[OpenAFS] Re: Moving Magic Trio to another domain

Andrew Deason adeason@sinenomine.net
Tue, 24 Sep 2013 10:15:59 -0500 

On Tue, 24 Sep 2013 11:56:29 +0300 (EEST)
"Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:

> Thanks to help, I'm now in the phase where I can kinit;aklog
> succesfully as root/admin to the new domain, but I can only see the
> directory structure, and not access either the existing /service or
> homedirs. I haven't recreated any user accounts so far, since I've
> made a script to keep krb/afs/ldap in sync once I have figured out the
> remaining ldap configuration.

Presumably you have a root.cell volume, but not the volumes for the
'service' directory or homedirs. Did you recreate the whole cell from
scratch? Just leave all the data the same; you don't need to change
anything.

> So, I just want to verify that there is a way to reclaim the access
> rights to the contents? As a backup plan, I still have a snapshot of
> the old, working server, and could propably ssh the contents from.

I don't know what you changed, so I don't know what to do to reclaim
access rights. In order to keep the same files and access and everything
as before, all you need to do is not change anything. Don't change the
protection database, don't change the vldb, don't change the /vicep*
data on the fileserver. Only change the CellServDB, ThisCell, etc,
files.

> I doubt that they both can be online as afs servers simultaneously,
> though.

You can't run an "old" and "new" server on the same machine from a
single IP address, that's true. But you _can_ just run the "old" server,
and point the old and new CellServDB entries at it, and it looks like
two different cells and two different servers that serve the same data.

To maybe help illustrate, it's like in HTTP/1.0 (without the 'host: '
header) having two different DNS A records for the same server. If you
had the hostname newwww.example.com and oldwww.example.com both pointing
to 198.51.100.5, they would both serve the same contents, but they sort
of "look" like two different hosts.

-- 
Andrew Deason
adeason@sinenomine.net