[OpenAFS] fs newcell / clients CellServDB / adding new db server
Andreas Ladanyi
andreas.ladanyi@kit.edu
Mon, 18 Jun 2018 15:07:09 +0200
>
> The ubik clients do not rank servers based upon IP address. What they
> do is:
ok. Then maybe i misunderstood the documentation
(http://docs.openafs.org/QuickStartUnix/HDRWQ114.html) which tells me
the machine with lowest ip is "usually" elected as the ubik coordinator.
I followed the instruction on this paper to add a new db server machine
with lowest ip.
>
> 1. compute the length of the ordered server list
>
> A B C D
>
> 2. then generate a random number from 0..<length - 1>
>
> 3. use that number as an index into the list to decide which is first
>
> 4. and reorder the list as if it were a circular queue. So if the
> random number selected was 2, then the list would become
>
> C D A B
>
> The only time the coordinator must be contacted is for a write
> transaction. All read transactions are processed by the first server
> contacted.
ok. thanks for explanation.
>
> My conclusion is that there is something about your cell configuration
> that results in a write transaction for each token requested. For example:
I straced aklog for some tests and could see if aklog sometimes ask the
new db server (which is offline) and then wait for a timeout (hangs
about 15 sec) and if ask the old online db servers from CellServDB
without timeout (hang).
This seems to cause the ssh login hanging symptom because pam debug
shows me hanging about 15 sec when pam_afs calls aklog.
So on summary it seems to be better to first add the new db server to
all db servers CellServDB / bos addhost and to bos restart the pt/vl
instances for ubik corrdinator election on the servers and then to
update the clients CellServDB.
The documentation tells to first update clients CellServDB (when new db
server with lowest ip) and then bring up new db server.
>
> 1. cell name: example.com
no, cellname a.b.c
>
> 2. One of the following is true:
>
> a. realm name: AD.EXAMPLE.COM
no AD
REALM = A.B.C, MIT Kerberos
>
> b. CellServDB's zeroth ubik server host domain:
>
> subnet.example.com
I dont understand this example.
>
> 3. auto-registration of foreign PTS IDs enabled:
>
> a. pam_afs_session configuration doesn't disable it
>
> b. aklog executed without -noprdb
yes, pam_afs_session calls aklog without -noprdb
>
> If the "realm of cell" guessing algorithm decides that the current login
> is likely to be a foreign cell login, then an attempt to allocate a PTS
> ID for the authentication name will be performed. This request is a
> write transaction and the ubik client will attempt to contact every ubik
> server in order until the coordinator is determined.
>
> Jeffrey Altman
>
Andi