[OpenAFS] Moving AFS {pt,vl,vol?}server

Turbo Fredriksson turbo@bayour.com
21 Aug 2002 10:38:56 +0200 

>>>>> "Marcus" == Marcus Watts <mdw@umich.edu> writes:

    Marcus> I'm not sure what "SALVAGE.fs" is -- is it a log output
    Marcus> file?  General rules for investigating unknown files: try
    Marcus> "file", if it says text, try "cat -v | more"; if binary,
    Marcus> try using strings or "od -c".  The example I found was
    Marcus> empty.  Off-hand, I'd I'd guess that you don't need to
    Marcus> move it.

Sorry. Just did 'find -type f' in the directory. Didn't see that it
was empty. 

    Marcus> sysid should be unique per-system.  Definitely don't copy
    Marcus> this (unless what you want to do is merely effectively
    Marcus> changing the IP adddress of an existing fileserver.)

Well... Do I? Na, the 'fs' instance is NOT to be moved, just the DB
instance(s)...

Is this ONLY for the fs instance? Because I've managed to get the pt/vl
servers up and running on the two sparcs now. For future list searches
and references, I'll include the new 'super-micro-howto' :)

----- s n i p -----
1. Copy over the following files from the first server to the new
        /etc/openafs/server/ThisCell
        /etc/openafs/server/KeyFile

2. Copy over the directory /var/lib/openafs/db to the new
   server(s)

3. Start the bosserver
        /etc/init.d/openafs-fileserver start

4. Add the new hosts and admin use to the cell servers
        bos addhost HOST1 HOST1 -localauth
        bos addhost HOST1 HOST2 -localauth
        bos adduser HOST1 SUPERUSER -localauth

        bos addhost HOST2 HOST1 -localauth
        bos addhost HOST2 HOST2 -localauth
        bos adduser HOST2 SUPERUSER -localauth

5. Create ptserver and vlserver instances.
        bos create HOST1 ptserver simple /usr/lib/openafs/ptserver -localauth
        bos create HOST2 ptserver simple /usr/lib/openafs/ptserver -localauth

        bos create HOST1 vlserver simple /usr/lib/openafs/vlserver -localauth
        bos create HOST2 vlserver simple /usr/lib/openafs/vlserver -localauth

6. If it's to be a fileserver, create a fs instance.
        bos create HOSTx fs fs \
            -cmd /usr/lib/openafs/fileserver \
            -cmd /usr/lib/openafs/volserver \
            -cmd /usr/lib/openafs/salvager -localauth
----- s n i p -----
(Debian GNU/Linux paths)

    Marcus> On a running server, you can also do
    Marcus> "bos listkeys <servername>" to find out what keys that
    Marcus> server has, plus a checksum.  These should match across
    Marcus> all servers (db or file) in your afs cell.

They do, so it seems like it's perfectly ok just to copy the file over...

    Marcus> Just out of shear and probably irrelevant curiosity, are
    Marcus> you running linux or solaris on the sparc machines, and
    Marcus> what was the reason to move from intel to sparc?

I want to move the services from the current machine, because it's doing
EVERYTING 'imaginable' at the moment. Shell, mail, pop, imap, SQL etc, etc.

I don't want users on the same machine that I have the secure services
on. Just incase... So I want them out of the 'user' server, and onto
something separate.

I 'choosed' SPARC because I got a whole bunch (30 SS1+ and 5 SS4's) for a nickle.
I think the SS4's went for around $30-$40 a piece at a auction I attend every year!
They are _SLOW_ but I don't care, I have plenty :)

And _ALL_ machines run Debian GNU/Linux (SPARC's and Intel). I wouldn't
choose anything else, 'even if I got paid' :)


It now seems like the (bos,pt,vl)server instances run just fine on the
two new machines. I had some problem with the server CellServDB file,
but I think that's sorted out now. I have the two SPARC's _and_ the
real AFS server, which is on the 'Net, while'st the SPARC's is at
home, behind a firewall; 'bos listhosts HOST[12]' confirms this.

After a while (a couple of seconds) the (pt,vl)server instances die,
and I get 'Inconsistent Cell Info on server ... <REAL AFS SERVER IP>'
in the PtLog. Does this have something to do with the fact that the
SPARC's is behind a firewall?


If I try to list users/groups with 'pts listentries' I get:

----- s n i p -----
libprot: a pioctl failed Could not get afs tokens, running unauthenticated.
Name                          ID  Owner Creator
pts: Permission denied ; unable to list entries
----- s n i p -----

But it seems like the DB is there, I can view it with 'pt_util'...


This 'naturaly' because I don't have a token. Trying to get one, I get

----- s n i p -----
aklog: unable to obtain tokens for cell CELLNAME (status: a pioctl failed).
----- s n i p -----

and in the kerberos logs I get

----- s n i p -----
Aug 21 10:22:10 <HOST1> krb5kdc[156](info): TGS_REQ (1 etypes {1}) 192.168.1.5(88): UNKNOWN_SERVER: authtime 1029909803,  turbo@<MY KERBEROS REALM> for afs/<MY CELLNAME>@<MY KERBEROS REALM>, Server not found in Kerberos database
----- s n i p -----

Which I on the other hand also get on the real AFS server (which know
nothing about the SPARC's yet). But there (on the real AFS server) I
do get a ticket:
----- s n i p -----
User's (AFS ID 1) tokens for afs@<MY CELLNAME> [Expires Aug 21 16:37]
----- s n i p -----

The 'difference' is that I'm not running any 'afsd' on the SPARC's... ?

My first thought was that it matter in which order the hosts where
listed in the client CellServDB, but it didn't seem to matter.
-- 
jihad terrorist radar tritium Kennedy Ft. Bragg cryptographic Panama
Mossad DES 747 Ft. Meade BATF Legion of Doom [Hello to all my fans in
domestic surveillance]
[See http://www.aclu.org/echelonwatch/index.html for more about this]