[OpenAFS] Setup a new OpenAFS cell on Debian bullseye v11
Michael Meffie
mmeffie@sinenomine.net
Mon, 2 May 2022 14:17:51 -0400
On Mon, 2 May 2022 15:33:24 +0000
<spacefrogg-openafs@spacefrogg.net> wrote:
> I usually follow the quick start guide https://docs.openafs.org/QuickStartUnix/HDRWQ50.html in particular.
>
> It also explains the particulars about the new key file format and key types.
>
> I have used this method successfully for new AES keys.
Just keep in mind the "Quick Start Guide" uses the legacy paths. You will need
to translate to the modern style paths used on Debian. (e.g. /etc/openafs/server
instead of /usr/afs/etc).
Recent versions of OpenAFS have the akeyconvert utility, which is nicer to use
than the old asetkey command, since that will sort out the enc types and kvno
values for you.
Unfortunately, both akeyconvert and asetkey currently require the server side
CellServDB and ThisCell files to be present. Those files are normally created
and managed by the bosserver, but you'll want to create the key files before
running the bosserver. The current workaround is to be sure the
/etc/openafs/server/{CellServDB,ThisCell} files are present before running
asetkey or akeyconvert.
Finally, just to mention, the Ansible Collection for OpenAFS is useful for setting
up test cells. The openafs_server role will setup the fileserver and db servers,
You can use the "managed" install method to install packages with apt.
https://github.com/openafs-contrib/ansible-openafs
Thanks,
Mike
--
Michael Meffie <mmeffie@sinenomine.net>