[OpenAFS] Red Hat EL Support Customers - Please open a support
case for kafs in RHEL8
Dirk Heinrichs
dirk.heinrichs@altum.de
Sun, 09 Dec 2018 10:34:40 +0100
--=-Cqi3hYX8jdHIeYSXvJZQ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Am Samstag, den 08.12.2018, 14:08 -0500 schrieb Jeffrey Altman:
> On 12/8/2018 5:21 AM, Dirk Heinrichs wrote:
> > Dirk Heinrichs:
> >=20
> > > Did a quick test (on Debian, btw., which already ships kafs) and
> > > it
> > > works fine.
> >=20
> > While getting tokens at login work with this setup, things start to
> > fail
> > once the users $HOME is set to be in /afs. While simple scenarios
> > like
> > pure shell/console logins work, graphical desktop environments have
> > lots
> > of problems. XFCE4 doesn't even start, Plasma works to some degree
> > after
> > presenting lots of error dialogs to the user.
>=20
> As Harald indicated, "systemd --user" services are a problem not just
> for kafs but for openafs as well.
But that's not the problem here. Both work fine with the OpenAFS
client.
> There has been discussions on this
> mailing list of the issues dating back more than a year.
I know. I've been involved ;-)
> In summary,
> "systemd --user" services are incompatible with "session keyrings"
> which
> are used to represent AFS Process Authentication Groups.
Yes.
> You have no indicated which kernel version you are using nor am I
> aware
> of the options used to build AF_RXRPC and KAFS on Debian. The Linux
> kernel versions that are recommended are 4.19 with a couple of back
> port
> patches from the forthcoming 4.20 and the 4.20 release candidate
> series.
Ah, OK. Debian buster is still on 4.18. Will give it another try once
4.20 is out...
> Regardless, it would be useful for you to file bug reports with the
> Linux distribution describing the issues you are experiencing.
>=20
> Debian: https://wiki.debian.org/reportbug
Yep, know this.
> Fedora: https://fedoraproject.org/wiki/Bugs_and_feature_requests
>=20
> > Seems there's still some work to do until this becomes an
> > alternative
> > for the standard OpenAFS client.
>=20
> All software including OpenAFS has work to do.
Sure. But the OpenAFS client is mature and just works (except for the
systemd --user thing, which isn't OpenAFS' fault).
> The kafs to-do list of known work items is here:
>=20
> https://www.infradead.org/~dhowells/kafs/todo.html
>=20
> > So I wonder why RH customers would want that?
>=20
> Obviously, no one wants bugs, but at the same time this community
> does want:
>=20
> 1. A solution to "systemd --user" service compatibility with AFS.
ACK.
> The required changes are going to require Linux distribution
> intervention because systemd is integrated with differences
> to each distribution. At the moment there is no interest among
> the systemd developers to work to fix a behavior they consider
> to be a bug in OpenAFS, an out of tree file system.
So they need to understand it's a problem with an in-tree fs as well? I
see...
> 2. The RHEL AFS user community needs an end to the repeated breakage
> of /afs access following each RHEL dot release. How many times
> has getcwd() broken because RHEL kernels updates preserve the API
> between releases but do not preserve the ABI. While this permits
> third party kernel modules to load it does not ensure that they
> will do the right thing. If the community is lucky the symptoms
> are visible. If unlucky, the symptoms are hidden until someone
> reports silent data corruption.
As a Debian user I didn't have these kind of problems in the past
*HINT* :-) But, OTOH, mine is just a small home setup.
> The need for an in-tree Linux AFS client extends to all Linux
> distributions not just Red Hat. Any OpenAFS Linux developer can
> attest
> to the extensive effort that must be expended to maintain
> compatibility
> with the mainline Linux kernel. Then multiply that effort by all of
> the
> Linux distributions that ship modified kernels such as RHEL, SuSE,
> Ubuntu, Oracle, ....
ACK
Bye...
Dirk
--=20
Dirk Heinrichs
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de=20
--=-Cqi3hYX8jdHIeYSXvJZQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEJgWJ3LIo7zNO9tmf0p7rxfc7RqsFAlwM4bAACgkQ0p7rxfc7
RqscIQ/+KGgBsEq1dIPf/OdEyWlGcUBkpQtjsEmTU5vOLYZtkprFJhuzyHTCii+5
AXe62e/2lfMPPJnY5jfLCPyXRo3DMskXQz+Qrkjeo5groiIShuhC6J6e3xUKxbL/
xsKEMVDdgRFpXVIHpSPTcu7k07liewPxiTBBr1GxSyFeitauzYhzFsVFKbsxu/GK
zXXTnUJBCuJosmZGb3uI1+edM5v0SWB289UcW4PBOS4lS1gayDnsgXjJh1+gEYcw
P1HIZh9dS5DTBfjWBFZRqCKMwsMKhL89TOXziBdd8u5wl4eQcuY+UyKIfbiPQnMm
b2ykGXNouhZzSAu/z+40299VxyHqCG8kY+KBrgDeAJWGGM66PTmXbXsd2IXXGnd5
/3PRxAsOuUP0pnFeXY2x5gbL6goavTGS1rr+Xeywlj909FtjvPD4p1glIUNtfFZZ
h/2igctr0YjIQKOF6LG/8o3KLGaWABhPrL1ZwCu5UXEy2Qlhd0v6FP9yikJS5tAU
HZAP4h4bir0cpfD8zRlBNeOWLBZKnh8npxnW8rkLC2vo76HVTMaErB72qS3KUR1E
OPZyoW7AIFKGHJmkJSaWmxEvtvJ58X8GMmqsMRtAfM2/6wdeDB+MOwDUSs5rr4PA
4vVQgiYNiTTKdtwShOCenFfXcDwlu+fQGQQgDesrvDZqqllUr08=
=Ilg2
-----END PGP SIGNATURE-----
--=-Cqi3hYX8jdHIeYSXvJZQ--