[OpenAFS] aes256-cts-hmac-sha384-192 in rxkad?
Since I can't seem to find any obvious documentation, does RXkad support any random enctype that the kerberos libs support, or does the code need to be in src/crypto/hcrypto? It also occurs to me that with the recent excitement about blockchain there might be some interesting things that could be done by using Bitcoin's libsecp256k1 library. Any thoughts? Do we need to do some sort of ICO nonsense to actually get OpenAFS 2.0 and full rxgk support? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] building openafs on ppc64le architecture on Linux
On Sat, Apr 28, 2018 at 08:12:42PM -0500, Benjamin Kaduk wrote: > On Sat, Apr 28, 2018 at 10:56:43PM +0000, Troy Benjegerdes wrote: > > On Sun, Mar 04, 2018 at 07:05:40PM -0600, Benjamin Kaduk wrote: > > > On Sun, Mar 04, 2018 at 04:31:10AM -0500, Gary Gatling wrote: > > > > Hello. > > > > > > > > > > > > But now the third problem / error I get is: > > > > > > > > rx_pthread.c:164:97: error: expected expression before ';' token > > > > error = CV_TIMEDWAIT(_event_handler_cond, _handler_mutex, > > > > _pthread_next_event_time); > > > > > > > > > > Hmm, it is as if CV_TIMEDWAIT() somehow got #defined away. > > > > > > I see from the pastebin that you are basing your work off 1.6.22; I > > > would recommend starting again from master (or 1.8.0pre5 which is > > > pretty similar), since (1) new code would have to go through master > > > anyway, and (2) master has some changes in this area, using the > > > OpenAFS Portable Runtime (opr) library instead of directly using > > > pthread calls, which may or may not be relevant. > > > > I'm looking at this on Debian 9 PPC64le, and the latest git master, > > ( Thu apr 26, cfa74883e4996dfee2bd6ffaa3b967e5a7941e0b ) and strange > > things like AFS_NORETURN are not defined when compiling 'assert.c' > > in opr.h > > > > (something is mangling my terminal with cut & paste here..) > > > > opr.h: In function â?~opr_AssertionFailedâ?T: > > opr.h:19:52: error: expected declaration specifiers before > > â?~AFS_NORETURNâ?T > > extern void opr_AssertionFailed(const char *, int) AFS_NORETURN; > > ^~~~ > > opr.h:20:62: error: expected â?~=â?T, â?~,â?T, â?~;â?T, â?~asmâ?T or > > â?~__attribute__â?T before â?~AFS_NORETURNâ?T > > extern void opr_AssertFailU(const char *, const char * > > > > > > I don't quite understand how this could not be defined, nor do > > I fully understand how 'include/afs/stds.h' is supposed to be included > > that does define that. > > > > Any thoughts here? > > Generally at this point I end up trying to see what the preprocessor > has/has not done to my file, whether via cc -E or some deeper > compiler debugging options (IIRC there are several choices in gcc to > emit intermediately preprocessed representations, but the > incantations are pretty arcane). Even cc -E should give some sense > of what files are included, though. > Oh that was silly. I started by trying to use a sysname of 'ppc64le_linuxXX', and confused myself. Patch at: https://github.com/tmagik/openafs/commit/78ae3eb8f0effd874f004059d6ba54c33997e4a2 Now, how do I get that over into something for inclusion into the regular git ? At least the AFSd works, so I assume this probably means all the server stuff should be fine, although this would be easier to test with the debian packaging. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] building openafs on ppc64le architecture on Linux
On Sun, Mar 04, 2018 at 07:05:40PM -0600, Benjamin Kaduk wrote: > On Sun, Mar 04, 2018 at 04:31:10AM -0500, Gary Gatling wrote: > > Hello. > > > > > > But now the third problem / error I get is: > > > > rx_pthread.c:164:97: error: expected expression before ';' token > > error = CV_TIMEDWAIT(_event_handler_cond, _handler_mutex, > > _pthread_next_event_time); > > > > Hmm, it is as if CV_TIMEDWAIT() somehow got #defined away. > > I see from the pastebin that you are basing your work off 1.6.22; I > would recommend starting again from master (or 1.8.0pre5 which is > pretty similar), since (1) new code would have to go through master > anyway, and (2) master has some changes in this area, using the > OpenAFS Portable Runtime (opr) library instead of directly using > pthread calls, which may or may not be relevant. I'm looking at this on Debian 9 PPC64le, and the latest git master, ( Thu apr 26, cfa74883e4996dfee2bd6ffaa3b967e5a7941e0b ) and strange things like AFS_NORETURN are not defined when compiling 'assert.c' in opr.h (something is mangling my terminal with cut & paste here..) opr.h: In function âopr_AssertionFailedâ: opr.h:19:52: error: expected declaration specifiers before âAFS_NORETURNâ extern void opr_AssertionFailed(const char *, int) AFS_NORETURN; ^~~~ opr.h:20:62: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before âAFS_NORETURNâ extern void opr_AssertFailU(const char *, const char * I don't quite understand how this could not be defined, nor do I fully understand how 'include/afs/stds.h' is supposed to be included that does define that. Any thoughts here? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Encrypted connections by default in OpenAFS 1.8?
disabled. Jeffrey Altman -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] freezes acessing /afs/.git
On Wed, Aug 06, 2014 at 10:45:56AM -0400, chas williams - CONTRACTOR wrote: On Wed, 6 Aug 2014 13:47:28 + Brandon Allbery ballb...@sinenomine.net wrote: I'm not sure how to mitigate this, though. Even if you could add a dummy AFSDB or SRV record to intercept this lookup, last night I tripped over a similar issue when rebooting my Mac: http://lpaste.net/108884 (partial trace, it took several minutes to give up on querying for both AFSDB and SRV records for many names it shouldn't have been trying to look up IMO --- wtf is Finder doing?!) Given my normal usage on this machine, I may well just knock down -dynroot. I started working on a patch to 'fix' this issue: http://gerrit.openafs.org/#change,8011 But as pointed out in the comments, it's too specific and should be a more general mechanism. Unfortunately, the preceding '.' is stripped from names before passing down to afsd for resolution so it wouldn't be possible to block /afs/.git without also blocking /afs/git Also, as was pointed out, negative caching would help as well. This really needs some sort of testcase and regression tests. I keep randomly hitting this stuff and I just 'got used to' my machine (or maybe just a process) become unusable for awhile. It's the kind of thing that someone tries AFS, and runs into this, and then never uses it again. Part of the problem is also applications that look for random files all over the place I think negative caching and maybe some sort of 'cell-configured' negative cache file is going to be necessary. -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Authentication without aklog
On Fri, Aug 01, 2014 at 03:15:26PM +0100, David Howells wrote: chas williams - CONTRACTOR c...@cmf.nrl.navy.mil wrote: Not impossible for Linux. I believe that the Linux keyring code allows for down calls from the kernel to user space in order to ask something to insert the appropriate keys (see keys-request-key.txt in the Linux kernel). Yes. request_key() will call out to userspace to instantiate a key it doesn't have yet, passing the caller's keyrings over so that the TGT can be retrieved. I think the linux Keyring approach got it right with respect to giving the right user experience that is secure and maintainable. The problem with AFS seems to be everyone who knows you need to 'kinit ; aklog' and it's been so long we have all forgotten the experience of what it was like before we realized this. So why don't we use the kernel keyring on Linux, and the built-in OS support on both MacOS and Windows for Kerberos to grab the key that matches the default realm? If you have weird situations, or where administrators feel they must stick with 'legacy' behavior, then make a 'disable_request_key()' option to the cache manager. -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Authentication without aklog
On Fri, Aug 01, 2014 at 10:44:29PM +, Brandon Allbery wrote: On Fri, 2014-08-01 at 17:35 -0500, Troy Benjegerdes wrote: So why don't we use the kernel keyring on Linux, and the built-in OS support on both MacOS and Windows for Kerberos to grab the key that matches the default realm? If you have weird situations, or where administrators feel they must stick with 'legacy' behavior, then make a 'disable_request_key()' option to the cache manager. Because, while they're no doubt the most common OSes in your privileged experience, they are not necessarily the most common OSes that are used with AFS. In particular, I support a decent number of customers that use Solaris heavily; where is your oh just use the OS keyring abstraction there? Or should they dump AFS because they are not on the OSes that you know from your privileged view are the only ones that matter? Doesn't this provide some sort of key management? http://docs.oracle.com/cd/E23823_01/html/821-2730/gkwrk.html I am trying to argue that we should use the OS-vendor provided and security audited cryptographic frameworks if at all possible, instead of continuing to carry forward the old code that was written before any OS actually *had* a crypto framework. It appears to me that most OSes have gone quite a bit beyond what kinit and aklog do, and we keep trying to use aklog to adapt square pegs to round holes because that's what we did when there was no hole or api to adapt to and we had to write it. -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
On Mon, Feb 17, 2014 at 04:07:08PM -0800, Russ Allbery wrote: Jeffrey Hutzelman jh...@cmu.edu writes: On Mon, 2014-02-17 at 13:11 -0600, Troy Benjegerdes wrote: So $10k for design, and $100k for implementation sufficient to protect a small business's data worth between $250k, and $1M. No, that's not what Jeff said. What he said was that doing the design and analysis work required to come up with an estimate could cost $10k. I happen to think that's a bit high, but then, I'm not volunteering to do it. Generating these sorts of numbers are all about what assumptions you want to make, but if you assume 50% overhead from whatever organization has to do the work to write the contract, deal with all the legal issues, route the money to people, maintain office space or benefits or whatnot, and so forth, and then figure you want three people thinking hard about this and those people make around $75 an hour, $10K pays for about 20 hours for each of those three people. That's not out of the realm of possibility. We've collectively spent far more than that on the rxgk specification, although I suspect much of that time was uncompensated or written off as some variety of overhead by a lot of different institutions. I remember hearing lots of arguments that getting rid of DES keys would take tens or hundreds of thousands of dollars, and that 'developers need to eat' etc etc. Then one day an exploit was announced, and all of a sudden we got http://www.openafs.org/pages/security/how-to-rekey.txt I need to eat too, but I'd rather focus on marketing and identifying who exactly the customer base is that's going to pay for AFS file encryption, and IPv6, and disconnected operation, and give them a free teaser of working code than whining about how it's how hard to get the current customers to buy stuff. Who's the new customer base? How do we educate all the new bitcoin-based businesses on the benefits of AFS for running a production grade distributed filesystem to support cryptocurrency trading? These guys literally make money and if you can take payment in the money they make, you can cut half the overhead costs out. Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
On Mon, Feb 17, 2014 at 10:21:40PM +0200, Jukka Tuominen wrote: Personally, I feel a bit bad that a great system like OpenAFS needs to be stitched with a separate VPN and file encryption software, when it could be all built-in. Combining tools doing their jobs well is not a bad strategy. Using EncFS with OpenAFS as the backend sounds interesting. Alas, it seems a bit stale. Stephan I'm all for combining the best efforts of various projects (see my own bigger-than-life project at www.liitin.org), I just don't think the outcome is very secure if its up to each individual to stitch up all the components together themselves. I mean, everything necessary is out there right now, but somehow organisations and homes are just worthless :) Br, jukka A relevant article: http://www.alternet.org/corporate-accountability-and-workplace/8-ways-corporate-greed-perverting-idea-sharing-economy Can I apt-get install Liitin? This sounds like a very compelling pre-installed software option for my bigger-than-life project for open-source hardware: http://q3u.be/ -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
On Thu, Feb 20, 2014 at 11:27:07AM -0800, Russ Allbery wrote: Troy Benjegerdes ho...@hozed.org writes: I remember hearing lots of arguments that getting rid of DES keys would take tens or hundreds of thousands of dollars, and that 'developers need to eat' etc etc. Then one day an exploit was announced, and all of a sudden we got http://www.openafs.org/pages/security/how-to-rekey.txt Which took at least tens of thousands of dollars, and I'm fairly certain took hundreds of thousands of dollars. You just didn't see a bill because the cost was absorbed by several institutions who paid staff to work on this, and other people volunteered their time. I've seen plenty of bills where I spent my time working on afs instead of more marketable or VC-friendly consulting work. Maybe we are not thinking about this in the right frame. There are billions of dollars worth of cryptographic currencies that did not exist when we started arguing about needing to replace DES keys, and if I had left my graphics card mining bitcoin instead of shutting it off because it was too noisy, I'd be hiring someone to do this. Here's a thought experiment: Can we make a cryptographic currency (afscoin?) in which say 5%, 10% or whatever of the coin is 'premined' and to be handed out by an appropriate foundation on delivery of working code? -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
On Thu, Feb 20, 2014 at 12:37:19PM -0800, Russ Allbery wrote: Troy Benjegerdes ho...@hozed.org writes: Maybe we are not thinking about this in the right frame. There are billions of dollars worth of cryptographic currencies that did not exist when we started arguing about needing to replace DES keys, and if I had left my graphics card mining bitcoin instead of shutting it off because it was too noisy, I'd be hiring someone to do this. Here's a thought experiment: Can we make a cryptographic currency (afscoin?) in which say 5%, 10% or whatever of the coin is 'premined' and to be handed out by an appropriate foundation on delivery of working code? This idea has a lot of promise, but wouldn't an even better idea be to fund the project with gold acquired from the greys that you're in contact with? They can bring new resources from outside the solar system, which avoids a closed economic model. Maybe you know something I don't, so I'll give you the benefit of the doubt. I at least have some numbers to back up my delusions, courtesy of http://coinmarketcap.com/ 71 Catcoin $ 226,205 $ 0.19 1,188,550 CAT $ 3,081 -16.17 % Of course, the numbers don't look very good right now, I'm speculating they will look better after it shows on TV. http://www.ibtimes.co.uk/raining-catcoins-dogecoins-opray-winfrey-reality-show-backs-animal-cryptocurrencies-1434629 I mostly jest, but Marketing is serious business. OpenAFS has been marketing to the same dead, dying, and shrinking crowd of institutions that are always chronically short of funds or you have to get someone to get a grant, or sleep with the university president, or some such nonsense. When are we going to get serious about marketing to new computing users about the compelling advantages a robust, well-tested, and reliable open source distributed filesystem offers over vendor-lock-in half-assed solutions like Google Drive and dropbox? I know there are a few of you openafs users and developers that can look farther than the institution that signs your paycheck. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
On Mon, Feb 17, 2014 at 11:35:14AM -0500, Jeffrey Altman wrote: On 2/17/2014 11:10 AM, Troy Benjegerdes wrote: Could some of the professionals here please estimate a direct dollar cost for such a thing? Who is going to pay for the design and estimation efforts? There are many approaches that can be used but before selecting one over another it is important to perform a threat analysis to determine which risks the solution must protect against and what the use cases are. For any estimate to be reasonable there will need to a work break down of the implementation tasks. It would not be unreasonable for such a design analysis and work break down to cost $10,000. An implementation that could be used by banks or government agencies would easily cost hundreds of thousands of U.S. dollars and take a year or more. Jeffrey Altman So $10k for design, and $100k for implementation sufficient to protect a small business's data worth between $250k, and $1M. Does that sound reasonable? Do you think a 10X scaling factor for data protection is reasonable, as in $100K will protect data worth $1 million? If it's going to take a year, I should have plenty of time to figure out how big of a mining farm I need to make the money to pay for it :P Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Linux OpenAFS EncFS?
Oh, and if you tack on full IPv6 support, I can pay in Catcoin, although it will probably cost me more in legal fees if euros are involved too. Jukka: What do you think about floating an indiegogo campaign to fund the stage-1 design/estimation work, and have a 'stretch goal' of getting a legal opinion on how to use https://cryptostocks.com to fund the remainder FYI, if Jaltman gets a coinbase acccount he can easily get dollars from you. On Mon, Feb 17, 2014 at 08:48:17PM +0200, Jukka Tuominen wrote: Do you accept euros? :) I just think that this might be a good time to get European funding for Internet security projects like this? Personally, I feel a bit bad that a great system like OpenAFS needs to be stitched with a separate VPN and file encryption software, when it could be all built-in. Best Sent from my iPhone On 17.2.2014, at 18.35, Jeffrey Altman jalt...@your-file-system.com wrote: On 2/17/2014 11:10 AM, Troy Benjegerdes wrote: Could some of the professionals here please estimate a direct dollar cost for such a thing? Who is going to pay for the design and estimation efforts? There are many approaches that can be used but before selecting one over another it is important to perform a threat analysis to determine which risks the solution must protect against and what the use cases are. For any estimate to be reasonable there will need to a work break down of the implementation tasks. It would not be unreasonable for such a design analysis and work break down to cost $10,000. An implementation that could be used by banks or government agencies would easily cost hundreds of thousands of U.S. dollars and take a year or more. Jeffrey Altman -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements earth::water::air::fire::mind::spirit::soulgrid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Development status of mod_waklog and filedrawers
Has anyone looked at elfinder ( http://elfinder.org ) and thought about AFS integration? I've always thought the filedrawers concept was great, but the code was (quite) a bit of a pain to actually get running. On Mon, Feb 04, 2013 at 01:01:19PM +, Joseph Timothy Foley wrote: I would like to know more about this as well. I tried to get mod_waklog working on an Ubuntu 12.04 32-bit system but was unsuccessful. It compiled but did not get loaded correctly into the Apache 2 I was using. I asked a friend to was trying to use it at MIT, but they gave up and used IP-based ACLS. Where did you find a guide indicating which patches? Thanks, Joe -Original Message- From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Staffan H?m?l? Sent: 30. jan?ar 2013 20:35 To: openafs-info@openafs.org Subject: [OpenAFS] Development status of mod_waklog and filedrawers What is the current status of the mod_waklog and filedrawers projects? I saw a thread about mod_waklog a few months ago, but what about filedrawers? I've managed to compile mod_waklog on Redhat RHEL6 64-bit after applying five patches (by Aaron Knister and Stephen Quinney). It now works on Apache 2.2 (haven't tried 2.4 yet). Filedrawers seems to need some tweaking as well. I've found a few things that needs to be changed for it to work with PHP 5.4. It also seems to have problems with the current version of Smarty (version 3.1.13). I'm working through the things that need to be changed at the moment. It seems both mod_waklog and filedrawers haven't been updated for several years. Does anyone maintain them? /Staffan -- Staffan H?m?l? Lule? University of Technology Sweden ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- -- Troy Benjegerdes'da hozer' ho...@hozed.org Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software hardware (http://q3u.be) stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Development status of mod_waklog and filedrawers
This looks like someone did something recently: http://git.hcoop.net/?p=hcoop/debian/libapache-mod-waklog.git;a=commitdiff;h=669240a17c782eb37a3c9fbd1001b037d6254232 On Mon, Feb 04, 2013 at 03:40:40PM +0100, Staffan H?m?l? wrote: I got mod_waklog to work on apache 2.2 at least. I've found a lot of info in this posting: https://lists.openafs.org/pipermail/openafs-info/2009-May/031480.html Stephen Quinney's patches are available here: http://old.nabble.com/mod_waklog-tt33632100.html Aaron Knister's patches here: http://userpages.umbc.edu/~aaronk/waklog/patches_for_git I downloaded mod_waklog from git, and applied the patches in this order: patch -p1 ../patches_aaron_knister/fix_build_scripts.patch patch -p1 ../patches_aaron_knister/have_stropts_h.patch patch -p1 ../patches_aaron_knister/gnu_source.patch patch -p1 ../patches_stephen_quinney/modwaklog-weakcrypto.patch patch -p1 ../patches_stephen_quinney/modwaklog-libs.patch As I said, mod_waklog seems to work perfectly. However, I haven't got filedrawers to work yet. It does not seem to work with PHP 5.4.11 and Smarty 3.1.13. I've read that it should work with PHP 5.x, but apparently not with 5.4, though I think I managed to fix that. (by loading some module statically instead of using dl - dynamically loaded modules, which is deprecated in 5.4). Smarty 3.1.13 seems to be more difficult, I just get strange error messages. I've found a note somewhere that it does not work with Smarty 2.x, and that version 1.x works. Maybe version 3.x has the same problem, and we need to downgrade to version 1.x. --S On 2013-02-04 14:01, Joseph Timothy Foley wrote: I would like to know more about this as well. I tried to get mod_waklog working on an Ubuntu 12.04 32-bit system but was unsuccessful. It compiled but did not get loaded correctly into the Apache 2 I was using. I asked a friend to was trying to use it at MIT, but they gave up and used IP-based ACLS. Where did you find a guide indicating which patches? Thanks, Joe -Original Message- From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Staffan H?m?l? Sent: 30. jan?ar 2013 20:35 To: openafs-info@openafs.org Subject: [OpenAFS] Development status of mod_waklog and filedrawers What is the current status of the mod_waklog and filedrawers projects? I saw a thread about mod_waklog a few months ago, but what about filedrawers? I've managed to compile mod_waklog on Redhat RHEL6 64-bit after applying five patches (by Aaron Knister and Stephen Quinney). It now works on Apache 2.2 (haven't tried 2.4 yet). Filedrawers seems to need some tweaking as well. I've found a few things that needs to be changed for it to work with PHP 5.4. It also seems to have problems with the current version of Smarty (version 3.1.13). I'm working through the things that need to be changed at the moment. It seems both mod_waklog and filedrawers haven't been updated for several years. Does anyone maintain them? /Staffan -- Staffan H?m?l? Lule? University of Technology Sweden ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- -- Troy Benjegerdes'da hozer' ho...@hozed.org Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software hardware (http://q3u.be) stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Graphical file managers get stuck
This seems to be a common cause of pain for people using AFS, and I think its a user-interface experience that drives people away. You install AFS, and then all of a sudden you go do something and your user-interface just hangs. You have not idea what triggered it, you just associate 'crappy non-responsive computer' with this AFS thing. Is there any reasonable way we can provide a global /afs namespace, while still retaining good performance (i.e. under 100ms response time when file managers to into /afs/*/)? We can talk about client misconfiguration, or bad DNS , or bad network, or whatever, but the buck's got to stop somewhere. How can we provide fast response and still indicate somehow (with an AFS manager app/system tray???) that some servers may be inaccessible, slow, or misconfigured, but still not block when file managers go look at things?? There should be a checkbox for Yes, make me wait for responses from servers in cell XXX, and give me an indication who you're waiting for, otherwise non-local cells should probably just return whatever data they have, or just ENOTCONN On Mon, Dec 10, 2012 at 03:50:05PM -0500, Jeffrey Altman wrote: -fakestat provides no benefits if the application is going to read the contents of the volume root directory referenced by a mount point. -fakestat works by generating fake stat info for the mount point target instead of reading the actual data belonging to the target which might require a volume location database lookup in addition to the file server fetch status RPC. There might even need to be DNS queries to find the locations of the VLDB servers in the foreign cell. Jeffrey Altman On Dec 10, 2012, at 1:22 PM, jukka.tuomi...@finndesign.fi wrote: Hmmm... Strange things happened. After several hang-ups, being more patient they turned into time-outs, until... even nautilus could get through! First I thought that initiating nautilus from the command line - as part of strace command - did something, but then I could browse (in vry slow motion) directly within nautilus. Now it seems more likely that eventhough fakestat does its thing within the local cell (or is otherwise just faster), the same thing isn't happening with the foreign cells (or it is just too slow). Once the dir content is displayed, nautilus continues to dig deeper into subdirs on the background, adding the number of items one-by-one. So it seems it hasn't scanned all-of-all before displaying the content!? Should fakestat-all instead of fakestat solve this situation? How exactly should I tweak the configuration to have it started on boot, and how can I verify that it is on? br, jukka On Sun, Dec 9, 2012 at 3:37 PM, jukka.tuomi...@finndesign.fi wrote: By own-path I mean local cell as opposed to foreign one. Oh, this may not be the same issue then. On my computer I see the GUI freezes happening for my local cell. You can try running nautilus through strace or gdb to see what specifically is hanging: $ strace /usr/bin/nautilus You probably want to ensure no other Nautilus processes are running before you do that (ps -A | grep nautilus). It's possible Wireshark or tcpdump might tell you more as well. I would start by sniffing on the ports for DNS, Kerberos, and AFS: $ tcpdump port 53 and port 88 and portrange 7000-7005 (or use that filter in Wireshark) - Ken ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Creating a partial sandbox of the production Cell krb5 realm
I would appreciate any other tips that anyone has. BTW, I proposed using a differently/named test cell/realm and was shot down. Sincerely, Jason [snip] Taking the other tack, I've never tried this, but think it might be interesting: set up a virtual environment where *everything* is the same as your production environment. ip addresses, cell realm names, file structure, everything. The advantage of this is you can clone things from your production environment to testing - and to a lesser extent you could also go backwards. The disadvantage of this is of course you're going to have to duplicate everything in a carefully confined piece of network space. This sounds like a good way to blow away the production system by accidentally typing in the wrong window. If this is going to be a sane test, I'd suggest one of the following: 1) a second entire mouse/keyboard/machine with a 'TEST SYSTEM' sticky note plastered on the monitor, and an entire duplicate virtual isolated network, with no wires connected to the production system OR 2) create instructions for whomever shot down the different named realm idea, and have them test it, since it's obviously critical for them that they need the same name, and you need to make sure it works *for them*. The idea is to make it their problem if it blows up. Your mileage may vary on this scheme. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Cache partition choice still limited to ext2 on Linux?
