[OpenAFS] Re: NetRestrict ignored
Andrew Deason
adeason@sinenomine.net
Mon, 18 Jun 2012 10:40:36 -0500
On Sun, 17 Jun 2012 22:07:17 +0100
Ian Crowther <i.crowther@gmail.com> wrote:
> #vos listvol 10.1.0.145
> Total number of volumes on server 10.1.0.145 partition /vicepa: 6
> root.afs.readonly 536870916 RO 2 K On-line
> root.cell.readonly 536870922 RO 4 K On-line
> root.public.readonly 536870931 RO 2 K On-line
> root.public.readonly 536870928 RO 2 K On-line
> root.user.readonly 536870925 RO 3 K On-line
> user.ian.readonly 536870934 RO 10 K On-line
>
> Total volumes onLine 6 ; Total volumes offLine 0 ; Total busy 0
>
> (not entirely sure why root.public.readonly appears twice)
My guess would be: you created root.public awhile ago, removed all
entries of it from the vldb (but did not remove the RO site on
10.1.0.145), and created it again. You can verify whether 536870928 is
referenced by the vldb anywhere by running 'vos listvl 536870928'. If
that says it doesn't know what that volume is, you should be able to
delete it safely from the server, if you want.
> On the other hand
>
> #vos changeaddr -oldaddr 10.1.2.17 -remove
> Removed server 10.1.2.17 from the VLDB
> #vos listaddrs
> caffeine.example.com
> a.ns.example.com
> 10.1.2.16
>
> I only wanted the 10.1.2.17 entry to go, though!
You never need to fiddle with vos to alter what addresses are on a
(modern) fileserver. If you edit the Net* files, restart the fileserver,
and the addresses aren't what you wanted, just stop. Even if you manage
to 'solve' the problem by fiddling with stuff, the problem will reappear
the next time you start the fileserver.
Specifically with regards to that one command run, server addresses in
the vldb for modern fileservers are all tied to a single logical
'server'. So, if you delete one, you delete all of them. You cannot
specify deleting just a single address for a fileserver with 'vos
changeaddr', since that is supposed to be managed by the fileserver
setting its own addresses. You can manage to do this with 'vos
setaddrs', but you shouldn't do that for the reasons mentioned above.
--
Andrew Deason
adeason@sinenomine.net