[OpenAFS] Limiting mount point to known cells

Kostas Liakakis kostas@physics.auth.gr
Sat, 27 Aug 2022 08:56:32 +0300


Hi,

There was a thread about /afs/.git hanging back in 2014 which ended up 
with a work around from Jonathan Billings:

https://lists.openafs.org/pipermail/openafs-info/2014-August/040888.html

Basically, he suggested setting GIT_CEILING_DIRECTORIES ( 
https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode 
) environmental variable and limit git's search.

In the same thread, a blacklist (or whitelist) of cell names was 
suggested to prevent afsdb queries for troublesome domains but it seems 
it never got implemented.

-K.

On 27/08/2022 00.13, Ingo van Lil wrote:
> Hello OpenAFS experts,
>
> is there any way to run an AFS client with both the -dynroot and -afsdb
> options, but still limit the /afs mount point to known cells
> (specifically: only my home cell)?
>
> Longer explanation of my problem:
>
> When I run "git status" somewhere inside the AFS hierarchy it freezes
> for a minute or two. git tries to access the directory /afs/.git, and I
> see that afsd sends multiple DNS requests to the loopback address
> 127.0.0.53. Not sure why it does that, it seems to be somehow related to
> systemd-resolved in Fedora Linux.
>
> Running without -dynroot solves the issue, but according to the manual
> it will keep my machine from booting in case my home cell can't be
> contacted. Not very attractive.
>
> Running without -afsdb solves the issue. That's what I do now, but it
> requires to manually specify the servers for my home cell in CellServDB.
> Ideally I'd like to get that info from DNS.
>
> Thanks in advance for any advice you can give!
>
> Regards,
> Ingo
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>