[OpenAFS] Re: [OpenAFS-devel] SOS: AFS instllation/Configuration

ted creedon tcreedon@easystreet.com
Wed, 31 Jan 2007 06:53:37 -0900


Here's an old set of scripts I use for cold start:
 
##cleanup for the nth time.. Transarc path used to match IBM docs.

  rm /usr/afs/db/*
  rm /usr/afs/logs/*
  rm /usr/afs/local/*
  rm /usr/afs/logs/*
  rm /usr/afs/logs/*
  rm -Rf /usr/vice/cache/*
  rm /usr/afs/etc/KeyFile
  rm /usr/afs/etc/UserList
  rm /usr/vice/etc/AFSLog
  rm /usr/vice/etc/CellServDB
  rm /usr/vice/etc/ThisCell

cat  /usr/afs/etc/CellServDB /usr/afs/etc/ThisCell /usr/afs/local/BosConfig
usr/vice/etc/CellServDB /usr/vice/etc/ThisCell
##cat should be zilch..

 #local server nome remote nanook
 export H='nanook.home.ted-doris.fam'
 export S='nome.home.ted-doris.fam'
 export C='home.ted-doris.fam'

##user gets to figure out how to make "home.ted-doris.fam" work on the
internet..

 #bos_users. - used for kas not KRB5
 export bos_users='afs admin tedc administrator root test'
 #order is important because of UID,  possibly
 #usersp_pts used for KRB5 pts & bos
 export pts_users='admin tedc Administrator root test'
 echo $S $C $H
 echo $bos_users
 echo $pts_users
 echo $id_pts
 echo $PASS

 bosserver -noauth&
 bos setcellname $S $C -noauth
 bos listhosts $S -noauth
 #bos create $S kaserver simple /usr/afs/bin/kaserver -cell $C -noauth
 bos create $S buserver simple /usr/afs/bin/buserver -cell $C -noauth
 bos create $S ptserver simple /usr/afs/bin/ptserver -cell $C -noauth
 bos create $S vlserver simple /usr/afs/bin/vlserver -cell $C -noauth

#kas V4 users and roles if KRB4 is used
#create in afs root tedc admin Administrator order
#set up Kerberos 4 users and roles (admin)

 kas -cell $C -noauth
   create afs
   create root
   create tedc    
   create admin
   examine afs
   examine admin
   setfields admin -flags admin # for root tedc admin Administrator
   quit

  kas -admin root   # get into kas with admin privs
  ka> examine tedc
  ka>quit

 ##KRB5 principals If krb5 is used
 kadmin.local -q "addprinc afs@HOME.TED-DORIS.FAM"
 #use same kvno as was created above..
 kadmin.local -q "modprinc -kvno 2 afs@HOME.TED-DORIS.FAM"
 ktutil
 ktutil:  rkt /etc/krb5.keytab
 ktutil:  l                       #delete old afs@HOME.TED-DORIS.FAM keys
 ktutil:  wrkt /etc/krb5.keytab
 ktutil: q
 kadmin.local -q "ktadd -k /etc/krb5.keytab -e des-cbc-crc:normal
afs@HOME.TED-DORIS.FAM" 
 asetkey add 2 /etc/krb5.keytab afs #make /usr/afs/KeyFile
 keyfile_dump /usr/afs/etc/KeyFile  #dumps KeyFile to stdout

#shell scripts note order of users must match UID's. starts at 500
#kas create adds users to Authentication database use if KRB4 is used
  for i in $users ;do kas delete  $i  $PASS -noauth ;done
  for i in $users ;do kas create  $i  $PASS -noauth ;done
  for i in $users ;do kas setfields  $i -flags admin  -noauth ;done
  for i in $users ;do kas examine $i  -noauth ;done

############################################# bos users
#set up bos users
  for i in $bos_users; do bos adduser -user $i -server $S -cell $C -noauth;
done 
#verify bos users
  bos listusers  -server $S -cell $C -noauth

OR
 bos adduser $S admin -cell $C -noauth

 bos addkey $S -kvno 0 -cell $C -noauth
 bos listkeys $S -cell $C -noauth
##HacksForOthers
 #do only if keys don't match (kvno's)
 ##kas -cell $C -noauth
 ##  setpassword afs -kvno 1

