[OpenAFS] Re: Moving Magic Trio to another domain

Jukka Tuominen jukka.tuominen@finndesign.fi
Tue, 24 Sep 2013 23:31:22 +0300 (EEST) 

> On Tue, 24 Sep 2013 22:50:47 +0300 (EEST)
> "Jukka Tuominen" <jukka.tuominen@finndesign.fi> wrote:
>
>> > That shouldn't be the problem here. What actual errors are you
>> > seeing?  Can you run 'fs lsm' on the things you can't seem to
>> > access? (That is, 'services' and the homedirs)
>>
>> '/afs/[domain]/service' is a mount point for volume '#service'
>>
>> > fs: You don't have the required access rights on
>> '/afs/[domain]/user/...'
>>
>> Also,
>> fs la /afs/[domain]/service
>> fs: You don't have the required access rights on '/afs/[domain]/service'
>
> Okay, I thought you meant they were just offline or something. If that's
> the problem, then it probably is related to authentication; it seems
> more like the authentication setup is broken, not related to the
> migration. Are your tokens not working at all, then? (A way to test
> would be to try writing to, say, a new file in /afs/.cell/ )

mkdir saids it cannot be done because it's readonly.

>
> Do you know what the permissions on these dirs are supposed to be?

Access list for /afs/[old.domain]/service is
Normal rights:
  system:administrators rlidwka
  system:authuser rl
  system:anyuser

>
> Do you see anything in syslog, or 'dmesg | tail' on the client when you
> try to access these?

Sorry, I need to switch back to the new server...

br, jukka


>
>> > If you want to copy the data from a 'source' cell to a 'destination'
>> > cell and you can have both available at the same time, you can use the
>> > 'up' tool to copy the directory tree while preserving all of the
>> > afs-specific information and avoiding endless loops.
>>
>> I understood the client pointing to two different domains with a
>> single destiny. I can also switch between the two servers (old and
>> new) one at the time, but I can't understand how the server can hold
>> the two domains at once. When you destroy the krb data, or change the
>> .confs, it only appears as one, AFAIK. Sorry...
>
> Sorry, I meant using two different actual machines for that scenario
> (using 'up' to copy the data between the two cells). You'd need two
> separate machines for that, or at least two different IPs, so it's not
> relevant if you only have the one machine to work with.
>
> It may be possible to do that with one machine by setting up chrooted
> servers bound to a different local IP, but... that's getting a bit
> complex :)
>
> --
> Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>