[OpenAFS] Re: Moving Magic Trio to another domain

Andrew Deason adeason@sinenomine.net
Tue, 24 Sep 2013 14:23:39 -0500

On Tue, 24 Sep 2013 22:12:52 +0300 (EEST)
"Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:

> This time I destroyed the old krb data and created a new one. With
> afs, I only replaced the old domains with new ones in conf files. I
> did create the afs princ using different encryption if that makes a
> difference here?

That shouldn't be the problem here. What actual errors are you seeing?
Can you run 'fs lsm' on the things you can't seem to access? (That is,
'services' and the homedirs)

> Would a unix backup/restore method lose something afs-specific content
> that I couldn't recover? That is, if the migration of users don't
> work, and I have to reset all the access rights anyway (I understand
> that acls in afs are different). I'm still hoping to make the
> migration smoother.

You lose ACLs and mountpoints. ACLs you can view with 'fs la' and set
with 'fs sa'; mountpoints you can view with 'fs lsm' and recreate with
'fs mkm'.

So you can just rsync the files form /afs if you want, but the
mountpoints can make that confusing. For example, if a user created a
mountpoint in their home directory like this:

$ fs mkm root.cell root.cell

Then if you tried to rsync that directory tree, you'd copy the same data
over and over again, since that looks like a directory loop (unless
rsync or whatever tool you're using is smart enough to detect such a

If you want to copy the data from a 'source' cell to a 'destination'
cell and you can have both available at the same time, you can use the
'up' tool to copy the directory tree while preserving all of the
afs-specific information and avoiding endless loops.

Andrew Deason