Last time I used memcache, I had issues with Java applications (Eclipse, SQLDeveloper). They brought the system to high load until they were finally OOM-killed when run under KDE on a machine with 4G RAM (512M or 1G of which set apart for the memcache). In my (limited) experience with memcache, it doesn't behave very well if the system is memory contrained and is under pressure. Most network filesystems either explode, or go really slow if the system is memory constrained. In HPC systems (Cray, in particular), there is no disk swap, and lots of effot is expended to ensure that the resident set size of whatever is running is less than 85% of available memory, 'wasting' 5-10% of RAM. You can in theory overcommit more, and keep all your RAM busy, but you are likely to slow down (or take out) the network filesystem in some edge case, which then tends to bring everything to a halt because you start evicting pages to something like, say sshd, which then goes back to the network filesystem to pull it back in because the administrator tried to figure out why in the world this thing's slow. By the time you hit this situation, users and administrators restart the node because it's 'not responding', when if you just gave it 15 minutes, the OOM killer might eventually kick in and kill the memory hog application (or the browser with too many open tabs) My opinion is this situation would be better if there were more applications that could correctly respond to 'connection timeout' I/O errors gracefully, but most seem to hammer on the filesystem with retries in that case. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded
Well, I'll try to be more clear. Several years ago, I asked what the long-term roadmap towards having AES and Kerberos5 was. At that time, we had the rxk5 code, and I thought the rough consensus was that rxgk was the long-term solution. Since then every time I (or anyone else) asks, the response I hear is rxgk is a year out. I'm not seeing much negotiating going on, or if there is, it's happening behind closed doors in proprietary implementations. As far as I can tell, rxk5 meets the 'AES+Kerberos' requirements that would solve the immediate problems of say 75% of the userbase. While this may not be 'standard', it is my opinion it passes the 'rough consensus and running code' test. I'm attempting to participate in the standards development as suggested at http://www.ietf.org/tao.html by implmenting things, and ensuring the implementation is available to internet users. This is where the standards process, at least for rxgk, seems to have completely stalled. There is no working rxgk code generally available to internet users without paying for it, and while it does prove its possible, it doesn't really help develop a good standard. On Tue, Oct 30, 2012 at 11:19:07PM -0400, Matt W. Benjamin wrote: Hi, I don't think that's what Troy meant. At any rate, he -might- have meant he presumed there would be no interest in standardizing rxk5 unless it turned out to be something that a significant number of real sites wanted to use. Matt - Gary Buhrmaster gary.buhrmas...@gmail.com wrote: On Tue, Oct 30, 2012 at 1:30 PM, Troy Benjegerdes ho...@hozed.org wrote: What are the missing pieces needed to deploy RxK5? I am going to start with the assumption that it will not pass the standards process until after there are several people running it in production. Please read https://www.ietf.org/about/process-docs.html Standards are not I am running it in production, bless it now, it is more like a long term negotiation (with a lot of work along the way). -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded
Would a deployable implementation of RxK5 as proposed by Marcus Watts and Matt Benjamin a few years ago meet your needs? What are the missing pieces needed to deploy RxK5? I am going to start with the assumption that it will not pass the standards process until after there are several people running it in production. On Tue, Oct 30, 2012 at 08:11:44PM -, Robert Milkowski wrote: It would be sufficient (krb+AES) and actually preferred. -Original Message- From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- ad...@openafs.org] On Behalf Of Troy Benjegerdes Sent: 25 October 2012 23:55 To: Robert Milkowski Cc: 'Matt W. Benjamin'; 'Jeffrey Altman'; openafs-info@openafs.org; openafs-de...@openafs.org; 'Benjamin Kaduk' Subject: Re: [OpenAFS-devel] rxgk development has been funded What are you looking to get out of rxgk? Is something that uses Kerberos authentication and AES encryption sufficient? Or do you need non-kerberos GSS-API mechanisms? On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote: I agree, that perhaps MIT instead of funding a new implementation, could actually work with YFS (and pay them) to get their implementation integrated into OpenAFS? That way all the work done by YFS wouldn't be wasted, and all of us would get rxgk sooner. -- Robert Milkowski http://milek.blogspot.com -Original Message- From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- ad...@openafs.org] On Behalf Of Matt W. Benjamin Sent: 25 October 2012 22:38 To: Troy Benjegerdes Cc: Jeffrey Altman; openafs-info@openafs.org; openafs- de...@openafs.org; Benjamin Kaduk Subject: Re: [OpenAFS-devel] rxgk development has been funded Hi, Obviously, Marcus and I thought having such a mechanism was a good idea. When we started work, the idea of standardizing the protocol hadn't been formalized. The objections early on amounted somewhat, I feel, to the great is the enemy of the good. It has been claimed that rxk5 is unreviewable. This is special pleading, but, someone still would have to -want- to use it, and to review the work. Some people legitimately objected to the constant rekeying that rxk5 does, and if that were to be changed, you'd need to factor time for that into things. Having said that, it seems like the best of all possible worlds from our current position would be if, somehow, MIT and YFSi could collaborate on finalizing YFSi's current draft implementation, rather than moving back to square 2. Yes, I'm a well known skeptic on the topic of standardization-- but I've been an active participant in new protocol design up-front on this list. There's no contradiction there: I think we don't need two implementations, we need to agree on the design of one. Regards, Matt - Troy Benjegerdes ho...@hozed.org wrote: What are the roadblocks to standardizing an 'rxk5' transport that supports any encryption mechanism(s) of the underlying kerberos implementation, but does *not* use GSSAPI? Obviously this does not provide everything a full GSSAPI implementation would, but it would provide some basic functionality. ___ OpenAFS-devel mailing list openafs-de...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 ___ OpenAFS-devel mailing list openafs-de...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel ___ OpenAFS-devel mailing list openafs-de...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] tcpoob timeline
On Fri, Oct 26, 2012 at 06:40:38PM -0400, Jeffrey Altman wrote: On 10/26/2012 5:03 PM, Andrew Deason wrote: On Wed, 17 Oct 2012 10:45:05 +0200 To provide a sense of ordering... rxgk standards work will definitely precede tcp oob, though rxgk implementation may or may not. After rxgk, some smaller/simpler standards docs may go through, but tcp oob may be the next 'bigger' one. But the ordering here is unsure; Mike Meffie should be clarifying some specifics of the new standards process within the next week. I expect that around that time is when we'll discuss the priority of which documents to look at; some people may disagree with my guessed priorities. Note that that is my thinking and my guesses for code being in the tree, not for a stable release. Release scheduling is such a question mark for me right now I can't even begin to guess for that. I have significant concerns about the design of TCP OOB as it was described at EAKC2012. http://conferences.inf.ed.ac.uk/eakc2012/slides/201210_eakc_oob.pdf The argument in favor of a TCP based solution is that RX cannot go fast enough. Andrew's claim is that RX cannot use a window size greater than 43.75K because of the 32 packet window limitation in 1.6. The fact is that this limitation is not a protocol limitation but an implementation limitation. Andrew points to Simon Wilkinson's past talks on RX as a justification for this restriction. If we are talking about performance and filesystems, I would strongly suggest some review of the work on InfiniBand transports for PVFS and Lustre. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=arnumber=1240573contentType=Conference+PublicationsqueryText%3Dpvfs+infiniband Simon brings up a number of good points why we have conflicting design goals between low latency for RPC and bulk data transfer. A general RX-stream-oob standard would have several benefits, but I'd have to agree with Jeff that performance of TCP (and the servers) is probably not one of them. So the key point here is probably instead of arguing about hypothetical performance strawman as reason not to develop a standard, let's come to some consensus on what the RPCs and assigned numbers are going to be for afs-oob-tcp and afs-oob-rdma, and maybe afs-oob-sctp. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded
[snip] As mentioned above, any commitment made at the present time may not be relevant in a year's time. What I am able to do will depend on how much time I have available, what pieces are contributed by the community, and what features are needed by MIT and the community as a whole. We plan to prioritize having a functional implementation that allows the use of GSSAPI with Kerberos 5 as a mechanism and AES256 as the key type, but other functionality will be implemented as time permits. If some organization or individual were to, say, remove LWP dependencies from the source tree in favor of pthreads, then I would have more time to spend on new features such as you list here. What are the roadblocks to standardizing an 'rxk5' transport that supports any encryption mechanism(s) of the underlying kerberos implementation, but does *not* use GSSAPI? Obviously this does not provide everything a full GSSAPI implementation would, but it would provide some basic functionality. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded
What are you looking to get out of rxgk? Is something that uses Kerberos authentication and AES encryption sufficient? Or do you need non-kerberos GSS-API mechanisms? On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote: I agree, that perhaps MIT instead of funding a new implementation, could actually work with YFS (and pay them) to get their implementation integrated into OpenAFS? That way all the work done by YFS wouldn't be wasted, and all of us would get rxgk sooner. -- Robert Milkowski http://milek.blogspot.com -Original Message- From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- ad...@openafs.org] On Behalf Of Matt W. Benjamin Sent: 25 October 2012 22:38 To: Troy Benjegerdes Cc: Jeffrey Altman; openafs-info@openafs.org; openafs- de...@openafs.org; Benjamin Kaduk Subject: Re: [OpenAFS-devel] rxgk development has been funded Hi, Obviously, Marcus and I thought having such a mechanism was a good idea. When we started work, the idea of standardizing the protocol hadn't been formalized. The objections early on amounted somewhat, I feel, to the great is the enemy of the good. It has been claimed that rxk5 is unreviewable. This is special pleading, but, someone still would have to -want- to use it, and to review the work. Some people legitimately objected to the constant rekeying that rxk5 does, and if that were to be changed, you'd need to factor time for that into things. Having said that, it seems like the best of all possible worlds from our current position would be if, somehow, MIT and YFSi could collaborate on finalizing YFSi's current draft implementation, rather than moving back to square 2. Yes, I'm a well known skeptic on the topic of standardization--but I've been an active participant in new protocol design up-front on this list. There's no contradiction there: I think we don't need two implementations, we need to agree on the design of one. Regards, Matt - Troy Benjegerdes ho...@hozed.org wrote: What are the roadblocks to standardizing an 'rxk5' transport that supports any encryption mechanism(s) of the underlying kerberos implementation, but does *not* use GSSAPI? Obviously this does not provide everything a full GSSAPI implementation would, but it would provide some basic functionality. ___ OpenAFS-devel mailing list openafs-de...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 ___ OpenAFS-devel mailing list openafs-de...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS and single DES
Please have a look at: https://lists.openafs.org/pipermail/openafs-devel/2010-May/017637.html It may cost you less in the long term to simply upgrade AFS to use the 'non-standard' rxk5 implementation until someone releases a working rxgk, or to contract with one of the support vendors to implement rxgk. I got burned by this when I upgraded one of my kerberos servers, and I concluded it was better to fork OpenAFS than to wait for a standard to appear. The results of my attempt to merge rxk5 to current are at: https://bitbucket.org/dahozer/tfs I would appreciate any reports of failures of './configure --enable-rxk5 make check' on the TFS issue tracker page, and this will hopefully motivate myself or someone else to fix it. An excercise you may or may not want to consider, depending on how many bridges you want to burn, is asking a third-party security audit/red team to implement a tool to crack the DES Keyfile. This would have the effect of either lighting a fire under the community to replace DES, or result in major institutions dropping AFS completely. On Fri, Oct 05, 2012 at 02:13:56PM -0400, Jim Green wrote: Here at Michigan State, I'm leading a project to upgrade our MIT Kerberos system from 1.6.3 to 1.10.x. One thing we've discovered in our research is, in order for AFS to work, we need to turn on support for single DES in our Kerberos KDC. Short of either OpenAFS being modified not to need single DES (doesn't seem likely any time soon), or MSU dropping AFS (it's been suggested, but that's complex logistically for us), what are the appropriate steps we should take to mitigate the risk? For example, I've been asked if there is any way to limit single-DES to only those transactions that absolutely need it. Which made me realize that I actually do not understand which transactions actually need it. From reading this post, https://lists.openafs.org/pipermail/openafs-info/2010-March/033057.html, it seems that OpenAFS client versions 1.4.12 and higher are doing something like that on the client side, thereby doing away with the need to set allow_weak_crypto=true in the Kerberos client, but allowing it for aklog only. Is that right? Otherwise, does anyone have any other suggestions to make us feel better or worse as far as what the exposure is and what steps we should take to mitigate it? I realize this is a Kerberos question but I'm thinking because it relates to AFS some of you may have already put some thought into it as well. Thanks in advance ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] is YFS a derived work?
