[OpenAFS] Re: Moving Magic Trio to another domain

Jukka Tuominen jukka.tuominen@finndesign.fi
Tue, 24 Sep 2013 22:12:52 +0300 (EEST)

> On Tue, 24 Sep 2013 11:56:29 +0300 (EEST)
> "Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:
>> Thanks to help, I'm now in the phase where I can kinit;aklog
>> succesfully as root/admin to the new domain, but I can only see the
>> directory structure, and not access either the existing /service or
>> homedirs. I haven't recreated any user accounts so far, since I've
>> made a script to keep krb/afs/ldap in sync once I have figured out the
>> remaining ldap configuration.
> Presumably you have a root.cell volume, but not the volumes for the
> 'service' directory or homedirs. Did you recreate the whole cell from
> scratch? Just leave all the data the same; you don't need to change
> anything.

This time I destroyed the old krb data and created a new one. With afs, I
only replaced the old domains with new ones in conf files. I did create
the afs princ using different encryption if that makes a difference here?

>> So, I just want to verify that there is a way to reclaim the access
>> rights to the contents? As a backup plan, I still have a snapshot of
>> the old, working server, and could propably ssh the contents from.
> I don't know what you changed, so I don't know what to do to reclaim
> access rights. In order to keep the same files and access and everything
> as before, all you need to do is not change anything. Don't change the
> protection database, don't change the vldb, don't change the /vicep*
> data on the fileserver. Only change the CellServDB, ThisCell, etc,
> files.

AFAIK, that's what I did.

>> I doubt that they both can be online as afs servers simultaneously,
>> though.
> You can't run an "old" and "new" server on the same machine from a
> single IP address, that's true. But you _can_ just run the "old" server,
> and point the old and new CellServDB entries at it, and it looks like
> two different cells and two different servers that serve the same data.
> To maybe help illustrate, it's like in HTTP/1.0 (without the 'host: '
> header) having two different DNS A records for the same server. If you
> had the hostname newwww.example.com and oldwww.example.com both pointing
> to, they would both serve the same contents, but they sort
> of "look" like two different hosts.

Would a unix backup/restore method lose something afs-specific content
that I couldn't recover? That is, if the migration of users don't work,
and I have to reset all the access rights anyway (I understand that acls
in afs are different). I'm still hoping to make the migration smoother.

br, jukka

> --
> Andrew Deason
> adeason@sinenomine.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info