[OpenAFS] Moving AFS server processes

[Derrick J Brashear]

On Thu, 14 Feb 2002, Michael Aldrich wrote:


> > Did you even read the IBM/Transarc AFS documentation?  In particular
> > the section on "How to add a server to your cell"?
> Yes, repeatedly. When I try to add bos create commands, I get You are
> unauthorized...
> I use the command klog admin
> passwd: <enter the password created for admin on the first server machine>
> Unable to authenticate to AFS because user doesn't exist.!?
> I try on my server machine (Sun box) and get the same error! I created the
> account 'admin' when the machine was first installed. Admin does exist in
> the 'UserList'.

If you're migrating you didn't need to create a new "admin", you already
had one. If you started setting up the new machine as if it was a new
cell, you may run into some problems. If you want to move from one server
to another, configure the new machine as a server, but leave the first
server alone, and don't remove it from your CellServDB. 

Here are instructions. If you get to any of the "stop. you lost" points,
tell us what you did. (openafs-info, not me directly)

Start by setting up the KeyFile on the new machine. It should be the same
as on the old machine. You should copy it securely somehow (not with
unencrypted ftp, unless you're on a private network); Set up the UserList,
CellServDB and ThisCell file for the server (/usr/afs/etc if you use
Transarc paths; otherwise, you need to know what paths you're using). The
CellServDB should only have the old machine in it.

Start the bosserver and then create the fileserver bnode. at this point
you should be able to klog admin and create a volume on your new
fileserver. If you can't, stop here. You've already lost. Otherwise,
continue.

Copy the AFS database files securely from the old machine to the new
machine. If you use upserver, you can ujse upclient on the new machine to
get them, otherwise, scp, encrypted ftp, or being on a private network is
ok. Put them in your db directory. (/usr/afs/db or where your installation
wants them).

Configure the CellServDB on your old server and your new server to have
the new server listed. bos restart the vlserver, kaserver and ptserver on
the old machine. bos create a kaserver, ptserver and vlserver on the new
machine. Wait. In about 90 seconds you should be able to e.g. udebug
newserver 7004 and/or udebug oldserver 7004 and see that one or the other
has become sync site for the kaserver service, and that recovery state is
"1f". If after 5 minutes this hasn't happened (just to be safe), stop,
you've lost. The logs in /usr/afs/logs may tell you why.

You should also check the services on 7002 (ptserver) and 7003 (vlserver),
but if the kaserver works, they likely will also.

Ok, now you should be ok to shut down the old database servers. Update all
CellServDBs to only know about the new server. Stop the
kaserver/vlserver/ptserver on the old server. Restart the
kaserver/vlserver/ptserver on the new server. udebug newserver 7004 should
show the new server as sync site. If after about 5 minutes it doesn't (and
this is really unnecessary as in a single server installation it either
works or not) stop. You've lost.

At this point you can use vos move to move all the volumes from the old
server to the new server, if there are any. You'll need to klog admin
(well, actually you won't, but to make sure everything is ok, you want
to).

After this finishes the old server can stop being an AFS server entirely.
Make sure all your clients get updated CellServDBs and get restarted.