[OpenAFS] bos cron jobs and tokens

Juha Jäykkä juhaj@iki.fi
Fri, 13 Apr 2007 09:55:05 +0300


--Sig_/ow+QDo=rZinnyNJYWe15/t
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

> Ah!  You should have said that!  Um, you probably don't want to

Probably should, indeed. You wrote a lengthy reply, but don't be sorry:
it was quite informative anyway!

> do that.  This means you have to mount /afs on that afs server,
> which is quite possible, but dangerous.  The danger is that now
> you can create recursive service dependencies.

Eh..? You should not mount /afs on afs fileservers? Well, we do, it
works, and I don't quite see how it would break - unless we start moving
the openafs binaries to /afs (which we don't do even for the client
binaries, since the debian packages do not do that and it would mean
extra work without much benefit to do that by hand).

> Here's a slightly contrived example: let us suppose you want to
> do automatic volume dumps, and you had somewhat limited filespace
> outside of your AFS fileserver.  So, you could write a script
> that does vos dumps into and out of filespace that happens to be mounted
> in AFS.  This *will* work.  vos dump just writes to standard output.

That's twisted! We make vos dumps for two reasons. One is to protect data
from anything that might screw up /afs (this is most likely equivalent to
ordinary filesystem corruption, but in afs's case there are two
filesystems: the one on /vicep* and the on within the files
within /vicep*, so I think this increases the odds of fs corruption) and
second, to protect data against physical disasters, like fire: the
tape-backup solution of choice here is legato and we did not like the
idea of using the no-longer-maintainer legato-afs-kludge, but opted to
simply use legato to dump the vos dumps.

The first point alone dictates we will never dump (at least not with the
script in question) to /afs and the second point reinforces this (legato
starts its dumper processes apparently with exec*() calls, it's quite
some pita to create wrappers for all of them).

Better ideas ARE appreciated. And thanks to the few people who responded
to me earlier about backup scripts, even though we ended up using none of
them.

> And, no, there's no way for bos to get tokens before running

=46rom your explanations I gather it never will gain that ability, either.
Very well, our backup script lives on local disc, then.

Thanks!

-Juha

--=20
                 -----------------------------------------------
                | Juha J=C3=A4ykk=C3=A4, juolja@utu.fi			|
		| Laboratory of Theoretical Physics		|
		| Department of Physics, University of Turku	|
                | home: http://www.utu.fi/~juolja/              |
                 -----------------------------------------------

--Sig_/ow+QDo=rZinnyNJYWe15/t
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGHylN7S6DRdEiFtYRArAvAKDNhj3hvyI5R3/zLLFPPSId5GELBgCfW2rO
WyylHAZPcqA3r3HW0jWTSLo=
=uCVu
-----END PGP SIGNATURE-----

--Sig_/ow+QDo=rZinnyNJYWe15/t--