[OpenAFS] Re: AFS & Maildir

Noel Burton-Krahn noel@bkbox.com
Tue, 16 Dec 2003 10:54:45 -0800 

Oh yeah, forgot about that.  Right, cross-directory hard links don't work in
AFS, so qmail chokes.  The simple patch is to change "link" to "rename" in
the qmail source.  It works fine for me.  I haven't seen any compelling
explanations for why "rename" would be any less atomic than "link".

Yes, OpenAFS is much closer to the _way_things_should_be_.  It is so great
to have a real wide area network file system.  It has its limitations
though.  The Windows client has a few warts that needed patching (long
timeouts during boot, long timeouts resolving UNC links, etc).  I keep
meaning to fix the Windows interface to group management too.

I'm just about to post a package for Apache and WebDAV integration, if
you're interested.

How do you do your failover?  I've been working on kernel-level application
failover (see www.hotswap.net) and have been considering applying it to
OpenAFS.

--Noel



----- Original Message -----
From: "David Stubbs" <david.stubbs@idessa.com>
To: "Noel Burton-Krahn" <noel@bkbox.com>
Sent: Tuesday, December 16, 2003 10:35 AM
Subject: Re: AFS & Maildir


> Hi noel,
>
> Thanks for the reply! I have set up our qmail daemon using k5start to
> collect the tickets, both our krb5 and afs. When I try and get qmail to
> deliver the mails to the afs directories it fails.
>
> It say "Problems_while_trying_to_get_maildirsize:_cross-device_link",
> from what I understand this is because afs can not use link/unlink.
> How have you managed to get round this. Is there a patch readily
> available to change the link's to renames in the maildir source, or
> do use a tmp dir and move the mails after qmail-local has delivered
> them?
>
> It looks good with the bkbox, we are doing a similar thing. Our system
> is built on OpenLDAP, Mit-krb5 & Openafs. We are using two machines
> to store our OpenAFS at our main site this is mirrored using DRBD
> between them, and heartbeat to do the failover. (we need to a little bit
> more work for this).
>
> Our company think the idea of most things being on OpenAFS is great
> as we have a few site at present and are looking to get more.
>
> Thanks once again for reply,
>
> David Stubbs
>
> On 16 Dec 2003, at 18:06, Noel Burton-Krahn wrote:
>
> > Hi David,
> >
> > No I don't mind, and sure, I can tell you how to get qmail working
> > under
> > AFS.
> >
> > qmail invokes qmail-local for local deliveries.  So, I replaced
> > qmail-local
> > with a script that gets AFS permissions first:
> >
> > 1. Create a "maild" AFS user.
> >
> > 2. Make sure "maild" can list, create, and delete files in user's
> > Maildirs
> >
> > find ~user/Maildir -type d | xargs fs setacl -acl maild:lid -dir
> >
> > 3.  qmail-local will need to read the "maild" password to get AFS
> > tokens
> > before delivering.  I suppose you could do this with a krb5 keytab
> > file, but
> > I just put the raw password in a root-readable file
> >
> > echo maild-password > /var/qmail/cache/maild-password
> > chmod 0400 /var/qmail/cache/maild-password
> >
> > 4. finally, make a wrapper around qmail-local
> >
> > cd /var/qmail/bin
> > mv qmail-local qmail-local.orig
> >
> > cat >qmail-local <<EOF
> > #! /bin/sh
> > set -eu
> > kinit maild </var/qmail/cache/maild-password
> > aklog -setpag
> > exec /var/qmail/bin/qmail-local.orig
> > EOF
> >
> > chmod a+x qmail-local
> >
> > I use Krb5 and OpenAFS under Debian.  Check out www.bkbox.com.
> >
> > --Noel
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "David Stubbs" <david.stubbs@idessa.com>
> > To: <noel@bkbox.com>
> > Sent: Tuesday, December 16, 2003 1:35 AM
> > Subject: AFS & Maildir
> >
> >
> >> Hi noel,
> >>
> >> I hope that you don't mind the intrusion, I spotted a thread on an
> >> OpenAFS mailing list. In the thread you mention that you have patched
> >> qmail to deliver to maildir on an AFS system, using rename instead of
> >> link. I was just wondering if you would consider sharing you patch
> >> with
> >> me/my company. As we have just setup and OpenAFS system, that houses
> >> our home directory, then we found out that we could not use our qmail
> >> system to deliver on to the AFS system. :-(
> >>
> >> I look forward to your reply,
> >>
> >> Thanks
> >> David Stubbs.
> >>
> >>
> >
>
>