################################## pts users and roles
 grep admin /etc/passwd #get admin uid
##
 for i in $pts_users; do pts createuser -name $i -cell $C -noauth; done
 for i in $pts_sers; do pts adduser  $i system:administrators -cell $C
-noauth; done
 for i in $pts_users; do pts membership  $i -cell $C -noauth; done 
##
 pts createuser -name admin -cell $C -id 501 -noauth
 pts adduser admin system:administrators -cell $C -noauth
 pts membership admin -cell $C -noauth
 
 pts createuser -name tedc -cell $C -id 502 -noauth
 pts adduser tedc system:administrators -cell $C -noauth
 pts membership tedc -cell $C -noauth

 pts createuser -name Administrator -cell $C -id 503 -noauth
 pts adduser Administrator system:administrators -cell $C -noauth
 pts membership Administrator cell $C -noauth

 pts createuser -name root -cell $C -id 504 -noauth
 pts adduser root system:administrators -cell $C -noauth
 pts membership root -cell $C -noauth

 pts createuser -name test -cell $C -id 1100 -noauth
 pts adduser test system:administrators -cell $C -noauth
 pts membership test -cell $C -noauth


#verify

############################################# 
 bos restart $S -all -cell $C -noauth
 ps ax|grep afs  #note servers running
  ##note don't use runntp, set -notimeset in /etc/sysconfig/afs-client if
client and server are on same machine this is now the default

 #start file, volume servers, salvager
  bos create $S fs fs /usr/afs/bin/fileserver /usr/afs/bin/volserver
/usr/afs/bin/salvager -cell $C -noauth
  bos status $S fs -long -noauth
  vos create $S /vicepa root.afs -cell $C -noauth
  fs setacl /afs system:anyuser rl

  vos syncvldb $S -cell $C -verbose -noauth
  vos syncserv $S -cell $C -verbose -noauth
  ## choose if first or second server machine
 #######################################
 #Sync (main) SERVER SETUP
   bos create $S upserver simple "/usr/afs/bin/upserver -crypt /usr/afs/etc
-clear /usr/afs/bin" -cell $C -noauth
 #######################################
 END OF SERVER SETUP #1 for system controller
 #######################################
 SUBSEQUENT SERVER SETUPS for slaves
 bos create $S upclientetc simple "/usr/afs/bin/upclient $H -crypt
/usr/afs/etc" -cell $C -noauth 
 bos create $S upclientbin simple "/usr/afs/bin/upclient $H -clear
/usr/afs/bin" -cell $C -noauth

## Linux CLIENT SETUP

 insmod libafs  #sometime
 cd /usr/vice/etc
 rm ThisCell
 cp /usr/afs/etc/ThisCell .
 rm CellServDB
 #insert entries for other servers in CellServDB
 cp /usr/afs/etc/CellServDB  .
 #assuming /usr/vice is mounted on /dev/sdaxx as and ext3 filesystem
 mkdir /usr/vice/cache
 echo "/afs:/usr/vice/cache:100000" >/usr/vice/etc/cacheinfo

 ## memory or disk cache in afsd daemon call\
 ## setup start scripts
  cp /data/afs-client /etc/init.d
  cp /data/afs-server /etc/init.d
  cp /data/afs-client.syscfg /etc/sysconfig/afs-client

 ## start servers&client
 /etc/init.d/afs-client stop
 /etc/init.d/afs-server stop
 /etc/init.d/afs-server start
 /etc/init.d/afs-client start
 ps ax|g afs

kinit admin
password: ****
 #check up
 klog admin
 tokens;pts membership tedc -cell $C -noauth
 bos status $S
 fs checkvolumes

#root.afs previously created
 vos create $S /vicepa root.cell
 fs mkmount /afs/.$C root.cell -rw
 fs mkmount /afs/$C root.cell
 fs lsmount /afs/.$C
 fs lsmount /afs/$C
 vos addsite $S a root.afs
 vos addsite $S a root.cell
 vos release root.afs
 vos release root.cell

 fs setquota -path /afs/.$C -max 50000
 fs setquota -path /afs/$C -max 50000
 fs listquota -path /afs/.$C
 fs listquota -path /afs/$C
 # make RW mount point

 fs setacl /afs/$C system:anyuser rl
 fs setacl /afs/.$C system:authuser rw
 fs examine /afs
 fs examine /afs/.$C
 fs examine /afs/$C

 fs checkvolumes         ##flush out
 fs examine /afs
 fs examine /afs/
 fs examine /afs/.$C
 fs examine /afs/$C