Re: [OpenAFS] fakeka and krb425
Michael Norwick wrote: Please forgive my ignorance. I have rtfm'd and googled. I have OpenAFS 1.3.81 loaded and working on 2 servers on FC3 using a locally built system from source (not RPM's). I also have Kerberos5 krb5-1.4.1 up and working on these same servers, one master, one slave, also locally built from source. My clients can klog OR kinit to any machine on the network and authenticate and access files in OpenAFS volumes in my local cell. Until I have authentication working properly I do not let them venture out into the greater world. My questions are as follows: 1. How do I get one key/token for the client. When building krb5 I did not enable V4 authentication heeding MIT's advice to move to krb5. Krb5 builds with k4 compatability by default. You can enable or disable K4 in kdc.conf I have made several attempts to build Ken H's 2.0 migration kit to get aklog and asetkey but so far have failed with well documented make errors (but little documented solutions). And looking at the source for krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to grant tokens to OpenAFS. Yes Fakeka runs in the place of kaserver. What are your make errors? 2. When I do eventually open up access from my local cell to the world would it be advisable to have krb425 in order to authenticate against way older servers? 3. In any event what is the proper appdefaults section krb5.conf notation for a krb5 kdc and OpenAFS 1.3.81? 4. How do I use fakeka? Fakeka runs in the place of kaserver: /usr/local/sbin/fakeka Any references, links and patience are greatly appreciated. Michael ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Steve Devine Storage Systems Academic Computing Network Services Michigan State University 301 Computer Center East Lansing, MI 48824-1042 1-517-432-7327 Baseball is ninety percent mental; the other half is physical. - Yogi Berra ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Openafs-client module fails (debian-sarge)
Using regen.sh is the only way I can get compiles reliably across several machines. Specifically the libafs module is where compiles are breaking. I have no idea why but it works on SUSE 9.3. tedc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Russ Allbery Sent: Sunday, May 01, 2005 6:13 PM To: openafs-info@openafs.org Subject: Re: [OpenAFS] Openafs-client module fails (debian-sarge) ted creedon [EMAIL PROTECTED] writes: Cd /usr/vice/etc;insmod ./libafs-kernelname.ko #if this works then make sure that binary is named libafs.ko and is in /lib/modules/kernelname/kernel/fs/afs directory. Then run a depmod from /lib/afs/kernelname. Then do a modprobe libafs to make sure. If he uses openafs-modules-source from sarge and has a 2.4.27 kernel as he says, that module name will be called openafs.o, not libafs.ko. If there are compile problems do a ./regen.sh once prior to .configure... Shouldn't be required with openafs-modules-source. I'm guessing the problem will go away by installing the right version of that package and then using make-kpkg as normal. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] upgrading afs on mac
In my last query I asked how to remove openafs from a mac. Now, I am interested in perhaps 'upgrading'. I don't know what the latest package is for openafs on the mac, but is the package install intelligent enough to find prior versions and upgrade them? -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 Beware the IP portfolio, everyone will be suspect of trespassing ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] upgrading afs on mac
On Mon, 2 May 2005, David Bear wrote: In my last query I asked how to remove openafs from a mac. Now, I am interested in perhaps 'upgrading'. I don't know what the latest package is for openafs on the mac, but is the package install intelligent enough to find prior versions and upgrade them? Yes. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Openafs-client module fails (debian-sarge)
That just seems weird. Are you not re-running configure across the multiple kernels? I don't see why you'd need to re-run regen. All that does is rebuild the configure script. -derek ted creedon [EMAIL PROTECTED] writes: Using regen.sh is the only way I can get compiles reliably across several machines. Specifically the libafs module is where compiles are breaking. I have no idea why but it works on SUSE 9.3. tedc -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Openafs-client module fails (debian-sarge)
