[OpenAFS] Limiting mount point to known cells
Ed Rude
erude1@umbc.edu
Sat, 27 Aug 2022 11:46:34 -0400
--0000000000000b6ca205e73af085
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
I have faced similar issues at times. If you like everything about the
current behavior of AFS aside from the impact it can have on git you might
attack it from the git side. Maybe there is a way to stop git from
recursing all the way to /afs/ ? Similar solutions have worked for me with
things other than git. You probably don=E2=80=99t want git to check that di=
rectory
anyway, even if you can make it happen much faster.
Ed
On Fri, Aug 26, 2022 at 22:14 Jeffrey E Altman <jaltman@auristor.com> wrote=
:
> On 8/26/2022 5:13 PM, Ingo van Lil (inguin@gmx.de) wrote:
>
> Hello OpenAFS experts,
>
> is there any way to run an AFS client with both the -dynroot and -afsdb
> options, but still limit the /afs mount point to known cells
> (specifically: only my home cell)?
>
> There is no explicit support for this behavior in OpenAFS but you might b=
e
> able to approximate it by
>
> - enabling -dynroot
> - disabling -afsdb
> - removing the OpenAFS distributed CellServDB file
> - creating a CellServDB file contain only one line for the cell and no
> servers
> >my.cell # My personal cell
>
> A cell entry with no servers is an implicit request to lookup the servers
> via DNS.
> I do not remember if this works with -afsdb disabled but it might.
>
>
> Longer explanation of my problem:
>
> When I run "git status" somewhere inside the AFS hierarchy it freezes
> for a minute or two. git tries to access the directory /afs/.git, and I
> see that afsd sends multiple DNS requests to the loopback address
> 127.0.0.53. Not sure why it does that, it seems to be somehow related to
> systemd-resolved in Fedora Linux.
>
> Running without -dynroot solves the issue, but according to the manual
> it will keep my machine from booting in case my home cell can't be
> contacted. Not very attractive.
>
> Running without -afsdb solves the issue. That's what I do now, but it
> requires to manually specify the servers for my home cell in CellServDB.
> Ideally I'd like to get that info from DNS.
>
> Thanks in advance for any advice you can give!
>
> Regards,
> Ingo
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
Edward A. Rude
Systems Administrator - Unix Systems
Division of Information Technology
--0000000000000b6ca205e73af085
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">I have faced similar issues at times. If you like everyth=
ing about the current behavior of AFS aside from the impact it can have on =
git you might attack it from the git side. Maybe there is a way to stop git=
from recursing all the way to /afs/ ? Similar solutions have worked for me=
with things other than git. You probably don=E2=80=99t want git to check t=
hat directory anyway, even if you can make it happen much faster.=C2=A0</di=
v><div dir=3D"auto"><br></div><div dir=3D"auto">Ed=C2=A0<br></div><div><br>=
<div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Au=
g 26, 2022 at 22:14 Jeffrey E Altman <<a href=3D"mailto:jaltman@auristor=
.com">jaltman@auristor.com</a>> wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-le=
ft-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
=20
=20
=20
<div>
<div>On 8/26/2022 5:13 PM, Ingo van Lil (<a href=3D"mailto:inguin@gmx.d=
e" target=3D"_blank">inguin@gmx.de</a>) wrote:<br>
</div>
<blockquote type=3D"cite">Hello
OpenAFS experts, <br>
<br>
is there any way to run an AFS client with both the -dynroot and
-afsdb <br>
options, but still limit the /afs mount point to known cells <br>
(specifically: only my home cell)? <br>
</blockquote>
<p>There is no explicit support for this behavior in OpenAFS but you
might be<br>
able to approximate it by</p>
<ul>
<li>enabling -dynroot</li>
<li>disabling -afsdb</li>
<li>removing the OpenAFS distributed CellServDB file</li>
<li>creating a CellServDB file contain only one line for the cell
and no servers<br>
>my.cell # My personal cell</li>
</ul>
<p>A cell entry with no servers is an implicit request to lookup the
servers via DNS.=C2=A0 <br>
I do not remember if this works with -afsdb disabled but it might.<br=
>
</p>
<blockquote type=3D"cite"> <br>
Longer explanation of my problem: <br>
<br>
When I run "git status" somewhere inside the AFS hierarchy =
it
freezes <br>
for a minute or two. git tries to access the directory /afs/.git,
and I <br>
see that afsd sends multiple DNS requests to the loopback address
<br>
127.0.0.53. Not sure why it does that, it seems to be somehow
related to <br>
systemd-resolved in Fedora Linux. <br>
<br>
Running without -dynroot solves the issue, but according to the
manual <br>
it will keep my machine from booting in case my home cell can't b=
e
<br>
contacted. Not very attractive. <br>
<br>
Running without -afsdb solves the issue. That's what I do now, bu=
t
it <br>
requires to manually specify the servers for my home cell in
CellServDB. <br>
Ideally I'd like to get that info from DNS. <br>
<br>
Thanks in advance for any advice you can give! <br>
<br>
Regards, <br>
Ingo <br>
<br>
_______________________________________________ <br>
OpenAFS-info mailing list <br>
<a href=3D"mailto:OpenAFS-info@openafs.org" target=3D"_blank">OpenAFS=
-info@openafs.org</a>
<br>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" t=
arget=3D"_blank">https://lists.openafs.org/mailman/listinfo/openafs-info</a=
>
<br>
</blockquote>
</div>
</blockquote></div></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature" =
data-smartmail=3D"gmail_signature"><div dir=3D"ltr">Edward A. Rude<br>Syste=
ms Administrator - Unix Systems<br>Division of Information Technology<div><=
img src=3D"https://docs.google.com/uc?export=3Ddownload&id=3D1sDR2npAzb=
Dyq-hkIWpERgZfXnS4NUNno&revid=3D0B0sQLLgSRdtncmxTRHBKVU4vZmJHT2c2dHZRRU=
8vTldsZmlJPQ" width=3D"96" height=3D"20" style=3D"color:rgb(136,136,136)"><=
/div></div></div>
--0000000000000b6ca205e73af085--