Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell)
1. Create default ThisCell/CellServDB files in the path the servers expect. yes 2. Use asetkey to create the KeyFile/KeyFileEx yes 3. Start the bosserver (without -noauth) yes and it exits here 4. Run authenticated bos to setup the cellname, hosts, and superusers never gets this far From: Michael Meffie <mmef...@sinenomine.net> Sent: Friday, April 14, 2017 10:37 AM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell) On Fri, 14 Apr 2017 02:51:45 + Ted Creedon <tcree...@easystreet.net> wrote: > The strace is ~ 40 lines long & is useless.. > > what (dir, file) permissions are required? > > I'd suggest removing any cell improvements since the error messages are > misleading. Hi Ted, The feature Jeff described, in which the bosserver creates a default cell configuration if it is missing, is not a new feature. It's been present since OpenAFS 1.0. Basically, the bosserver will create a ThisCell/CellServDB file with default values if they are not present. Perhaps something else is setting those default values. Are you running some scripts or something else? By the way, the -noauth flag isn't normally needed any longer for setting up a new cell. It was useful back in the kaserver days, since you needed -noauth to create the service keys with kaserver, but in a modern setup, you do not need -noauth if you set the service key before you start the bosserver. You can set the key with asetkey before running the bosserver. However, one minor complication; in the current releases (and master) asetkey does require the cell configuration to be present (CellServDB/ThisCell). They can be default values for asetkey. You can do the following: 1. Create default ThisCell/CellServDB files in the path the servers expect. 2. Use asetkey to create the KeyFile/KeyFileEx 3. Start the bosserver (without -noauth) 4. Run authenticated bos to setup the cellname, hosts, and superusers Thanks, Mike -- Michael Meffie <mmef...@sinenomine.net> ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell)
The strace is ~ 40 lines long & is useless.. what (dir, file) permissions are required? I'd suggest removing any cell improvements since the error messages are misleading. ted From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, April 13, 2017 7:11 PM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell) On Thu, Apr 13, 2017 at 10:39:26PM +0000, Ted Creedon wrote: > anyway just to get something that compiles > git clone https://github.com/openafs/openafs.git (openafs 1.8.0pre1-41-g6b7b4) > > so 1.8 compiles but still changes ThisCell & CelllServDB to localcell after > setting to creedon.biz > > I have no idea why this happens. CreateLocalCellConfig() does so; it is called if afsconf_Open() fails for the server configuration directory, presumably intended as an aid to first-time administrators. Showing a complete strace log of the failed run would probably indicate why, but would requre the entire log, which would mean it is a large file. Just exerpts are unlikely to suffice. -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell)
anyway just to get something that compiles git clone https://github.com/openafs/openafs.git (openafs 1.8.0pre1-41-g6b7b4) so 1.8 compiles but still changes ThisCell & CelllServDB to localcell after setting to creedon.biz I have no idea why this happens. tedc From: Jeffrey Altman <jalt...@auristor.com> Sent: Thursday, April 13, 2017 1:38:25 PM To: Michael Meffie Cc: Ted Creedon; openafs-info@openafs.org Subject: Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell) On 4/13/2017 4:08 PM, Michael Meffie wrote: > On Thu, 13 Apr 2017 15:31:39 -0400 > Michael Meffie <mmef...@sinenomine.net> wrote: > >> On Thu, 13 Apr 2017 16:58:57 + >> Ted Creedon <tcree...@easystreet.net> wrote: >> >>> Looks like the compile failure is described in: >>> https://lists.openafs.org/pipermail/openafs-info/2016-August/041890.html >>> >>> trying to figure that out now. >> > > Hello Ted, > > Does your build work if you manually change the following line in > src/config/Makefile.config (*after* running ./configure) > > KRB5_LIBS = -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 > > to: > > KRB5_LIBS = -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 -lasn1 > > It looks like we need to add -lasn1 anywhere libauth.a is linked (when using > heimdal libs). Currently that is only done when building aklog. That is an incorrect fix. -lasn1 should neither be added for aklog nor libauth. akimpersonate_v5gen.c is wrong in the Heimdal case. It is making direct usage of Heimdal ASN1 macros when it should be following the model used for rxkad. I'm not entirely sure why akimpersonate has its own v5gen source files. Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] bosserver -noauth& changes cell to localcell
