Re: [OpenAFS] new RW root.cell

[Jeffrey Altman]

On 3/6/2019 3:56 PM, Susan Litzinger wrote:
> We are updating our very old AFS servers and chose to create new,
> updated systems then migrate all the volumes over and eventually just
> turn the older ones off. 
> 
> We've moved everything but the root.cell volumes.  We have one RW
> root.cell on an older server and would like to have a RW root.cell on a
> new server before turning the older one off.  My co-worker gave this a
> try and it allowed her to run 'vos addsite' but did not allow her to
> 'vos release' the new RW root.cell.  She got this error: 
> 
> root@afs-vmc 2019-March]# vos addsite afs-vmc.psc.edu
>  /vicepga 
> root.cell -localauth
> Added replication site afs-vmc.psc.edu  /vicepga
> for volume root.cell
> [root@afs-vmc 2019-March]# vos release root.cell -localauth
> Failed to clone the volume 537176384
> : Invalid cross-device link
> Error in vos release command.
> Clone volume is not in the same partition as the read-write volume.


Susan,

The problem with root.cell is on velma.  The RW and RO must be on the
same partition.

Jeffrey Altman

<>

smime.p7s
Description: S/MIME Cryptographic Signature

Re: [OpenAFS] new RW root.cell

[Daria Phoebe Brashear]

Typically EXDEV (a cross-device link) error is because you've got more than
one copy of the volume, on different partitions on the same server.

vos examine root.cell; if you see afs-vmc.psc.edu already has a site on a
different partition other than vicepga, well, that'd be the issue.

How many sites do you have?

On Wed, Mar 6, 2019 at 4:00 PM Susan Litzinger  wrote:

> We are updating our very old AFS servers and chose to create new, updated
> systems then migrate all the volumes over and eventually just turn the
> older ones off.
>
> We've moved everything but the root.cell volumes.  We have one RW
> root.cell on an older server and would like to have a RW root.cell on a new
> server before turning the older one off.  My co-worker gave this a try and
> it allowed her to run 'vos addsite' but did not allow her to 'vos release'
> the new RW root.cell.  She got this error:
>
> root@afs-vmc 2019-March]# vos addsite afs-vmc.psc.edu /vicepga
> root.cell -localauth
> Added replication site afs-vmc.psc.edu /vicepga for volume root.cell
> [root@afs-vmc 2019-March]# vos release root.cell -localauth
> Failed to clone the volume 537176384
> : Invalid cross-device link
> Error in vos release command.
> Clone volume is not in the same partition as the read-write volume.
> 
> Has anyone else tried this type of upgrade?  Are there any docs specific
> to this?
>
> Thanks in advance,
>
> Susan Litzinger
> PSC
>


-- 
Daria Phoebe Brashear
AuriStor, Inc
dariaphoebe.com

[OpenAFS] new RW root.cell

[Susan Litzinger]

We are updating our very old AFS servers and chose to create new, updated
systems then migrate all the volumes over and eventually just turn the
older ones off.

We've moved everything but the root.cell volumes.  We have one RW root.cell
on an older server and would like to have a RW root.cell on a new server
before turning the older one off.  My co-worker gave this a try and it
allowed her to run 'vos addsite' but did not allow her to 'vos release' the
new RW root.cell.  She got this error:

root@afs-vmc 2019-March]# vos addsite afs-vmc.psc.edu /vicepga
root.cell -localauth
Added replication site afs-vmc.psc.edu /vicepga for volume root.cell
[root@afs-vmc 2019-March]# vos release root.cell -localauth
Failed to clone the volume 537176384
: Invalid cross-device link
Error in vos release command.
Clone volume is not in the same partition as the read-write volume.

Has anyone else tried this type of upgrade?  Are there any docs specific to
this?

Thanks in advance,

Susan Litzinger
PSC

Re: [OpenAFS] kafs client bugs

[Harald Barth]

Hi David, remember Arla? There are a lot of tests of which many may be useful 
to run
on kafs as well. Some test for the command line tools may be different though.

Harald.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Dave Botsch]

I should add we did successfully use Win7 Pro with the same setup. With
10, we made sure to get all to Enterprise instead of Pro.

On Wed, Mar 06, 2019 at 05:36:30PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 16:59 schrieb Dave Botsch:
> 
> > I'm curious what problems you have run into. We are bouncing Win10
> > against MIT Kerberos just fine, so clearly something is different in
> > our attempted setups.
> 
> Can't really remember, too long ago. Is this Home or Pro?
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Dave Botsch]

Neither. Enterprise.