Exactly. Perhaps the m4 macros differ slightly depending version/OS/architecture and package install options? There are different .regen.sh warnings from systems that are presumably identical (except some were upgraded from 9.2-9.3 and some were built from scratch). Anyway, the SP/SMP errors disappeared - on about 20 builds. tedc -Original Message- From: Derek Atkins [mailto:[EMAIL PROTECTED] Sent: Monday, May 02, 2005 11:44 AM To: ted creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Openafs-client module fails (debian-sarge) That just seems weird. Are you not re-running configure across the multiple kernels? I don't see why you'd need to re-run regen. All that does is rebuild the configure script. -derek ted creedon [EMAIL PROTECTED] writes: Using regen.sh is the only way I can get compiles reliably across several machines. Specifically the libafs module is where compiles are breaking. I have no idea why but it works on SUSE 9.3. tedc -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Hello All, I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) resulting in continuously outputting; FSYNC_clientInit temporary failure (will retry): Connection refused Nothing is bound to port 2040, I looked into this for the past few hours with little to no success minus some vague handwaving towards the concept of nameserver resolution and configuration, so I made *absolutely* certain that that was correct (cell name umbralservices.com, hostname raven, resolves forwards and reverse resolves correctly, notably *not* to 127.0.0.1 so I'm uncertain if there's something to worry about with the bosserver trying to connect to localhost:2040) I've looked over the documentation on the main site but it's clearly geared toward a massively different process installing from CD's and such and has about zero relevance for the debian install, unfortunately the documentation in /usr/share/doc/openafs-fileserver is just about no better on the debian side. Anyone out there got this working and know what I'm doing wrong? Regards Eric ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] wrote: Hello All, I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) resulting in continuously outputting; FSYNC_clientInit temporary failure (will retry): Connection refused Nothing is bound to port 2040, I looked into this for the past few hours with little to no success minus some vague handwaving towards the concept of nameserver resolution and configuration, so I made *absolutely* certain that that was correct (cell name umbralservices.com, hostname raven, resolves forwards and reverse resolves correctly, notably *not* to 127.0.0.1 so I'm uncertain if there's something to worry about with the bosserver trying to connect to localhost:2040) Yes, this is a problem. Debian will put the machine's hostname on the 127.0.0.1 line in /etc/hosts. This is BAD and causes all sorts of problems. Did you check this file also? The hosts file is checked before DNS is queried. You want to make sure your AFS servers (and probably all your servers for that matter) are configured similarly to: [EMAIL PROTECTED]:/]% cat /etc/hosts 127.0.0.1 localhost 128.174.251.6 clortho.acm.uiuc.educlortho This way an IP lookup on the hostname of the machine returns the correct IP address and NOT 127.0.0.1 CDC Christopher D. Clausen [EMAIL PROTECTED] SysAdmin ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Callback/Cache Issues with 1.3.82 on FC3
This is just a preliminary heads-up to a problem we're seeing. I deployed 1.3.82 on Friday to Fedora 3 hosts and have almost immediately run into a strange volume consistency problems across hosts as well as consistency between RW volumes and RO volumes. The two problems are: 1) Contents differ between a RW volume and it's RO replica on a .82 host, even after a 'vol release -f' and attempts to flush the volume. Looking at the volumes on a .81 or an AS3 box running 1.2.13 shows the volumes consistent amongst the RW and RO volumes. A reboot was required to get consistency. 2) An FC3 host running .82 box had stale contents of a volume and after a vol release that changed 2 files, the .82 box wiped out intermediate changes to those same files from an FC3 host running .81. The FC3 box w/ .81 immediately saw that the files where changed out from under it. After re-changing the files (on the .81 box) to include the wiped-out data, the FC3 box running .82 still couldn't see those changes after a release. The AS3 box again say the changes immediately. After I get this situation stabilized, I'll try and create a test-case for this situation. -- Jason McCormick [EMAIL PROTECTED] CERT Infrastructure Team ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Callback/Cache Issues with 1.3.82 on FC3
