[OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS (DDNS) address

Karl-Philipp Richter richter@richtercloud.de
Fri, 26 Aug 2016 15:43:41 +0200 

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--fooKVDpA3wde39oKThMvJVp7P4PUVQqNe
Content-Type: multipart/mixed; boundary="FKSuq2fQi3IW95MBVe1G6aAU1wfaMGCUg"
From: Karl-Philipp Richter <richter@richtercloud.de>
To: Jeffrey Altman <jaltman@auristor.com>,
 "openafs-info@openafs.org" <openafs-info@openafs.org>
Message-ID: <60123b21-293f-acd7-b887-e6a47f5d6e82@richtercloud.de>
Subject: Re: [OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS
 (DDNS) address
References: <576D444B.2030307@richtercloud.de>
 <74a0992e-a0dc-e346-c742-ee55e396e178@auristor.com>
In-Reply-To: <74a0992e-a0dc-e346-c742-ee55e396e178@auristor.com>

--FKSuq2fQi3IW95MBVe1G6aAU1wfaMGCUg
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

Am 25.06.2016 um 15:21 schrieb Jeffrey Altman:
> When the IP address changes there is a requirement that the
> configuration be altered and the servers be restarted in order for that=

> new IP address to become available.
>=20
> The servers and the clients store the IP addresses.  The client in
> particular caches volume location information for hours and must
> manually "fs checkvolumes" be forced to refresh it when the file
> servers' IP address changes.
Changing the IP addresses in `/etc/openafs/CellServDB` and
`/etc/openafs/server/CellServDB` and restarting the fileserver and
client and running `fs checkvolumes` doesn't help (even rebooting both).
The server seems to keep track of old addresses and tries to contact
them - I see

    [  204.480062] afs: Lost contact with file server 192.168.179.1 in
cell richtercloud.de (code -1) (multi-homed address; other same-host
interfaces maybe up)
    [  204.480067] RXAFS_GetCapabilities failed with code -1
    [  260.948077] afs: Lost contact with file server 192.168.122.1 in
cell richtercloud.de (code -1) (multi-homed address; other same-host
interfaces maybe up)
    [  318.428081] afs: Lost contact with file server 192.168.178.21 in
cell richtercloud.de (code -1) (multi-homed address; other same-host
interfaces maybe up)
    [  375.900096] afs: Lost contact with file server 178.8.164.124 in
cell richtercloud.de (code -1) (multi-homed address; other same-host
interfaces maybe up)
    [  433.380152] afs: Lost contact with file server 94.222.178.83 in
cell richtercloud.de (code -1) (multi-homed address; other same-host
interfaces maybe up)
    [  490.848098] afs: Lost contact with file server 192.168.178.20 in
cell richtercloud.de (code -1) (all multi-homed ip addresses down for
the server)

in `dmesg` for any address I ever entered in the client `CellServDB`.
Changing the IP causes the volume to be broken (`ls: cannot access
'/afs/richtercloud.de/': Connection timed out`) even after chaning it
back, rebooting and running `fs checkvolumes` and `fs checkservers`! It
seems like the invalid addresses need to be added to `NetRestrict` in
order to make the volume work again.

I don't have the possiblity to get a WAN IP for my mobile client, so
it's behind a NAT as well. According to
https://www.mail-archive.com/openafs-info@openafs.org/msg39090.html that
shouldn't cause any problems (although I don't get why `fs
setclientaddrs` exists, then, but that might be another topic).

I wonder what `RXAFS_GetCapabilities failed with code -1` could mean.

I'm now experimenting with a script which updates the OpenAFS CellServDB
for the server after a change of the external IP, creates a virtual
network interface in the LAN where the server is with the same address
of the external interface of the WAN gateway/WiFi router in order to try
to trick the database scheme and setup forwarding for port 7000 to 7008
and 7021 (all UDP) from the WiFi router to the connected interface to
the server machine and from there to the virtual interface with
`iptables` (e.g. `sudo iptables -A PREROUTING -t nat -i eth0 -p udp
--dport 7021 -j DNAT --to [external IP]:7021`). The client (behind NAT
and WAN) still fails to connect due to `afs: Lost contact with volume
location server 178.8.164.124 in cell richtercloud.de (code -1)` and
`ls: cannot open directory '/afs/richtercloud.de/': Connection timed out`=
=2E

Are there any plans to use name resolution in OpenAFS? It's a major
technology that exists for decades and for a reason. It'd make all our
lives much easier.

Thanks for your support so far.

-Kalle



--FKSuq2fQi3IW95MBVe1G6aAU1wfaMGCUg--

--fooKVDpA3wde39oKThMvJVp7P4PUVQqNe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXwEeNAAoJEGadKJ8eJ7ZGeZgH/0Pq6j+I1NSqW1PiQ+e30WYq
AcmsnqYdls84b2xc7F7CDSNZXUuC4to+ynOpcaWw/YhdfvL/f3rB+IET/cSSUvFF
9W1x1XHXFfHOfKBPW/w3umFOyrJSoXLObmZSPOyZudUA2qYXkKq397DyvjwTDmx8
t1DC/M4J8GqTa4DHNJEOu6TQw4OKCF7JZb9OJbjcNqEJDic9v1v+1TVLebNnrN9I
0I8akQ58SRdrEQiOupo9PcGdL4SGYOP7h+9IFJHbWPK7B7DT1hPnThea9+VZzsab
ezV8aFd6UImITPnE8iMXeOj4Dmue/+aRx9D6EyhOvqy/aKZ/eK9VH7ZHfarzxhc=
=ywZZ
-----END PGP SIGNATURE-----

--fooKVDpA3wde39oKThMvJVp7P4PUVQqNe--