[OpenAFS] Procedure for changing database server IP addresses

Stephen Joyce stephen@email.unc.edu
Tue, 17 Jan 2017 15:45:01 -0500

I know the current best-practice for changing the IP addresses of AFS 
database servers is don't do it.

But assuming that I want/need to change IPs and have available hardware, is 
the use of clone dbservers the preferred method? I can tolerate short 
service interruptions of up to a few minutes as long as they're planned 
for low-utilization times.

Initial condition is 3 dbservers ("OLD") located via AFSDB & SRV, running 
1.6.x. Desired final condition is 3 dbservers ("NEW") with different IP 
addresses, also running 1.6.x (for now).

I'm roughing out a procedure, but my current thinking involves..

  add 3 NEW dbservers as r/o clones (restarting db procs)
  modify DNS to show all 6 IPs.
  'fs newcell' or restart all afsd's (including on servers)

  swap clone/non-clone roles so that NEW dbservers are r/w and OLD dbservers 
are r/o clones (restarting db procs). At this point, sync must be a 
non-clone, r/w "NEW" server. Verify with udebug. Any client afsd's not 
restarted/newcell'ed won't be able to make pt/vl changes.

  modify DNS to show only 3 NEW IPs
  'fs newcell' or restart of all afsd's (including on servers)

  remove 3 OLD dbservers which must be r/o clones (restarting db procs). Any 
client afsd's not restarted/newcell'ed won't be able to query pt/vlservers.

Because it could take some time to restart/newcell all clients, I'm 
thinking of doing the clone addition/dns steps then waiting some time 
(week+) before doing the role swap and second dns change. Then waiting 
another period of time (week+) before doing the last removal.

I'm assuming that I can use -auditlog (or even a packet sniffer) to see 
what clients might still be using the OLD dbservers prior to the final 

Seems a bit too simple. What am I missing?