On Mon, 2 May 2005, Jason McCormick wrote: This is just a preliminary heads-up to a problem we're seeing. I deployed 1.3.82 on Friday to Fedora 3 hosts and have almost immediately run into a strange volume consistency problems across hosts as well as consistency between RW volumes and RO volumes. The two problems are: 1) Contents differ between a RW volume and it's RO replica on a .82 host, even after a 'vol release -f' and attempts to flush the volume. Looking at the volumes on a .81 or an AS3 box running 1.2.13 shows the volumes consistent amongst the RW and RO volumes. A reboot was required to get consistency. Ok, so roll back the dentry revalidation changes (the only thing which should matter in 82) and I bet it goes away. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Yeah, I thought of that; 127.0.0.1 localhost 69.60.123.88raven.umbralservices.com raven # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts Thanks for the thought though. Regards Eric Christopher D. Clausen wrote: Eric Bennett [EMAIL PROTECTED] wrote: Hello All, I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) resulting in continuously outputting; FSYNC_clientInit temporary failure (will retry): Connection refused Nothing is bound to port 2040, I looked into this for the past few hours with little to no success minus some vague handwaving towards the concept of nameserver resolution and configuration, so I made *absolutely* certain that that was correct (cell name umbralservices.com, hostname raven, resolves forwards and reverse resolves correctly, notably *not* to 127.0.0.1 so I'm uncertain if there's something to worry about with the bosserver trying to connect to localhost:2040) Yes, this is a problem. Debian will put the machine's hostname on the 127.0.0.1 line in /etc/hosts. This is BAD and causes all sorts of problems. Did you check this file also? The hosts file is checked before DNS is queried. You want to make sure your AFS servers (and probably all your servers for that matter) are configured similarly to: [EMAIL PROTECTED]:/]% cat /etc/hosts 127.0.0.1 localhost 128.174.251.6 clortho.acm.uiuc.educlortho This way an IP lookup on the hostname of the machine returns the correct IP address and NOT 127.0.0.1 CDC Christopher D. Clausen [EMAIL PROTECTED] SysAdmin ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] wrote: Yeah, I thought of that; 127.0.0.1 localhost 69.60.123.88raven.umbralservices.com raven Did you make this this change AFTER installing the OpenAFS server packages? If so, I'd recomend apt-get remove --purge openafs-*server and then reinstall them to make sure you don't have localhost entered somewhere. I had this problem and it turned out that localhost was entered in one of the CellServDB files and was very hard to track down, but easy to correct once found. CDC Christopher D. Clausen [EMAIL PROTECTED] SysAdmin ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Hi Chris, Redid everything again but it appears to be having the exact same problem, this time there was definitely at no point an incorrect entry in hosts, further diag info that may be useful; raven:/usr/share/doc/openafs-fileserver# bos status raven -long -local Instance ptserver, (type is simple) currently running normally. Process last started at Tue May 3 10:02:49 2005 (1 proc starts) Command 1 is '/usr/lib/openafs/ptserver' Instance vlserver, (type is simple) currently running normally. Process last started at Tue May 3 10:02:49 2005 (1 proc starts) Command 1 is '/usr/lib/openafs/vlserver' Instance fs, (type is fs) currently running normally. Auxiliary status is: file server running. Process last started at Tue May 3 10:06:15 2005 (4 proc starts) Last exit at Tue May 3 10:06:15 2005 Last error exit at Tue May 3 10:06:15 2005, by vol, by exiting with code 1 Command 1 is '/usr/lib/openafs/fileserver' Command 2 is '/usr/lib/openafs/volserver' Command 3 is '/usr/lib/openafs/salvager' raven:/usr/share/doc/openafs-fileserver# tail /var/log/openafs/* == /var/log/openafs/BosLog == Tue May 3 10:02:49 2005: Server directory access is okay Tue May 3 10:02:49 2005: fs:salv exited with code 0 Tue May 3 10:06:15 2005: fs:vol exited with code 1 Tue May 3 10:09:41 2005: fs:vol exited with code 1 == /var/log/openafs/FileLog == Tue May 3 10:06:19 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267268. Tue May 3 10:06:49 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. Tue May 3 10:07:19 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267268. Tue May 