Feb 21 2002 jsp drwxr-xr-x 2 root root 1024 Feb 21 2002 servlets host% v webapps/examples/WEB-INF/ total 11 drwxr-xr-x 14 root root 1024 Feb 21 2002 classes drwxr-xr-x 3 root root 1024 Feb 21 2002 jsp -rw-r r 1 root root 8767 Feb 12 2002 web.xml The example structure must be reproduced for any additional startup-pages or users. Tomcat needs writable temporary workspace in its distribution, so file permissions need to be set like this when running in non-privileged mode: drwxr-xr-x 2 root root 1024 Feb 21 2002 bin drwxr-xr-x 2 root root 1024 Feb 12 2002 classes drwxr-xr-x 4 root root 1024 Feb 12 2002 common drwxr-xr-x 2 root root 1024 Apr 23 18:31 conf 9.12. JAVA WEB AND ENTERPRISE SERVICES 385 drwxr-xr-x 2 root root 1024 Feb 21 2002 lib drwxr-xr-x 2 tomcat root 6144 Aug 22 18:09 logs drwxr-xr-x 4 root root 1024 Feb 12 2002 server drwxr-xr-x 7 root root 1024 Apr 23 19:11 webapps drwxrwxrwt 3 tomcat root 1024 Feb 21 21:06 work Here is an example cfengine script to manage some of these issues: The server needs to be restarted regularly, to notice updates. # # A configuration for tomcat - # to be run on port 8080 (conf/server.xml) # servlet server runs as user "tomcat" # # to call up: # # http://host.example.org:8080/mark/servlet/HelloWorldExample # # (note no s in servlets!!!) # # Server config is in conf/server.xml (careful here!) # control: # editfilesize = ( 90000 ) # actionsequence = ( files links processes ) catalina_base = ( /local/jakarta-tomcat-4.0.2 ) ##################################################################### files: $(catalina_base) mode=644 ignore=bin r=inf action=fixall $(catalina_base)/bin mode=755 ignore=bin r=inf action=fixall $(catalina_base)/logs mode=644 owner=tomcat r=inf action=fixall $(catalina_base)/work mode=1777 owner=tomcat action=fixall # # For now copy -r webapps/examples to ~user/servlets # to get started, and then link that area below # to webapps/user # ###################################################################### links: $(catalina_base)/webapps/mark -> /iu/nexus/ud/mark/servlets # $(catalina_base)/webapps/frodes -> /iu/nexus/uc/frodes/servlets [...]... voice and video traffic are time critical and data intensive, whereas Web traffic and E-mail are not All quality of service guarantees rely on the basic transport guarantee; thus Quality of Service must be defined bottom up in terms of the OSI-layers Today, some are discussing QoS (Quality of Service), QoD (Quality of Devices), QoE (Quality of Experience), QoB (Quality of Business), and any number of variations... 1 970 s and 1980s In OSI layer 1, the physical layer, it employs several standards such as V.35, RS232 and X.21 At layer 2 it uses an implementation of the ISO HDLC standard called Link Access Procedure Balanced (LAPB) and provides error correction between two connected devices Layer 3 is referred to as the X.25 Packet Layer Protocol (PLP) and is primarily concerned with network routing functions and. .. variations of the issue of service provision Each of these is trying to capture the essence of a usable measure that can be sold like ‘kilos of sugar’ to customers, and be used to gauge a provider’s own performance So how does one define Quality of Service more rigorously? It has been suggested that it must be a function of ‘Quality of Devices’ QoS = f (QoD) (10.1) This is clearly sensible, from the laws of. .. to 10 MB of data per day This is an easy goal, by modern standards, and it hardly seems worth including any margin for error in this On the other hand, a Digital Subscription Line (DSL) network provider might offer a guaranteed rate of 350 kbps (kilobits per second) This is a common level of service at the time of writing But what are the margins for error now? If each customer has a private network. .. the rate of change of the average Whether or not a phenomenon really has a Gaussian profile or not, error handling techniques can be used to estimate uncertainties provided there is a suitable separation of time scales Example 13 Consider the rate of arrival of data R, in bytes, from the viewpoint of a network switch or router The measurables are typically the packet size P and the number of packets... at ports 8080 and 8082 11 Discuss the role of Java and NET services in consolidating network application services in the future What is the difference between multiple services over many IP ports, and having multiple services brokered over a single port? Think of security, reliability and ease of management in your answer 12 Java’s reliance on XML for configuration information is typical of a trend in... structure of the network and the immediate neighbors To take into account subnetting and CIDR masks, we must interpret the equals ‘==’ sign to include a logical AND between the network and its mask maintain forwarding tables The Internet Protocol family was designed for this purpose It uses a routable packet format in which: 1 Every IP datagram contains the IP address of its destination host, and can... generalization of a tree structure is to form a top level super -network mesh, that connects multiple parallel tree/mesh structures (see figure 10.5) Thus, rather than dealing with one huge mesh, there is a forcible break-up into routing domains, or Autonomous Systems Definition 7 (Autonomous System) An Autonomous System is an aggregate of networks that belongs to a single political entity on the net; often,... Between Autonomous Systems, the politics of organizations decide which routes are allowed to pass through neighboring ASs To cope with the scaling issues, this extra hierarchical structure has been added to the Internet The Autonomous System structure allows aggregation of networks 1 The nomenclature of network region units is confused Strictly speaking, only OSPF speaks of areas, and only BGP defines... lies in the complexity of mapping between two distinct architectures that require the definition and maintenance of separate topologies, address spaces, routing protocols, signaling protocols and resource allocation schemes The emergence of the multilayer switching solutions and MPLS is part of the evolution of the Internet to decrease complexity by combining layer 2 switching and layer 3 routing into . or /etc/filesystems. On Solaris systems it is called /etc/vfstab. The advantage of writing the disks in the filesystem table is that the mount commands will not be lost when we reboot our system. The filesystems. information. Thewayinwhichweregisterprintersthusdependson • What kind of operating system we are using • Whether we are running any special network printer software. The main difference is between BSD-like systems and System V. Recently a replacement. Berkeley printcap system. Suggestion 12 (Unix printing). Install LPRng on all hosts in the network. Forget about trying to understand and manage the native printing systems on system V and BSD hosts.