On Wed, Mar 06, 2019 at 05:36:30PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 16:59 schrieb Dave Botsch:
> 
> > I'm curious what problems you have run into. We are bouncing Win10
> > against MIT Kerberos just fine, so clearly something is different in
> > our attempted setups.
> 
> Can't really remember, too long ago. Is this Home or Pro?
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Dirk Heinrichs]

Am 06.03.19 um 16:59 schrieb Dave Botsch:

> I'm curious what problems you have run into. We are bouncing Win10
> against MIT Kerberos just fine, so clearly something is different in
> our attempted setups.

Can't really remember, too long ago. Is this Home or Pro?

Bye...

    Dirk

-- 
Dirk Heinrichs 
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de




signature.asc
Description: OpenPGP digital signature

Re: [OpenAFS] kafs client bugs

[David Howells]

Hi Matt,

Pallissard, Matthew  wrote:

> I'm running into a few issues when transferring more data than RAM on the
> box.  Without really digging into it I've noticed that dd or cp seem to
> crash once operating system cache eats up /roughly/ all the RAM on the box.

Crash how?  Do you have a backtrace or did it just hang?

> This leads me to a few questions;
> 
> 1. Anyone else run into this yet?  

I've just done a 5GiB AFS->NFS copy of a kernel build tree on a machine with
~3.5GiB availabile RAM with no problems.

Are you copying a single file that's larger than memsize?

> 2. Is there an issue tracker?  I found the todo page, but haven't found
> where to report bugs and related information.

There's a kafs mailing list here: linux-...@lists.infradead.org

I don't currently have an issue tracker - that's something I'll need to look
into.  Possibly you could use bugs.kernel.org if it's likely a kernel bug.

> 3. Is there a "get involved page"?  I'm not a great developer by any means
> but I'm not completely incompetent either.

Anything on the TODO lists is fair game.

>- Do I just submit patches?

Yes - though you might want to drop me an email first, just in case I have
some conflicting stuff in the works.

> Where to?

Me and the linux-afs mailing list.

> Is there a style guide, etc?

More or less the kernel's coding style document.

Note that there are three places to contribute to: kafs/AF_RXRPC in the
kernel, kafs-client and kafs-utils.  If you're good at python, kafs-utils
needs some TLC; but in the client, aklog-kafs needs some work and there may
need to be a PAM module.

David
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Dave Botsch]

Hi.

I'm curious what problems you have run into. We are bouncing Win10
against MIT Kerberos just fine, so clearly something is different in our
attempted setups.

Thanks.

On Wed, Mar 06, 2019 at 04:51:09PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 14:28 schrieb Ciprian Dorin Craciun:
> 
> > Indeed this was my experience also, the Kerberos deployment was quite
> > trivial (once I've done it);
> 
> Please note that if you're ever going to add Windows (Professional)
> systems to your setup you should use a (Samba-) AD server for Kerberos.
> Windows has quite some problems talking to standard Kerberos/LDAP
> servers while Linux is fine talking to AD (using either winbindd or sssd).
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Dirk Heinrichs]

Am 06.03.19 um 14:28 schrieb Ciprian Dorin Craciun:

> Indeed this was my experience also, the Kerberos deployment was quite
> trivial (once I've done it);

Please note that if you're ever going to add Windows (Professional)
systems to your setup you should use a (Samba-) AD server for Kerberos.
Windows has quite some problems talking to standard Kerberos/LDAP
servers while Linux is fine talking to AD (using either winbindd or sssd).

Bye...

    Dirk

-- 
Dirk Heinrichs 
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de




signature.asc
Description: OpenPGP digital signature

Re: [OpenAFS] openafs Fedora Linux 29

[Benjamin Kaduk]

On Wed, Mar 06, 2019 at 10:35:28AM -0500, Jonathan Billings wrote:
> On Wed, Mar 6, 2019 at 10:05 AM Thomas Lang 
> wrote:
> 
> > Hi there,
> >
> > I tried to build new RPMs for Fedora 29 kernels
> >
> > kernel-4.19.15-300.fc29.x86_64
> >
> > and
> >
> > kernel-4.20.4-200.fc29.x86_64
> >
> > from the source package openafs-1.8.2-1.src.rpm
> >
> > Both doesn't work.
> >
> > The dkms module from the old package openafs-1.8.1.1-1.src.rpm doesn't
> > build a module for the new 4.20.4-200 kernels too. Do you need the error
> > messages or do you know the problem?
> >
> 
> I had to pull 5 patches from gerrit to get the openafs kmod to build on
> Fedora.
> 
> https://gerrit.openafs.org/13391
> https://gerrit.openafs.org/13437
> https://gerrit.openafs.org/13433
> https://gerrit.openafs.org/13434
> https://gerrit.openafs.org/13392
> 
> There are probably more cleanup patches I didn't grab because I got openafs
> working with the above.