3 10:07:49 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. Tue May 3 10:08:19 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267268. Tue May 3 10:08:49 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. Tue May 3 10:09:19 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267268. Tue May 3 10:09:49 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. Tue May 3 10:10:19 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267268. Tue May 3 10:10:49 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. == /var/log/openafs/PtLog == ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth == /var/log/openafs/SalvageLog == @(#) OpenAFS 1.3.81 built 2005-04-07 05/03/2005 10:02:49 STARTING AFS SALVAGER 2.4 (/usr/lib/openafs/salvager) 05/03/2005 10:02:49 Starting salvage of file system partition /vicepa 05/03/2005 10:02:49 SALVAGING FILE SYSTEM PARTITION /vicepa (device=vicepa) 05/03/2005 10:02:49 No vice inodes on vicepa; not salvaged 05/03/2005 10:02:49 0 nVolumesInInodeFile 0 Temporary file /vicepa/salvage.inodes.vicepa.8334 is missing... == /var/log/openafs/VLLog == Tue May 3 10:02:49 2005 Using 69.60.123.88 as my primary address Tue May 3 10:02:49 2005 Starting AFS vlserver 4 (/usr/lib/openafs/vlserver) My instincts are telling me something is up with ptserver? Regards Eric Christopher D. Clausen wrote: Eric Bennett [EMAIL PROTECTED] wrote: Yeah, I thought of that; 127.0.0.1 localhost 69.60.123.88raven.umbralservices.com raven Did you make this this change AFTER installing the OpenAFS server packages? If so, I'd recomend apt-get remove --purge openafs-*server and then reinstall them to make sure you don't have localhost entered somewhere. I had this problem and it turned out that localhost was entered in one of the CellServDB files and was very hard to track down, but easy to correct once found. CDC Christopher D. Clausen [EMAIL PROTECTED] SysAdmin ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] writes: I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) Well, this particular problem is because of /etc/hosts, as previously mentioned. (That's the only reason why something would be connecting to 127.0.0.1.) Have you read the documentation in the OpenAFS sarge package in /usr/share/doc/openafs-dbserver? In particular, you want to read README.servers and configuration.transcript.txt.gz. The latter steps you through the whole process of setting up a new cell; you say below that you didn't think the documentation is adequate, but that transcript is about the most useful documentation I've seen for installing OpenAFS. The Debian package comes with afs-newcell and afs-rootvol scripts that automate part of this process and also check various things, including the 127.0.0.1 problem that you had above (in the version in sid; that check hasn't migrated into sarge yet). -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Hi Russ, configuration.transcript.txt.gz has been my working document, I've gotten to the vos create part and no further, as you'll see further on this thread. Regards Eric Russ Allbery wrote: Eric Bennett [EMAIL PROTECTED] writes: I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) Well, this particular problem is because of /etc/hosts, as previously mentioned. (That's the only reason why something would be connecting to 127.0.0.1.) Have you read the documentation in the OpenAFS sarge package in /usr/share/doc/openafs-dbserver? In particular, you want to read README.servers and configuration.transcript.txt.gz. The latter steps you through the whole process of setting up a new cell; you say below that you didn't think the documentation is adequate, but that transcript is about the most useful documentation I've seen for installing OpenAFS. The Debian package comes with afs-newcell and afs-rootvol scripts that automate part of this process and also check various things, including the 127.0.0.1 problem that you had above (in the version in sid; that check hasn't migrated into sarge yet). ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] writes: configuration.transcript.txt.gz has been my working document, I've gotten to the vos create part and no further, as you'll see further on this thread. You were using afs-rootvol for the vos create? -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
