[OpenAFS] Re: NetRestrict ignored

Andrew Deason adeason@sinenomine.net
Mon, 18 Jun 2012 10:40:36 -0500

On Sun, 17 Jun 2012 22:07:17 +0100
Ian Crowther <i.crowther@gmail.com> wrote:

> #vos listvol
> Total number of volumes on server partition /vicepa: 6
> root.afs.readonly                 536870916 RO          2 K On-line
> root.cell.readonly                536870922 RO          4 K On-line
> root.public.readonly              536870931 RO          2 K On-line
> root.public.readonly              536870928 RO          2 K On-line
> root.user.readonly                536870925 RO          3 K On-line
> user.ian.readonly                 536870934 RO         10 K On-line
> Total volumes onLine 6 ; Total volumes offLine 0 ; Total busy 0
> (not entirely sure why root.public.readonly appears twice)

My guess would be: you created root.public awhile ago, removed all
entries of it from the vldb (but did not remove the RO site on, and created it again. You can verify whether 536870928 is
referenced by the vldb anywhere by running 'vos listvl 536870928'. If
that says it doesn't know what that volume is, you should be able to
delete it safely from the server, if you want.

> On the other hand
>   #vos changeaddr -oldaddr -remove
>   Removed server from the VLDB
>   #vos listaddrs
>   caffeine.example.com
>   a.ns.example.com
> I only wanted the entry to go, though!

You never need to fiddle with vos to alter what addresses are on a
(modern) fileserver. If you edit the Net* files, restart the fileserver,
and the addresses aren't what you wanted, just stop. Even if you manage
to 'solve' the problem by fiddling with stuff, the problem will reappear
the next time you start the fileserver.

Specifically with regards to that one command run, server addresses in
the vldb for modern fileservers are all tied to a single logical
'server'. So, if you delete one, you delete all of them. You cannot
specify deleting just a single address for a fileserver with 'vos
changeaddr', since that is supposed to be managed by the fileserver
setting its own addresses. You can manage to do this with 'vos
setaddrs', but you shouldn't do that for the reasons mentioned above.

Andrew Deason