There should be a 1.8.3 prerelease out soon that will build against these
newer kernels, FWIW.

-Ben
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] openafs Fedora Linux 29

[Jonathan Billings]

On Wed, Mar 6, 2019 at 10:05 AM Thomas Lang 
wrote:

> Hi there,
>
> I tried to build new RPMs for Fedora 29 kernels
>
> kernel-4.19.15-300.fc29.x86_64
>
> and
>
> kernel-4.20.4-200.fc29.x86_64
>
> from the source package openafs-1.8.2-1.src.rpm
>
> Both doesn't work.
>
> The dkms module from the old package openafs-1.8.1.1-1.src.rpm doesn't
> build a module for the new 4.20.4-200 kernels too. Do you need the error
> messages or do you know the problem?
>

I had to pull 5 patches from gerrit to get the openafs kmod to build on
Fedora.

https://gerrit.openafs.org/13391
https://gerrit.openafs.org/13437
https://gerrit.openafs.org/13433
https://gerrit.openafs.org/13434
https://gerrit.openafs.org/13392

There are probably more cleanup patches I didn't grab because I got openafs
working with the above.
-- 
Jonathan Billings 
College of Engineering - CAEN - Unix and Linux Support

[OpenAFS] kafs client bugs

[Pallissard, Matthew]

First off, great job to everyone involved on getting kafs working. I'm pretty 
pleased overall and super stoked that we have an in-tree client in the works.  

I'm running into a few issues when transferring more data than RAM on the box.  
Without really digging into it I've noticed that dd or cp seem to crash once 
operating system cache eats up /roughly/ all the RAM on the box.  This leads me 
to a few questions;

1. Anyone else run into this yet?  
2. Is there an issue tracker?  I found the todo page, but haven't found where 
to report bugs and related information.
3. Is there a "get involved page"?  I'm not a great developer by any means but 
I'm not completely incompetent either.
   - Do I just submit patches?  Where to?  Is there a style guide, etc?

Thanks in advance

Matt Pallissard


signature.asc
Description: PGP signature

[OpenAFS] openafs Fedora Linux 29

[Thomas Lang]

Hi there,

I tried to build new RPMs for Fedora 29 kernels

kernel-4.19.15-300.fc29.x86_64

and

kernel-4.20.4-200.fc29.x86_64

from the source package openafs-1.8.2-1.src.rpm

Both doesn't work.

The dkms module from the old package openafs-1.8.1.1-1.src.rpm doesn't
build a module for the new 4.20.4-200 kernels too. Do you need the error
messages or do you know the problem?

Bye Thomas
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

[Ciprian Dorin Craciun]

On Wed, Mar 6, 2019 at 7:16 AM Benjamin Kaduk  wrote:
> To a large extent, getting Kerberos set up is pretty much drop it in and
> switch it on, but there's a lot of flexibility about principal names,
> especially for administrative operations.  Getting it integrated with
> OpenAFS is mostly about having the right 'pts createuser's happen to
> register users, and creating the afs/cellname.fqdn principal to go in the
> rxkad.keytab and/or KeyFileExt -- at this point, AFS is just a regular
> kerberized service and doesn't require special treatment on the Kerberos
> side for the service principals.

Indeed this was my experience also, the Kerberos deployment was quite
trivial (once I've done it);  however in seemed (and still seems) that
I've "lost" something along the way because I lack the proper know-how
and expertise with Kerberos.


> I don't know of specific documentation for this, no.
> I think that many sites running Kerberos+AFS have some homegrown database
> management system that handles both and keeps them synchronized.

And this is unfortunate, especially since deploying OpenAFS "seems" a
daunting task for the small cell operator, or one that just wants to
"play" with the technology.  I say "seems" because deploying an
OpenAFS server can be done quite quickly with a couple of copy-pastes.

Perhaps (if I'll have time) I will prepare a small hands-on tutorial
on deploying OpenAFS on a Linux server.  (I know that there already
exists the "Quick Starting UNIX Guide", however it is far from
"quick"...)  :)


> > > Of course, rxgk will let us use fancier names for things, so we'll have to
> > > get used to a whole new world order when that finishes landing...
> >
> > Could you elaborate more on this?
>
> The short form is that we'll be able to use (encoded) GSS principal
> names in the UserList file.  It looks like the details haven't made it into
> the UserList.pod documentation yet (unsurprising, since the code to
> authenticate as them isn't in place yet), but the format includes a base64
> encoded version of the GSS exported name.

Basically it means one could use something alternative to Kerberos for
authentication?  (Something that is GSS-compliant?)

Thanks,
Ciprian.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info