[OpenAFS] openafs-1.4.2 RHEL RPM package installs nonempty SuidCells and mangles CellServDB

Berthold Cogel cogel@rrz.uni-koeln.de
Wed, 22 Nov 2006 13:56:18 +0100 

Derrick J Brashear schrieb:
> 
> If we can get a vgaue consensus on what it is that should be sourced, 
> I'd love to accept and integrate such a contribution... as long as 
> people who don't have something set still get their DB updated. Having 
> one set of packages everyone can use, and no one needing to build, is 
> high on the list of things the project has tried to do.
> 

Perhaps it is possible to include a script in openafs with a mechanism 
that allows the user to update his CellServDB. It should be called by 
the init script. This mechanism could be triggered also by local update 
methods (cfengine) or manualy.

What I would like to have is a something like this:

- A CellServDB.dist from openafs.org. Provided during installation and
   perhaps updated by cronjobs via ftp or http.
- A CellServDB.local which I can maintain myself, perhaps with local,
   nonpublic cells.
- A CellServDB.blacklist to exclude 'broken' cells (perhaps not up2date
   in CellServDB.dist) or cells I don't want to be seen by my users on
   all or some special clients.

These files can be processed by the update mechanism to form a new 
CellServDB. If informations on new cells or modified cells are 
distributed, the running client will be notified by the script (via fs 
newcell, fs setcell).

We're using some tools based on a script from Dieter Mack (University of 
Hohenheim) to maintain our CellServDB. A colleague (Rainer Laatsch) has 
modified this for our environment and we have integrated it in our 
cfengine setup.
This script, and some other tools to mangle the CellServDB, can be found 
at /afs/rrz.uni-koeln.de/common/etc/.

The script newCellServDB reads the existing and a newly distributed 
CellServDB, converts the entries in a list (per line: cellname and 
serverlist) and compares the files. The client is notified if changes 
occur.

newCellServDB+localadd merges a local file to a distributed CellServDB. 
The rest works as in newCellServDB.

There are some other scripts in that directory, which might be useful too.


Regards,
Berthold Cogel