[OpenAFS] Foundation Plan redux
Folks, there's been precious little in the way of comments regarding the plan for a potential Foundation for OpenAFs, mostly positive, but I'm unwilling to believe people like it that much so much as are lazy. If you have comments please send them! Public discussion is encouraged. Please reply if you'd like to talk about it! Thank you, Derrick Brashear OpenAFS gatekeeperelder and some other stuff, today speaking for himself ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Foundation Plan redux
there's been precious little in the way of comments regarding the plan for a potential Foundation for OpenAFs, mostly positive, but I'm unwilling to believe people like it that much so much as are lazy. If you have comments please send them! Public discussion is encouraged. Please reply if you'd like to talk about it! I've been reading the draft documents Derrick posted wrt to the AFS Foundation proposal, and while there's a lot to like here, I'd like to raise a few things that I think aren't addressed yet. First off, I think that the folks that have been working on this deserve a lot of credit for pushing the idea forward and getting the footwork done. It's good to see progress on this front, and it's needed doing for a long time. The current volunteer model is limping a bit (mostly for lack of paid resources to get specific things done), and the additional structure and organization around the idea of a non-profit conservatorship of the AFS environment will help get a number of long-standing problems addressed. I like the basic structure of the foundation, but that leads me to my questions, What I look for in a successful organization is a clear understanding of the basic goals of the organization, and how it plans to sustain itself over time. Financials are all well and good, but the largest open question I have has to do with generating a strong set of leaders and keeping a pipeline of those individuals coming by consciously developing new leaders. I don't see much discussion of either in these documents. I'd like to propose the following set of principles for discussion: * Conservatorship. The Foundation's primary goal should be to act as a non-profit conservator of the AFS code base. It should be generally acknowledged that the foundation is acting as a legal representative of the community, and serves on behalf of the community. * Transparancy The processes and procedures used to make decisions and select goals and leaders should be clearly documented and applied, and it should be easily determined how decisions are arrived at and the decisions each participant made. * Sustainability Any organization that is going to survive beyond the first generation needs a clear development plan and a succession plan to ensure that leadership is available and understands the tasks and steps to run the organization. The current documents do a fair job with the first principle of conservatorship, but I don't see much work on the other two yet. Perhaps the idea is to develop the processes as things progress, but there are good working examples of similar organizations that would probably prove to be valuable examples if used as a starting point. I'm also concerned that there is little discussion of the sustainability principle. How does one become part of the various organizations or committees described in the proposed documents? How long can one obtain as a gatekeeper or board member? Is there a term limit (a desirable thing, IMHO, as it forces an organization to develop new leaders rather than having the same faces in the same places)? All these questions are certainly things where answers can be found, but I'd like to open the discussion and see if others have constructive suggestions to develop a plan we can all live with. I'm happy to discuss these issues with anyone, and look forward to seeing where the final outcome may take us. -- db David Boyes Sine Nomine Associates ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Foundation Plan redux
A real foundation that will generate some revenue for the openafs contributors and he people who have been a major contributor to the Openafs forms would be great. Are you looking to assemble full time/ part time code contributors? How about a free and paid helpdesk model too! I really don't think Unix System Admins are lazy. When you deploy openafs it's usually to fill a particular need.AFS is an excellent file system to role out on in a campus environment! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Boyes Sent: Monday, October 27, 2008 10:48 AM To: Derrick J Brashear; openafs-info@openafs.org Subject: RE: [OpenAFS] Foundation Plan redux there's been precious little in the way of comments regarding the plan for a potential Foundation for OpenAFs, mostly positive, but I'm unwilling to believe people like it that much so much as are lazy. If you have comments please send them! Public discussion is encouraged. Please reply if you'd like to talk about it! I've been reading the draft documents Derrick posted wrt to the AFS Foundation proposal, and while there's a lot to like here, I'd like to raise a few things that I think aren't addressed yet. First off, I think that the folks that have been working on this deserve a lot of credit for pushing the idea forward and getting the footwork done. It's good to see progress on this front, and it's needed doing for a long time. The current