On Tue, Oct 02, 2012 at 11:09:36AM -0400, Steve Simmons wrote: On Oct 2, 2012, at 12:53 AM, Troy Benjegerdes wrote: Let's look at this another way... If someone actually bothers to file an IP lawsuit of any sort regarding AFS, then I think this would be the most credible sign of success I could possibly imagine. And then, in that case, if there were an issue, there would be sufficient community resources to re-write offending code, or re-purpose/extend things like Arla, or the linux kernel kafs client. I am not a lawyer, but do follow such issues fairly closely. Please take my opinions strictly as opinions; arguing with them will quickly devolve to me responding with 'go ask a lawyer.' That said, here's my opinion. Troy writes . . . in that case, if there were an issue, there would be sufficient community resources to re-write offending code . . . Unfortunately this is far from the only thing that would result in case of such an issue. A detailed reading of the goings-on in the SCO trials shows some of the perils here. (For detail, see http://www.groklaw.net/staticpages/index.php?page=Headlines and start with the 'SCO Overview' link at the top of the page. I know of no good summary, and IMHO no summary would show the detailed needed at this level.) In brief, if some company felt it had patents which are violated by AFS, they would be most effective by suing the providers for restitution (YFS, SineNomine, etc) and obtaining injunctions against the distribution by others. Defending against such suits is expensive. Very very expensive. Community resources on rewriting offending code don't help at all, because what's required is big money to hire good lawyers. Further, you will never get a clean statement from the plaintiff saying whether your planned changes now avoid the patent claims. Nor will you get a clean statement saying that whatever you convert to does not violate another patent. What's needed is to win the suit by either invalidating the patent or proving in court that the implementation does not violate the patent. And that takes big, big bucks and lots of time. Again citing SCO vs the world as example, it took eight years and still isn't quite dead. For small companies, odds are good the cost of defense will bankrupt them. For individual, there is no choice at all: you can either stop distributing, or you can go straight to the poorhouse. Nor will institutions like universities or CERN defend against such suits. Cases like ATT vs. BSDI where U. C. Berkeley finally was dragged in and delivered the coup de grace are the exception rather than the rule. And that was simply a copyright case, not a patent case. Further, anyone who built from source would be a potential target of such a suit. Morgan Stanley has very deep pockets and would be an attractive target. Any university with a large endowment would be attractive - eg, Stanford, Harvard, University of Michigan, probably others. Those universities are risk-averse, and would likely 'settle' by ceasing to use AFS. These sorts of cases were never feasible in the TransArc/IBM days because IBM had a patent portfolio second to none and the risk of countersuit was too high. Right now there's no benefit to the plaintiff because there are few or no deep pockets to go after and there is no significant commercial activity in AFS. If either of those change, I expect the patent trolls (or maybe Oracle) to come out of the walls like rats. The result will not be pretty, and would likely be the end of AFS. My opinion is anyone filing suit against a 'derivative work' of AFS would pretty much guarantee the end of the company filing suite. It might be IBM's lawyers, defending the IPL, it might be Red Hat lawyers, defending kAFS, or it might be the free software foundation, defending some GPLv2/GPLv3 code that implements afs-compatible wire protocols. http://www.softwarefreedom.org/blog/2012/sep/17/twin-peaks-and-the-gpl/ If any sort of injunction is ever issued against distributing AFS code, I'll be ordering some T-shirts excercising my first amendment right to free speech. http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] is YFS a derived work -- raise funds for legal opinion
On Tue, Oct 02, 2012 at 09:08:49PM -0400, Brandon Allbery wrote: On Tue, Oct 2, 2012 at 8:39 PM, Troy Benjegerdes ho...@hozed.org wrote: My opinion is anyone filing suit against a 'derivative work' of AFS would pretty much guarantee the end of the company filing suite. It might be Pretty optimistic, there; what are your legal credentials? If you don't have any, your opinion is somewhere between meaningless and actively dangerous; the latter, if someone were to try to rely on it. Free speech doesn't apply to this. The only thing that matters if it comes to such a lawsuit is money; you going to put up? You're right. It is actively dangerous for pretty much any of us on this list to start speculating about theoretically possible lawsuits. I'd like to put my money where my mouth is and put in $50 to retain the FSF council Eben Moglen to answer this question with real legal advice. I figure it is not worth his time unless there are at least 2-3 others also willing to make the same contribution. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] is YFS a derived work -- raise funds for legal opinion
On Tue, Oct 02, 2012 at 10:12:26PM -0400, Brandon Allbery wrote: On Tue, Oct 2, 2012 at 10:07 PM, Troy Benjegerdes ho...@hozed.org wrote: On Tue, Oct 02, 2012 at 09:08:49PM -0400, Brandon Allbery wrote: On Tue, Oct 2, 2012 at 8:39 PM, Troy Benjegerdes ho...@hozed.org wrote: My opinion is anyone filing suit against a 'derivative work' of AFS would pretty much guarantee the end of the company filing suite. It might be Pretty optimistic, there; what are your legal credentials? If you don't have any, your opinion is somewhere between meaningless and actively dangerous; the latter, if someone were to try to rely on it. You're right. It is actively dangerous for pretty much any of us on this list to start speculating about theoretically possible lawsuits. I'd like to put my money where my mouth is and put in $50 to retain the FSF council Eben Moglen to answer this question with real legal advice. Honestly? This is almost useless; such things are decided and become precedent only as part of active litigation. Otherwise, what you get will be an informed opinion, but still an opinion and of no real significance were it to come to an actual legal challenge. So really, we can only test this by having an actual lawsuit. Until that happens, my opinion is the 'fear, uncertainty, and doubt' about a theoretical lawsuit is more damaging than the reality. If you are worried about it, retain a lawyer, or get some insurance maybe http://www.patentinsurance.com/products/ can help you. I really can't unless you want to buy a support/service contract from me. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
On Mon, Oct 01, 2012 at 07:55:36AM +0200, Lars Schimmer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2012-10-01 06:48, Troy Benjegerdes wrote: On Sun, Sep 30, 2012 at 11:38:10PM +0200, Lars Schimmer wrote: On 30.09.2012 21:10, Troy Benjegerdes wrote: One-time deals (on linux) that require interaction will blow up all kinds of automated tools and leave the rank and file admins your enemy. Easy, user do call admins angry and stupid. And Admins change OpenAFS to NFS/SMB/or anything else, which is free and easy to deploy. Nearly everything is free, functional and already included. Why hassle with more work, incompatible licenses and all the user support? Having migrated from NFSv3 to AFS (and then OpenAFS), I'd have to say that NFS may be free, but it doesn't really fall into the 'functional' category. But this was several years ago, so there might have been some magic that happened with NFS I haven't seen yet. Can anyone who has experience migrating to/from OpenAFS from/to anything else in the last 2-3 years please comment? If there's really something free, functional, and already included then I'd like to know what the heck it is. Just buy a NetApp storage, everything for windows roaming is included and simple and easy. No need to hassle with extra fileservers, extra admin work, extra bugs, extra loose of function like alternate datastreams,... Life can be easy. On the other side, why pay for OpenAFS in kind of licenses, support, admin hour,... if you already got everything you need in the storage device? And why pay if it is open source? Life isn?t as easy as this at all... (and yeah, IF you go big and have a datacenter, you already HAVE these storages, everything else would be a horrible nightmare. But small groups like ours here with 10 people usual do not have/need OpenAFS, so that discussion is nonesense at all. If you are a small group, you have something easy and simple like NFS or SMB which cost no extra support, if you are big, you have the storage with everything included. Where goes OpenAFS?) Because you don't expose your internal group NFS/SMB share to collaborators in another timezone, and central IT policy won't let you expose the Netapp. AFS is the only thing besides GPFS (also from IBM) that I have ever heard of someone talking seriously about cross-site/cross-continent file sharing. (Okay, I did a remote mount of PVFS over 6000 miles, but that was an SC demo stunt) If you actually want to *share* it, AFS is the way to go. I think if we are trying to 'keep' admins and small groups that don't understand the value of sharing, it would be better if they *did* migrate to a department nfs/smb (un)share and unshare themselves into irrelevance. If admins and CIO's don't understand the value of having a filesystem that just politely *asks* for a donation, and get irate at some additional text in aklog tokens output, then I think we all might be better served if they choose a solution like Google drive that's simple, easy, free, and then feeds you ads and mines your data for you too. Then YFS can buy some google ads and get them back as paying customers when the figure out what they are missing. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
Locality, and latency to the server still matters. Let's imagine we are 5 years from now, and there are at least 3 branded AFS derivatives, and vendors touting 'AFS appliance' capability, and 'the cloud' has been replaced by 'the filesystem'. As in, some derivative of the Andrew filesystem. When the meteorology department is approaches deadlines for climate conference papers, and everyone there is throwing terabytes of datafiles into and out of 'the filesystem', everyone else on campus is going to be very happy they have isolated servers, and the only complaints about performance will be from the poor students taking a weather course for graduation requirements. Dropbox would melt down and explode in bankruptcy from bandwidth charges if 10Gb networking was actually *everywhere*. Their model works, for the moment, because Dropbox has 10Gb firehoses, and all their users drink from teensy consumer class straws. They can take their time filling buckets with the firehose and let the users drain it out slow. AFS might have a chance of handling this, because of the design. On Mon, Oct 01, 2012 at 07:28:43PM +, Dyer, Rodney wrote: NetApp's strength is actually its problem, and that is it doesn't actually exist to the client, it is completely invisible. Windows sees it as a normal Windows CIFS share. 'nix sees it as NFS. The problem is that this is point-to-point file sharing. AFS allows global namespace, and the client does the volume lookup to find the server for the path required. This is true distribution, not point-to-point. If you setup Microsoft's AD dfs with NetApp filers, you might come close to emulating what AFS does, but it won't be pretty, and as far as I know 'nix is out of the question in that setup. I would personally rather be allowed to distribute my server load, than to point thousands of clients at single filer heads. Of course networking is much better now than it was 10 years ago, but single point of failure is still an important consideration. We have server rooms in each of our major campus buildings. If networking goes down in one building, the others don't completely lose access to AFS. This is mainly read-only data, but users are also distributed where possible. The rule of thumb should be always to keep network traffic local where possible, and only expand where necessary. This is actually the opposite model of the internet cloudy file repositories like DropBox. Maybe I'm just too old, and in a world where 10 Gb networking is everywhere locality no longer matters. Rodney Rodney Dyer Operations and Systems (Specialist) Mosaic Computing Group William States Lee College of Engineering University of North Carolina at Charlotte From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Hoskins, Matthew E. Sent: Monday, October 01, 2012 12:37 PM To: Booker Bense Cc: Glenn Bjorcken; openafs-info@openafs.org Subject: Re: [OpenAFS] the future NetApp's vol move and vfiler migrate. We primarily use AFS vos move for FS balancing and evacuation in prep for maintenance. Since netapps can be maintained non-disruptively, keeping them scaled small so they can be evacuated easily is not a design constraint. Therefore, our netapps have 200+ TB of storage which eliminates most of the data movement we would typically do with AFS to avoid maint downtime. Its a different world/different philosophy. Netapp can also serves a volume to NFS and CIFS simultaneously, supports Krb5 and AD...Snapshots, dedupe, compression, But i digress. On Mon, Oct 1, 2012 at 11:57 AM, Booker Bense bbe...@gmail.commailto:bbe...@gmail.com wrote: On Mon, Oct 1, 2012 at 8:44 AM, Glenn Bjorcken gl...@kth.semailto:gl...@kth.se wrote: I want vos move, does NFSv4 do that ? :) I think if you spend $$ on a NetAPP box, you might get that. However, I am aware of no open source/freeware solution that does vos move, ( or at least none that does it as seamlessly as OpenAFS). - Booker C. Bense ___ OpenAFS-info mailing list OpenAFS-info@openafs.orgmailto:OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
Have you thought about what you can offer to SMB (small-medium businesses) For instance, you charge $3.99 for the iYFS iDevice app. What could you offer for $20/month? Would you let a third party resell iYFS to the SMB market, as long as you are getting the standard yearly incident support rate from the reseller? On Mon, Oct 01, 2012 at 09:56:02PM -0400, Jeffrey Altman wrote: Ted: Is OpenAFS available unsupported? Sure, download the code from openafs.org and have a blast. Pricing for YFS 1.0 has not been finalized. It will not be available for free. Jeffrey Altman On 10/1/2012 9:12 PM, Ted Creedon wrote: Is it available unsupported? tedc On Mon, Oct 1, 2012 at 5:57 PM, Jeffrey Altman jalt...@your-file-system.com mailto:jalt...@your-file-system.com wrote: On 9/30/2012 4:33 PM, Aaron Knister wrote: Regarding support, some type of subscription based model could go a long way. One if the reasons (other than frankly ignorance) that OpenAFS was frowned upon at UMBC was our lack of commercial support. I know there are entities that provide support but they seemed to require more effort than clicking a button, selecting my subscription type (X number of FileServers, Y number of supported clients, Z number of vldb servers, etc), and typing in a credit card number I have always received a significant amount of pushback for any pricing model that is based upon # of servers and especially # of clients. That is why the YFSI pricing model is based upon number a number of support incidents. It doesn't matter how many platforms you deploy or how many servers or number of clients, support is driven by how much support the organization requires and whether support is U.S. business hours monday to friday or 24/7/365. Support packages start at US$4995 per year. Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] is YFS a derived work?
Let's look at this another way... If someone actually bothers to file an IP lawsuit of any sort regarding AFS, then I think this would be the most credible sign of success I could possibly imagine. And then, in that case, if there were an issue, there would be sufficient community resources to re-write offending code, or re-purpose/extend things like Arla, or the linux kernel kafs client. What would be the downside of someone 'forcing' YFS back into the open source domain? By that time, there should be plenty of customers wanting support contracts that it won't matter. On Mon, Oct 01, 2012 at 10:21:54AM -0700, Ted Creedon wrote: The IP (intellectual property) in YFS seems to be derived from AFS's IP. If that case can be made, IBM or any other entity could force YFS back into the open source domain. The look and feel of YFS may also be a problem - see Broderbund or better yet their attorney's web page. http://www.quinnemanuel.com/attorneys/stern-claude-m.aspx My direct experience is from a dispute Tektronix had with ParcPlace over Smalltalk licensing back in the '80's. AFS may be able to claim infringement against other file systems because of its prior art (but its unpatented?). Which brings up a point, has IBM or CMU protected AFS's IP in any way? Tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
On Sun, Sep 30, 2012 at 02:49:08AM -0700, Ted Creedon wrote: How about taking a AFS wide survey using a aklog token driven one time pop up explaining that AFS is not being updated according to industry standards and that it needs substantial financial support. Most users are charged for computer support one way or another. AFS needs to be included just like Microsoft license fees. I.e. is there any way to get the users fired up? I like this. But I think for this to work we need a simple URL like 'http://openafs.org/donate' that that shows up in the command line aklog client, and on a clickable link in the GUI client. Currently http://static.usenix.org/about/openafs/ is the only 'donate to OpenAFS' link I can find, but that requires cutting a check. The landing page for donations needs to accept PayPal, Amazon payments, Dwolla, and Bitcoin, as well as form to click saying 'My organization uses openafs, please contact __ who has purchasing authority' I think it would look better to have a full OpenAFS foundation with clear governance, but for the moment, all that is needed is some consensus to set up a 'donate' landing page on OpenAFS.org, and someone to set up the payment arrangements so checks get regularly cut to the address on the Usenix association page. If there is a consensus to go ahead with this, I would be willing to offer to handle the Dwolla and Bitcoin 'instant donate' links. I can beat whatever percentage Amazon and Paypal take and still make it worth my time, and I'll include the others because it makes for wider audience for contributions. If there is not a consensus to go ahead with this within a month or two, I'm going to (at whatever glacial pace I feel like it) release TFS version(s) for Linux, Android, and MacOS that have such a link and donate pages. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
I would hope that the donation link would be a more subtle, and equally effective incentive. If edu CIO's start getting emails from professors asking Why is this software we depend on asking for donations, maybe they'd start looking at their overhead budgets. But that overhead money will come from somewhere else.. We better have a story on the donation landing page on how much AFS saves vs the 'storage appliance' and 'cloud' models that are all the rage among CIOs. How about a landing page with a survey of What excessive IT spend would you cut in your organization and redirect to AFS?. One-time deals (on linux) that require interaction will blow up all kinds of automated tools and leave the rank and file admins your enemy. How do you pop up a dialog when aklog is called via the GDM/KDM login via pam_aklog, for instance? On Sun, Sep 30, 2012 at 10:52:51AM -0700, Ted Creedon wrote: My intent was to foment a user uprising resulting in pressure on the .edu .com level administrators to provide funding from established budgets. More of a corporate funding than individual contributions. Perhaps a cc to the local spreadsheet managers would get the user needs better communicated. I.e. you can't aklog one time only until you fill out the poll, send it in w/cc to local financial folks. Tedc On Sun, Sep 30, 2012 at 8:41 AM, Troy Benjegerdes ho...@hozed.org wrote: On Sun, Sep 30, 2012 at 02:49:08AM -0700, Ted Creedon wrote: How about taking a AFS wide survey using a aklog token driven one time pop up explaining that AFS is not being updated according to industry standards and that it needs substantial financial support. Most users are charged for computer support one way or another. AFS needs to be included just like Microsoft license fees. I.e. is there any way to get the users fired up? I like this. But I think for this to work we need a simple URL like 'http://openafs.org/donate' that that shows up in the command line aklog client, and on a clickable link in the GUI client. Currently http://static.usenix.org/about/openafs/ is the only 'donate to OpenAFS' link I can find, but that requires cutting a check. The landing page for donations needs to accept PayPal, Amazon payments, Dwolla, and Bitcoin, as well as form to click saying 'My organization uses openafs, please contact __ who has purchasing authority' I think it would look better to have a full OpenAFS foundation with clear governance, but for the moment, all that is needed is some consensus to set up a 'donate' landing page on OpenAFS.org, and someone to set up the payment arrangements so checks get regularly cut to the address on the Usenix association page. If there is a consensus to go ahead with this, I would be willing to offer to handle the Dwolla and Bitcoin 'instant donate' links. I can beat whatever percentage Amazon and Paypal take and still make it worth my time, and I'll include the others because it makes for wider audience for contributions. If there is not a consensus to go ahead with this within a month or two, I'm going to (at whatever glacial pace I feel like it) release TFS version(s) for Linux, Android, and MacOS that have such a link and donate pages. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
How about this: src/aklog$ LD_LIBRARY_PATH=../../lib ./aklog This software is free software, and depends on your ongoing support Please consider a donation to http://openafs.org/Donate src/tfs/src/aklog$ LD_LIBRARY_PATH=../../lib ./aklog -nonag src/tfs/src/aklog$ After doing this, I realized I need to add this message to 'tokens' as well. Would the developers accept a patch to add this to at least 'aklog' and 'tokens' ? On Sun, Sep 30, 2012 at 02:10:23PM -0500, Troy Benjegerdes wrote: I would hope that the donation link would be a more subtle, and equally effective incentive. If edu CIO's start getting emails from professors asking Why is this software we depend on asking for donations, maybe they'd start looking at their overhead budgets. But that overhead money will come from somewhere else.. We better have a story on the donation landing page on how much AFS saves vs the 'storage appliance' and 'cloud' models that are all the rage among CIOs. How about a landing page with a survey of What excessive IT spend would you cut in your organization and redirect to AFS?. One-time deals (on linux) that require interaction will blow up all kinds of automated tools and leave the rank and file admins your enemy. How do you pop up a dialog when aklog is called via the GDM/KDM login via pam_aklog, for instance? On Sun, Sep 30, 2012 at 10:52:51AM -0700, Ted Creedon wrote: My intent was to foment a user uprising resulting in pressure on the .edu .com level administrators to provide funding from established budgets. More of a corporate funding than individual contributions. Perhaps a cc to the local spreadsheet managers would get the user needs better communicated. I.e. you can't aklog one time only until you fill out the poll, send it in w/cc to local financial folks. Tedc On Sun, Sep 30, 2012 at 8:41 AM, Troy Benjegerdes ho...@hozed.org wrote: On Sun, Sep 30, 2012 at 02:49:08AM -0700, Ted Creedon wrote: How about taking a AFS wide survey using a aklog token driven one time pop up explaining that AFS is not being updated according to industry standards and that it needs substantial financial support. Most users are charged for computer support one way or another. AFS needs to be included just like Microsoft license fees. I.e. is there any way to get the users fired up? I like this. But I think for this to work we need a simple URL like 'http://openafs.org/donate' that that shows up in the command line aklog client, and on a clickable link in the GUI client. Currently http://static.usenix.org/about/openafs/ is the only 'donate to OpenAFS' link I can find, but that requires cutting a check. The landing page for donations needs to accept PayPal, Amazon payments, Dwolla, and Bitcoin, as well as form to click saying 'My organization uses openafs, please contact __ who has purchasing authority' I think it would look better to have a full OpenAFS foundation with clear governance, but for the moment, all that is needed is some consensus to set up a 'donate' landing page on OpenAFS.org, and someone to set up the payment arrangements so checks get regularly cut to the address on the Usenix association page. If there is a consensus to go ahead with this, I would be willing to offer to handle the Dwolla and Bitcoin 'instant donate' links. I can beat whatever percentage Amazon and Paypal take and still make it worth my time, and I'll include the others because it makes for wider audience for contributions. If there is not a consensus to go ahead with this within a month or two, I'm going to (at whatever glacial pace I feel like it) release TFS version(s) for Linux, Android, and MacOS that have such a link and donate pages. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: the future