From the file; bos addhost snorklewacker snorklewacker -localauth ||true bos adduser snorklewacker hartmans -localauth pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545 Ubik Version is: 2.0 Error while creating system:administrators: Entry for id already exists pt_util: Ubik Version number changed during execution. Old Version = 2.0, new version = 33554432.0 bos create snorklewacker ptserver simple /usr/lib/openafs/ptserver -localauth bos create snorklewacker vlserver simple /usr/lib/openafs/vlserver -localauth bos create snorklewacker fs fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/op enafs/volserver -cmd /usr/lib/openafs/salvager -localauth Waiting for database elections: done. vos create snorklewacker a root.afs -localauth vos create is where it hangs, this is prior to the afs-rootvol command. Regards Eric Russ Allbery wrote: Eric Bennett [EMAIL PROTECTED] writes: configuration.transcript.txt.gz has been my working document, I've gotten to the vos create part and no further, as you'll see further on this thread. You were using afs-rootvol for the vos create? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
On Monday, May 02, 2005 07:30:50 PM -0700 Russ Allbery [EMAIL PROTECTED] wrote: Eric Bennett [EMAIL PROTECTED] writes: I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) Well, this particular problem is because of /etc/hosts, as previously mentioned. (That's the only reason why something would be connecting to 127.0.0.1.) Actually, no. Port 2040/tcp is the fssync interface, which is the communication channel between the fileserver, volserver, and other volume utilities running on the same machine. It listens _only_ on 127.0.0.1, and connections via that address are perfectly normal. The connection is being refused because the fileserver hasn't finished initializing yet. This is also perfectly normal, for a time, but not indefinitely. In this case, the reason the fileserver has not finished initializing is called out clearly in the logs -- it can't get a CPS for system:anyuser, because that entry doesn't yet exist in the PRDB (error 267268 is PRNOENT, User or group doesn't exist). The reason for the PRNOENT is also called out clearly in the logs. The ptserver was started with _no_ database, and because it is not running in noauth mode, it will not construct one from scratch. This is somewhat expected; running the ptserver in noauth mode has significant security implications, and so it's desirable to avoid ever doing so. The Debian scripts accomplish this by using pt_util to spin an initial PRDB from scratch before starting the ptserver for the first time. Since these scripts were apparently not used in this case, there is no PRDB. IMHO the simplest solution would be to use the afs-newcell script provided with the Debian packages to emit a new PRDB. -- Jeffrey T. Hutzelman (N3NHS) [EMAIL PROTECTED] Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Jeffrey Hutzelman [EMAIL PROTECTED] writes: Actually, no. Port 2040/tcp is the fssync interface, which is the communication channel between the fileserver, volserver, and other volume utilities running on the same machine. It listens _only_ on 127.0.0.1, and connections via that address are perfectly normal. [...] Ack. Thank you for the corrections; I clearly didn't know what I was talking about. I'll remember this. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Now this is an interesting one, I did run afs-newcell as the quick and dirty debian guide advised that it needed to be done, however, here is the exact output of the command; raven:/usr/share/doc/openafs-fileserver# afs-newcell Prerequisites In order to set up a new AFS cell, you must meet the following: 1) You need a working Kerberos realm with Kerberos4 support. You should install Heimdal with Kth-kerberos compatibility or MIT Kerberos5. 2) You need to create the single-DES AFS key and load it into /etc/openafs/server/KeyFile. If your cell's name is the same as your Kerberos realm then create a principal called afs. Otherwise, create a principal called afs/cellname in your realm. The cell name should be all lower case, unlike Kerberos realms which are all upper case. You can use asetkey from the openafs-krb5 package, or if you used AFS3 salt to create the key, the bos addkey command. 3) This machine should have a filesystem mounted on /vicepa. If you do not have a free partition, then create a large file by using dd to extract bytes from /dev/zero. Create a filesystem on this file and mount it using -oloop. 4) You will need an administrative principal created in a Kerberos realm. This principal will be added to susers and system:administrators and thus will be able to run administrative commands. Generally the user is a root instance of some administravie user. For example if jruser is an administrator then it would be reasonable to create jruser/root and specify jruser/root as the user to be added in this script. 5) The AFS client must not be running on this workstation. It will be at the end of this script. Do you meet these requirements? [y/n] y If the fileserver is not running, this may hang for 30 seconds. /etc/init.d/openafs-fileserver stop Stopping AFS Server: bosserver. What administrative principal should be used? eric echo \umbralservices.com /etc/openafs/server/CellServDB /etc/init.d/openafs-fileserver start Starting AFS Server: bosserver. bos addhost raven raven -localauth ||true bos: could not find entry (can't find cell 'default' in cell database) bos adduser raven eric -localauth bos: could not find entry (can't find cell 'default' in cell database) Failed: 256 bos: could not find entry (can't find cell 'default' in cell database) As you can see, it's not getting what server it ought to be adding to, as far as I can see this is due to echo \umbralservices.com /etc/openafs/server/CellServDB overwriting the correct content which should be umbralservices.com # cell 69.60.123.88# raven Those automatically executed commands however are actually included in the configuration documentation, so it appeared that the author expected us to figure out the way to make CellServDB work on our own and then execute those commands individually. I daresay you're right about the ptserver not having an initialised DB, but as you can see, afs-newcell is not doing the job there, is there a direct way to do it, or a way to fix afs-newcell? I might try hashing out the line in the perl script which botches my CellServDB right now actually. Regards Eric Jeffrey Hutzelman wrote: On Monday, May 02, 2005 07:30:50 PM -0700 Russ Allbery [EMAIL PROTECTED] wrote: Eric Bennett [EMAIL PROTECTED] writes: I've been having a nightmare of a time trying to get openafs installed under debian, I've gotten to the point where you create a volume (I assume) with the command vos create (host) a root.afs -localauth and it just hangs, I've tried stracing the filesserver process as well as the bosserver process, it appears to be hanging on [pid 7169] connect(3, {sa_family=AF_INET, sin_port=htons(2040), sin_addr=inet_addr(127.0.0.1)}, 16) = -1 ECONNREFUSED (Connection refused) Well, this particular problem is because of /etc/hosts, as previously mentioned. (That's the only reason why something would be connecting to 127.0.0.1.) Actually, no. Port 2040/tcp is the fssync interface, which is the communication channel between the fileserver, volserver, and other volume utilities running on the same machine. It listens _only_ on 127.0.0.1, and connections via that address are perfectly normal. The connection is being refused because the fileserver hasn't finished initializing yet. This is also perfectly normal, for a time, but not indefinitely. In this case, the reason the fileserver has not finished initializing is called out clearly in the logs -- it can't get a CPS for system:anyuser, because that entry doesn't yet exist in the PRDB (error 267268 is PRNOENT, User or group doesn't exist). The reason for the PRNOENT is also called out clearly in the logs. The ptserver was started with _no_ database, and because it is not running in noauth mode, it will not construct one from scratch. This is somewhat expected; running the ptserver in noauth mode has significant security implications, and so it's desirable to avoid ever doing so. The
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] writes: echo \umbralservices.com /etc/openafs/server/CellServDB Hm. So afs-newcell is adding the name of the cell but not the IP address of the server. That seems odd to me, although maybe it just works? But more fundamentally, this: /etc/init.d/openafs-fileserver start Starting AFS Server: bosserver. bos addhost raven raven -localauth ||true bos: could not find entry (can't find cell 'default' in cell database) smells to me like a ThisCell problem. What's the contents of /etc/openafs/ThisCell on your system? Anyway, that explains the ptserver problem; afs-newcell had failed before it got to running pt_util to create the database. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
cat /etc/openafs/server/* CellServDB umbralservices.com #Cell name 69.60.123.88#raven ThisCell; raven I manually made CellServDB to how it has looked according to various previous posts on the mailing list and set ThisCell to umbralservices.com, not sure what made it raven, assumedly afs-newcell when I ran it again and it reported no errors this time, though I still get; raven:/usr/share/doc/openafs-fileserver# tail /var/log/openafs/* == /var/log/openafs/BosLog == Tue May 3 14:09:22 2005: Server directory access is okay Tue May 3 14:09:22 2005: ptserver exited on signal 15 Tue May 3 14:09:22 2005: vlserver exited on signal 15 Tue May 3 14:09:22 2005: fs:vol exited on signal 15 Tue May 3 14:09:22 2005: fs:file exited on signal 3 == /var/log/openafs/FileLog == Tue May 3 14:09:22 2005 File server starting Tue May 3 14:09:22 2005 afs_krb_get_lrealm failed, using umbralservices.com. Tue May 3 14:09:22 2005 VL_RegisterAddrs rpc failed; will retry periodically (code=5376, err=2) Tue May 3 14:09:22 2005 Couldn't get CPS for AnyUser, will try again in 30 seconds; code=267275. == /var/log/openafs/PtLog == ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth == /var/log/openafs/SalvageLog == @(#) OpenAFS 1.3.81 built 2005-04-07 05/03/2005 14:08:57 STARTING AFS SALVAGER 2.4 (/usr/lib/openafs/salvager) 05/03/2005 14:08:57 Starting salvage of file system partition /vicepa 05/03/2005 14:08:57 SALVAGING FILE SYSTEM PARTITION /vicepa (device=vicepa) 05/03/2005 14:08:57 No vice inodes on vicepa; not salvaged 05/03/2005 14:08:57 0 nVolumesInInodeFile 0 Temporary file /vicepa/salvage.inodes.vicepa.10542 is missing... == /var/log/openafs/VLLog == Tue May 3 14:09:22 2005 Using 69.60.123.88 as my primary address Tue May 3 14:09:22 2005 Starting AFS vlserver 4 (/usr/lib/openafs/vlserver) Weirdness in PtLog and BosLog, and vos create hangs with timeouts on the first UDP connections, in an endless loop, so I assume it's still not done what it was supposed to do. Regards Eric Russ Allbery wrote: Eric Bennett [EMAIL PROTECTED] writes: echo \umbralservices.com /etc/openafs/server/CellServDB Hm. So afs-newcell is adding the name of the cell but not the IP address of the server. That seems odd to me, although maybe it just works? But more fundamentally, this: /etc/init.d/openafs-fileserver start Starting AFS Server: bosserver. bos addhost raven raven -localauth ||true bos: could not find entry (can't find cell 'default' in cell database) smells to me like a ThisCell problem. What's the contents of /etc/openafs/ThisCell on your system? Anyway, that explains the ptserver problem; afs-newcell had failed before it got to running pt_util to create the database. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Eric Bennett [EMAIL PROTECTED] writes: I manually made CellServDB to how it has looked according to various previous posts on the mailing list and set ThisCell to umbralservices.com, not sure what made it raven, assumedly afs-newcell when I ran it again and it reported no errors this time, though I still get; afs-newcell doesn't create /etc/openafs/server/ThisCell. The install script for openafs-fileserver does, based on the debconf question asked during installation. It does overwrite /etc/openafs/ThisCell with the new cell that you set up, but only after everything succeeds; until then, /etc/openafs/ThisCell is set by the install script for openafs-client, again based on a debconf question. == /var/log/openafs/PtLog == ptserver: Unknown code pt 11 (267275) Can't rebuild database because not running NoAuth I'm suspicious that afs-newcell actually succeeded since it looks like pt_util still didn't get run. Is there anything in /var/lib/openafs/db, in particular a prdb.DB0 file? Was there any output from afs-newcell related to pt_util or any other failures? -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Current documentation ?
Hi I was wondering if anyone here could point me to current documentation for OpenAFS server. The documentation on the website is prehistoric (almost :) ) - July 2001. Thanks. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
On Monday, May 02, 2005 08:08:38 PM -0700 Russ Allbery [EMAIL PROTECTED] wrote: Eric Bennett [EMAIL PROTECTED] writes: echo \umbralservices.com /etc/openafs/server/CellServDB Hm. So afs-newcell is adding the name of the cell but not the IP address of the server. That seems odd to me, although maybe it just works? But more fundamentally, this: It works long enough to start the bosserver and use 'bos addhost' to add the local host. But yes; that sounds like an empty or missing ThisCell file. I'm leaning toward the latter, since afs-newcell will die if it can't find a ThisCell file, but does not actually check that the file is non-empty. The ThisCell file should have been created by the postinst script for openafs-fileserver, based on previously-gathered configuration. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Currently correct info for Debian sarge OpenAFS install?
Saga continues, update; I totally purged the config out of a general sense of badness accumulated through fiddling with the newcell-afs command, reinstalled the debian packages and edited out just the single line that echoed $cell to /etc/openafs/server/CellServDB, and manually configured CellServDB and ThisCell accordingly CellServDB; umbralservices.com # cellname 69.60.123.88 # raven ThisCell umbralservices.com This was the result of the modified newcell-afs command; raven:/usr/src/modules# afs-newcell Prerequisites In order to set up a new AFS cell, you must meet the following: 1) You need a working Kerberos realm with Kerberos4 support. You should install Heimdal with Kth-kerberos compatibility or MIT Kerberos5. 2) You need to create the single-DES AFS key and load it into /etc/openafs/server/KeyFile. If your cell's name is the same as your Kerberos realm then create a principal called afs. Otherwise, create a principal called afs/cellname in your realm. The cell name should be all lower case, unlike Kerberos realms which are all upper case. You can use asetkey from the openafs-krb5 package, or if you used AFS3 salt to create the key, the bos addkey command. 3) This machine should have a filesystem mounted on /vicepa. If you do not have a free partition, then create a large file by using dd to extract bytes from /dev/zero. Create a filesystem on this file and mount it using -oloop. 4) You will need an administrative principal created in a Kerberos realm. This principal will be added to susers and system:administrators and thus will be able to run administrative commands. Generally the user is a root instance of some administravie user. For example if jruser is an administrator then it would be reasonable to create jruser/root and specify jruser/root as the user to be added in this script. 5) The AFS client must not be running on this workstation. It will be at the end of this script. Do you meet these requirements? [y/n] y If the fileserver is not running, this may hang for 30 seconds. /etc/init.d/openafs-fileserver stop Stopping AFS Server: bos: failed to shutdown servers (communications failure (-1)) bos: can't wait for processes to shutdown (communications failure (-1)) bosserver. What administrative principal should be used? eric /etc/init.d/openafs-fileserver start Starting AFS Server: bosserver. bos addhost raven raven -localauth ||true bos adduser raven eric -localauth pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545 Ubik Version is: 2.0 Error while creating system:administrators: Entry for id already exists pt_util: Ubik Version number changed during execution. Old Version = 2.0, new version = 33554432.0 bos create raven ptserver simple /usr/lib/openafs/ptserver -localauth bos create raven vlserver simple /usr/lib/openafs/vlserver -localauth bos create raven fs fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -localauth Waiting for database elections: done. vos create raven a root.afs -localauth Could not change quota (error -1073744064), continuing... : No such file or directory Failed to end the transaction on the volume root.afs 536870912 : No such file or directory Error in vos create command. : No such file or directory Failed: 65280 bos shutdown raven -localauth bos delete raven fs -localauth bos delete raven vlserver -localauth bos delete raven ptserver -localauth rm /var/lib/openafs/db/prdb* bos removeuser raven eric -localauth Much further along than previously, though still not there, any ideas? Regards Eric Jeffrey Hutzelman wrote: On Monday, May 02, 2005 08:08:38 PM -0700 Russ Allbery [EMAIL PROTECTED] wrote: Eric Bennett [EMAIL PROTECTED] writes: echo \umbralservices.com /etc/openafs/server/CellServDB Hm. So afs-newcell is adding the name of the cell but not the IP address of the server. That seems odd to me, although maybe it just works? But more fundamentally, this: It works long enough to start the bosserver and use 'bos addhost' to add the local host. But yes; that sounds like an empty or missing ThisCell file. I'm leaning toward the latter, since afs-newcell will die if it can't find a ThisCell file, but does not actually check that the file is non-empty. The ThisCell file should have been created by the postinst script for openafs-fileserver, based on previously-gathered configuration. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info