[OpenAFS] Creating a partial sandbox of the production Cell & krb5 realm

Jason Edgecombe jason@rampaginggeek.com
Sun, 11 Nov 2012 18:11:42 -0500

Hi everyone,

We're working on migrating our account creation process and oracle 
server from Solaris 9 (Oracle 9) to RHEL5 (Oracle 11). To do more 
testing, I have been asked to create a new AFS cell and krb5 realm that 
is a sandbox of production, including having the same realm/cell names 
as production. I plan to mirror just enough volumes to do the testing. 
The same name is wanted to avoid tweaking the account generation scripts.

To make the sandbox, I would like to copy the existing krb5 and PTS 
DB's. Besides the Keyfile and CellservDB, what other Kerberos/AFs keys 
must be changed to prevent the sandbox from accidentally affecting 
production via AFS/KRB commands?

I plan to selectively "vos dump" some production volumes and "vos 
restore" them on the test cell.

I would appreciate any other tips that anyone has.

BTW, I proposed using a differently/named test cell/realm and was shot down.