I'd say the summary is something like this: 1) YFS (your-file-system) is forking (or re-implementing) OpenAFS to be able to have a commercially viable business product that will have the financial return-on-investment needed to justify the cost of implementing a long list of things, starting with rxgk. 2) No other credible plans have been proposed that can provide a working rxgk implementation, and the only implementation that at one point actually worked was rxk5, but it had 'flag day' issues for upgrades. Some of us don't really care about the flag day issue, but then that's effectively forking OpenAFS into incompatible versions. It's also not clear why YFS should support the OpenAFS community if the OpenAFS community is not providing anything to YFS in return. Is this a halfway accurate short summary, or I am completely missing something? On Sun, Sep 30, 2012 at 09:25:54PM -0400, Jeffrey Altman wrote: Steve: I have written many paragraphs over the last couple of months. They are drowned out by the noise. There is no burnout. Russ and I both resigned from the Elders for different reasons. You can read our resignation letters in the openafs-announce 2012 archives http://lists.openafs.org/pipermail/openafs-announce/2012/date.html I recommend that you read http://lists.openafs.org/pipermail/openafs-info/2012-August/038511.html if you have not already. On 9/30/2012 9:03 PM, Devine, Steven (sd) wrote: Please know that this post is offered in the hopes of helping, or at least giving a viewpoint of one that operates on the edge of the OpenAFS. I am generally unaware of the current dilemma that seems to be facing OpenAFS. I read this list in digest mode and recent changes in my responsibilities have made that pretty sporadic. This doesn't mean that AFS is not important to MSU or to me. So here is my question: Can some one give the list a couple of paragraphs about what the heck is going on? I suspect there are a lot of us that would like to help but I truly can't tell if there is a serious issue at hand or if this is just the result of the elders and gatekeepers facing burnout. Respectfully please, we need direction if help is truly required from the members of this list. /sd Steve Devine Collaborative Systems Support Information Technology Services Michigan State University ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
How much would you pay per month to be listed on the 'donate' landing page as an OpenAFS supporter, and have access to nag-free binaries? As a comparison, what is your college monthly spend on RHEL? How do we, as a community of developers, make a case to your management that the value provided by AFS is of the same order of magnitude as a RHEL subscription (**or** the staff time for maintaining CentOS), and make the same order of magnitude contribution to OpenAFS. I think in-kind donation of staff time and machines for testing new releases would be an excellent way to make non-monetary contributions. On Sun, Sep 30, 2012 at 07:36:55PM -0400, Jonathan Billings wrote: On Sun, Sep 30, 2012 at 02:33:07PM -0500, Troy Benjegerdes wrote: src/aklog$ LD_LIBRARY_PATH=../../lib ./aklog This software is free software, and depends on your ongoing support Please consider a donation to http://openafs.org/Donate src/tfs/src/aklog$ LD_LIBRARY_PATH=../../lib ./aklog -nonag src/tfs/src/aklog$ I can tell you right now that I'd probably patch the source to remove this in our environment. It would break so much stuff, and just further prove to my management that AFS is on its way out, since now I have to maintain local patches. -- Jonathan Billings jsbil...@umich.edu College of Engineering - CAEN - Unix and Linux Support ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
On Sun, Sep 30, 2012 at 11:38:10PM +0200, Lars Schimmer wrote: On 30.09.2012 21:10, Troy Benjegerdes wrote: One-time deals (on linux) that require interaction will blow up all kinds of automated tools and leave the rank and file admins your enemy. Easy, user do call admins angry and stupid. And Admins change OpenAFS to NFS/SMB/or anything else, which is free and easy to deploy. Nearly everything is free, functional and already included. Why hassle with more work, incompatible licenses and all the user support? Having migrated from NFSv3 to AFS (and then OpenAFS), I'd have to say that NFS may be free, but it doesn't really fall into the 'functional' category. But this was several years ago, so there might have been some magic that happened with NFS I haven't seen yet. Can anyone who has experience migrating to/from OpenAFS from/to anything else in the last 2-3 years please comment? If there's really something free, functional, and already included then I'd like to know what the heck it is. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
On Sat, Sep 29, 2012 at 10:13:58AM -0400, Jason Edgecombe wrote: On 09/28/2012 11:33 PM, Troy Benjegerdes wrote: If we dust off some old AFS code and paint up with YFS, TFS, and WTFS (What The Foo is this File Stuff) logos, and have ourselves a nice horserace all the spreadsheet guys can take bets on, what might happen? As I understand, YFS, Inc. is taking this approach. How about at the next DEFCON hacker convention we organize a demo of a real-time AFS protocol encryption cracker and file-server spoofer? I expect this would have all the impact of turning off your servers but conveniently providing someone else to blame. Spreadsheet pushers like to play blame games, you know. Manager/Security: What do you mean that the bloody protocol is compromised and we can't fix it?! How much to get off of this crap right now? Much backlash. That would just make AFS fail. I doubt that we would win any customers by deliberately exposing them to security, regulatory, or legal problems. Someone else commented about 'nuking bridges', and demoing an encryption cracker without tested replacement code would be more like nuking all the bridges from orbit, which is why I haven't seriously considered it. Now, here's the thing though... Look at the competition.. iCloud, amazon S3, google drive. THOSE are protocols that are broken. Spreadsheet guys don't understand protocols, or why they are important. At least with AFS we have a solid protocol, and (I think) an accepted path forward (rxgk), and all that is lacking is *paying someone to write the code* If the support vendors have good PR people, the response to the manager will be Here, we have a new upgrade to sell you, that will be $X, and here are our pen test reports showing how easy it is to hack everything else because the only protocol that actually addresses the threat is AFS On my more cynical days, I think the only way to actually make money in today's current software/hardware business is to abuse your customers with licenses, upgrade treadmills, and FUD. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
The actual reason why so much open source work is done by such people is not because they're better at it. It's because they drive off everyone who doesn't have thick skin or enjoys robust exchanges of views or whatever today's euphemism is for tolerating abusive behavior, and then use the fact that all surviving project members interact like they do as proof that their social behavior is acceptable. It's a self-selecting, self-perpetuating ecosystem that I'm increasingly uninterested in tolerating. Now this is an interesting discussion. I think you described OpenBSD and qmail quite well. Is there any way you can imagine to quantify the 'abuse quotient' for a particular project or mailing list? Someone, somewhere has got to have a natural language analysis tool, and some sort of metrics for what constitutes abusive behavior. I was thinking while first reading your message that the reason lots of open source projects are run by assholes is that the assholes are better at getting funded to continue to lead open source projects. The nice guys end up taking other jobs to pay the mortgage, while the assholes can be obnoxious full time. And, as you alluded to, it DOES have something to do with gender.. http://www.foxbusiness.com/personal-finance/2011/11/03/workplace-jerks-make-more-money/ 'assholes make more money' is an interesting google search. Besides, whether one attracts more developers that way or not, it's simply the right thing to do, at a level that's considerably more important than whether AFS survives as a technology or not. Now this is a very good social/ethical goal. So with that, I want to apologize for anything I've written that comes across as abusive, jerky, or obnoxious behavior. It may also very well be my mood in september and october is highly correlated with the price of corn and soybeans, and the market is up today, so I should probably avoid posting on a down market. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] the future
The key here seems to be marketing, and getting inside the head of the spread sheet managers (or just modifying their spreadsheets). What do they like? New things, so they can impress their peers because they got the scoop on some amazing new technology? If we dust off some old AFS code and paint up with YFS, TFS, and WTFS (What The Foo is this File Stuff) logos, and have ourselves a nice horserace all the spreadsheet guys can take bets on, what might happen? How about at the next DEFCON hacker convention we organize a demo of a real-time AFS protocol encryption cracker and file-server spoofer? I expect this would have all the impact of turning off your servers but conveniently providing someone else to blame. Spreadsheet pushers like to play blame games, you know. On Fri, Sep 28, 2012 at 11:21:11AM -0700, Ted Creedon wrote: Its clear to me that the skill set needed to improve AFS is moving on. My only concern is dealing with vulture capitalists, buyouts and more financial quicksand. The reluctance of the major users to fund a mission critical file system like AFS is yet another example of corporate spread sheet management stupidity. I'd turn the file servers off for a day so so to simulate what the world would be like w/o AFS. Perhaps on a triple witching day.. Ted If you can self fund YFS and I hope you make out as well as Linus. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
On Thu, Sep 27, 2012 at 08:12:25AM -0400, Derrick Brashear wrote: On Thu, Sep 27, 2012 at 12:10 AM, Troy Benjegerdes ho...@hozed.org wrote: Have the USENIX association lawyers been made aware they are accepting funds in a manner which may expose them to trademark litigation from IBM? Either this trademark IS an issue, and blocks creation of a foundation, and ANYONE that accepts funds for doing work on 'OpenAFS' is potentially liable, or it's not. You asserting that doesn't make it true. Then what the hell *is* the deal with the AFS trademarks? Can I market a product as 'Compatible with OpenAFS'? If I submit code to Gerrit for an IPv6 implementation that afs3-std has not signed off on, is someone going to claim I'm violating IBM's trademarks and/or the copyrights on the .xg files? I would like to hear an opinion of the Usenix association lawyers, IBM's laywers, or Red Hat's lawers, as a public statement on this mailing list, rather than all the uninformed speculation all of us are doing about it. Is there a statement to what ends a donation to the Usenix openafs fund would be used for? Any purpose the Elders believe will further the ends of OpenAFS. Given the low amount of money involved it has been things like - procuring a 64 bit intel machine for a Linux port when such things were rare - subsidizing (or guaranteeing against) cost overruns for AFS workshops I think the Elders have done a wonderful job ensuring the AFS workshops continue. Unfortunately, this appears to be all they are capable or willing to do, since there has been talk of a foundation for years, and the conclusion, as far as I can tell, was 'its too hard, with all the trademark/IBM license nonsense'. What is the official documented process for me to apply to be an AFS Elder and try to get some of this crap done? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
Jeffrey, I do appreciate all the effort you and the Elders have put into OpenAFS over the past 10 years at least. That effort, and the release as open source is why I switched to AFS to store my tax records, email, source code, and made an attempt to store pretty much everything I've done electronically that I wish to have for long-term archival. While I appreciate your frustration and motivation, I do not appreciate your attitude. Nor do I understand what it is that you believe that you could do that others have not done in the past or are not continuing to do to this day? What I'm attempting to do, with unknown levels of success, is call out what I see to be some rather self-defeating habits this community has gotten into. One of those particularly bad habits seems to be having Your-File-System having a financial interest in the direction of OpenAFS, AND also acting as the legal and financial backstop. It leaves you frustrated because you've dumping money into it, and regardless of your actuall motives, it creats the potential for the appearance of a conflict of interest. I think you, and the rest of us would all be happier if you walked away from legal and financial backing, and either let the community take care of it, or let it die. In addition, the OpenAFS Elders and Gatekeepers have respect for the wishes of IBM when it comes to OpenAFS because without IBM OpenAFS would not be available for continued use. When IBM's representatives say to us that they want to ensure that future releases are backward compatible with IBM AFS 3.x, we take that very seriously. The Elders and Gatekeepers respect that IBM owns the trademarks and that IBM gets to determine the meaning of AFS compatible even if they haven't put it in writing. As a Gatekeeper and former Elder I ask that you respect the judgement of the Elders. Jeffrey Altman Thank you. I'd like to be able to respect IBM's wishes, but all I really have to go from is what I find in the LICENSE file. I think the Elders have done a fine job so far, but IBM is under no obligation to the Elders or any of us on whether or not they change their wishes on the use of the trademark. It seems like the only way for me to respect IBM's wishes is to use their code under the IPL, and change the name. I respect the judgement and leadership of the elders, but I also have no obligation (or interest) in following the leadership of an unincorporated loose association which, as near as I can tell, has not produced any code to solve the problem I need solved (IPv6 and working rxgk). I like OpenAFS because it's an open-source project, and gives me the freedom to ask for vendors to support what I need (which I've done, and asked for budgetary quotes and implementation timelines), or, if that doesnt suit my needs, for me to go do it myself. Someone else might very well get it done before I do, but I have that option, and part of the strength of this community is that we're examining some rather painful questions. I was going to say if you don't like my attitude, then killfile my email address, but then I usually get damn good responses from you if it's some sort of obscure technical detail. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation (fwd)
Backward compatibility is a requirement for the entire community. The only criteria that is specific to IBM is that we cannot turn off older RPCs for which there already are replacements and we cannot completely get rid of rxkad or kaserver from the code base. There are also some implications for the rx transport. I'll have to respectfully disagree with that. When I get around to it, I'm going to rip out rxkad, kaserver, and pretty much any other encryption than AES out of the TFS fork. I only care about backwards compatability with unauthenticated AFS clients from other cells right now, until I get a couple of features that I really believe I need. At some point, I'll probably want compatability again, but right now my AFS cell is pretty much on life support in the hopes the community can be revived. Any existing cell administrator is going to want backward compatibility. When a file server is upgraded you do not want to have to upgrade clients that you do not control and you do not want clients newer than your file server to experience data access problems. Cell administrators still want the ability to run with mixed versions of file servers without a flag day. The primary impediment to moving forward is a lack of community funded development resources. There are very few tasks left which can be accomplished in just a week or two and the on-going maintenance expenses are substantial. And we are in a circular dependency.. we can't move forward because of lack of funding, and the compelling features that would attract new users and new funding are blocked because of the cost of doing new features and being compatible with old clients. How do we break this, and get some new users and new funding? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
You of course don't have any obligation to care about how that comes across to others, but presumably you think that being part of a community is more useful than just striking out on your own or you wouldn't continue to participate here. So I assume that you don't *actually* hold most of the people currently working on the project in contempt and instead are having a failure of communication. But that's really how it's coming across right now, and no one feels particularly motivated by contempt. What we have here, is a failure to communicate. Part of my criteria for a filesystem that I can pull data out of in 30 years is a viable community, and the fact that I'm bothering responding to any of this is evidence (at least in my mind) that anything that's coming across as contempt is not at all what I had intended. I've gone and struck out on my own and tried the latest random filesystem of the day. I'm good at breaking stuff and exposing jagged edges and broken design inside black boxes. Everything else I've tried has melted down as soon as I really tried to use it. AFS still melts down and hangs KDE for multiple seconds to minutes at a time occasionally when I use it as my home directory. But because (as Derrick said) this community tries to go for high quality, I've got all my volumes. The problem is the infrastructure is crumbling and needs a major overhaul. IPv4 addresses have effectively run out, which is no big deal to all the large AFS installations because they generally have large /16's or /8's allocations because they were there when the internet started. What used to be start-of-the art for encryption and data protection is now laughable. I could probably build a man-in-the middle real-time AFS encryption cracker for under a $50,000 USD because we're still stuck with 3des for some reason. Every time I have raised these sort of issues for the past couple years I've heard Oh we're working on that or Oh it's expensive I got tired of waiting, and I came to the conclusion the community social, legal, and organizational structure needs some of whatever it is that makes me good at breaking stuff, and it's either expose you all to it, with the risk that it might be misinterpreted as contempt, or just walk away. So yes, I'm purposefully being somewhat abrasive, inflamatory, obnoxious, provacative, and not particularly tactful. So here's a general question for the list: Would you rather see OpenAFS end with a bang because the community imploded, or with a whimper when all the AFS admins that have been carrying the torch retire and the new CIO moves everyone to iCloud or google drive? I'd rather see a bit of a flamewar that shakes out the unexamined assumptions and brings some new ideas and energy on how to move forward. So far we've got YFS (or whatever company acquires the IP) and TFS (if I care enough to hold a torch for it). Is OpenAFS going to join us, or wait for retirement? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
Yes, this is going nowhere. At least it still matters to some people. On Thu, Sep 27, 2012 at 10:45:25AM -0500, David Boyes wrote: Gents, may I suggest a time-out on this topic? This discussion is deteriorating into a personal argument. While both sides have good points to make, the tone -- from either side -- isn't converging on a solution. How about taking a breather until Monday and trying again? -- db ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
I've seen the phrase XYZ is 'committed' to ABC several times on this mail list. It's a very political flowery phrase, and makes everyone feel good. Until 2 years elapse and there is no real result from the 'committment'. Has someone formed a legal organization, and filed 501.c3 paperwork, or not? What are the charitable goals? If they have, where do I send a check for my $50 tax-deductible charitable contribution. On Tue, Sep 04, 2012 at 01:22:21PM -0400, Dave Botsch wrote: In part, depends on what you mean by multi-year commitment. And as you mentioned, there is no Foundation to commit anything to. To justify any type of commitment to management, there has to be a clear concrete something, be it the Foundation or YFS to commit to with some sort of clear return (support, code improvements, now buying commercial OpenAFS, whatever)... government funding agency auditors don't like donations or donations in disguise. The commitment, whatever that is, has to be presented as furthering the mission of the entity making that commitment. And OpenAFS, as a filesystem, certainly fits that bill, but again, see the above paragraph. On Sat, Sep 01, 2012 at 12:17:40PM -0400, Jeffrey Altman wrote: The concept of a Foundation was pursued for years and just before the economic collapse the Elders were committed to forming it. Your File System Inc. was committed at that time to putting up a pool for use in matching contributions from end user organizations. After the economic collapse it was deemed to risky to attempt to start a Foundation. All of the organizations that had privately committed to put funds into the pot backed out when large holes appeared in their budgets. If you believe that your organization is now capable of making a multi-year commitment to OpenAFS, please contact openafs-eld...@openafs.org. Jeffrey Altman -- David William Botsch Programmer/Analyst CNF Computing bot...@cnf.cornell.edu ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Proposal: OpenAFS foundation to develop AFS server appliance
On Tue, Sep 04, 2012 at 01:07:11PM -0400, chas williams - CONTRACTOR wrote: On Sun, 02 Sep 2012 00:00:52 -0400 Jeffrey Altman jalt...@secure-endpoints.com wrote: On 9/1/2012 3:03 PM, Chas Williams (CONTRACTOR) wrote: In message 50424587.6010...@your-file-system.com,Jeffrey Altman writes: The Elders have engaged in discussions with the major operating system vendors over the years as well. Those discussions inevitably broke down because AFS3 did not satisfy the needs of a First Class file system. (No Ext. Attributes, no alt data streams, no byte range locking, no mandatory locking, directory limitations, etc.) Again, I believe this was just a polite way to say go away. While these limitations do exist, they generally don't impact users on a day-to-day basis or there are known workarounds. Some limitations are present with any enterprise file system though. You are making assumptions that are completely unfounded. I am not at liberty to discuss the contents of contract negotiations but discussions with at least two OS vendors reached that stage. Jeffrey Altman Granted, I wasn't in these meetings and with your NDA you can't tell me exactly what happened. But, I have been enough of these meetings to get a general idea of what happens/happened. Regardless, at least two of the larger storage vendors are switching to virtualization to address the the issue of I want to run XYZ on my storage appliance. The intent of this feature was to allow customers to run other enterprise filesystems (aka Lustre) and applications (like your preferred mapreduce solution) directly on the storage itself. There are some space and power savings to be had in this configuration but perhaps not cost (based on a total cost it generally isnt too different). So instead of asking a storage vendor to port the AFS server to their internal operating systems, perhaps OpenAFS or YFSI could offer supported AFS server applications for these vendors. A customer buys the storage appliance and YFSI (or whoever) can offer the integration. Actually YFSI (or whoever) might actually need to act an the integrator since some of these vendors typically go through some reseller. I would be quite interested negotiating with storage vendors to offer a TFS (OpenAFS-derived) server appliance, although I think this would work better in partnership with a full 501c3 foundation. The foundation could accept donations of server appliance equipment from the storage and OS vendors to put together a development and testing lab. It would also be quite helpful if IBM would agree to sign over the OpenAFS trademark rights to a legitimate charitable foundation. The FUD about trademarks is not helpful. It would be nice if we had some actual legal framework and a test lab process to verify vendor claims of 'OpenAFS compatible'. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
Have the USENIX association lawyers been made aware they are accepting funds in a manner which may expose them to trademark litigation from IBM? Either this trademark IS an issue, and blocks creation of a foundation, and ANYONE that accepts funds for doing work on 'OpenAFS' is potentially liable, or it's not. Is there a statement to what ends a donation to the Usenix openafs fund would be used for? On Wed, Sep 26, 2012 at 01:00:51PM -0400, Jeffrey Altman wrote: On 9/26/2012 12:12 PM, Troy Benjegerdes wrote: Has someone formed a legal organization, and filed 501.c3 paperwork, or not? What are the charitable goals? If they have, where do I send a check for my $50 tax-deductible charitable contribution. On the www.openafs.org site there is a Donate link which takes you to: http://static.usenix.org/about/openafs/ which describes how a 501c3 tax deductible donation can be made to the Usenix OpenAFS Fund. The page reads: [begin quote] USENIX is accepting donations on behalf of The OpenAFS Project through the OpenAFS Fund. Donations can be made by sending a check, drawn on a U.S. bank, made out to the USENIX Association, to: OpenAFS Fund USENIX Association 2560 Ninth St., Suite 215 Berkeley, CA 94710 Your contribution may be tax-deductible as allowed by law under IRS Code Section 501(c)(3). Check with your tax advisor to determine whether your contribution is fully or partially tax-deductible. [end quote] OpenAFS itself does not exist as a legal corporate entity. The OpenAFS Elders represent the community as an unincorporated association. There are significant legal and financial hurdles that must be addressed before an OpenAFS Foundation can be formed. Most open source projects do not have their own legal entity but work under an umbrella organization. OpenAFS is complicated because the IBM Public License 1.0 is unique and is in conflict with the requirements of many of the umbrella orgs. In addition, OpenAFS ships kernel drivers which increasingly require digital signatures and umbrella orgs are loath to be responsible for signing. In addition, the licensing of the source code itself is not as clean as one would like. Not to mention the trademark and protocol compatibility issues that IBM has never fully resolved. Finally, running an organization requires money. You need to pay for at least a part time executive director, accountants, lawyers and possibly insurance. Then there really should be funding for the gatekeepers, the system administration and web site management. All things which up to this point have been donated in kind but which have substantial costs. A bare bones Foundation that does not but maintain the status quo will cost a minimum of six figures and that does not begin to address the development of new features or functionality. Finally, any organization requires a business plan. When I wrote the plan for the MIT Kerberos Consortium the plan outlined seven years of budgets and goals along with fund raising targets, how contributors would benefit, and what the minimum financial commitments were for formation, etc. In 2008, the OpenAFS Elders and the community were working on a plan. The announcement of the plan was made on 6 May 2008. http://lists.openafs.org/pipermail/openafs-announce/2008/000242.html A follow up providing details was made on 24 Sept 2008: http://lists.openafs.org/pipermail/openafs-announce/2008/000259.html The details are available at http://www.openafs.org/foundation. After a year of work it was concluded that for a variety of reasons the plan to incorporate could not move forward. The reasoning was detailed in an e-mail sent on 18 Aug 2009: http://lists.openafs.org/pipermail/openafs-announce/2009/000303.html All of this information is publicly available. The OpenAFS Elders have continued to work with IBM on the trademark and other legal issues without coming to a resolution sufficient to meet our needs. Umbrella organizations such as the Software Freedom Conservancy have continued to discuss options with us but the legal issues are a significant challenge. The OpenAFS Elders continue to evaluate options for moving forward. In the meantime, if you would like to donate money, you can do so via the Usenix Fund. If you would like to donate code, you can do so via gerrit.openafs.org. Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] 1.6.1a migration from 1.4: corrupted and offline volumes
