[OpenAFS] Re: Moving Magic Trio to another domain

Andrew Deason adeason@sinenomine.net
Tue, 24 Sep 2013 15:07:44 -0500

On Tue, 24 Sep 2013 22:50:47 +0300 (EEST)
"Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:

> > That shouldn't be the problem here. What actual errors are you
> > seeing?  Can you run 'fs lsm' on the things you can't seem to
> > access? (That is, 'services' and the homedirs)
> '/afs/[domain]/service' is a mount point for volume '#service'
> > fs: You don't have the required access rights on '/afs/[domain]/user/...'
> Also,
> fs la /afs/[domain]/service
> fs: You don't have the required access rights on '/afs/[domain]/service'

Okay, I thought you meant they were just offline or something. If that's
the problem, then it probably is related to authentication; it seems
more like the authentication setup is broken, not related to the
migration. Are your tokens not working at all, then? (A way to test
would be to try writing to, say, a new file in /afs/.cell/ )

Do you know what the permissions on these dirs are supposed to be?

Do you see anything in syslog, or 'dmesg | tail' on the client when you
try to access these?

> > If you want to copy the data from a 'source' cell to a 'destination'
> > cell and you can have both available at the same time, you can use the
> > 'up' tool to copy the directory tree while preserving all of the
> > afs-specific information and avoiding endless loops.
> I understood the client pointing to two different domains with a
> single destiny. I can also switch between the two servers (old and
> new) one at the time, but I can't understand how the server can hold
> the two domains at once. When you destroy the krb data, or change the
> .confs, it only appears as one, AFAIK. Sorry...

Sorry, I meant using two different actual machines for that scenario
(using 'up' to copy the data between the two cells). You'd need two
separate machines for that, or at least two different IPs, so it's not
relevant if you only have the one machine to work with.

It may be possible to do that with one machine by setting up chrooted
servers bound to a different local IP, but... that's getting a bit
complex :)

Andrew Deason