[OpenAFS] AFS Cell Name change
Frank Burkhardt
fbo2@gmx.net
Fri, 7 Apr 2006 16:48:00 +0200
Hi,
On Thu, Apr 06, 2006 at 04:49:38PM +0100, Nuno Miguel da Cruz Neves wrote:
> Hello.
>
> I maintain an AFS cell whose domain registration just got lost... :(
>
> Now, I am trying to get the domain back, but it seems hard to do
> (unresponsive address on the other side).
>
> So, I would like to know what is envolved in changing the AFS domain name.
>
> For instance, If I change the ThisCell on every server and client and the
> afs.root mappings, will it work? Will it maintain the entire structure
> below?
Yes - as long as you do not use target cell names in your volume mountpoints
unter /afs/[yourcell] which is very unlikely.
But you have to do some more than just changing ThisCell. You have to
change the server-CellServDB on any DB-server (Debian-Linux places it at
/etc/openafs/server/CellServDB).
The most "interesting" thing will be the Kerberos database. I don't know, if
you are using kaserver - I don't. My kerberos database contains an explicit
realm name on each principal plus the password hashes are salted using the
realm name. I would have to either get all my users to reset their passwords
or give up my 'realm=uc(cellname)' rule which would cause other problems.
> What steps should I take to ensure everything keeps working?
I think, it's impossible to actually "Keep everything working" during a Cell
name change. You will suffer some downtime.
BTW: How many servers/users do you have?
Regards,
Frank