[OpenAFS] Re: Debian Etch | last vote started -59 seconds ago
On 9/24/07, Mustafa A. Hashmi <[EMAIL PROTECTED]> wrote: > merry: 192.168.0.40 > pippin: 192.168.0.41 > > As soon as the second server is started, observing udebug information on > quorum reports the following: > > pippin:/var/log/openafs# udebug pippin 7003 > Host's addresses are: 192.168.0.41 > Host's 192.168.0.41 time is Mon Sep 24 13:34:21 2007 > Local time is Mon Sep 24 13:34:23 2007 (time differential 2 secs) > Last yes vote for 192.168.0.40 was 1 secs ago (not sync site); > Last vote started -60 secs ago (at Mon Sep 24 13:35:23 2007) > Local db version is 1190621353.2 > I am not sync site > Lowest host 192.168.0.40 was set 1 secs ago > Sync host 0.0.0.0 was set 1487 secs ago > Sync site's db version is 1190621353.2 > 0 locked pages, 0 of them for write > > The Last vote started always starts with a negative number and the primary > DB server loses it's master status as sync site. I didn't experience this on > my previous hardware which was all 32 bit. The problem seems to have fixed itself overnight. Christopher Clausen indicated that it could be corrupt packets, and we do have a problematic switch, so that could very well be it. -mustafa.
[OpenAFS] Debian Etch | last vote started -59 seconds ago
Hi all, I am running debian etch i386 on amd64 athlon machines with the packaged openafs 1.4.2-6 release. I have 2 servers, both providing DB and file services, namely: merry: 192.168.0.40 pippin: 192.168.0.41 As soon as the second server is started, observing udebug information on quorum reports the following: pippin:/var/log/openafs# udebug pippin 7003 Host's addresses are: 192.168.0.41 Host's 192.168.0.41 time is Mon Sep 24 13:34:21 2007 Local time is Mon Sep 24 13:34:23 2007 (time differential 2 secs) Last yes vote for 192.168.0.40 was 1 secs ago (not sync site); Last vote started -60 secs ago (at Mon Sep 24 13:35:23 2007) Local db version is 1190621353.2 I am not sync site Lowest host 192.168.0.40 was set 1 secs ago Sync host 0.0.0.0 was set 1487 secs ago Sync site's db version is 1190621353.2 0 locked pages, 0 of them for write The Last vote started always starts with a negative number and the primary DB server loses it's master status as sync site. I didn't experience this on my previous hardware which was all 32 bit. If anyone can offer some hints it would be much appreciated. Regards, Mustafa.
Re: [OpenAFS] Is OpenAFS the right solution for this?
On 1/22/07, Christopher D. Clausen <[EMAIL PROTECTED]> wrote: I'm guesing that GFS would be best perfromance wise in your situation, although I'm not sure you can mirror it across two disk servers. Note: GFS requires shared storage. Local storage can be exported to other nodes via gndb, but that makes for a highly 'unavailable' setup. Look at LVM mirroring if you're interested in such setups using local storage. Using AFS with something that does block-level replication will likely cause you pain. Thats not to say that it won't work, its just that AFS wasn't designed to be used in this way. If you do go with AFS, I'd suggest simply using the AFS replication method to mirror data every 15 minutes or so to another file server. Or use each client machine and mirror at that level (host based mirroring.) Other than what Christopher is suggesting, I would also recommend you have a look at Lustre (http://www.lustre.org & http://www.clusterfs.com). Lustre uses local storage and integrates with linux-ha quite well. You can run it on-top of drbd devices for a highly available active/active setup. -- Mustafa A. Hashmi [EMAIL PROTECTED] ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] token lifetime
On 6/28/06, Ron Croonenberg <[EMAIL PROTECTED]> wrote: I am trying to find how to change the "lifetime" of an AFS token for a specific user. This is dependant on the life of the kerberos ticket the user gets (for the service in question as well). For example: to get a 2 day token, modify the principal in kerberos setting maxlife to 2 days, then proceed to modify the maxlife of the afs/host service entry to two days as well. I think one also needs to modify the kdc.conf file for the realm in question -- setting the variable 'max_life' to 2 days. Maybe someone else can confirm this. Regards, -- Mustafa A. Hashmi [EMAIL PROTECTED] [EMAIL PROTECTED] ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] afs: bad directory
On 6/9/06, Derrick J Brashear <[EMAIL PROTECTED]> wrote: On Thu, 8 Jun 2006, Juan Rivas wrote: > df: cannot statvfs /afs: Connection timed out > > Any help appreciated. Make the connection stop timing out; I assume that host is down or not reachable? If it's reachable you have a bug. If not, well, why not? May not be entirely relevant, however I had a similar problem recently. Other IPs on the server which weren't being broadcast were mapped to the lo interface. The FS server however advertised them and the DB server was directing requests accordingly. NetRestrict was the answer. -- Mustafa A. Hashmi [EMAIL PROTECTED] [EMAIL PROTECTED] ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] [RESOLVED] Re: Cache manager does not show (can not get) user token.