volunteer model is limping a bit (mostly for lack of paid resources to get specific things done), and the additional structure and organization around the idea of a non-profit conservatorship of the AFS environment will help get a number of long-standing problems addressed. I like the basic structure of the foundation, but that leads me to my questions, What I look for in a successful organization is a clear understanding of the basic goals of the organization, and how it plans to sustain itself over time. Financials are all well and good, but the largest open question I have has to do with generating a strong set of leaders and keeping a pipeline of those individuals coming by consciously developing new leaders. I don't see much discussion of either in these documents. I'd like to propose the following set of principles for discussion: * Conservatorship. The Foundation's primary goal should be to act as a non-profit conservator of the AFS code base. It should be generally acknowledged that the foundation is acting as a legal representative of the community, and serves on behalf of the community. * Transparancy The processes and procedures used to make decisions and select goals and leaders should be clearly documented and applied, and it should be easily determined how decisions are arrived at and the decisions each participant made. * Sustainability Any organization that is going to survive beyond the first generation needs a clear development plan and a succession plan to ensure that leadership is available and understands the tasks and steps to run the organization. The current documents do a fair job with the first principle of conservatorship, but I don't see much work on the other two yet. Perhaps the idea is to develop the processes as things progress, but there are good working examples of similar organizations that would probably prove to be valuable examples if used as a starting point. I'm also concerned that there is little discussion of the sustainability principle. How does one become part of the various organizations or committees described in the proposed documents? How long can one obtain as a gatekeeper or board member? Is there a term limit (a desirable thing, IMHO, as it forces an organization to develop new leaders rather than having the same faces in the same places)? All these questions are certainly things where answers can be found, but I'd like to open the discussion and see if others have constructive suggestions to develop a plan we can all live with. I'm happy to discuss these issues with anyone, and look forward to seeing where the final outcome may take us. -- db David Boyes Sine Nomine Associates ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Foundation Plan redux
Jerry, On Mon, Oct 27, 2008 at 11:15 AM, Jerry Normandin [EMAIL PROTECTED] wrote: A real foundation that will generate some revenue for the openafs contributors and he people who have been a major contributor to the Openafs forms would be great. Are you looking to assemble full time/ part time code contributors? How about a free and paid helpdesk model too! Existing companies will happily provide you support, and they are listed at http://www.openafs.org/support.html The goal of the foundation is not to become a new entrant in this space. Indeed, in my opinion, to grow a robust ecosystem for OpenAFS, it's critical that the Foundation not attempt to take this business away from current and future providers. The goal is to grow OpenAFS, not rather to subsume, consume, or co-opt what is there. Obviously I can speak only for myself and am but one voice, but the plan you see was not crafted with the idea you've proposed in mind. Derrick speaking only for myself ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Timed out error on some operations in AFS when accessing from Solaris zone.
Mans Nilsson wrote: I have a number of apps that try getcwd() from a zone in an AFS directory, and failing. Truss says: getcwd(0xFFBFDAE0, 4096)Err#145 ETIMEDOUT Works for us. Exactly the same operation, but performed from the global zone, works flawlessly. Tokens are in order, I can create files, open them, pwd from bash and ksh works, but some apps simply can't tell where they are. Gnu Make is one, iirc, along with some other bits and pieces in my toolchain -- the first occurances were in compiling. This occurs in several zones, on 5.10 Generic_125100-10 sun4u with openafs 1.4.4. Zone setup for loopback sharing is typically: fs: dir: /afs special: /afs raw not specified type: lofs options: [] This looks OK, but we don't mount the cache, or run the cachemanager in a zone. The cachemaneger is run from the global. So the following is not needed: fs: dir: /usr/vice/cache special: /usr/vice/cache raw not specified type: lofs options: [] (Note: AFS is not zone aware, so PAGs and UID based tokens are shred across zones.) ...which is the only way I've seen things set up. Any hints? I'm open to upgrading, no problemo. On the system I just tested, we have 1.4.4, with Generic_137111-07. -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] flock on AFS files
