[OpenAFS] Re: Moving Magic Trio to another domain

Jukka Tuominen jukka.tuominen@finndesign.fi
Tue, 24 Sep 2013 22:50:47 +0300 (EEST)

> On Tue, 24 Sep 2013 22:12:52 +0300 (EEST)
> "Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:
>> This time I destroyed the old krb data and created a new one. With
>> afs, I only replaced the old domains with new ones in conf files. I
>> did create the afs princ using different encryption if that makes a
>> difference here?
> That shouldn't be the problem here. What actual errors are you seeing?
> Can you run 'fs lsm' on the things you can't seem to access? (That is,
> 'services' and the homedirs)

'/afs/[domain]/service' is a mount point for volume '#service'

> fs: You don't have the required access rights on '/afs/[domain]/user/...'

fs la /afs/[domain]/service
fs: You don't have the required access rights on '/afs/[domain]/service'

>> Would a unix backup/restore method lose something afs-specific content
>> that I couldn't recover? That is, if the migration of users don't
>> work, and I have to reset all the access rights anyway (I understand
>> that acls in afs are different). I'm still hoping to make the
>> migration smoother.
> You lose ACLs and mountpoints. ACLs you can view with 'fs la' and set
> with 'fs sa'; mountpoints you can view with 'fs lsm' and recreate with
> 'fs mkm'.
> So you can just rsync the files form /afs if you want, but the
> mountpoints can make that confusing. For example, if a user created a
> mountpoint in their home directory like this:
> $ fs mkm root.cell root.cell
> Then if you tried to rsync that directory tree, you'd copy the same data
> over and over again, since that looks like a directory loop (unless
> rsync or whatever tool you're using is smart enough to detect such a
> loop).
> If you want to copy the data from a 'source' cell to a 'destination'
> cell and you can have both available at the same time, you can use the
> 'up' tool to copy the directory tree while preserving all of the
> afs-specific information and avoiding endless loops.

I understood the client pointing to two different domains with a single
destiny. I can also switch between the two servers (old and new) one at
the time, but I can't understand how the server can hold the two domains
at once. When you destroy the krb data, or change the .confs, it only
appears as one, AFAIK. Sorry...

br, jukka

> --
> Andrew Deason
> adeason@sinenomine.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info