[OpenAFS] running vos from "another" machine

Ron Croonenberg ronc@depauw.edu
Fri, 26 Aug 2005 11:43:34 -0500


Hi Kim,

I "played" around with it a bit.  It seems that you need the config
files from "/usr/afs/etc" to make it work (the keyfile and userlist from
the db server).


thanks,

Ron


>>> "Dexter 'Kim' Kimball" <dhk@ccre.com> 08/26/05 11:36 AM >>>
Issue the "tokens" command and see who you are.

Then issue "bos listu <fileserver>" on your fileservers and see who's in
the
UserList.

You should have tokens for someone listed in UserList.

Kim


     -----Original Message-----
     From: openafs-info-admin@openafs.org 
     [mailto:openafs-info-admin@openafs.org] On Behalf Of Ron 
     Croonenberg
     Sent: Thursday, August 25, 2005 11:51 AM
     To: dhk@ccre.com
     Cc: openafs-info@openafs.org
     Subject: RE: [OpenAFS] running vos from "another" machine
     
     
     Hi Kim,
     
     I noticed that the -localauth had something to do with it.
     
     Sooo...what I did is simply execute  the vos commands without the
     -localauth. And that seemed to work.
     
     Maybe I am missing something, it surprised me. I didn't 
     klog or anything
     and was able to "dump" a volume.
     
     Ron
     
     
     >>> "Dexter 'Kim' Kimball" <dhk@ccre.com> 08/25/05 11:09 AM >>>
     Ron,
     
     "vos" per se doesn't require the /usr/afs/etc directory
     
     OTOH "vos" with "-localauth" _does_ require the up-to-date
     /usr/afs/etc/KeyFile
     
     "-localauth" essentially means "I'm root on this here 
     machine that has a
     KeyFile so create some AFS admin credentials for me."  
     
     Without the KeyFile "vos ... -localauth" simply can't create the
     token/ticket you require.
     
     If you sftp /usr/afs/etc/KeyFile from one of your AFS 
     servers to the
     client-only box from  which you're running vos you'll be 
     up and running
     with
     "vos .... -localauth"
     
     When you change keys remember to update the KeyFile on your admin
     client.
     
     Putting the KeyFile on a client isn't a good idea unless 
     the machine in
     question is secure/limited access, which yours is.
     
     Kim
     
     
          -----Original Message-----
          From: openafs-info-admin@openafs.org 
          [mailto:openafs-info-admin@openafs.org] On Behalf Of Ron 
          Croonenberg
          Sent: Wednesday, August 24, 2005 4:07 PM
          To: dhk@ccre.com
          Cc: openafs-info@openafs.org
          Subject: RE: [OpenAFS] running vos from "another" machine
          
          
          Hi,
          
          I have installed/setup :
          openafs-1.2.13-rhel3.0.1
          openafs-client-1.2.13-rhel3.0.1
          openafs-kernel-1.2.13-rhel3.0.1
          
          now if I try to do a vos dump like :
          vos dump -id homestaff.cowboy.backup -f
          /data/afs-dump/homestaff.cowboy.backup -localauth          
                       
                                   
          
          then:
          vsu_ClientInit: Could not process files in 
     configuration directory
          (/usr/afs/etc).
          could not initialize VLDB library (code=4294967295) 
          
          And when I look in /usr/afs, then /usr/afs/etc isn't there.
          
          So I assume in order to use vos  it needs to be there. 
          What needs to be
          in it ?  the same thing/stuff as in the 
          fileserver/dbserver /usr/afs/etc
          ?
          
          >....., so be sure to have a local account or a local 
          password for your 
          >AFS account.
          
          I have a local account on that machine.
          
          > You'll have to klog after you log in.
          
          right..  and that seems to work just fine.
               
          >I'm sure we could come up with something more complicated :)
          
          ;-)  looking forward to it...
          
          oh and btw, in case you're wondering  why I want this..  I 
          want to dump
          the volumes on a "backup server" that no one has access to.
          (other stuff is dumped/archived on that machine too)
          
          thanks,
               
          Ron
          
          
          _______________________________________________
          OpenAFS-info mailing list
          OpenAFS-info@openafs.org
          https://lists.openafs.org/mailman/listinfo/openafs-info
          
     
     
     _______________________________________________
     OpenAFS-info mailing list
     OpenAFS-info@openafs.org
     https://lists.openafs.org/mailman/listinfo/openafs-info
     
     _______________________________________________
     OpenAFS-info mailing list
     OpenAFS-info@openafs.org
     https://lists.openafs.org/mailman/listinfo/openafs-info