Hello, today I am totally confused how the flock(2) call should work on AFS files. Normally locking works in the following way: 1fd = open(afs-file,O_RDWR) do something 2flock(fd,LOCK_EX) do something with afs-file 3flock(fd,LOCK_UN) do something 4close(fd) When there are two processes (on different machines) executing that code, the (2) flock call has to update the local copy of the afs-file, otherwise locking is useless. And the (3) flock call has to sync the local copy with the fileserver. Writing a small test program I see that this synchronization isn't done. How can I use the flock(2) call on AFS files? Thank you for any help, HW -- Hans-Werner Paulsen [EMAIL PROTECTED] MPI für Astrophysik Tel 089-3-2602 Karl-Schwarzschild-Str. 1 Fax 089-3-2235 D-85741 Garching ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Foundation Plan redux
In this case, as with AFS standardisation, I strongly disagree that term limits are desirable. At their worst, they just ensure the retirement of strong post holders, and their replacement with inexperienced ones. OpenAFS badly needs a way of encouraging new faces, and growing those individuals into positions of responsibility. I don't believe that requiring the abdication of successful leaders after some arbitrary period will help with this. It's kind of like cutting off the head of a random animal in the hope that it will grow a new one - it works in a small number of cases, but the rest of the time you'll end up with a lifeless corpse. I very much agree. While the concept of term limits makes some sense, in this case, there seems to be very little reason for them. As someone who would like to be one of the 'new faces' mentioned above, encouragement is helpful :) I'm not sure what I'm saying anymore, beyond: No term limits. -- Jacob Thebault-Spieker Cell: (320) 288-6412 http://summatusmentis.wordpress.com
Re: [OpenAFS] flock on AFS files
I've got quite a bit of code that does flock() on files in AFS, but I've always worked under the assumption that this would only work if a single client is doing the writing. I don't recall whether that assumption was based on empirical testing, reading it somewhere, or being told. In those few cases where this is not practical, I have a designated writer client that other clients connect to through other means (sockets) and coordinate the updates that way. That's reasonably straightforward, but painful enough that I avoid it whenever possible. Probably not the answer you wanted... -- [EMAIL PROTECTED] On 10/27/2008 12:16 PM, Hans-Werner Paulsen wrote: Hello, today I am totally confused how the flock(2) call should work on AFS files. Normally locking works in the following way: 1fd = open(afs-file,O_RDWR) do something 2flock(fd,LOCK_EX) do something with afs-file 3flock(fd,LOCK_UN) do something 4close(fd) When there are two processes (on different machines) executing that code, the (2) flock call has to update the local copy of the afs-file, otherwise locking is useless. And the (3) flock call has to sync the local copy with the fileserver. Writing a small test program I see that this synchronization isn't done. How can I use the flock(2) call on AFS files? Thank you for any help, HW ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Openafs broken on Ubuntu Hardy ?
Hello, Apologies for the long delay. I forgot about this issue as I got busy. I upgraded from -19 to -21 this morning, built and installed openafs-modules-2.6.24-21-generic_1.4.6.dfsg1-2+2.6.24-21.42_i386.deb using m-a as usual, and it still works. Ok. :$ cd /afs/YYY.edu/users/X/Y/Z/XYZABC bash: cd: /afs/YYY.edu/users/X/Y/Z/XYZABC: Permission denied This look like the user you authenticate as, simply doesn't have the required permissions to access the directory. Impossible. I can ssh into the server with the same username and password without any issues. I use rsync to do regular (every 1 hour) backups to this directory ( a process that is cumbersome, which is why I am looking to set up my openafs client). All right. Your problem *is* client-side, then. Could you look at the output of klist -a -n and verify that your AFS service ticket is for the right address? (Addressless is usually OK.) NAT gateways sometimes interfere. $ klist -a -n Ticket cache: FILE:/tmp/krb5cc_457671 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/27/08 09:17:57 10/28/08 09:17:57 krbtgt/[EMAIL PROTECTED] Addresses: (none) 10/27/08 09:18:01 10/28/08 09:17:57 [EMAIL PROTECTED] Addresses: (none) Kerberos 4 ticket cache: /tmp/tkt457671 klist: You have no tickets cached Appears to be addressless. I tried this with my own firewall down (not that has anything to do with what you were talking about - just wanted to eliminate a possible point of failure). I cannot cd into my own directory, so I ssh'ed into the server and issued fs Which authentication method did you use with ssh? Does GSSAPI work? I have never really looked into this. I believe that I have ssh-krb5 or some such thing installed. A quick look inside my /etc/ssh/sshd_config on the client indicates GSSAPIAuthentication yes is set. listacl : $ fs listacl Access list for . is Normal rights: systems:backup rl www-hosts l system:administrators rlidwka XYZABC rlidwka Looks good. One question, though: is the server you ran this on a member of www-hosts ? I have no idea (it does host www directories for users). How do I find out ? The owner of all directories under /afs/YYY.EDU/users/X/Y/Z is root.root (tested both through the local /afs tree and by ssh'ing to the server and doing a cd ..). I do not recall what this was when things were working fine (never needed to check), but is this normal (sounds fishy) ? In a different cell, a long time ago, I seem to vaguely recall that the directory was