[OpenAFS] Security Advisory 2016-003 and 'bos salvage' questions

Michael Meffie mmeffie@sinenomine.net
Tue, 4 Apr 2017 10:49:50 -0400 

On Tue, 04 Apr 2017 15:45:00 +0200 (CEST)
Harald Barth <haba@kth.se> wrote:

> Is there any reason why the -salvagedir requires -all?
> We run dafs.
> 
> To minimize downtime I'd like to use this per volume or if that is not
> possible at least per partition so I don't need to shut down the
> complete fileserver for this. Ok, I can move one volume to a dedicated
> salvage fileserver at a time and then out again, but that is tedious.
> 
> # bos salvage -server sterlet -partition  a -volume M.probe.sterlet.a -forceDAFS -salvagedirs -orphans attach -localauth
>  -salvagedirs only possible with -all.
> 
> This is our fileserver config:
> 
> # cat /usr/afs/local/BosConfig 
> restrictmode 0
> restarttime 16 0 0 0 0
> checkbintime 16 0 0 0 0
> bnode dafs dafs 1
> parm /usr/afs/bin/dafileserver -udpsize 131071 -sendsize 131071 -nojumbo -p 128 -busyat 1200 -rxpck 800 -s 2400 -l 2400 -cb 1000000 -b 480 -vc 2400
> parm /usr/afs/bin/davolserver
> parm /usr/afs/bin/salvageserver -datelogs -parallel all8 -orphans attach
> parm /usr/afs/bin/dasalvager -datelogs -parallel all8 -orphans attach
> end
> 
> Harald.

Hello Harald,

Unfortunately, the bos '-salvagedirs only possible with -all' is an implementation
limitation, but there is an alternative for you since you are running dafs.

If you change the salvageserver startup options to include -salvagedirs then
each time you salvage a single volume group with bos salvage, the salvageserver
will start a salvager process with the -salvagedirs option and the
directories will be rebuild in that volume group.  The directories will
also be rebuilt during DAFS on-demand salvages as well.

Example,

    $ bos status <fileserver> dafs -long
    Instance dafs, (type is dafs) currently running normally.
    ...etc...
    Command 3 is '/usr/afs/bin/salvageserver -salvagedirs ...etc...

    $ bos salvage -server <fileserver> -partition <partid> -volume <rw-id> -forceDAFS


Best regards,
Mike


-- 
Michael Meffie <mmeffie@sinenomine.net>