What OS is the server? Do you have a way to archive the /vicepfb volume, the old 1.4 binaries, and the entire build tree of your new 1.6 version? Do you happen to have the sources the 1.4 binaries were built from? On Wed, Sep 19, 2012 at 03:37:39PM +0200, Jakub Moscicki wrote: Hello, I just tried to deploy 1.6.1a on linux, migrating from 1.4 server. I compiled from tar.gz sources and copied executables to /usr/afs/bin This operation has put all my volumes offline with the following FileLog entries: Wed Sep 19 13:54:48 2012 GetBitmap: addled vnode index in volume q.afs.st.afs211.fb.1; volume needs salvage Wed Sep 19 13:54:48 2012 VAttachVolume: error getting bitmap for volume (/vicepfb/V1934450230.vol) Wed Sep 19 13:54:48 2012 ReadHeader: Failed to open volume info header file (volume=1934450242, inode=8308400533853437951); errno=2 Wed Sep 19 13:54:48 2012 VAttachVolume: Error reading diskDataHandle header for vol 1934450244; error=101 Wed Sep 19 13:54:48 2012 VAttachVolume: Error attaching volume /vicepfb/V1934450244.vol; volume needs salvage; error=101 I then tried to salvage one of the volumes with the following salvager errors: 09/19/2012 13:34:10 SYNC_ask: negative response on circuit 'FSSYNC' 09/19/2012 13:34:10 FSYNC_askfs: FSSYNC request denied for reason=101 09/19/2012 13:34:10 AskOnline: file server denied online request to volume 1934450244 partition /vicepfb; trying again... Finally another salvage attempt on the same volume corrupted it and left it at 0KB: (#) OpenAFS 1.6.1a built 2012-09-19 09/19/2012 13:56:14 STARTING AFS SALVAGER 2.4 (/usr/afs/bin/salvager /vicepfb 1934450242 -showlog -orphans remove) 09/19/2012 13:56:14 1 nVolumesInInodeFile 32 09/19/2012 13:56:14 SALVAGING VOLUME 1934450242. 09/19/2012 13:56:14 q.afs.st.afs211.fb.3 (1934450242) updated 08/21/2012 14:07 09/19/2012 13:56:14 totalInodes 4 09/19/2012 13:56:14 Salvaged q.afs.st.afs211.fb.3 (1934450242): 0 files, 0 blocks 09/19/2012 13:56:14 The volume header file /vicepfb/V1934450244.vol is not associated with any actual data (deleted) Is there some special procedure to be applied for the migration? Many thanks, -- Best regards, Jakub Moscicki ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: 1.6.1a migration from 1.4: corrupted and offline volumes
Is that in the main openafs git tree RxOSD branch, or some other patch? On Wed, Sep 19, 2012 at 11:48:11AM -0400, Derrick Brashear wrote: Ah. Yup. Something like this: UserId author; /* Userid of the last user storing the file */ UserId owner; /* Userid of the user who created the file */ VnodeId parent;/* Parent directory vnode */ -bit32 vnodeMagic; /* Magic number--mainly for file server +bit16 vnodeMagic; /* Magic number--mainly for file server * paranoia checks */ -# define SMALLVNODEMAGIC 0xda8c041F +# define SMALLVNODEMAGIC 0xda8c # define LARGEVNODEMAGIC 0xad8765fe /* Vnode magic can be removed, someday, if we run need the room. Simply * have to be sure that the thing we replace can be VNODEMAGIC, rather * than 0 (in an old file system). Or go through and zero the fields, * when we notice a version change (the index version number) */ + unsigned intisMigrated:1; + unsigned intrsvd7:1; + unsigned intserverUseDay:14; ViceLock lock; /* Advisory lock */ Date serverModifyTime; /* Used only by the server; for incremental * backup purposes */ So what's required is either to patch your 1.6 to be special, or migrate the volumes using vos move instead of relying on the data format on disk being the same (which it isn't) On Wed, Sep 19, 2012 at 11:16 AM, Andrew Deason adea...@sinenomine.net wrote: On Wed, 19 Sep 2012 15:37:39 +0200 Jakub Moscicki jakub.mosci...@cern.ch wrote: I just tried to deploy 1.6.1a on linux, migrating from 1.4 server. I compiled from tar.gz sources and copied executables to /usr/afs/bin This operation has put all my volumes offline with the following FileLog entries: Wed Sep 19 13:54:48 2012 GetBitmap: addled vnode index in volume q.afs.st.afs211.fb.1; volume needs salvage Doesn't CERN use some modified backend code that changes the vnode magic for files? I thought I heard this was done for rxosd (or it's predecessor) or something. A modified on-disk format is not going to work with vanilla OpenAFS, and as far as I know that's exactly the error you would get doing it. If I'm way off, then nevermind, but... that's not a normal error to get. Unfortunately we don't print out what the 'bad' magic was, but if you copy the files in one of the 'special' directories in /vicepfb (just find one of the directories named 'special') and make them available, one of us could see what it is. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
If a pre-stable - master merge to trunk happens reliably every 3 months, it might be an obnoxious merge, but it can't be any worse than merging rxk5 (for gory details, see https://bitbucket.org/dahozer/tfs/changeset/10a38e703483fd99b3a41e99cba74f203524f731 ) The artificial version approach you mention also seems like it work well if we want to keep a more centralized repository approach, and treat Git like CVS. But the great thing about Git (and to some extent Gerrit) is the fully decentralized nature. While we're in the week leading up to a stable branch point, everyone can just keep working in their own local repositories (or even push to Gerrit) The only thing that stops is approving development changesets to master on Gerrit for a week while someone does the pre-branch-and-mergeback. Heck, if I can figure out how to get paid for 4 weeks a year to be the release-and-merge nazi, it won't require anyone else to do any extra work... And then you can ask me again after I've done it twice if I still think it's a good idea. On Mon, Sep 17, 2012 at 03:55:02PM -0700, Russ Allbery wrote: Simon Wilkinson s...@your-file-system.com writes: We're not consistent about whether we release from trunk, or release from a branch. This means that on some occasions the trunk has the tag, and on others the branch. In a traditional git world, we would have branched for 1.6.1, committed the changes necessary for 1.6.1 on that branch, and then merged that branch back into the trunk. This final merge step has the effect of making the 1.6.1 tag visible from both branch and trunk, and so would cause both to git describe as expected. I'm very dubious about that merge back to trunk. I'm not sure that development model really makes sense. For better or worse, the trunk code and the stable branch code tends to diverge quickly and comprehensively, and we tend to apply separate fixes to trunk and to stable that are not equivalent. Unless we make a reliable, regular habit of commiting -s ours merges in those cases, that merge from stable back to trunk can be a nightmare. I also don't think it's necessary, in that I don't think that the 1.6.1 tag needs to be exposed on the master branch. What I do think is a serious problem is that it's not exposed on the stable branch, and there I don't really agree with the decision to create a separate branch off of stable to do 1.6 release stuff. I sort of see how we got there, but I don't think it's wise. (Of course, I'm not a gatekeeper now, so I can go on about how I would fix things without having to do any of the work) I think it makes sense to have stable branches, but approaching a stable point release I think the only things that should go into that branch are things that are going into that release, and I would not make any more branches. When the release goes out, it's with that stuff. If one absolutely has to create a sub-branch for some reason (such as a purely platform-specific release), then *that* sub-branch I would merge back into the stable branch to make the tag visible there. On master, I would do something different: tag master with some sort of artifical version at the point that the stable branch splits off. So, for example, when we split off a stable branch for 1.6, we could have tagged master at that point with something else. There are a couple of possible strategies for what something else is: * devel/1.7.0 or something similar. This would mean that all packages built from master would be 1.7.0+something versions (or 1.7.1 if one ever incremented it, but I suspect that we just wouldn't). This would mean that the Windows-only release would have been 1.8, and when we split it off we would tag master as devel/1.9.0, and so forth. Basically, reserve the odd numbers for the master branch and as soon as one branches for release, increment (via tag) the versions on master to the next odd number. * devel/1.6.99. This avoids the problem of reserving odd version numbers for packages off of master, while creating a weird artificial version number that might be somewhat confusing. But the same semantics would apply; we would have tagged it devel/1.7.99 when we split off the 1.7 branch and so forth. -- Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
On Mon, Sep 17, 2012 at 08:06:39PM +0100, Simon Wilkinson wrote: On 17 Sep 2012, at 19:54, Troy Benjegerdes wrote: If 'rebuild with debug' symbols is the answer to find the segfault, then why don't we change './regen ./configure make check' to turn on debug symbols by default (at least in master.. we can turn it back off in a release) If you are developing, then you should be running configure with at least --enable-checking and --enable-debug What documentation on libtool/autoconf/etc/whatever should I be looking at to make '--enable-checking' and '--enable-debug' be the default when I do './regen ./configure make check' so I can submit a patch for master. When we branch for release this should get turned off, but *only* after someone has complete QA and benchmark testing showing exactly what the performance impact of the debugging is. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
On Tue, Sep 18, 2012 at 10:39:45AM -0400, Derrick Brashear wrote: On Tue, Sep 18, 2012 at 10:31 AM, Troy Benjegerdes ho...@hozed.org wrote: On Mon, Sep 17, 2012 at 08:06:39PM +0100, Simon Wilkinson wrote: On 17 Sep 2012, at 19:54, Troy Benjegerdes wrote: If 'rebuild with debug' symbols is the answer to find the segfault, then why don't we change './regen ./configure make check' to turn on debug symbols by default (at least in master.. we can turn it back off in a release) If you are developing, then you should be running configure with at least --enable-checking and --enable-debug What documentation on libtool/autoconf/etc/whatever should I be looking at to make '--enable-checking' and '--enable-debug' be the default when I do './regen ./configure make check' so I can submit a patch for master. Frankly, I'd patch either the human or the script which runs './regen ./configure make check' as it's gonna be less work. None of those steps knows about another, nor should they. If you want to enable debugging, just do it. If you want to provide a script which does debug builds, do it. Anything else is pointless complexity. Debug symbols are pointless complexity ;) If they are something you are going to ask a bug reporter for, then my argument is ./configure (no arguments) should 'do the right thing' so you can get all the information you need in a bug report with no extra retests required. If there's a perceived performance impact to having debug on in a release build, then I want to see a full QA test and benchmark results showing that it's actually slowing things down. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
[snip] None of those steps knows about another, nor should they. If you want to enable debugging, just do it. If you want to provide a script which does debug builds, do it. Anything else is pointless complexity. Debug symbols are pointless complexity ;) If they are something you are going to ask a bug reporter for, then my argument is ./configure (no arguments) should 'do the right thing' so you can get all the information you need in a bug report with no extra retests required. If you know enough to use configure (not a frontend script, but configure) and end up with an AFS you install, I assume you have a small amount of clue and can deal. If you want to use a frontend script, fix that script. If there's a perceived performance impact to having debug on in a release build, then I want to see a full QA test and benchmark results showing that it's actually slowing things down. Well, as soon as you finish it, feel free to share the results. We're waiting with bated breath. Done. http://gerrit.openafs.org/#change,8137 My rate to prove that the perfomance impact of this change is negligible for most all use cases is $125/hour. If I am contracted to perform a full QA test and benchmark run for this change, I will refund half of my fee to the first organization that can demonstrate that they are one of the edge cases that does actually see a performance degredation from default debug. I think I just saved the OpenAFS project at least $25,000 if we skip the testing and accept the change. If you want some justification about why I'm qualified for such a rate, have a look at http://www.scl.ameslab.gov/Publications/Brett/storage_challenge_sc06_presentation.pdf You also might be amused to know that work was done with PVFS servers running using OpenAFS as the root filesystem. In the meantime, I have a combine I have to get ready to go pick soybeans. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
On Tue, Sep 18, 2012 at 01:12:33PM -0400, Derrick Brashear wrote: On Tue, Sep 18, 2012 at 12:54 PM, Troy Benjegerdes ho...@hozed.org wrote: [snip] If there's a perceived performance impact to having debug on in a release build, then I want to see a full QA test and benchmark results showing that it's actually slowing things down. Well, as soon as you finish it, feel free to share the results. We're waiting with bated breath. Done. http://gerrit.openafs.org/#change,8137 My rate to prove that the perfomance impact of this change is negligible for most all use cases is $125/hour. If I am contracted to perform a full QA test and benchmark run for this change, I will refund half of my fee to the first organization that can demonstrate that they are one of the edge cases that does actually see a performance degredation from default debug. You said you wanted to see it. When you make enough money harvesting those soybeans to pay yourself, let us know what you find. I have about half of them sold at a good price. But I need a working ipv6 and rxgk/rxk5 capable to be able to store my yield data and notes about reverse engineering the wiring diagram on the header control height. I'm going to hack on those things in my own fork. But if I see something broken in master, and propose a simple fix, I'm going to try and send it back upstream. Now, the problem is that **YOU** asked for me to rebuild with --enable-debug and I spent a couple of billable hours finding out it's a heisenbug that goes away when I enable debugging. That's not a big deal. What's a big deal is I'll spend about 10 or 15 more hours arguing on the mailing list or on gerrit for a very simple change to make sure the default builds ensure I can always send you a reasonable stack trace. So if there's a better alternative to http://gerrit.openafs.org/#change,8137 please show me the code. I'd be perfectly happy if you had some nightly (or weekly) builds that I can just run through my own test suite on a VM. It's busted. Now, please, pick one of the following: 1) accept my fix 2) come up with something better for free 3) pay me to come up with something better, and prove it's better 4) find a client to pay you to come up with something better (FYI, the fact that I'm still having this argument in the first place is a good sign that I've tried everything else, and OpenAFS is the one filesystem that I have any level of confidence I'll be able to get something back out of it in 30 years from now) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
I'm looking to get all the low-hanging fruit with unskilled testing. Particularly with regressions like this: hozer@six:~/src/openafs-fuse-git/tests/fuse$ /home/hozer/src/openafs-fuse-git/tests/fuse/../../src/afsd/afsd.fuse -dynroot -fakestat -d -confdir /home/hozer/src/openafs-fuse-git/tests/fuse/conf -cachedir /home/hozer/src/openafs-fuse-git/tests/fuse/vcache -mountdir /home/hozer/src/openafs-fuse-git/tests/fuse/mntdir FUSE library version: 2.8.6 nullpath_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56 INIT: 7.17 flags=0x047b max_readahead=0x0002 Starting AFS cache scan...found 0 non-empty cache files (0%). afsd: All AFS daemons started. Segmentation fault I am pretty sure this is related to the work Simon is doing on Libtool, and there's a 90% probability it's a 30-second 'aha', followed by a two line fix, and we're back to working again. The code is so complicated it will take me half a day to track down what that two line fix is, or work in my own isolated fork and not get updates as quickly. That unskilled smoke testing and/or automated runs gets a LOT of mileage. It also gives people who want to learn about the codebase something simple and meaningful they can do, instead of waiting around for someone else to come up with a test plan. On Mon, Sep 17, 2012 at 11:25:36AM -0500, David Boyes wrote: How about an effort to get nightly builds of master available on as many platforms as possible, and getting thousands of bored college students to download, install, and test them? I think that's still overly optimistic. There's a lot of moving parts here; you just can't just install a package and have it do something useful. You need to have a lot of surrounding infrastructure that involves real control of a fair amount of stuff that random college students won't have. 'make check' on a single machine will never give you useful testing results other than to find packaging or smoke test errors, which aren't all that helpful overall. Wouldn't that massive crowsourced testing effort be worth the time of a single developer to make sure *some* sort of package, even if it's half- assed, gets distributed? I can't think of much of anything else that has a bigger resource multiplation factor than a 'one click install', along with some defaults to use a 'test.openafs.org' cell. As others have commented, unskilled testing performed without a detailed test plan on software systems this complex is probably less helpful than might otherwise appear. GIGO applies here. A uncoordinated test process is unlikely to produce anything useful in that there have to be a sequence of coordinated tests, replacing one component at a time in a known order. I can't see how crowdsourcing would help here. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
FUSE library version: 2.8.6 nullpath_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56 INIT: 7.17 flags=0x047b max_readahead=0x0002 Starting AFS cache scan...found 0 non-empty cache files (0%). afsd: All AFS daemons started. Segmentation fault The fuse code currently in the tree was primarily a science experiment by one developer and is not something that's really ready for production use. That's not to say this isn't a regression, and of course it would be nice to fix, but I'm completely unsurprised that it has issues. So far as I know, no one is currently actively using the fuse code. I don't think maintaining and improving it would be at all a bad thing as it's certainly valuable to have, tho. afsd-fuse is an awfully convenient smoke test... https://bitbucket.org/dahozer/tfs/changeset/c29b1275d8472cf85bf17873220390c01d05f023 Something is different between 'tfs' bitbucket checkout on my laptop and the git checkout, and I'm not sure what. If 'rebuild with debug' symbols is the answer to find the segfault, then why don't we change './regen ./configure make check' to turn on debug symbols by default (at least in master.. we can turn it back off in a release) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
Nope, Debian x86-64 Any chance the buildbots can be easily modified to run make check/make tests? I'm really curious what debian ppc32/ppc64 will do. I have an arm build, but no fuse kernel module (debian on an sdcard on an android tablet). On Mon, Sep 17, 2012 at 11:39:55PM -0400, Derrick Brashear wrote: So. Were you perchance using it on a Mac? Probably a 64 bit Intel mac? http://gerrit.openafs.org/#change,8132 As nearly as I can tell, this is a very specific problem. The code is fine. The circumstances of building afsd.fuse meant it was collateral damage when we started using roken, but only on MacOS, and probably only for non-32 bit pointers, because MacOS does something odd with dirent.h On Mon, Sep 17, 2012 at 1:20 PM, Derrick Brashear sha...@gmail.com wrote: On Mon, Sep 17, 2012 at 1:15 PM, Troy Benjegerdes ho...@hozed.org wrote: I'm looking to get all the low-hanging fruit with unskilled testing. Particularly with regressions like this: hozer@six:~/src/openafs-fuse-git/tests/fuse$ /home/hozer/src/openafs-fuse-git/tests/fuse/../../src/afsd/afsd.fuse -dynroot -fakestat -d -confdir /home/hozer/src/openafs-fuse-git/tests/fuse/conf -cachedir /home/hozer/src/openafs-fuse-git/tests/fuse/vcache -mountdir /home/hozer/src/openafs-fuse-git/tests/fuse/mntdir FUSE library version: 2.8.6 nullpath_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56 INIT: 7.17 flags=0x047b max_readahead=0x0002 Starting AFS cache scan...found 0 non-empty cache files (0%). afsd: All AFS daemons started. Segmentation fault I am pretty sure this is related to the work Simon is doing on Libtool, and there's a 90% probability it's a 30-second 'aha', followed by a two line fix, and we're back to working again. I'd bet not. However The code is so complicated it will take me half a day to track down what that two line fix is, or work in my own isolated fork and not get updates as quickly. That unskilled smoke testing and/or automated runs gets a LOT of mileage. Not really. Build with debugging and get a real backtrace. That said, since fuse is not *required* functionality in a build, yes, it's undertested. This is why we've generally avoided code which doesn't always build. Or, at least tried to. It also gives people who want to learn about the codebase something simple and meaningful they can do, instead of waiting around for someone else to come up with a test plan. On Mon, Sep 17, 2012 at 11:25:36AM -0500, David Boyes wrote: How about an effort to get nightly builds of master available on as many platforms as possible, and getting thousands of bored college students to download, install, and test them? I think that's still overly optimistic. There's a lot of moving parts here; you just can't just install a package and have it do something useful. You need to have a lot of surrounding infrastructure that involves real control of a fair amount of stuff that random college students won't have. 'make check' on a single machine will never give you useful testing results other than to find packaging or smoke test errors, which aren't all that helpful overall. Wouldn't that massive crowsourced testing effort be worth the time of a single developer to make sure *some* sort of package, even if it's half- assed, gets distributed? I can't think of much of anything else that has a bigger resource multiplation factor than a 'one click install', along with some defaults to use a 'test.openafs.org' cell. As others have commented, unskilled testing performed without a detailed test plan on software systems this complex is probably less helpful than might otherwise appear. GIGO applies here. A uncoordinated test process is unlikely to produce anything useful in that there have to be a sequence of coordinated tests, replacing one component at a time in a known order. I can't see how crowdsourcing would help here. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Derrick -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: buildbot and packages
And I don't think OS X can handle more than a certain number of version segments, or something? OSX is special, but, we already have the problem and define something special there. What we'd need to do is define everything as an dev version of whatever, but then the problem is you can only count up to 255. See the CFBundleVersion documentation here: http://developer.apple.com/library/mac/#documentation/Darwin/Conceptual/KEXTConcept/Articles/infoplist_keys.html We already limitedly work around this but this will mean stretching what those segments mean even further, because you get e.g. 1.6.2d(0 through 255) and then you are out of dev versions. So the script we distribute to decode panics will always need to be run where the kernel module came from, and the end-user So are we ever going to have a situation where we have 255 nightly builds, and we do *not* release a minor update? (say 1.6.2 to 1.6.3?) I would argue for a version scheme something like: major.minor.subminor.daily-build-id where if we ever hit more than 128 daily builds, we go ahead and bump the subminor version and promote the code for the daily build with the least problems to make the next major.minor.subminor 'release' Don't we have bigger problems if we run out of dev versions than figuring out what an end-user is running? Or maybe this: 1.8.(months since 1.8.0)d(daily builds) Or pick quarters... every three months we pick a date from master with the best test results as a 'release', and we have a predictable release schedule. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
Here's my thought: Spend your 5 start-up hours either re-installing or upgrading your Debian system to squeeze (the current debian stable). Try doing 'apt-get install openafs-fileserver', and then, if it works, please edit https://bitbucket.org/dahozer/tfs/wiki/Home saying so, or if it does not, create an issue: https://bitbucket.org/dahozer/tfs/issues/new Also, spend a few minutes looking at time tracking tools (maybe one from http://lifehacker.com/5362829/five-best-time+tracking-applications or try http://rescuetime.com ), and let's see what you actually spend. If you can spend 2-4 hours a week installing a weekly build on both a debian linux server, and a client on a MacOS X laptop, and then occasionally try accessing your server and using disconnected operation, my personal opinion is that's a huge benefit. (Yes, I'm hand-waving over some things like needing multiple DB servers and kerberos right now.. we'll get to that next week, or I'll just create a principal for you on my HOZED.ORG realm) I'd also like to ask the openafs-info list if it would be appropriate to create a 'openafs-test' list so we can have a more focused discussion. Some more technical in the weeds stuff: Can you leave your debian box powered on, with a real ip, or is it behind a NAT? My server has a real IP that might change, so I have some VPN tunnels to a 'cloud' virtual private server with a static IP. I can probably explain how to set up OpenVPN, but I got irritated enough setting that up that I'd rather spend time setting up IPv6 tunnels and hacking on v6 support for AFS than dealing with certificate creation again. I think the biggest reason I'm leading a crusade for IPv6 support is that I have a use case a lot like Doug, and if I can get v6 support with fully krb5 authenticated/encrypted transports, then I can forget about ever having to utter the word 'vpn' or create another damn openssl cert ever again. If, for some reason, I *do* have to mess around with ssl, I'll have the directions and documentation and all my certs in my globally accessible (and protected) AFS directory, so I can find it. On Sat, Sep 15, 2012 at 11:21:33PM -0700, Doug Hirsch wrote: Troy, I'm unclear I've offered you anything you can actually use. Mostly, I'm offering you the reality check of a non-programmer, a Macbook with me on the road and a stale Debian box powered down back at home. You'll have to steer me through downloading, installing and using anything that's not on a stock Mac running Mac OS 10.6.8, or bringing the Linux box up to whatever environment you want once I get home. Most of my other machines run Windows, although I have a couple of G4 Mac mini's hanging around for fun. Your average college student will not have much more to offer you, so I'm offering a chance for you to define what you could actually accomplish harnessing thousands of us amicable zombies with limited time, experience and resources. If it will help, I'm willing to install some virtualization package on the Macbook, but will need guidance. I also need to keep a lid on my time commitment, so assume no more than 5 hours a week from me, with an extra 5 hours this week to start up. If you can make use of that, let me know and I'll wander over to bitbucket.org. What I want is someone to talk me through getting OpenAFS going in my personal environment. I'm unclear how much value you'll get out of me on just five hours a week and 1.5 machines. I've written proposals and defended engineers building test environments, among other things, but I haven't gotten my hands into code for many years, so I'm sure you'll be surprised by what cultural assumptions you discover I don't know. I see and appreciate your energy and optimism, while I think you're underestimating what you're asking. But if you can make something work with limited commitments from others, I'm happy to go along to see what we can contribute to the community together. Doug On Sat, Sep 15, 2012 at 10:34 PM, Troy Benjegerdes ho...@hozed.org wrote: I'll buy that for a few emails. Let's start by having you take a look at: https://bitbucket.org/dahozer/tfs There are tabs for issues wikis, so sign up for a bitbucket account and ask some questions there, so we don't spam the -devel list with lots of 'how do I xyz' questions For the openafs-devel list, please let the list know what resources/ platforms you have for testing, and I'd like to hear from the list what could I write some tests for that could utilize those resources. On Sat, Sep 15, 2012 at 09:44:07PM -0700, Doug Hirsch wrote: Troy, If you set this up, I'm willing to be your guinea pig. It'll cost you enough support and/or documentation to get me over initial learning curve. Doug On 9/15/12, Troy Benjegerdes ho...@hozed.org wrote: Sometimes I think we get hung up on 'good testing' vs having *something*. The last time I worked for someone
Re: [OpenAFS] buildbot and packages
On Fri, Sep 14, 2012 at 04:06:12PM -0500, David Boyes wrote: Just to say explicitly, while OpenAFS developers are certainly welcome to use whatever techniques make sense to them, I am completely uninterested in doing anything at all with any of those half-assed meta-build systems and will not assist in using them on Debian. I believe they're irredeemably broken as designed and are hopeless for generating packages that actually work properly and integrate properly with the rest of the system, and have better things to do with the time I have available to work on Debian packages for OpenAFS. Other people's mileage obviously may vary. Opinion noted. Still, *something* has to drive the process, and if that something can do more than one package format without having to write - and maintain - a lot of custom scripting, then there's at least something worth discussing there, given the recent project resource availability discussion here and elsewhere. I can't see how burning developer time creating a packaging tool is a smart use of resources when there are so many other things that need doing far worse. So automated testing costs a lot, and thus may not be practical. How about an effort to get nightly builds of master available on as many platforms as possible, and getting thousands of bored college students to download, install, and test them? Wouldn't that massive crowsourced testing effort be worth the time of a single developer to make sure *some* sort of package, even if it's half-assed, gets distributed? I can't think of much of anything else that has a bigger resource multiplation factor than a 'one click install', along with some defaults to use a 'test.openafs.org' cell. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
Sometimes I think we get hung up on 'good testing' vs having *something*. The last time I worked for someone else, it was writing test code for Cray's supercomputer systems. You don't get much more complex than a machine with 30,000 cores in which 'acceptable' performance is defined as 'pushing the system to the point right before it collapses into an unusable heap', and it's got to run a workload of hundreds of thousands of the world's most complex and numerically sensitive computational codes. And I'd hazard a guess that 3/4 of the system problems were with the filesystem (Lustre most often). I've also heard a pretty good argument that the reason Cray went bankrupt a couple of times is they over-tested. If you did get a machine back in the YMP days, it was very well tested, but the price showed it, and clusters ate their market. Maybe we don't have money.. But how many users of AFS are there. I'm not talking companies, I'm talking people.. specifically, bored college students. How many people have used AFS at a major university, and might help us out doing manual testing if we give them a framework? To paraphrase the .. well.. chief cat herder .. of the most widely deployed operating system ever (Linux), With enough QA testers, all bugs are shallow On Fri, Sep 14, 2012 at 04:42:37PM -0500, David Boyes wrote: In this case I think you are low-balling the estimate. To do it right it isn't sufficient to test one build against itself. You need to test new clients against a range of old servers and vice versa in a constrained environment. It is necessary to be able to identify when a change has an adverse performance impact as well as accuracy. There is a need to be able to introduce intentional errors at various points in the protocol. Just the hardware costs are mid 5 digits and the software development is significantly more than that. I agree -- if you were starting from scratch, you're probably right. But, a) I wasn't starting from scratch, so the additional equipment for adding the AFS framework stuff was about what I quoted, and b) I was discussing our tooling and test setup, not the general case. We reused existing tooling in a number of places, and layered the AFS component onto that. We do this kind of thing for other software, so we had a decent baseline to start from. Solid QA infrastructure -- especially for complex systems -- isn't simple or cheap; there we agree wholeheartedly. :?? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
I'll buy that for a few emails. Let's start by having you take a look at: https://bitbucket.org/dahozer/tfs There are tabs for issues wikis, so sign up for a bitbucket account and ask some questions there, so we don't spam the -devel list with lots of 'how do I xyz' questions For the openafs-devel list, please let the list know what resources/ platforms you have for testing, and I'd like to hear from the list what could I write some tests for that could utilize those resources. On Sat, Sep 15, 2012 at 09:44:07PM -0700, Doug Hirsch wrote: Troy, If you set this up, I'm willing to be your guinea pig. It'll cost you enough support and/or documentation to get me over initial learning curve. Doug On 9/15/12, Troy Benjegerdes ho...@hozed.org wrote: Sometimes I think we get hung up on 'good testing' vs having *something*. The last time I worked for someone else, it was writing test code for Cray's supercomputer systems. You don't get much more complex than a machine with 30,000 cores in which 'acceptable' performance is defined as 'pushing the system to the point right before it collapses into an unusable heap', and it's got to run a workload of hundreds of thousands of the world's most complex and numerically sensitive computational codes. And I'd hazard a guess that 3/4 of the system problems were with the filesystem (Lustre most often). I've also heard a pretty good argument that the reason Cray went bankrupt a couple of times is they over-tested. If you did get a machine back in the YMP days, it was very well tested, but the price showed it, and clusters ate their market. Maybe we don't have money.. But how many users of AFS are there. I'm not talking companies, I'm talking people.. specifically, bored college students. How many people have used AFS at a major university, and might help us out doing manual testing if we give them a framework? To paraphrase the .. well.. chief cat herder .. of the most widely deployed operating system ever (Linux), With enough QA testers, all bugs are shallow On Fri, Sep 14, 2012 at 04:42:37PM -0500, David Boyes wrote: In this case I think you are low-balling the estimate. To do it right it isn't sufficient to test one build against itself. You need to test new clients against a range of old servers and vice versa in a constrained environment. It is necessary to be able to identify when a change has an adverse performance impact as well as accuracy. There is a need to be able to introduce intentional errors at various points in the protocol. Just the hardware costs are mid 5 digits and the software development is significantly more than that. I agree -- if you were starting from scratch, you're probably right. But, a) I wasn't starting from scratch, so the additional equipment for adding the AFS framework stuff was about what I quoted, and b) I was discussing our tooling and test setup, not the general case. We reused existing tooling in a number of places, and layered the AFS component onto that. We do this kind of thing for other software, so we had a decent baseline to start from. Solid QA infrastructure -- especially for complex systems -- isn't simple or cheap; there we agree wholeheartedly. :?? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
Don't think of this as a nightmare, think of this as an opportunity for support contract upsales. nightly installable builds and enthusiastic users that install the latest one every day will make for a much more reliable product, and catch problems before they show up and cause trouble for bigger customers. On Fri, Sep 14, 2012 at 02:54:20PM +0200, Harald Barth wrote: My big concern is that nightly installable builds will be a support nightmare. There are a large number of users that will always take the latest no matter what. I know. Been in support. However, when X does not work it helps a lot if some $USER - even if he can't spell g i t or . / c o n f i g u r e ; m a k e can tell us that 2012-01-17 it worked and 2012-01-18 it did not any more. The binaries that come form this type of build should however clearly tell so in the rxdebug output. to move to a biweekly release cycle. Nice if we would be there. Nice if it would be per month (which I find more realistic). Still above holds. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
However, this requires having a much greater availability of release management and testing resources. And perhaps an argument for automated tests that could prove out a release? If you mean manual testing resources, given the scope of platform support and myriad branches for OpenAFS I doubt 'enough' will ever be enough :) If we could bend those resources to creating and maintaining functional tests then that might be a better use of time. Definitely a challenge though. All this talk about 'reliable code for our users' is total BS until 'make check' actually does some realisitic functionality tests. If you can't write an automated test for a feature, they I would request we consider disabling that feature. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] buildbot and packages
verbiage snipped Here's some code. http://gerrit.openafs.org/#change,6844 As Tom Keiser wrote to you a few days ago. Start contributing code that is useable to OpenAFS today. If you want to write tests, people will jump up and down with joy. However, please do not stomp your feet and scream that no one is doing anything when Your File System, Inc. has contributed more than 900 patchsets and Sine Nomine Associates more than 230 patchsets in just the last year. Neither of these organizations have any obligation to contribute anything and yet both want to see OpenAFS survive. Quick question: How many of these 1130 patchsets result in 'make check' completing successfully? How about instead of long rants on the mailing list, we all spend 15 minutes thinking about a simple test that could go in 'make check'? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Proposal: OpenAFS foundation to develop AFS server appliance
I believe the proactive case here would be to create an OpenAFS foundation with the charter to work with storage hardware vendors to offer and market storage hardware with the AFS server software pre-installed, in the same way that NFS and CIFS servers are already embedded in the storage product hardware offering. Places like Your-File-System could then offer value-added upgrades to the base embedded OpenAFS on the storage appliance. I think we all get so tied up in the technical aspects sometimes we forget that it is *sales and marketing* that keeps people buying crap like NFS and CIFS. On Fri, Aug 31, 2012 at 02:56:18PM -0700, Russ Allbery wrote: chas williams - CONTRACTOR c...@cmf.nrl.navy.mil writes: And this is one of the shortcomings and strong points of AFS. AFS provides (for the most part, with some exceptions related to caching) end to end protection (the end here being the actual user) of the user's data. I suspect the reason for NFS and CIFS is that the admins for those machines don't need to install any new software. They don't need to install some third-party client or setup some complicated authentication mechanism. It just works out of the box (and I guess the security is good enough). Another primary reason for NFS and CIFS is because the storage that you purchase, at least if you're a larger institution, already speaks NFS and CIFS. I don't know how many times I've had a conversation that goes something like so, if we used NFS or CIFS, we could just plug this in and it would work, but if we use this AFS thing that you want, we have to buy an additional server and put it in front of the storage to re-export all of the storage and introduce an additional point of failure and additional complexity? why would we want to do that? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Proposal: OpenAFS foundation to develop AFS server appliance
In my opinion, it is not necessarily too late for an OpenAFS Foundation. It is too late for an OpenAFS Foundation to market the existing implementation. Jeffrey Altman I completely agree that marketing the existing implementation is a waste of time. What does seem to be worth marketing are two things, to two (superficially) very different audiences: 1) the YFSI implementation, to 'enterprise' users, with the laundry list of required enterprise features 2) A Debian-free-software guidelines compliant implementation, which could, in theory be derived from the existing implementation, or from a release of a subset of the YFSI implementation in, say 5 years. As far as I am aware, AFS has the longest history of operation of any 'enterprise' class filesystem, and if we can actually pull together a foundation with sufficient funding to show a roadmap for 5 to 10 years with both enterprise and free software components, we have an extremely compelling story for long-term file storage which no other filesystem or product can come close to matching. I will also argue that any enterprise user that is interested in recovering data being stored now in 15 to 20 years will see the value of (2) above. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: [AFS3-std] Re: IBM will not re-license OpenAFS .xg files
On Sat, Sep 01, 2012 at 02:44:00PM -0400, Chas Williams (CONTRACTOR) wrote: In message 5041328c.2090...@your-file-system.com,Jeffrey Altman writes: On 8/31/2012 5:44 PM, chas williams - CONTRACTOR wrote: Since I can't kinit on my cell phone, how do I prove my identity? Assuming your cell phone runs iOS: http://itunes.apple.com/app/iyfs/id491921617?mt=3D3D8 i would call that progress! apparently, i am so 8.5 hours ago. when do we get android support? This just might get me to break down and buy an iDevice if Android is going to be awhile. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] rxgk and ipv6 (again)
What's the status on a deployable version of: 1) rxgk (so I can fix my currently broken cell by upgrading AFS instead of downgrading my kerberos server to support des) 2) ipv6 (so I can stop having to play silly VPN dance games which just give me headaches and delays in filesystem access) Is there someone that can give me a support contract for this? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] OpenAFS ipv6 migration path
IPv4 address space is becoming a high-priced commodity (see http://tradeipv4.com/faq/ ), and new user adoption of OpenAFS may depend on a functional IPv6 implementation, or users will select other distributed filesystems. Because of the difficulties so clearly layed out below in a full implementation: On Fri, Aug 17, 2012 at 09:34:30PM -0400, Jeffrey Altman wrote: IPv6 support has been on the wish list for OpenAFS since before I made my first contribution to the project in 2003. On one hand it appears to be a trivial change to make. Just add a new address type to the transport and you should be done. The reality is something entirely different because AFS is not a point to point client server protocol such as telnet, ssh, http, etc. Instead, it is a complex distributed system which has IPv4 addresses embedded just about everywhere from the database schemas, to the configuration files, to the ubik voting algorithm, to RPC message formats, to the command line parsers, etc. Adding an IPv6 address to a host that has an IPv4 address makes it multi-homed and multi-homed systems are kind of supported for cache manager to file server interactions but for a large class of other service operations multi-homed support is practically non-existent. As a result, adding IPv6 is non-trivial and effectively requires a nearly complete re-write of the source tree. To use IPv6 will require new clients and new services. I propose the following ipv6-transition-draft outline 1) implement a header-file or library based approach to abstract all use of IPv4 addresses to an opaque 32 bit identifier. 2) This identifier will then be mapped to a real IP address by DNS SRV records, much like dbserver and vlserver lookups are done. 2b) If a _map._afs.cell record is not present, default configuration will map the opaque identifier to an IP address. 3) Those sites wishing to support IPv6 will publish records, those wishing to support IPv4 will publish A records. 4) IPv4 and IPv6 multihoming will explicitly NOT be supported, unless the underlying clients servers already support multihoming. 5) 'true' IPv6 IPv4 multihoming will be deferred until a large paying client demands such functionality. 6) IPv6 afs clients will communicate with ipv4 servers using an http://tools.ietf.org/html/rfc6147 type translation. 7) IPv4 afs clients to IPv6 servers is an excercise for future paying clients. Am I missing anything fundamental here that breaks, or is this feasible if someone has the time to implement, without causing undue pain in the future? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] openafs hang
I have had this problem, but I attributed it to intermittent network connectivity to the server. There might be a real problem here though... What is your network connection to the afs kerberos servers like? On Thu, Aug 09, 2012 at 11:48:25AM +0200, Alexander 'Leo' Bergolth wrote: Hi! My box, using openafs-1.6.1 and kernel-2.6.32-131.17.1.el6.i686 on Centos 6, just hung completely and had to be rebooted. It looks like the problem was caused by a locking problem of the openafs kernel module, all processes that e.g. used AFS authentication got stuck inside libafs. (See the kernel call-traces below.) A similar hang occured on the same box about one month ago. Is there any known bug that matches this description? Cheers, --leo 8 Aug 9 09:44:43 strike kernel: : INFO: task afs_rxevent:1580 blocked for more than 120 seconds. Aug 9 09:44:43 strike kernel: : echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Aug 9 09:44:43 strike kernel: : afs_rxevent D 00065252 0 1580 2 0x Aug 9 09:44:43 strike kernel: : f4b39030 0046 c09fc560 00065252 c0ae1120 c0ae1120 f4b392d8 15d1 Aug 9 09:44:43 strike kernel: : c16b0c80 00065252 8423fcb1 00065252 c0ae1120 c0ae1120 f4b392d8 Aug 9 09:44:43 strike kernel: : c0ae1120 c0adcb54 c0ae1120 f4b392d8 f47a4000 f49ac0e4 f38b5ef4 f9a49aef Aug 9 09:44:43 strike kernel: : Call Trace: Aug 9 09:44:43 strike kernel: : [f9a49aef] ? _rxevent_Post+0x1ff/0x330 [libafs] Aug 9 09:44:43 strike kernel: : [c0462ba7] ? lock_timer_base+0x27/0x50 Aug 9 09:44:43 strike kernel: : [c04635d2] ? try_to_del_timer_sync+0x62/0xb0 Aug 9 09:44:43 strike kernel: : [c0463631] ? del_timer_sync+0x11/0x20 Aug 9 09:44:43 strike kernel: : [c08223c3] ? schedule_timeout+0x133/0x250 Aug 9 09:44:43 strike kernel: : [c0822aa8] ? __mutex_lock_slowpath+0xd8/0x140 Aug 9 09:44:43 strike kernel: : [c08229ad] ? mutex_lock+0x1d/0x40 Aug 9 09:44:43 strike kernel: : [f9a5180b] ? afs_osi_TimedSleep+0xdb/0x180 [libafs] Aug 9 09:44:43 strike kernel: : [c044be70] ? default_wake_function+0x0/0x10 Aug 9 09:44:43 strike kernel: : [f9a51b37] ? afs_osi_Wait+0x67/0xb0 [libafs] Aug 9 09:44:43 strike kernel: : [f9ab007b] ? PSetTokens+0x16b/0x2c0 [libafs] Aug 9 09:44:43 strike kernel: : [f9a4a869] ? afs_rxevent_daemon+0x69/0x100 [libafs] Aug 9 09:44:43 strike kernel: : [f9aaa2e5] ? afsd_thread+0x555/0x650 [libafs] Aug 9 09:44:43 strike kernel: : [f9aa9d90] ? afsd_thread+0x0/0x650 [libafs] Aug 9 09:44:43 strike kernel: : [c040a13f] ? kernel_thread_helper+0x7/0x10 Aug 9 09:44:43 strike kernel: : INFO: task afsd:1583 blocked for more than 120 seconds. Aug 9 09:44:43 strike kernel: : echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Aug 9 09:44:43 strike kernel: : afsd D 0006524e 0 1583 2 0x Aug 9 09:44:43 strike kernel: : f4a18570 0046 c09fc560 0006524e c0ae1120 c0ae1120 f4a18818 17f4 Aug 9 09:44:43 strike kernel: : c16b0c80 00065252 82697e5f 00065252 c0ae1120 c0ae1120 f4a18818 Aug 9 09:44:43 strike kernel: : c0ae1120 c0adcb54 c0ae1120 f4a18818 f47a4000 f9a3c07f 0246 Aug 9 09:44:43 strike kernel: : Call Trace: Aug 9 09:44:43 strike kernel: : [f9a3c07f] ? afs_lhash_enter+0x2f/0x130 [libafs] Aug 9 09:44:43 strike kernel: : [f9a50398] ? osi_linux_alloc+0x58/0x3f0 [libafs] Aug 9 09:44:43 strike kernel: : [c0462ba7] ? lock_timer_base+0x27/0x50 Aug 9 09:44:43 strike kernel: : [c04635d2] ? try_to_del_timer_sync+0x62/0xb0 Aug 9 09:44:43 strike kernel: : [c0463631] ? del_timer_sync+0x11/0x20 Aug 9 09:44:43 strike kernel: : [c08223c3] ? schedule_timeout+0x133/0x250 Aug 9 09:44:43 strike kernel: : [f9a9eff1] ? osi_rdwr+0x131/0x150 [libafs] Aug 9 09:44:43 strike kernel: : [c0822aa8] ? __mutex_lock_slowpath+0xd8/0x140 Aug 9 09:44:43 strike kernel: : [c08229ad] ? mutex_lock+0x1d/0x40 Aug 9 09:44:43 strike kernel: : [f9a5180b] ? afs_osi_TimedSleep+0xdb/0x180 [libafs] Aug 9 09:44:43 strike kernel: : [c044be70] ? default_wake_function+0x0/0x10 Aug 9 09:44:43 strike kernel: : [f9a51b37] ? afs_osi_Wait+0x67/0xb0 [libafs] Aug 9 09:44:43 strike kernel: : [f9a5cef3] ? afs_Daemon+0x353/0x5f0 [libafs] Aug 9 09:44:43 strike kernel: : [f9aaa03a] ? afsd_thread+0x2aa/0x650 [libafs] Aug 9 09:44:43 strike kernel: : [f9aa9d90] ? afsd_thread+0x0/0x650 [libafs] Aug 9 09:44:43 strike kernel: : [c040a13f] ? kernel_thread_helper+0x7/0x10 Aug 9 09:44:43 strike kernel: : INFO: task afs_checkserver:1593 blocked for more than 120 seconds. Aug 9 09:44:43 strike kernel: : echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Aug 9 09:44:43 strike kernel: : afs_checkserv D 0006524e 0 1593 2 0x Aug 9 09:44:43 strike kernel: : c1421570 0046 c09fc560 0006524e c0ae1120 c0ae1120 c1421818 1e4e Aug
Re: [OpenAFS] Re: afsd.fuse usage?
Something is broken or not returning particularly useful error messages: hozer@six:~$ /usr/sbin/afsd.fuse /tmp/afs fuse: bad mount point `': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -- /tmp/afs fuse: bad mount point `--': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -- -d /tmp/afs fuse: bad mount point `-d': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -debug -- -d /tmp/afs fuse: bad mount point `-d': No such file or directory hozer@six:~$ dpkg -l openafs-fuse Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== ii openafs-fuse1.6.0-1 AFS distributed file system experimental FUSE client On Thu, Sep 15, 2011 at 11:19:32PM -0500, Andrew Deason wrote: On Thu, 15 Sep 2011 21:22:08 -0500 Troy Benjegerdes ho...@hozed.org wrote: I can't seem to find any documentation on afsd.fuse... Is there a HOWTO, or something? What works, what doesn't? It accepts all of the options that afsd does, and should behave in the same way. Give it a mountdir and a cachedir and it'll mount AFS in that dir and use the given cache directory. What should work is unauthenticated file access to AFS; everything else does not. So, you can't get authenticated access (unless you use host ACLs; but please don't use host ACLs), and you can't use any utilities like 'fs' with it. In developers terms, there's no pioctl, but anything that doesn't require a pioctl should work. We just haven't created a way to specify which cache manager do I communicate with?, so a pioctl call wouldn't know who to talk to. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Troy Benjegerdes 'da hozer'ho...@hozed.org 7 elements Farm TerraCarbo biofuels If you're going through hell, keep going. ~ Winston Churchill The challenge in changing the world is not in having great ideas, it's in having stupid simple ideas, as those are the ones that cause change. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: afsd.fuse usage?
I have not set up fuse on this machine for regular user access, but I get the same behavior on another machine that is configured. hozer@six:~/cray/msgq$ sudo /usr/sbin/afsd.fuse -mountdir /tmp/afs/ -cachedir /tmp/vcache/ -d [sudo] password for hozer: Sorry, try again. [sudo] password for hozer: FUSE library version: 2.8.5 nullpath_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56 INIT: 7.16 flags=0x007b max_readahead=0x0002 Starting AFS cache scan...found 0 non-empty cache files (0%). afsd: All AFS daemons started. Tue Sep 20 15:06:07 2011 Assertion failed! file /build/buildd-openafs_1.6.0-1-amd64-YBR2T1/openafs-1.6.0/src/afs/UKERNEL/afs_usrops.c, line 1284. On Tue, Sep 20, 2011 at 02:58:33PM -0400, Matt W. Benjamin wrote: Hi Troy, When I just recently used fuse UKERNEL I did the following: afsd.fuse -memcache -mountdir /fafs -cachedir /vcache -d and got initial results. I haven't worked much with it yet, but the cm started and responded to vfsops. Matt - Troy Benjegerdes ho...@hozed.org wrote: Something is broken or not returning particularly useful error messages: hozer@six:~$ /usr/sbin/afsd.fuse /tmp/afs fuse: bad mount point `': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -- /tmp/afs fuse: bad mount point `--': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -- -d /tmp/afs fuse: bad mount point `-d': No such file or directory hozer@six:~$ /usr/sbin/afsd.fuse -debug -- -d /tmp/afs fuse: bad mount point `-d': No such file or directory hozer@six:~$ dpkg -l openafs-fuse Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== ii openafs-fuse1.6.0-1 AFS distributed file system experimental FUSE client On Thu, Sep 15, 2011 at 11:19:32PM -0500, Andrew Deason wrote: On Thu, 15 Sep 2011 21:22:08 -0500 Troy Benjegerdes ho...@hozed.org wrote: I can't seem to find any documentation on afsd.fuse... Is there a HOWTO, or something? What works, what doesn't? It accepts all of the options that afsd does, and should behave in the same way. Give it a mountdir and a cachedir and it'll mount AFS in that dir and use the given cache directory. What should work is unauthenticated file access to AFS; everything else does not. So, you can't get authenticated access (unless you use host ACLs; but please don't use host ACLs), and you can't use any utilities like 'fs' with it. In developers terms, there's no pioctl, but anything that doesn't require a pioctl should work. We just haven't created a way to specify which cache manager do I communicate with?, so a pioctl call wouldn't know who to talk to. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Troy Benjegerdes 'da hozer' ho...@hozed.org 7 elements Farm TerraCarbo biofuels If you're going through hell, keep going. ~ Winston Churchill The challenge in changing the world is not in having great ideas, it's in having stupid simple ideas, as those are the ones that cause change. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 -- Troy Benjegerdes 'da hozer'ho...@hozed.org 7 elements Farm TerraCarbo biofuels If you're going through hell, keep going. ~ Winston Churchill The challenge in changing the world is not in having great ideas, it's in having stupid simple ideas, as those are the ones that cause change. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] afsd.fuse usage?
I can't seem to find any documentation on afsd.fuse... Is there a HOWTO, or something? What works, what doesn't? -- Troy Benjegerdes 'da hozer'ho...@hozed.org 7 elements Farm TerraCarbo biofuels If you're going through hell, keep going. ~ Winston Churchill The challenge in changing the world is not in having great ideas, it's in having stupid simple ideas, as those are the ones that cause change. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Plans for IPv6
I saw a mention of IPv6 support sometime in 2011 in my old email.. How are we doing on v6 support? -- Troy Benjegerdes 'da hozer'ho...@hozed.org 7 elements Farm TerraCarbo biofuels If you're going through hell, keep going. ~ Winston Churchill The challenge in changing the world is not in having great ideas, it's in having stupid simple ideas, as those are the ones that cause change. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS on the Palm Pre smartphone!
On Tue, Dec 15, 2009 at 07:04:00AM -0800, Alf Wachsmann wrote: On Mon, 14 Dec 2009, Troy Benjegerdes wrote: Patches please! I just started this (I'll be on a flight to the bay area, of all places in about 20 minute), and I ran into stuff like the make_s_table host tools getting compile as arm binaries. Troy, See the earlier discussion about the OpenAFS build system problems with cross-compiling. I would not know how to patch this. I can, however, guide you through the steps to cross-compile OpenAFS by hand if you want me to. I think I figured this out (putting HOST_CC instead of 'CC' in Makefile.in) and I hope to have patches soon. Have you tried disconnected operation yet? No, I have not. I should say that I had problems with the disk cache on my Pre and had to use memcache instead. I did not investigate. Can you elaborate any on the disk cache problems? I assume this was likely because the backing filesystem was not ext3? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS on the Palm Pre smartphone!
Patches please! I just started this (I'll be on a flight to the bay area, of all places in about 20 minute), and I ran into stuff like the make_s_table host tools getting compile as arm binaries. Have you tried disconnected operation yet? I'd like to make Preware packages for OpenAFS and Mutt. Dovecot might be interesting as well to be able to point the Pre mail client at a local imap server. Having good AFS support seems like a killer app for a smartphone. Has anyone done this for Android yet? On Wed, Sep 23, 2009 at 09:12:45AM -0700, Alf Wachsmann wrote: Hi, I managed to get OpenAFS cross-compiled and running on my Palm Pre smartphone :-) It was not really surprising that it worked due to the work Derrick Brashear and Jason Edgecombe put in to make OpenAFS work on ARM CPUs. A bigger problem was to get Kerberos working but I managed that too. Cheers, Alf. --- Alf Wachsmann | e-mail: a...@slac.stanford.edu SLAC - Scientific Computing | Phone: +1-650-926-4802 2575 Sand Hill Road, M/S 97 | FAX:+1-650-926-3329 Menlo Park, CA 94025, USA | Office: Bldg. 50/323 --- http://www.slac.stanford.edu/~alfw (PGP) --- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- -- Troy Benjegerdes'da hozer'ho...@hozed.org Unless hours were cups of sack, and minutes capons, and clocks the tongues of bawds, and dials the signs of leaping houses, and the blessed sun himself a fair, hot wench in flame-colored taffeta, I see no reason why thou shouldst be so superfluous to demand the time of the day. I wasted time and now doth time waste me.-- William Shakespeare ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS on the Palm Pre smartphone!
I see the point of not having a full blown file mananger. But AFS as a 'library' to locate .. say some sort of search index that was generated on a desktop would be darn spiffy. There is at least one webos file manager I've seen. email in maildir on afs with local dovecot seems like a pretty quick hack that gets me a long way towards what I've been wanting for a long time now. FYI, Now i'm getting this... CC [M] /home/hozer/src/predev/openafs-1.5.66/src/libafs/MODLOAD-2.6.24-palm-joplin-3430-SP/afs_error.o In file included from include/linux/spinlock.h:333, from include/linux/wait.h:24, from /home/hozer/src/predev/openafs-1.5.66/src/afs/sysincludes.h:61, from /home/hozer/src/predev/openafs-1.5.66/src/libafs/MODLOAD-2.6.24-palm-joplin-3430-SP/afs_error.c:18: include/asm/atomic.h:17: error: conflicting types for 'atomic_t' /home/hozer/src/predev/openafs-1.5.66/src/libafs/MODLOAD-2.6.24-palm-joplin-3430-SP/./sys/types.h:192: error: previous declaration of 'atomic_t' was here make[5]: *** [/home/hozer/src/predev/openafs-1.5.66/src/libafs/MODLOAD-2.6.24-palm-joplin-3430-SP/afs_error.o] Error 1 make[4]: *** [_module_/home/hozer/src/predev/openafs-1.5.66/src/libafs/MODLOAD-2.6.24-palm-joplin-3430-SP] Error 2 Hopefully I have it working once I land ;) On Mon, Dec 14, 2009 at 07:30:33PM -0600, Jake Thebault-Spieker wrote: Part of the issue with Android and WebOS is that neither is designed to be a file manager type OS. They're both designed around the concept that the application will know where the files it needs are. What this means is that neither has an out of the box file manager as part of the OS. I know android has a fairly good third party file manager, but as I understand it, the WebOS API doesn't make it easy to write a file manager. Obviously, the terminal capabilities of both OSs allow for some semblance of file management, but GUI options are quite limited. Just my $0.02 On Mon, Dec 14, 2009 at 7:23 PM, Troy Benjegerdes ho...@hozed.org wrote: Patches please! I just started this (I'll be on a flight to the bay area, of all places in about 20 minute), and I ran into stuff like the make_s_table host tools getting compile as arm binaries. Have you tried disconnected operation yet? I'd like to make Preware packages for OpenAFS and Mutt. Dovecot might be interesting as well to be able to point the Pre mail client at a local imap server. Having good AFS support seems like a killer app for a smartphone. Has anyone done this for Android yet? On Wed, Sep 23, 2009 at 09:12:45AM -0700, Alf Wachsmann wrote: Hi, I managed to get OpenAFS cross-compiled and running on my Palm Pre smartphone :-) It was not really surprising that it worked due to the work Derrick Brashear and Jason Edgecombe put in to make OpenAFS work on ARM CPUs. A bigger problem was to get Kerberos working but I managed that too. Cheers, Alf. --- Alf Wachsmann | e-mail: a...@slac.stanford.edu SLAC - Scientific Computing | Phone: +1-650-926-4802 2575 Sand Hill Road, M/S 97 | FAX:+1-650-926-3329 Menlo Park, CA 94025, USA | Office: Bldg. 50/323 --- http://www.slac.stanford.edu/~alfwhttp://www.slac.stanford.edu/%7Ealfw(PGP) --- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- -- Troy Benjegerdes'da hozer'ho...@hozed.org Unless hours were cups of sack, and minutes capons, and clocks the tongues of bawds, and dials the signs of leaping houses, and the blessed sun himself a fair, hot wench in flame-colored taffeta, I see no reason why thou shouldst be so superfluous to demand the time of the day. I wasted time and now doth time waste me.-- William Shakespeare ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Jacob Thebault-Spieker Cell: (320) 288-6412 http://summatusmentis.com -- -- Troy Benjegerdes'da hozer'ho...@hozed.org Unless hours were cups of sack, and minutes capons, and clocks the tongues of bawds, and dials the signs of leaping houses, and the blessed sun himself a fair, hot wench in flame-colored taffeta, I see no reason why thou shouldst be so superfluous to demand
Re: [OpenAFS] Re: [OpenAFS-devel] An open letter from the OpenAFS Council of Elders
On Sat, May 10, 2008 at 11:46:00AM -0500, Todd T. Fries wrote: Penned by Troy Benjegerdes on 20080508 16:11.40, we have: [..] | Finally, from a developer point of view, I believe it is quite important | that the first project of the new foundation be to migrate from the | existing CVS source code repository to a distributed open-source based | version control system. (This would mostly likely be either Git or | Mercrial.. once in either one of these formats, conversions any other | source control system of choice should be a lot easier) I suspect that cvs would be finely distributed if the /afs/openafs.org cell were still active. That being said, it is clear you have an agenda and preferances with code version control software. Perhaps rather than stating the conslusion, you could state the problem you are trying to solve? :-) The problem I am trying to solve is allowing a occasional developer (like me) who should NOT have commit access to CVS to be able to make a local branch in a local repository, do some development, and then easily be able to merge it into the latest upstream development, so that I can make some changes, test them for awhile, then submit a patch against the latest equivalent of CVSHEAD. I would get most of this functionality if /afs/openafs.org were still active, and then importing the CVS into mercurial. But that's still a fundamentally different development model than what is possible with distributed source control systems. If I had an easy, supported way to pull in the latest HEAD branch to my local changes, it would be a lot easier for me to submit patches fixing all the warnings that scroll by. We don't need to re-invent a better source control system.. Bitkeeper, Git, darcs, monotone, mercurial have all already tried that. I would just like openafs to pick one and go with it. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: [OpenAFS-devel] An open letter from the OpenAFS Council of Elders
On Thu, May 08, 2008 at 11:58:53PM -0400, Dale Ghent wrote: On May 8, 2008, at 5:11 PM, Troy Benjegerdes wrote: Finally, from a developer point of view, I believe it is quite important that the first project of the new foundation be to migrate from the existing CVS source code repository to a distributed open-source based version control system. I believe you meant to say from a political point of view... I think the politics of funding a foundation might be better served by continuing the relatively closed-access CVS repo. I probably should have said From an ocassional Openafs code contributor point of view. I'd just like to use tools that git/mercurial have to merge my changes up to the latest release. That being said, a distributed source control system could still be kept under pretty tight control if the politics demanded it. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: [OpenAFS-devel] An open letter from the OpenAFS Council of Elders
[snip] To that end, the OpenAFS Council of Elders has proposed the incorporation of a not-for-profit foundation to perform tasks necessary to sustain and further the development of the OpenAFS product and user community. We would like your feedback on this proposal, and suggest community discourse on the openafs-info@openafs.org mailing list. You are also welcome to bring specific concerns to the attention of the Elders via the [EMAIL PROTECTED] mailing list. I fully agree that the creation of a non-for-profit foundation is absolutely necessary. I would like to suggest that the foundation adopt an open membership structure like many electric co-op and other types of co-ops. ( http://www.weci.org/principles.html http://mea.coop/index.php?option=com_contenttask=viewid=31Itemid=98 ) If you think about it, a filesystem is a lot like an electric utility.. You never notice it when it's working. But if anything goes wrong, everything stops. It's a critical piece of infrastructure that few people understand, but everyone depends on. Membership should be open to both individuals, as well as corporations and organizations. I would be happy to individually pay between $5 and $25 a year membership dues to support OpenAFS. I also think that anyone contributing code should be granted membership without a fee. Corporate or large organization dues should be substantially larger, and have some sort of marketing/branding/trademark benefits associated with it. Finally, from a developer point of view, I believe it is quite important that the first project of the new foundation be to migrate from the existing CVS source code repository to a distributed open-source based version control system. (This would mostly likely be either Git or Mercrial.. once in either one of these formats, conversions any other source control system of choice should be a lot easier) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] find /afs/ breaking the client?
On Wed, Feb 07, 2007 at 09:30:07AM -0500, Derrick J Brashear wrote: On Wed, 7 Feb 2007, Jakub Witkowski wrote: No, no oops. The system just... blocks. You can interact with programs already in memory, access open files, but not open new. I chose .14 mostly because I was having problems building the module for Xen kernel and this version simply was first that I got compiled. I may fall back to something more stable now, as I know how to get things running. Which OpenAFS version you recommend for installation on a client? On a server? For Linux, we haven't recommended any 1.5.x client. 1.4.2, generally, though 1.4.3rc2 should be out in a day or so. If you can get cmdebug information when it's hung, that's be useful to see. I have done some experiments and my findings are not exactly optimistic. First of all, I found out that the hang was actually caused by some weird interaction between OpenAFS client and libnss-ldap library; in test enviroinment I can reproduce the systemwide hang described above when I set up nsswitch library to look uids up in ldap, but if it is not configured to do so, only the find process hangs - and then, only for a few minutes. Adding -fakestat-all switch makes the problem less pronounced (i.e. find lists more files) but not go away. Actually, when it's hung in 1.5.x getting a task list (alt-sysrq-t) would be useful, if you can do it. I believe I have this problem with 1.5.14 with AFS as the root filesystem.. I've seen the problem during a make -j8. CMdebug just hangs, but rxdebug to port 7001 on the hung machine still works I ended up using 1.5.14 because recent kernels (2.6.19) changed the makefiles enough so that 'osi_flush.s' is no longer recognized on ppc64, and I was trying to figure out why it didn't work. Renaming osi_flush.s to osi_flush.S fixes it, so I'll try 1.4.x.. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Failover
On Sat, Dec 31, 2005 at 08:03:40PM -0500, Jeffrey Hutzelman wrote: On Saturday, December 31, 2005 12:36:40 AM -0600 Troy Benjegerdes [EMAIL PROTECTED] wrote: The advantage of AFS over a single system is you can have as many incoming MTA machines, and imap servers as you want. Yes, you can. But as the volume gets large, especially for any given mailbox, the performance goes to hell. The problem is that whenever you file a message into a mailbox, you change the directory containing the mailbox. That means that if any other AFS client is also accessing that directory, it has a callback that has to be broken (while YOU wait), and then it has to fetch the entire directory again in order to be able to do the next file lookup. Sure, a bunch of clients talking to the same directory has scalability problems, but if I've got a mailbox that is that is huge enough to have these problems, it's not something I'm going to be able to effectively read anyway. Heck, my imap client (backened by afs) only checks mail every 5 minutes anyway. I suppose this could be a problem with a shared mailbox with hundreds of deliveries per second, but there's no human that could keep up with that rate anyway. Anything over 1 delivery per second, and the human factors are the bottleneck, not the system scalability. Once upon a time, more or less all of Carnegie Mellon's messaging needs (mail, netnews, bboards) were handled by the Andrew Messaging System, a distributed system based on AFS. AMS was an integrated part of the Andrew project, and unlike any mail system in wide use today, was designed from the ground up to take advantage of a distributed computing environment and particularly a distributed filesystem. Most major components of the system stored data in and communicated via the filesystem. Incoming MX's, outgoing mail gateways, delivery, bboard filing, etc. could all run on multiple machines, and it was possible to add or remove machines in any of those pools at will. Several years ago, Carnegie Mellon abandoned that system, choosing instead to expend huge amounts of developer time on developing, maintaining, and supporting an enterprise-grade distributed IMAP server package. The Cyrus IMAP system has consumed more than an entire full-time employee for many years now, and there is no sign that will change anytime soon. One significant factor in the decision to go down that path was the fact that AMS had serious scalability problems, largely because of the issue I described above. You could add more mail delivery systems, but that meant more callback breaks and more fetches of large directories from the fileserver. Sure, it was necessary to develop software because there was no off-the-shelf solution with the required robustness and stability. And participation in standards efforts (and implementation of those standards) was needed in order to insure it would at least be possible to use off-the-shelf _clients_. But without the serious performance problems AMS was having, there would have been no need to consider changes to messaging infrastructure at all. I suspect that this decision may have had more to do with the fact there were several freely-available and widely distributed IMAP clients than problems with a distributed filesystem. When that decision was made, was AFS still a closed-source single-vendor solution? In reality, I also don't think AFS really became robust enough to support a use-case like this until it had been open-sourced for a few years, and people tried doing all kinds of crazy stuff like this and fixing bugs. I very much recommend against trying to store mail in AFS. There is no gain to be had in reliability, scalability, or performance, and there are any number of potential problems. If what you're trying to accomplish is to get those features in a distributed mail server system, I suggest looking at http://asg.web.cmu.edu/cyrus/ I've looked at cyrus, used it in the past, and moved away from it. It's great if you're an enterprise, but I really like having my mail in my filesystem, and being able to use either a standard imap client, webmail, or filesystem tools like grep, and the mutt email client. Cyrus also almost requires a dedicated admin. With afs as the backend, I have one backup system to maintain, instead of worrying how to back up cyrus as well, and then learning how to use whatever cyrus has for migrating users from once piece of hardware to another. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS-Backup-Limits
On Tue, Dec 27, 2005 at 01:00:39PM -0600, Tracy Di Marco White wrote: On 12/27/05, Chris Huebsch [EMAIL PROTECTED] wrote: On Tue, 27 Dec 2005, Tracy Di Marco White wrote: We've been adding several 1.2+ TB servers, and it has become no longer reasonable to put a tape drive on every server, as we had been doing. You do not have a tape drive on every server. AFS Backup can send its backup via network to an other afs-backup-server. Right. I started using that on our new servers that we added before the new backup server was in production. Our full backups were taking longer than a day, sometimes three or four days, and things were set up so that it was more complicated to do incremental backups while the full backups were running. This is really ugly. Did you evaluate the reason for that? Are the disks to slow, or the tape-drives or the system-bus of your server machines? AFS seemed to be our bottleneck. On my systems, the volserver would max out at around 5MB/sec. Especially on volumes with lots of small files. We moved to using amanda-afs which spools to disk first, then dumps to tape. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Failover
On Wed, Dec 28, 2005 at 11:12:53AM -0500, Derek Atkins wrote: Pierre Ancelot [EMAIL PROTECTED] writes: Ok, then, what i am looking for is a distributed filesystem (free of charge and license (GNU or so)) replication over all nodes since i am preparing a virtual mail server using keepalived and maildir system. The thing is users use imap and imaps in a load balanced environnement so every node should access the same filesystem to r/w the changes, the whole thing beeing distributed over all nodes and failover Anyone could please orient me ? Thanks :) You don't want AFS for an imap or maildir backend. You should just use a RAID system, or perhaps DRBD (www.drbd.org) if you really want network redundancy. But if it were me I'd just use RAID mirroring on directly-connected drives on the imap server. I've been running courier-mta and courier-imap on AFS for the past 3 years or so. Performance will suck a LOT if the AFS caches aren't big enough. (my current imap server has an 8GB cache, and it's pretty full) The advantage of AFS over a single system is you can have as many incoming MTA machines, and imap servers as you want. I'd also make the comment that while AFS lacks whiz-bang R/W failover support, it's been used in production environments for a very long time. I think you'll have a hard time finding anyone that's run anything fancy like DRDB or Lustre for more than a year without some heavy maintenance and upkeep. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] backup database issues
How many people actively use the AFS backup system, and not something like amanda-afs, tivoli, etc? I'm currently running openafs-1.2.13 on my backup server, and I have some issues with recycling tapes that have partial or full backups in the tape label header that don't exist in the database (due to crashes on the server a year or so ago). However, 'backup scantape' seems to be unable to deal with a mising tape from a set of tapes in one backup. For example, 'backup scantape -dbadd' wants to scan all the tapes in a dump set, and I don't see a way to have it deal with a tape that is either unreadable, or has been written over with a newer backup because it is expired. I get wonderfull errors like this from butc: Thanks, now proceeding with tape scanning operation. ** Tape label expected daily.week.6 (018843), label seen daily.week.4 (018843) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Replica sites
On Tue, May 10, 2005 at 09:57:40PM +0100, ed wrote: On Tue, 10 May 2005 16:17:42 -0400 (EDT) Stephen Brown [EMAIL PROTECTED] wrote: That's three dirs per mail folder -- with one file per message within. It really can add up when folks keep their e-mail for years... ./tmp and ./new are small dirs, ./cur is the biggie. Qmail's vpopmail system is useful, that once you have about 100 domains on the system it places them in ./domains/, ./domains/0/ and ./domains/1/ ... ./domains/N filing system per 100. But the problem is, I don't want a single system that could fail, and I don't want a huge hardware budget, even if it takes me 4 months to find a solution it's more worthwhile as I can apply it to other internal requirements where data is possibly brought down through a single failure. FYI, I'm running courier and using maildirs in the users's home directory for mail delivery. That way you have 1 volume per user. There are some gotchas, but I've been running this in a small environment for quite awhile now. I think this could be all cleaned up with a few patches to courier and some more robust AFS file access regression tests. (delivering mail to maildirs and serving out imap is appently a good way to find race conditions in the afs kernel module) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] AFSDB vs SRV records??
I've found the IETF draft for kerberos SRV records online, and that works nicely, but I can't seem to fine any similiar documentation on AFSDB records, or equivalent SRV records. Is this actually documented someplace? Does anyone use AFSDB and/or SRV records? -- -- Troy Benjegerdes'da hozer'[EMAIL PROTECTED] Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] MacOSX latest release is still 1.2.11?
On Thu, Feb 17, 2005 at 05:53:26PM -0500, Garance A Drosihn wrote: At 6:15 PM -0600 2/16/05, Troy Benjegerdes wrote: I have downloaded the 'Latest release' link for OSX several times, and thought I was getting the latest, but if I do 'strings' on /usr/sbin/afsd after installing, it looks like it is actualy 1.2.11??? wget ftp://openafs.org/dl/openafs/1.2.13/macos-10.3/OpenAFS.pkg.tar.gz You would be better off running the latest snapshot of the 1.3 branch. Unless I missed some recent change (which is certainly possible...), the latest release on 1.2 will panic in several situations. The latest snapshot on the 1.3 branch does not include packages for MacOS, so you have to compile it from source. I think I picked that up at: http://www.openafs.org/release/openafs-1.3.78.html I am not 100% sure of the correct steps to compile it, because I was not in a good frame of mind when I built it (I had just lost a whole bunch of work due to one of those panics...) I've been looking at 1.3.78, and have it running on one machine.. however, it seems either that machine itself has some problems, or 1.3.78 still has some issues, since for no apparent reason I was getting Lost contact with file server X.X.X.X in cell (multi-homed address) messages, but if I ping the fileserver's address, it is most definitely there. This seemed to happen after I tried to copy a 'OpenAFS.pkg' directory from my afs homedir to another location on AFS. The worst part is once you lose afs connectivity, you can't seem to kinit anymore because of some interaction issue with the OSX kerberos default ticket cache. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] MacOSX latest release is still 1.2.11?
On Wed, Feb 16, 2005 at 10:15:31PM -0500, Derrick J Brashear wrote: On Wed, 16 Feb 2005, Derrick J Brashear wrote: On Wed, 16 Feb 2005, Troy Benjegerdes wrote: I have downloaded the 'Latest release' link for OSX several times, and thought I was getting the latest, but if I do 'strings' on /usr/sbin/afsd after installing, it looks like it is actualy 1.2.11??? No, it looks like there is a 1.2.11 string in the binaries. Sorry. (There were no client changes between 1.2.11 plus whatever the patch was that we were distributing and 1.2.13, so they're the same binaries) Ahh, this makes sense. It is, however, quite confusing. Probably, though, you will want binaries built from CVS; There will be MacOS binaries for the next 1.3 release. I'd like to ask that there be some easy way to get version information.. either by including it in the MacOS package binary name, or by 'afsd --version'. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Regulary Ooups'es on 2.4.29 + OpenAFS 1.2.13
On Fri, Feb 11, 2005 at 11:43:36PM +0100, Cajus Pollmeier wrote: Am 10.02.2005 um 14:45 schrieb chas williams - CONTRACTOR: i am reasonably certain this is a race condition with the rename/unlink done by afs afs_remove(). i believe this problem has been fixed in the 1.3 version. you might try running a 1.3 client. otherwise the fixes will need to be brought in from the 1.3 tree. This happens with (at least) 1.3.74, too. What kind of system are you running? How many CPUS? I've had similiar problems with unlink/rename with 1.3.77. I don't get a kernel panic anymore, but I have had instances where several imapd processes get stuck in a deadlock on a users's Maildir/tmp/ directory. locks: (writer_waiting, write_locked(pid:1175 at:159), 135 waiters) 18432 bytes DV 269828296 refcnt 136 callback expires 1106423373 0 opens 0 writers normal file states (0x0) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] releasing volumes automatically
On Sun, Feb 13, 2005 at 03:12:04PM +0100, Turbo Fredriksson wrote: Marco == Marco Spatz [EMAIL PROTECTED] writes: Marco Is there any possibility Marco to tell OpenAFS to release certain (or all) changed volumes Marco at a certain time? Would be a great help. I'm running the http://www.bayour.com/scripts/update_afs.sh script from cron every 12 hours... What are some of the bad ideas about having replicated user volumes? (besides taking up more space and mountpoint issues). ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] MacOSX latest release is still 1.2.11?
I have downloaded the 'Latest release' link for OSX several times, and thought I was getting the latest, but if I do 'strings' on /usr/sbin/afsd after installing, it looks like it is actualy 1.2.11??? wget ftp://openafs.org/dl/openafs/1.2.13/macos-10.3/OpenAFS.pkg.tar.gz /tmp$ tar zxvf OpenAFS.pkg.tar.gz /tmp$ cd OpenAFS.pkg/Contents /tmp/OpenAFS.pkg/Contents$ grep OpenAFS * Binary file Archive.bom matches Info.plist: stringOpenAFS 1.2.10/string /tmp/OpenAFS.pkg/Contents$ gunzip -c Archive.pax.gz | pax -r /tmp/OpenAFS.pkg/Contents$ ls Archive.bom Info.plist PkgInfoprivate Archive.pax.gz Library Resources usr /tmp/OpenAFS.pkg/Contents$ strings usr/sbin/afsd | grep OpenAFS @(#) OpenAFS 1.2.11 built 2004-11-02 What's going on here? -- -- Troy Benjegerdes'da hozer'[EMAIL PROTECTED] Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] MacOSX with reliable AFS homedirs?
Also, I assume you know that you have to add login_logout_notification= aklog to the [libdefaults] section in /Library/Preferences/edu.mit.kerberos (If you have nat clients might also want to add noaddresses = true ) And I assume the kerberos is required for login in /private/etc/authorization and that your actually require kerberos for login not just get tickets as a side effect. What is the difference between having kerberos required for login vs having a side-effect? I am using it as a side effect right now. That may be part of my problem. But with kerberos required for login, how do I get logged into the machine for maintenance if the network is unavailable? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] MacOSX with reliable AFS homedirs?
Has anyone gotten Krb5, ldap, and AFS homedirs working reliably? We've had to resort to setting up each individual users with a startup items script to run aklog. I've tried the 'kfm_aklog' plugin, but it doesn't seem to work, and none of the apple login hook stuff seems to work. What is the equivalent of a linux PAM line like: session libpam-openafs-session.so debug -- -- Troy Benjegerdes'da hozer'[EMAIL PROTECTED] Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] MacOSX with reliable AFS homedirs?
On Thu, Feb 03, 2005 at 08:22:44PM -0600, Tracy Di Marco White wrote: In message [EMAIL PROTECTED], Troy Benjegerdes writes: Has anyone gotten Krb5, ldap, and AFS homedirs working reliably? Have you looked at the ISU OS X documentation? http://tech.ait.iastate.edu/macosx/ I'm just using krb5 AFS, no LDAP, but mine is mostly a single user machine. Do you have an afs homedir, and how do you get tokens when you log in? We've had to resort to setting up each individual users with a startup items script to run aklog. I know the ISU lab documentation talks about using LDAP: http://tech.ait.iastate.edu/macosx/how-to/labs-10.3.shtml It only seems to reference pvattach, and pvdetach. I've tried the 'kfm_aklog' plugin, but it doesn't seem to work, and none of the apple login hook stuff seems to work. What is the equivalent of a linux PAM line like: session libpam-openafs-session.so debug PAM I'm not really using yet, so I can't help there. Well, I'd like *some* confirmation that, yes, the kfm_aklog program is running, and what user it runs as, and whether it was successful in getting tokens or not. I have no idea if this stuff is even logged, or where it's logged to. (Also, regarding the kfm_aklog, is there another mechanism anyone has used or another plugin that has a better license? ) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] MacOSX with reliable AFS homedirs?
On Thu, Feb 03, 2005 at 09:48:04PM -0600, Ben Staffin wrote: * Troy Benjegerdes [EMAIL PROTECTED] [2005-02-03 20:29] wibbled: On Thu, Feb 03, 2005 at 08:22:44PM -0600, Tracy Di Marco White wrote: In message [EMAIL PROTECTED], Troy Benjegerdes writes: Has anyone gotten Krb5, ldap, and AFS homedirs working reliably? Have you looked at the ISU OS X documentation? http://tech.ait.iastate.edu/macosx/ I'm just using krb5 AFS, no LDAP, but mine is mostly a single user machine. Do you have an afs homedir, and how do you get tokens when you log in? We use Nicholas Riley's aklog plugin to get tokens on login (http://www.acm.uiuc.edu/admin/afs/aklog-1.0.dmg). It creates a /usr/local/bin/aklog, and a /Library/Kerberos Plug-Ins/aklog.loginLogout bundle. I'm not sure how other sites handle this. That looks like the same kfm_aklog bundle. How do you debug this when it doesn't work? Do you have to reboot or something to get kfm_aklog to work? I would expect a reasonable unix system to not require a reboot for something like that. Also, does this (or anything else) work with ssh logins? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] IPUT Bad refCount 0 on inode 0xf8abadb8 in openafs-1.2.11
Should I try applying this to openafs-1.2.11, or 1.3? On Mon, Nov 15, 2004 at 11:32:51AM -0500, chas williams (contractor) wrote: In message [EMAIL PROTECTED],Troy Benjegerdes writes: Trace; f89976c0 [openafs.mp].rodata.end+4459/d3b9 Trace; f8983340 [openafs.mp]afs_dentry_iput+0/f0 Trace; f89a0c44 [openafs.mp]afs_global_lock+0/1c Trace; f8980168 [openafs.mp]osi_iput+58/f0 Trace; f89976c0 [openafs.mp].rodata.end+4459/d3b9 Trace; f8983340 [openafs.mp]afs_dentry_iput+0/f0 Trace; c015c93b d_delete+bb/c0 Trace; c0153d66 vfs_unlink+186/280 Trace; c0153f1b sys_unlink+bb/120 Trace; c0108efb system_call+33/38 can you see if the following attached patch helps this problem. Index: src/afs/VNOPS/afs_vnop_remove.c === RCS file: /cvs/openafs/src/afs/VNOPS/afs_vnop_remove.c,v retrieving revision 1.31 diff -u -u -r1.31 afs_vnop_remove.c --- src/afs/VNOPS/afs_vnop_remove.c 23 Jun 2004 22:25:06 - 1.31 +++ src/afs/VNOPS/afs_vnop_remove.c 15 Nov 2004 15:59:50 - @@ -14,9 +14,7 @@ * afs_IsWired (DUX) * afsremove * afs_remove - * - * Local: - * newname + * afs_newname * */ #include afsconfig.h @@ -110,7 +108,7 @@ register struct conn *tc; struct AFSFetchStatus OutDirStatus; struct AFSVolSync tsync; -XSTATS_DECLS +XSTATS_DECLS; do { tc = afs_Conn(adp-fid, treqp, SHARED_LOCK); if (tc) { @@ -193,8 +191,8 @@ return (0); } -static char * -newname(void) +char * +afs_newname(void) { char *name, *sp, *p = .__afs; afs_int32 rd = afs_random() 0x; @@ -412,7 +410,7 @@ #endif #endif { - char *unlname = newname(); + char *unlname = afs_newname(); ReleaseWriteLock(adp-lock); if (tdc) Index: src/afs/LINUX/osi_vnodeops.c === RCS file: /cvs/openafs/src/afs/LINUX/osi_vnodeops.c,v retrieving revision 1.83 diff -u -u -r1.83 osi_vnodeops.c --- src/afs/LINUX/osi_vnodeops.c 19 Aug 2004 00:58:47 - 1.83 +++ src/afs/LINUX/osi_vnodeops.c 15 Nov 2004 15:59:50 - @@ -1149,18 +1149,63 @@ int afs_linux_unlink(struct inode *dip, struct dentry *dp) { -int code; +int code = EBUSY; cred_t *credp = crref(); const char *name = dp-d_name.name; +struct vcache *tvc = ITOAFS(dp-d_inode); #if defined(AFS_LINUX26_ENV) lock_kernel(); #endif +if (((VREFCOUNT(tvc) 0) tvc-opens 0) + !(tvc-states CUnlinked)) { + struct dentry *__dp; + char *__name; + extern char *afs_newname(); + + __dp = NULL; + __name = NULL; + do { + dput(__dp); + + AFS_GLOCK(); + if (__name) + osi_FreeSmallSpace(__name); + __name = afs_newname(); + AFS_GUNLOCK(); + + __dp = lookup_one_len(__name, dp-d_parent, strlen(__name)); + + if (IS_ERR(__dp)) + goto out; + } while (__dp-d_inode != NULL); + + AFS_GLOCK(); + code = afs_rename(ITOAFS(dip), dp-d_name.name, ITOAFS(dip), __dp-d_name.name, credp); + if (!code) { +tvc-mvid = __name; +crhold(credp); +if (tvc-uncred) { +crfree(tvc-uncred); +} +tvc-uncred = credp; + tvc-states |= CUnlinked; + } + AFS_GUNLOCK(); + + if (!code) + d_move(dp, __dp); + dput(__dp); + + goto out; +} + AFS_GLOCK(); code = afs_remove(ITOAFS(dip), name, credp); AFS_GUNLOCK(); if (!code) d_drop(dp); +out: #if defined(AFS_LINUX26_ENV) unlock_kernel(); #endif -- -- Troy Benjegerdes'da hozer'[EMAIL PROTECTED] Somone asked my why I work on this free (http://www.fsf.org/philosophy/) software stuff and not get a real job. Charles Shultz had the best answer: Why do musicians compose symphonies and poets write poems? They do it because life wouldn't have any meaning for them if they didn't. That's why I draw cartoons. It's my life. -- Charles Shultz ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] IPUT Bad refCount 0 on inode 0xf8abadb8 in openafs-1.2.11
On Thu, Oct 28, 2004 at 02:00:36PM -0400, Derrick J Brashear wrote: On Thu, 28 Oct 2004, Troy Benjegerdes wrote: I've had this happen twice now on an SMP machine (debian 2.4.27 kernel, 1.2.11 openafs packages from debian sarge) Is this a known bug that's fixed in a newer version? It looks like an SMP race condition to me. IPUT Bad refCount 0 on inode 0xf8abadb8 The below would be more useful if you ran it through ksymoops. In particular, nothing about the error message in the line above is useful; However, it's not fixed in 1.2.x, and may be fixed in 1.3.x. Is 1.3.x getting relatively close to being stable? (aka, I won't lose data). Would you recommend I use the 2.6 or 2.4 kernels if I move to 1.3.x? It's also apparently reproducable.. My guess is imapd is trying to unlink a maildir message file that's already been moved and unlinked by another imapd. This time with ksymooops.. IPUT Bad refCount 0 on inode 0xf8ac88bc Unable to handle kernel paging request at virtual address printing eip: f8973b10 *pde = 4063 *pte = Oops: 0002 CPU:2 EIP:0010:[f8973b10]Tainted: PF EFLAGS: 00010282 eax: 0028 ebx: f8ac88bc ecx: 0096 edx: 0001 esi: f89a0c44 edi: f8a95480 ebp: d086a000 esp: d086bf18 ds: 0018 es: 0018 ss: 0018 Process imapd (pid: 1334, stackpage=d086b000) Stack: f89976c0 f8ac88bc f8983340 d086a000 f8a953f0 f89a0c44 f8980168 f89976c0 f8ac88bc f8983340 d1bc5de0 d1bc5de0 f8ac88bc c015c93b f8ac88bc f8ac88bc f8a953f0 c0153d66 d1bc5de0 d1bc5de0 d1bc5de0 Call Trace:[f89976c0] [f8983340] [f89a0c44] [f8980168] [f89976c0] [f8983340] [c015c93b] [c0153d66] [c0153f1b] [c0108efb] Code: c6 05 ff ff ff ff 2a 83 c4 1c c3 90 8d 74 26 00 b8 02 8e 99 Unable to handle kernel paging request at virtual address f8973b10 *pde = 4063 Oops: 0002 CPU:2 EIP:0010:[f8973b10]Tainted: PF Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010282 eax: 0028 ebx: f8ac88bc ecx: 0096 edx: 0001 esi: f89a0c44 edi: f8a95480 ebp: d086a000 esp: d086bf18 ds: 0018 es: 0018 ss: 0018 Process imapd (pid: 1334, stackpage=d086b000) Stack: f89976c0 f8ac88bc f8983340 d086a000 f8a953f0 f89a0c44 f8980168 f89976c0 f8ac88bc f8983340 d1bc5de0 d1bc5de0 f8ac88bc c015c93b f8ac88bc f8ac88bc f8a953f0 c0153d66 d1bc5de0 d1bc5de0 d1bc5de0 Call Trace:[f89976c0] [f8983340] [f89a0c44] [f8980168] [f89976c0] [f8983340] [c015c93b] [c0153d66] [c0153f1b] [c0108efb] Code: c6 05 ff ff ff ff 2a 83 c4 1c c3 90 8d 74 26 00 b8 02 8e 99 EIP; f8973b10 [openafs.mp]osi_Panic+20/40 = esi; f89a0c44 [openafs.mp]afs_global_lock+0/1c ebp; d086a000 _end+1051a328/384bd388 esp; d086bf18 _end+1051c240/384bd388 Trace; f89976c0 [openafs.mp].rodata.end+4459/d3b9 Trace; f8983340 [openafs.mp]afs_dentry_iput+0/f0 Trace; f89a0c44 [openafs.mp]afs_global_lock+0/1c Trace; f8980168 [openafs.mp]osi_iput+58/f0 Trace; f89976c0 [openafs.mp].rodata.end+4459/d3b9 Trace; f8983340 [openafs.mp]afs_dentry_iput+0/f0 Trace; c015c93b d_delete+bb/c0 Trace; c0153d66 vfs_unlink+186/280 Trace; c0153f1b sys_unlink+bb/120 Trace; c0108efb system_call+33/38 Code; f8973b10 [openafs.mp]osi_Panic+20/40 _EIP: Code; f8973b10 [openafs.mp]osi_Panic+20/40 = 0: c6 05 ff ff ff ff 2a movb $0x2a,0x = Code; f8973b17 [openafs.mp]osi_Panic+27/40 7: 83 c4 1c add$0x1c,%esp Code; f8973b1a [openafs.mp]osi_Panic+2a/40 a: c3ret Code; f8973b1b [openafs.mp]osi_Panic+2b/40 b: 90nop Code; f8973b1c [openafs.mp]osi_Panic+2c/40 c: 8d 74 26 00 lea0x0(%esi),%esi Code; f8973b20 [openafs.mp]osi_Panic+30/40 10: b8 02 8e 99 00mov$0x998e02,%eax ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info