[OpenAFS] Ubik problem

Atro Tossavainen atro.tossavainen+openafs@helsinki.fi
Tue, 13 Apr 2010 00:25:51 +0300 (EEST) 

Jeffrey,

> actually it is because that server is reporting multiple addresses:
> 
>   Server( 128.214.88.114 10.0.0.3 172.16.0.1 172.17.0.1 172.18.0.1 )
> 
> several of which are lower than 128.214.58.174.   What are these other
> interface addresses are do you expect them to be used for ubik
> synchronization?

Private addresses for purposes other than AFS.

I believe I am using NetRestrict to avoid the servers from picking up
these:

sun4x_58 # cat /usr/afs/local/NetRestrict
M 10.255.255.255
M 172.255.255.255
M 192.168.255.255

I don't expect to see the RFC1918 addresses anywhere in connection
with AFS.  The NetRestrict file is unaltered as of Feb 13, 2009 and
has been essentially identical for years.

(I remember needing to raise a bug with IBM over wildcard support.
PMR-73077... late 2004/early 2005.  Not that it says anything to anybody
outside IBM, probably.  Merely using "255" wasn't enough, it needed
adding "M" in front for wildcards to work and I think this was and is
undocumented.)

I have not had any database issues for as long as the other sun4x_58
host was the other database server.

Andrew,

> Are you seeing other issues with the database itself?

Today, I could not open my screensaver, and I of course know my password.

When I used kas to see if I had some problem with my account, "examine
atossava" reported that the account did not exist.  This was the case for
a few other accounts as well - they didn't exist.  Querying one database
server at a time produced different results; correct on afsdb1 and
kaserver producing gobbledygook on afsdb2, if I remember correctly.

I needed to change the password for a user and bumped into an AFS error
message that I have not seen before.  I don't think I wrote it down
anywhere, but basically I couldn't do anything with the account because
of a key version mismatch.

I rebooted the sun4x_58 server and it seemed to take a long time to
reach quorum.  After that, everything has been all right.  I'm worried
that I don't, despite having enabled logging, have much to report in the
AuthLog.

-- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS