Re: [OpenAFS] Questions about OpenAFS "reality"

2005-12-12 Thread Dirk Heinrichs 
Am Dienstag, 13. Dezember 2005 13:20 schrieb ext Leroy Tennison:

> Is there a Linux GUI for day-to-day administration?

AFAIK not.

> What is the status of server-side byte-range locking?  If this isn't a
> near-term reality what alternatives do people use (SQL server is
> obviously a possibility, are there other alternatives for "MS Access"
> style databases and other byte-range locking needs)?

Could you clarify this? Do you mean SQL Server as alternative to AFS or to 
MS Access stored in AFS?

> What are people doing for printing, particularly Windows printing?

I don't get the point. How is printing related to AFS?

Bye...

Dirk
-- 
Dirk Heinrichs  | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: [EMAIL PROTECTED]
Hambornerstraße 55  | Web:  http://www.capgemini.com
D-40472 Düsseldorf  | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net


pgpEGVVBamQEu.pgp
Description: PGP signature

Re: [Bulk] Re: [OpenAFS] Re: Trouble setting up first server on FreeBSD 6.0

2005-12-12 Thread Leroy Tennison 

Derrick J Brashear wrote:


On Mon, 12 Dec 2005, Leroy Tennison wrote:


zeroguy wrote:


On Tue, 06 Dec 2005 17:29:06 -0600 (CST)
Tony Shadwick - OSS Solutions <[EMAIL PROTECTED]> wrote:


(BTW, I would have searched the archives more thoroughly, but there 
doesn't appear to be any search functionality for the archives!)




I think it's called "Google": http://www.google.com/search?
q=site%3Alists.openafs.org+inurl%3Aopenafs-info+freebsd

I don't know if you'll find anything relevant with that link; just a
starting point.

Please educate me, what does all the stuff following the question 
mark mean? Particularly the %3 but also 'site' and 'inurl'.  Thanks.



site: what web sites are eligible to be included in the search

inurl: string which must appear in the url for the document to be 
included in the search


Derrick

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info


Thanks for the reply, I appreciate it.

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Questions about OpenAFS "reality"

2005-12-12 Thread Leroy Tennison 
I am just learning OpenAFS and am very impressed with what I see so 
far.  As a result I'm now interested in getting a broad overall picture 
of it and have several questions.


A recent post stated that they had about 7000 users in a single cell, 
I'm wondering what a realistic maximum is (assume 'average' end user 
file activity - nothing extraordinary).  I saw in the archives a 
refernce to 45k and a statement that UMich had 100,000.  Are these 
(especially the 100,000 for UMich) confirmed numbers?  If anyone out 
there has a larger cell or knows of someone who does could you provide 
specifics?  Right now I'm not so concerned with how many file servers I 
would have to have or other particulars as I am about what a realistic 
limit is with a proper configuration.


How does AFS compare in administrative burden compared to the common PC 
NOSes (NetWare and AD)?  Is it more intensive, less or about the same 
for a given type of user population?  A related question is how 
"sensitive" is it, do you have to be overly careful in order for things 
to work correctly?


How stable and trouble free is the Windows client?  (I saw a statement 
that the Windows server was considered experimental and not being 
maintained).


Is there a Linux GUI for day-to-day administration?

What is the status of server-side byte-range locking?  If this isn't a 
near-term reality what alternatives do people use (SQL server is 
obviously a possibility, are there other alternatives for "MS Access" 
style databases and other byte-range locking needs)?


What are people doing for printing, particularly Windows printing?

What about workstation customization (consistent look and feel from 
workstation to workstation, workstation restrictions, etc.)?  What are 
the alternatives there?


I'm not looking for detailed responses just reasonable approximations of 
"OpenAAFS reality", thank you for any replies.



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] a familiar problem compiling aklog?

2005-12-12 Thread edwin 


Does Kerberos have to be installed for openAFS to compile?  Could you 
compile AFS and THEN compile Kerberos?
Perhaps you could temporarily rename the offending Kerberos libraries so 
that they are not an option, just when you build those particular make 
targets that require com_err?


Shouldn't linker configuration control which com_err library is found?
I could move the kerberos libraries to some directory at the end of the 
ld.so.conf list, at least temporarily, so that the afs ones get found 
first.


If people think that hiding or moving the Kerberos libraries might work, 
I'll try it because I want to get openAFS running.
Obviously it's a temporary hack and not a real solution, and 
something has to change in openAFS to solve the problem.


Why not rename the AFS com_err library if it's unique, so as to avoid 
conflicting with the Kerberos one?  Kerberos is the more common of the 
two, so openAFS is the one that probably has to make a change to resolve 
the problem.


David


On Mon, 12 Dec 2005, Ken Hornstein wrote:



In file included from /usr/local/include/krb5.h:2550,
 from aklog_main.c:62:
/sources/openafs-1.4.0/include/afs/com_err.h:15: error: parse error before
"afs_int32"


I know about the problem; I don't know what to do about it.

The basic problem is that OpenAFS & Kerberos 5 both provide com_err libraries
and include files.  Most of the time this doesn't matter.  It _does_ matter
when you have a program that wants to link from both sets of libraries ...
like aklog.

I tried fiddling around with compiler options and other things.  What I
discovered is that one thing that works on some platforms makes things
break when it is done on other platforms.  Even when you _do_ manage to
compile aklog successfully, half of the time you get the "wrong" com_err
library so most of the error messages end up reported as numbers instead
of the error string.

Something needs to be done so programs can be linked in a sane manner when
linking both AFS and Kerberos libraries.  I don't know what that something
is, though.

--Ken


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

RE: [OpenAFS] Upgrade plan - any gotchas?

2005-12-12 Thread ted creedon 
Don't forget that upserver and upclient re-populate the /usr/afs/etc
directories automatically.

tedc


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] a familiar problem compiling aklog?

2005-12-12 Thread Russ Allbery 
Ken Hornstein <[EMAIL PROTECTED]> writes:

> If that were to happen, that would be fine with me.  I was under the
> impression that AFS's com_err was slightly special regarding thread
> safety (witness the whole add_err_table()/add_to_error_table() mess that
> aklog has to deal with).

The krb5 com_err is now also thread-safe (using different techniques,
probably) at this point; hopefully it would work fine.  I'd like to port
the thread safety to the e2fsprogs version as well, but untangling the
right way to do pthreads is daunting.

Also, you have to be doing kind of weird things to run into thread safety
problems with com_err anyway, although it's possible that AFS is doing
weird things.

-- 
Russ Allbery ([EMAIL PROTECTED]) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] a familiar problem compiling aklog?

2005-12-12 Thread Ken Hornstein 
>The right thing to do, I think, would be to add an option to AFS to build
>with the system com_err library rather than its own.  That way it can
>either reuse the Kerberos com_err library or both it and Kerberos can use
>some other system library (like the one from e2fsprogs that most Linux
>distributions use).

If that were to happen, that would be fine with me.  I was under the
impression that AFS's com_err was slightly special regarding thread
safety (witness the whole add_err_table()/add_to_error_table() mess
that aklog has to deal with).

--Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] a familiar problem compiling aklog?

2005-12-12 Thread Russ Allbery 
Ken Hornstein <[EMAIL PROTECTED]> writes:

> I know about the problem; I don't know what to do about it.

> The basic problem is that OpenAFS & Kerberos 5 both provide com_err
> libraries and include files.  Most of the time this doesn't matter.  It
> _does_ matter when you have a program that wants to link from both sets
> of libraries ...  like aklog.

> I tried fiddling around with compiler options and other things.  What I
> discovered is that one thing that works on some platforms makes things
> break when it is done on other platforms.  Even when you _do_ manage to
> compile aklog successfully, half of the time you get the "wrong" com_err
> library so most of the error messages end up reported as numbers instead
> of the error string.

> Something needs to be done so programs can be linked in a sane manner
> when linking both AFS and Kerberos libraries.  I don't know what that
> something is, though.

The right thing to do, I think, would be to add an option to AFS to build
with the system com_err library rather than its own.  That way it can
either reuse the Kerberos com_err library or both it and Kerberos can use
some other system library (like the one from e2fsprogs that most Linux
distributions use).

-- 
Russ Allbery ([EMAIL PROTECTED]) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] minor bug: -afsdb does not understand CNAME

2005-12-12 Thread Russ Allbery 
Adam Megacz <[EMAIL PROTECTED]> writes:

> I take it that afsd doesn't use the usual gethostbyname() to resolve the
> hostname it gets after pulling an AFSDB record...

It does indeed use gethostbyname():

if ((afsdb_type == 1) && (server_num < MAXHOSTSPERCELL) &&
/* Do we want to get TTL data for the A record as well? */
(he = gethostbyname(host))) {
afs_int32 ipaddr;
memcpy(&ipaddr, he->h_addr, he->h_length);
acellInfo->hostAddr[server_num].sin_addr.s_addr = ipaddr;
strncpy(acellInfo->hostName[server_num], host,
sizeof(acellInfo->hostName[server_num]));
server_num++;

if (!minttl || ttl < minttl)
minttl = ttl;
}

(src/auth/cellconfig.c).

-- 
Russ Allbery ([EMAIL PROTECTED]) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Upgrade plan - any gotchas?

2005-12-12 Thread Christopher D. Clausen 

Steve Gaarder wrote:

Here's my plan for upgrading both OS and OpenAFS on my primary AFS
server. Please let me know if you see any potential problems,
gotchas, etc.


What do you mean by "Primary"?  Do you only have one AFS DB server for 
your cell?  Most cells run at least 3 AFS DB servers (just look through 
the CellServDB file.)



These items I have already done:

1.  Set up a second VLDB and file server.  Change all the CellServDB
files to include both servers.  (Authentication is via Krb5; neither
AFS server is a KDC)


When you say "second," what do you mean?

You probably want at least three VLDB, PTS, (and possibly BackupDB, if 
you use that) servers total.  (So that two are up at any given time.) 
Ubik (syncronization protocol that AFS uses) grants an extra vote to the 
server with the lowest IP address, and if the server you take down has 
the lowest, you might not reach quorum and bad things can happen.



2.  Move all non-replicated volumes to the second server.  Have
replicas of the others on both servers.


I'd say to leave the non-primary servers up for a day or two to make 
sure everything is synced and working before you take down the primary.



Here is what I plan to do:

3.  Shut down the primary server.  I can do this during regular hours
because the secondary server will carry all the load.


This should be fine, assuming you don't loose quorum among the DB 
servers.


I upgraded my cell to OpenAFS 1.4.0 by taking down a single server at a 
time, having previously vos moved the data, doing the upgrade, patching 
the systems, rebooting (just to make sure that the services start on 
reboot) and enabling the AFS server processes.



4.  Install the new OS (RHEL 4) on a new partition.  Install OpenAFS
1.4.0 but don't start it.

5.  Copy /usr/afs/db, /usr/afs/etc/, and /usr/afs/local from the old
system partition to the new one. Mount /vicepa same as on the old
system.


You should NOT copy /usr/afs/db.  These DBs will auto replicate from the 
other server and there is no need to pre-populate that directory.  In 
fact, doing so may cause problems.  And you can have all kinds of issues 
if you copy the sysid file from another server (this might be better 
now, but in general copying unique identifiers is NOT a good idea.) 
Also be aware that different servers may have different NetRestrict or 
NetAllow files and you don't want to copy them.


There are details about most of these things on the wiki, which is 
unfortunately still down.


-

Note that this is based upon what I read in various on-line sources 
several years ago when I was planning our AFS cell.  Things may have 
changed since then and I assume that somone will correct anything that 
is totally wrong.


I'm sure there are several people willing to answer questions in real 
time on #openafs on the freenode IRC network, if you like that sort of 
thing.


<[EMAIL PROTECTED] SysAdmin 


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Upgrade plan - any gotchas?

2005-12-12 Thread Steve Gaarder 

Here's my plan for upgrading both OS and OpenAFS on my primary AFS server.
Please let me know if you see any potential problems, gotchas, etc.

These items I have already done:

1.  Set up a second VLDB and file server.  Change all the CellServDB files
to include both servers.  (Authentication is via Krb5; neither AFS server
is a KDC)

2.  Move all non-replicated volumes to the second server.  Have replicas
of the others on both servers.

Here is what I plan to do:

3.  Shut down the primary server.  I can do this during regular hours
because the secondary server will carry all the load.

4.  Install the new OS (RHEL 4) on a new partition.  Install OpenAFS 1.4.0
but don't start it.

5.  Copy /usr/afs/db, /usr/afs/etc/, and /usr/afs/local from the old
system partition to the new one. Mount /vicepa same as on the old system.

6.  Start up AFS and all should be well - or am I missing something?

thanks,

Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Compile failure on FreeBSD 6.0

2005-12-12 Thread Tony Shadwick - OSS Solutions 
I just did a config.  No biggie, I'll try building a kernel later today to 
see if that resolves the issue outright.


On Mon, 12 Dec 2005, Jim Rees wrote:


 In file included from ../sys/vnode.h:547,
   from /usr/local/src/openafs-1.4.0/src/afs/sysincludes.h:257,
   from /usr/local/src/openafs-1.4.0/src/afs/afs_analyze.c:20:
 ./vnode_if.h:9:30: vnode_if_typedef.h: No such file or directory
 ./vnode_if.h:10:31: vnode_if_newproto.h: No such file or directory

So are the files there in the kernel build directory or not?  Did you build
a kernel or just config it?  I'm not sure at what part of the kernel build
these get generated.  Maybe a "make vnode_if_newproto.h vnode_if_typedef.h"
would do it.

I'd like to find a way to remove the dependency on the vnode layout but I
can't think of any easy way to do so.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: why did I have to "vos create" twice on new cell setup? root.afs vs root.cell?

2005-12-12 Thread Derek Atkins 

Quoting Derrick J Brashear <[EMAIL PROTECTED]>:


On Mon, 12 Dec 2005, Derek Atkins wrote:


That was the other 50%.  So "root.afs" is the default for "-rootvol",
while the string "root.cell" is actually has special meaning for AFS.


Well, yes and no.  root.afs is "special" to dynroot clients, but


root.cell, you mean.


Er, yea, I meant root.cell.  Too early in the morning right now.
Thanks.


Derrick


-derek

--
  Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
  Member, MIT Student Information Processing Board  (SIPB)
  URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
  [EMAIL PROTECTED]PGP key available

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Compile failure on FreeBSD 6.0

2005-12-12 Thread Jim Rees 
  In file included from ../sys/vnode.h:547,
from /usr/local/src/openafs-1.4.0/src/afs/sysincludes.h:257,
from /usr/local/src/openafs-1.4.0/src/afs/afs_analyze.c:20:
  ./vnode_if.h:9:30: vnode_if_typedef.h: No such file or directory
  ./vnode_if.h:10:31: vnode_if_newproto.h: No such file or directory

So are the files there in the kernel build directory or not?  Did you build
a kernel or just config it?  I'm not sure at what part of the kernel build
these get generated.  Maybe a "make vnode_if_newproto.h vnode_if_typedef.h"
would do it.

I'd like to find a way to remove the dependency on the vnode layout but I
can't think of any easy way to do so.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: why did I have to "vos create" twice on new cell setup? root.afs vs root.cell?

2005-12-12 Thread Derrick J Brashear 

On Mon, 12 Dec 2005, Derek Atkins wrote:


That was the other 50%.  So "root.afs" is the default for "-rootvol",
while the string "root.cell" is actually has special meaning for AFS.


Well, yes and no.  root.afs is "special" to dynroot clients, but


root.cell, you mean.


not normal clients.  For normal clients they only mount the -rootvol
volume and follow links down from there.  You could still mount
"concrete pants" in your root.afs volume and non-dynroot clients will
see it just fine.  But dynroot clients wont.


Derrick

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: why did I have to "vos create" twice on new cell setup? root.afs vs root.cell?

2005-12-12 Thread Derek Atkins 
Adam Megacz <[EMAIL PROTECTED]> writes:

> I guess this means that you can stick actual files in the top-level
> /afs/ (though they're only visible in your own cell, right)?  I guess
> that would be a bad idea, though.  Sort of kills the whole "shared
> global namespace" thing.

Yes, you could put files into root.afs (/afs), but yes, it would
only be visible to clients in your cell that do NOT use dynroot.

> Derrick J Brashear <[EMAIL PROTECTED]> writes:
>> it would have, but you'd have to tell afsd -rootvol festering.elephant
>
> That was the other 50%.  So "root.afs" is the default for "-rootvol",
> while the string "root.cell" is actually has special meaning for AFS.

Well, yes and no.  root.afs is "special" to dynroot clients, but
not normal clients.  For normal clients they only mount the -rootvol
volume and follow links down from there.  You could still mount 
"concrete pants" in your root.afs volume and non-dynroot clients will
see it just fine.  But dynroot clients wont.

So basically, yes, root.afs and root.cell are "special", sort of.

> Thanks!

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   [EMAIL PROTECTED]PGP key available
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] a familiar problem compiling aklog?

2005-12-12 Thread Ken Hornstein 
>In file included from /usr/local/include/krb5.h:2550,
>  from aklog_main.c:62:
>/sources/openafs-1.4.0/include/afs/com_err.h:15: error: parse error before 
>"afs_int32"

I know about the problem; I don't know what to do about it.

The basic problem is that OpenAFS & Kerberos 5 both provide com_err libraries
and include files.  Most of the time this doesn't matter.  It _does_ matter
when you have a program that wants to link from both sets of libraries ...
like aklog.

I tried fiddling around with compiler options and other things.  What I
discovered is that one thing that works on some platforms makes things
break when it is done on other platforms.  Even when you _do_ manage to
compile aklog successfully, half of the time you get the "wrong" com_err
library so most of the error messages end up reported as numbers instead
of the error string.

Something needs to be done so programs can be linked in a sane manner when
linking both AFS and Kerberos libraries.  I don't know what that something
is, though.

--Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] problem installing openafs in Suselinux

2005-12-12 Thread Moises Sanchez 
Hi,
 
 
I have installed  OpenAFS on SuseLinux.
 
afs-server and
afs-client
krn
 
When I tried to enter this command:
 
fs setacl 
 
an error message comes up:
 
i do not remember the exat words:
 
but something like :
 
function  not funtional.
 
Then I tried to use kas command: but I couldn´t  log in.
 
as well as klog command: 
-
t.ex. klog admin.
 
wron password.
 
-
 
Then when I use:
 
ps -ef | grep afs.
 
*/S16afs-server.
 

 
 
 
When I use :
 
bos status linux -long -noauth
 
I can see that everithing is running ok.
 
 
I could send to you the file I made with all steps I make when I installed afs, if this could help.
 
I am thingking to install everithing again : would you recommend that.
 
If so could you please send me some information what afs vertion to use :
 
afs-server
afs client
krn
 
 
Thanks I will be in touch 
 
 
 
 

Re: [OpenAFS] minor bug: -afsdb does not understand CNAME

2005-12-12 Thread Frank Burkhardt 
Hi,

On Sun, Dec 11, 2005 at 10:50:34PM -0800, Adam Megacz wrote:
> 
> Apparently if the host listed in an AFSDB entry is a CNAME record,
> afsd will not chase the reference.
> 
> I take it that afsd doesn't use the usual gethostbyname() to resolve
> the hostname it gets after pulling an AFSDB record... is there a
> reason why this is the case?

$ host -t AFSDB -l cbs.mpg.de
cbs.mpg.de. AFSDB   1 afsdb1.cbs.mpg.de.
cbs.mpg.de. AFSDB   1 afsdb2.cbs.mpg.de.
cbs.mpg.de. AFSDB   1 afsdb3.cbs.mpg.de.
cbs.mpg.de. AFSDB   1 afsdb4.cbs.mpg.de.
cbs.mpg.de. AFSDB   1 afsdb5.cbs.mpg.de.
$ host afsdb1
afsdb1.cbs.mpg.de   CNAME   dresden.cbs.mpg.de
dresden.cbs.mpg.de  A   10.0.181.11

It's working here - all AFSDBs are CNAMEs.

are you using a single-component-cellname
(foobar) and not a multi-component one (foo.bar) ?
There's a bug in recent glibc which makes using AFSDB-DNS-records
impossible for "dotless" cells - at least without a patch
applied to the openafs-source.

Regards,

Frank
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info