owned by the user in question. The UID that owns the volume root has implicit a permission on all directories in the volume. That would let you recover from a fs setacl $HOME XYZABC none without having to bother the AFS administrators. But since the ACL explicitly grants you full access, you should have full access --- as long as your token is valid. To test if this was messing up things, I cd'ed to /afs/YYY.EDU/users/X/Y/Z/XYZABC and issued a command : $ cd XYZABC/Private bash: cd: XYZABC/Private: Permission denied So you were trying to access /afs/ YYY.EDU/users/X/Y/Z/XYZABC/XYZABC/Private ? Yes. Was this on the server or on your client? If on the client (as your other statements are suggesting), it simply restates that your token is not being accepted. If on the server, I'd want to see the ACL on that subdirectory (and know whether the server is in www-hosts). This was on the client. On the server, I have no issues accessing anything that I own. This is more nonsense as ~/Private holds my backups :) Maybe the fact that I do not own /afs/YYY.EDU/users/X/Y/Z/XYZABC is shortcircuiting that command. I don't see how that would work as an explanation. Shooting in the dark with my ignorance as an able ally :) The owner of all files inside /afs/YYY.EDU/users/X/Y/Z/XYZABC is obviously XYZABC. Not so obviously since you said that the top-level directory is owned by root, not by XYZABC. You could be locked out of a subdirectory by its ACL. When I login to the server through ssh, I see the following : drwxr-xr-x6 XYZABC XYZABC 2048 Oct 27 09:24 Private I guess I should have included that instead of simply stating that I can read/write to the directory etc. You can read/write to any directory without being the owner if you have the right ACL's / unix file permissions. My impression is that the token you got on your client is either invalid or belongs to a different AFS user. The explanations I can think of are I simply fail to see how it can belong to a different AFS user. The UID is the same and the username used is the same for the attempt to get tokens, and for the successful login to the server (as well as the ownership of the subdirectories like above). Maybe you should explain why you continue to suspect this ? (a) that you are behind a NAT
Re: [OpenAFS] Foundation Plan redux
On Mon, Oct 27, 2008 at 09:17:56AM -0700, Simon Wilkinson wrote: On 27 Oct 2008, at 07:48, David Boyes wrote: * Transparancy The processes and procedures used to make decisions and select goals and leaders should be clearly documented and applied, and it should be easily determined how decisions are arrived at and the decisions each participant made. From my reading, it seems like the proposal already addresses issues of transparency. Do you have specific areas in which you have concerns? * Sustainability Any organization that is going to survive beyond the first generation needs a clear development plan and a succession plan to ensure that leadership is available and understands the tasks and steps to run the organization. The current documents do a fair job with the first principle of conservatorship, but I don't see much work on the other two yet. Perhaps the idea is to develop the processes as things progress, but there are good working examples of similar organizations that would probably prove to be valuable examples if used as a starting point. I'm also concerned that there is little discussion of the sustainability principle. How does one become part of the various organizations or committees described in the proposed documents? It's not clear to me how one becomes a board member, beyond the normal corporate election structures. Criteria for becoming a gatekeeper (appointment by the TAC), or a TAC member (appointment, in the case of corporate members, or election for individual members) seem pretty clear. How long can one obtain as a gatekeeper or board member? Is there a term limit (a desirable thing, IMHO, as it forces an organization to develop new leaders rather than having the same faces in the same places)? In this case, as with AFS standardisation, I strongly disagree that term limits are desirable. At their worst, they just ensure the retirement of strong post holders, and their replacement with inexperienced ones. Without some way of encorporating new persons in to the process/organization, it will die. -- that's a period there. Of course, you do not want to cut off wise contributions just because they have been doing it for a while. So, you need something more creative.Create a structure that a person naturally works through and reaches a point of continuing participation, but does not impede new persons from moving in to the structure and work with responsibility. Organizations die or become ineffective as often by stagnation as by incorporating new, inexperienced and possible incompetent persons. So, think of a way to ameliorate both undesirable tendancies. jerry OpenAFS badly needs a way of encouraging new faces, and growing those individuals into positions of responsibility. I don't believe that requiring the abdication of successful leaders after some arbitrary period will help with this. It's kind of like cutting off the head of a random animal in the hope that it will grow a new one - it works in a small number of cases, but the rest of the time you'll end up with a lifeless corpse. Cheers, Simon. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info