[OpenAFS] Re: renaming a cell?

[Andrew Deason]

On Fri, 27 Apr 2012 19:48:19 +0200
Stephan Wiesand <stephan.wiesand@desy.de> wrote:

> supposed one has to rename an AFS cell (and the krb5 realm responsible
> for authentication), what would be the steps to take? Once the KDCs
> are fully functional for the new realm, is the following sufficient?

I thought renaming a krb5 realm was difficult... isn't the realm name
used as part of the salt? Or should I just assume you've already handled
this? :) Renaming the realm isn't required, but I can certainly see why
you'd want to.

> 1) shut down all AFS clients, Fileservers, DB servers 
> 2) replace all ThisCell & CellServDB files, and the KeyFiles
> 3) start the servers
> 4) start the clients

Whether or not you even need to restart the clients I think depends on
how you're using them wrt dynroot. But yeah, I think that's sufficient.
We don't really store the cell name in any databases or anything if
you're not using kaserver, so a cell doesn't tend to really be aware of
what it's own name is, aside from the entries in CellServDB/ThisCell.
Technically I think you may be able to just change client configuration,
with the servers still thinking the cell name is the old one, and it may
at least mostly work. But that's obviously not the recommended way.

I'm sure you're aware that this isn't a very common operation, though,
so this process isn't well-tested. I think I've only done something like
this once or twice, but I don't remember any special steps required.

-- 
Andrew Deason
adeason@sinenomine.net