[OpenAFS] IP-based ACLs failing
Derrick Brashear
shadow@gmail.com
Sat, 25 Aug 2007 01:19:55 -0400
------=_Part_7330_6621327.1188019195391
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
kill -XCPU the fileserver, and look at the host list. I bet the IP addresses
you care about show "alternate" addresses (presumably illegit).
On 8/24/07, Stephen Joyce <stephen@physics.unc.edu> wrote:
>
> I'm using IP-based ACLs to protect some parts of my cell. (I know this
> not ideal, but the info isn't really sensitive. I just want to discourage
> people in other cells from casual browsing).
>
> A few weeks ago about 10 of my clients began periodically losing
> connectivity to these directories. Always the same clients. Other clients
> in the same ACL continued to work fine. Once it occured, this problem
> would
> continue indefinitely (ie, waiting 2 hours didn't fix it).
>
> Restarting the fs instance cleared the problem and connectivity was
> restored for the next 24-36 hours, then the problem repeated. This only
> seemed to happen on this one fileserver and one group of clients.
>
> Assuming that there was a problem with that fileserver, last weekend I
> moved all of it's volumes to our warm-spare server. Voila! Problem fixed..
> until about 3 hours ago. Now the problem is repeating.
>
> The FileLog doesn't show anything out of the ordinary when these clients
> begin lose connectivity.
>
> The fileserver is RHEL 3 (2.4.21-47.ELsmp) running
> openafs-server-1.4.1-rhel3.3. The clients are all Debian Etch
> (2.6.18-4-686) running openafs-client 1.4.2-6. Other identical clients
> don't show the problem.
>
> I realize the server (and clients) are a few minor revisions out of date,
> but I generally try to stay away from the bleeding edge with production
> servers.
>
> So, questions:
> 1) is this a known problem, and if so, is it fixed in a newer version of
> the server?
> 2) if it's not a known problem, what info would be useful in
> troubleshooting it? The problem is occuring _right now_. I can solve it by
> restarting the fs process, but can delay and troubleshoot if it would be
> beneficial.
>
> Thanks!
>
> Cheers, Stephen
> --
> Stephen Joyce
> Systems Administrator P A N I C
> Physics & Astronomy Department Physics & Astronomy
> University of North Carolina at Chapel Hill Network Infrastructure
> voice: (919) 962-7214 and Computing
> fax: (919) 962-0480 http://www.panic.unc.edu
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
------=_Part_7330_6621327.1188019195391
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
kill -XCPU the fileserver, and look at the host list. I bet the IP addresses you care about show "alternate" addresses (presumably illegit).<br><br><div><span class="gmail_quote">On 8/24/07, <b class="gmail_sendername">
Stephen Joyce</b> <<a href="mailto:stephen@physics.unc.edu">stephen@physics.unc.edu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm using IP-based ACLs to protect some parts of my cell. (I know this<br>not ideal, but the info isn't really sensitive. I just want to discourage<br>people in other cells from casual browsing).<br><br>A few weeks ago about 10 of my clients began periodically losing
<br>connectivity to these directories. Always the same clients. Other clients<br>in the same ACL continued to work fine. Once it occured, this problem would<br>continue indefinitely (ie, waiting 2 hours didn't fix it).
<br><br>Restarting the fs instance cleared the problem and connectivity was<br>restored for the next 24-36 hours, then the problem repeated. This only<br>seemed to happen on this one fileserver and one group of clients.<br>
<br>Assuming that there was a problem with that fileserver, last weekend I<br>moved all of it's volumes to our warm-spare server. Voila! Problem fixed..<br>until about 3 hours ago. Now the problem is repeating.<br><br>
The FileLog doesn't show anything out of the ordinary when these clients<br>begin lose connectivity.<br><br>The fileserver is RHEL 3 (2.4.21-47.ELsmp) running<br>openafs-server-1.4.1-rhel3.3. The clients are all Debian Etch
<br>(2.6.18-4-686) running openafs-client 1.4.2-6. Other identical clients<br>don't show the problem.<br><br>I realize the server (and clients) are a few minor revisions out of date,<br>but I generally try to stay away from the bleeding edge with production
<br>servers.<br><br>So, questions:<br> 1) is this a known problem, and if so, is it fixed in a newer version of<br>the server?<br> 2) if it's not a known problem, what info would be useful in<br>troubleshooting it? The problem is occuring _right now_. I can solve it by
<br>restarting the fs process, but can delay and troubleshoot if it would be<br>beneficial.<br><br>Thanks!<br><br>Cheers, Stephen<br>--<br>Stephen Joyce<br>Systems Administrator P A N I C
<br>Physics & Astronomy Department Physics & Astronomy<br>University of North Carolina at Chapel Hill Network Infrastructure<br>voice: (919) 962-7214 and Computing
<br>fax: (919) 962-0480 <a href="http://www.panic.unc.edu">http://www.panic.unc.edu</a><br>_______________________________________________<br>OpenAFS-info mailing list<br><a href="mailto:OpenAFS-info@openafs.org">
OpenAFS-info@openafs.org</a><br><a href="https://lists.openafs.org/mailman/listinfo/openafs-info">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br></blockquote></div><br>
------=_Part_7330_6621327.1188019195391--