[OpenAFS] Moving AFS {pt,vl,vol?}server

[Turbo Fredriksson]

>>>>> "Marcus" == Marcus Watts <mdw@umich.edu> writes:

    >> It now seems like the (bos,pt,vl)server instances run just fine
    >> on the two new machines. I had some problem with the server
    >> CellServDB file, but I think that's sorted out now. I have the
    >> two SPARC's _and_ the real AFS server, which is on the 'Net,
    >> while'st the SPARC's is at home, behind a firewall; 'bos
    >> listhosts HOST[12]' confirms this.
    >> 
    >> After a while (a couple of seconds) the (pt,vl)server instances
    >> die, and I get 'Inconsistent Cell Info on server ... <REAL AFS
    >> SERVER IP>' in the PtLog. Does this have something to do with
    >> the fact that the SPARC's is behind a firewall?

    Marcus> You say they "run just fine", then complain they die right
    Marcus> away.  Um, which is it?

Well, I wrote the first sentence just after starting the servers.
Then I wanted to double check (something), and discovered that the
server had died, and I found a strange log entry (-> in a prevous mail).

So long as I don't add the live/real server, they work just fine.


I now a client that only knows about the new SPARC's, and it 'knows' that
the live/real server holds the volumes, so I'm guessing it have something
to do with the firewall. This don't matter. The'll (the SPARC's) go live
'asap'...

    Marcus> Routine SDISK_UpdateInterfaceAddr in ubik/remote.c can
    Marcus> print out "Inconsistent Cell Info from server: "; if
    Marcus> that's the message you saw, then this probably means you
    Marcus> still have CellServDB issues.

    Marcus> Firewall?  I don't think a firewall could cause that
    Marcus> particular message (at least not likely) but there are all
    Marcus> sorts of other issues that can cause bad problems if you
    Marcus> have a firewall that isn't configured correctly.  Somebody
    Marcus> must have a FAQ by now that says what has to be done to
    Marcus> make this work.  Is there some reason you want to run with
    Marcus> firewalls between things?

    Marcus> Does this machine have a cache manager installed?

The 'afsd' processes? No. The don't have enough disk space, so I desided
that they shouldn't have access to the VOLUMES. The'll only be DB servers..

    >> and in the kerberos logs I get
    >> 
    >> ----- s n i p -----
    >> Aug 21 10:22:10 <HOST1> krb5kdc[156](info): 
    >> TGS_REQ (1 etypes {1}) 192.168.1.5(88): UNKNOWN_SERVER:
    >> authtime 1029909803, turbo@<MY KERBEROS REALM> for afs/<MY
    >> CELLNAME>@<MY KERBEROS REALM>, Server not found in Kerberos
    >> database

    Marcus> Interesting.  In "classic" AFS at least, the only sort of
    Marcus> afs ticket that will work is a k4 service ticket for
    Marcus> "afs@K4-REALM-NAME"

That's the one I have (afs@REALM). Works on the live/real server...

    Marcus> There are  lots of versions of aklog  floating around that
    Marcus> do different things; I've no idea which one you've got.

>From the 'NRL AFS-Kerberos 5 migration kit'.
-- 
Nazi fissionable subway congress FSF Honduras Semtex class struggle
Albanian genetic Cuba World Trade Center ammonium AK-47 Saddam Hussein
[See http://www.aclu.org/echelonwatch/index.html for more about this]