The problem was the extra dot in username! Many thanks to [GNU] on [EMAIL PROTECTED] for this. Regards, -- Mustafa A. Hashmi [EMAIL PROTECTED] [EMAIL PROTECTED] On 3/14/06, Mustafa A. Hashmi <[EMAIL PROTECTED]> wrote: > All: > > I think I went astray during some of the re-trials that I tried to > preform. I have reinstalled the primary packages and gotten to the > same stage as before. Although the error message remains, the same, > aklog appears to resolve the name correctly to the ID: *** truncated by sender *** ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: Cache manager does not show (can not get) user token.
All: I think I went astray during some of the re-trials that I tried to preform. I have reinstalled the primary packages and gotten to the same stage as before. Although the error message remains, the same, aklog appears to resolve the name correctly to the ID: # aklog -d node30.emergen.biz -k EMERGEN.BIZ Authenticating to cell node30.emergen.biz (server node30.emergen.biz). We were told to authenticate to realm EMERGEN.BIZ. Getting tickets: afs/[EMAIL PROTECTED] About to resolve name mustafa.hashmi.admin to id in cell node30.emergen.biz. Id 1 Set username to AFS ID 1 Setting tokens. AFS ID 1 / @ EMERGEN.BIZ # tokens Tokens held by the Cache Manager: User's (AFS ID 1) tokens for [EMAIL PROTECTED] [Expires Mar 15 00:02] --End of list-- # bos listusers node30.emergen.biz -localauth SUsers are: mustafa.hashmi.admin # bos status node30.emergen.biz -localauth Instance ptserver, currently running normally. Instance vlserver, currently running normally. Instance fs, currently running normally. Auxiliary status is: file server running. # bos status node30.emergen.biz bos: failed to contact host's bosserver (security object was passed a bad ticket). Thanks & regards, Mustafa. -- On 3/14/06, Mustafa A. Hashmi <[EMAIL PROTECTED]> wrote: > All: > > I've run into a small problem with our openAFS installation. Running > debian sarge and following Russ Allbery's instructions as found on: > http://www.openafs.org/pipermail/openafs-info/2005-August/019061.html, > I have managed to get to the following command this far: > *** truncated by sender *** ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Cache manager does not show (can not get) user token.
All: I've run into a small problem with our openAFS installation. Running debian sarge and following Russ Allbery's instructions as found on: http://www.openafs.org/pipermail/openafs-info/2005-August/019061.html, I have managed to get to the following command this far: bos status server-name This results in the error: bos: failed to contact host's bosserver (security object was passed a bad ticket). Below are quite brief details of the initialization: #: kdestroy ; unlog #: kinit mustafa.hashmi/admin Password for mustafa.hashmi/[EMAIL PROTECTED] # klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: mustafa.hashmi/[EMAIL PROTECTED] Valid starting ExpiresService principal 03/14/06 12:14:02 03/14/06 22:14:01 krbtgt/[EMAIL PROTECTED] Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc mode with HMAC/sha1 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached # aklog -d node30.emergen.biz -k EMERGEN.BIZ Authenticating to cell node30.emergen.biz (server node30.emergen.biz). We were told to authenticate to realm EMERGEN.BIZ. Getting tickets: afs/[EMAIL PROTECTED] About to resolve name mustafa.hashmi.admin to id in cell node30.emergen.biz. Id 32766 Set username to mustafa.hashmi.admin Setting tokens. mustafa.hashmi.admin / @ EMERGEN.BIZ # tokens Tokens held by the Cache Manager: Tokens for [EMAIL PROTECTED] [Expires Mar 14 22:14] --End of list-- The cache manager doesn't seem to be holding any tokens at this point for my user. Just to add, the KDC service is on a different server than the openafs-dbserver, and I have added the REALM as required in /etc/openafs/server/kdc.conf Initially I was under the impression the problem was a mismatch in the kvno number, however, that was just lack of attention on my part when looking at the output from 'tokens'. -- A few additional details of interest: kadmin.local: getprinc afs/node30.emergen.biz Principal: afs/[EMAIL PROTECTED] Expiration date: [never] Last password change: Mon Mar 13 21:25:52 GMT-5 2006 Password expiration date: [none] Maximum ticket life: 0 days 10:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Mon Mar 13 21:25:52 GMT-5 2006 (faraz.khan/[EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 1 Key: vno 3, DES cbc mode with CRC-32, no salt Attributes: Policy: [none] -- node30:# bos listkeys node30.emergen.biz -localauth key 3 has cksum 683704053 Keys last changed on Mon Mar 13 21:27:21 2006. All done. node30:/usr/share/doc# bos listusers node30.emergen.biz -localauth SUsers are: mustafa.hashmi/admin rehan.zafar If someone could please point me in the correct direction, it would be greatly appreciated. Thank you and regards, -- Mustafa A. Hashmi [EMAIL PROTECTED] [EMAIL PROTECTED] ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info