Looks like the compile failure is described in: https://lists.openafs.org/pipermail/openafs-info/2016-August/041890.html trying to figure that out now. ted From: Ted Creedon Sent: Thursday, April 13, 2017 9:41:01 AM To: Jeffrey Altman; openafs-info@openafs.org Subject: Re: [OpenAFS] bosserver -noauth& changes cell to localcell Sorry 1.6.20.1, looks like the dyndns setup evaporated however after updating to heimdal-7.2.0: ookpik:/data/openafs-1.6.20.1 # time nice make -s + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /data/openafs-1.6.20.1/lib/libauth.a(akimpersonate.o): undefined reference to symbol 'encode_EncTicketPart@@HEIMDAL_ASN1_1.0' /usr/heimdal/lib64/libasn1.so.8: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:99: recipe for target 'ptserver' failed make[3]: *** [ptserver] Error 1 Makefile:237: recipe for target 'ptserver' failed make[2]: *** [ptserver] Error 2 Makefile:694: recipe for target 'build' failed make[1]: *** [build] Error 2 Makefile:36: recipe for target 'all' failed make: *** [all] Error 2 From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Jeffrey Altman <jalt...@auristor.com> Sent: Wednesday, April 12, 2017 8:41:54 PM To: openafs-info@openafs.org Subject: Re: [OpenAFS] bosserver -noauth& changes cell to localcell On 4/12/2017 8:43 PM, Ted Creedon wrote: > anyone know why executing bosserver -noauth& overwrites cellname.com in > ThisCell & CellServDB with localcell? > > thanks > > tedc You didn't say which version of OpenAFS you are using but when 1.6.x bosserver is executed and its attempt to load a valid configuration fails, it then attempts to create a valid configuration. src/bozo/bosserver.c line 1032 of openafs-stable-1_6_x Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] bosserver -noauth& changes cell to localcell
Sorry 1.6.20.1, looks like the dyndns setup evaporated however after updating to heimdal-7.2.0: ookpik:/data/openafs-1.6.20.1 # time nice make -s + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in + case amd64_linux26 in /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /data/openafs-1.6.20.1/lib/libauth.a(akimpersonate.o): undefined reference to symbol 'encode_EncTicketPart@@HEIMDAL_ASN1_1.0' /usr/heimdal/lib64/libasn1.so.8: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:99: recipe for target 'ptserver' failed make[3]: *** [ptserver] Error 1 Makefile:237: recipe for target 'ptserver' failed make[2]: *** [ptserver] Error 2 Makefile:694: recipe for target 'build' failed make[1]: *** [build] Error 2 Makefile:36: recipe for target 'all' failed make: *** [all] Error 2 From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Jeffrey Altman <jalt...@auristor.com> Sent: Wednesday, April 12, 2017 8:41:54 PM To: openafs-info@openafs.org Subject: Re: [OpenAFS] bosserver -noauth& changes cell to localcell On 4/12/2017 8:43 PM, Ted Creedon wrote: > anyone know why executing bosserver -noauth& overwrites cellname.com in > ThisCell & CellServDB with localcell? > > thanks > > tedc You didn't say which version of OpenAFS you are using but when 1.6.x bosserver is executed and its attempt to load a valid configuration fails, it then attempts to create a valid configuration. src/bozo/bosserver.c line 1032 of openafs-stable-1_6_x Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] bosserver -noauth& changes cell to localcell
anyone know why executing bosserver -noauth& overwrites cellname.com in ThisCell & CellServDB with localcell? thanks tedc___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Xeon PHI port
Intel is planning a bootable XeonPhi 244? thread cpu. Is anyone aware of/or has ideas on an OPENMP version of AFS? I expect 16gb of McDRAM onboard. Tedc___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Weirdness after 'vos move's - core files?
Why not set it up in IBM's Eclipse CDT & debug it? From: openafs-info-ad...@openafs.orgon behalf of Benjamin Kaduk Sent: Sunday, February 19, 2017 9:25:24 PM To: Garance A Drosehn Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Weirdness after 'vos move's - core files? On Sun, Feb 19, 2017 at 11:49:40AM -0500, Garance A Drosehn wrote: > > Is there something I could do with those core files which would help to > figure out what the problem is with this file server? I also have > plenty of log files, if those would provide some clues. Well, it's not entirely clear. One could of course load them up in gdb and see what the backtrace looks like, of course, but given the described behavior, if I was in this situation, I would be looking at hardware diagnostics on this machine (memtest86, SMART output, bonnie++, etc.). I do not believe that openafs is expected to be particularly robust against failing hardware... -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Is the OpenAFS-info mailing list still working?
worse than that, something is marking my messages to openafs-info as spam. this is the only website that this occurs on. tedc From: openafs-info-ad...@openafs.orgon behalf of Garance A Drosehn Sent: Sunday, February 19, 2017 8:55:10 AM To: openafs-info@openafs.org Subject: Re: [OpenAFS] Is the OpenAFS-info mailing list still working? On 19 Feb 2017, at 11:33, Jeffrey Altman wrote: > On 2/19/2017 11:19 AM, Garance A Drosehn wrote: >> Hi. On the last few messages I've sent to openafs-info@, the mailing >> list does not send me a copy of the email that I sent. Looking back >> at older emails, the mailing list did always send me a copy. >> >> I do see that my messages show up at: >> https://lists.openafs.org/pipermail/openafs-info/2017-February/date.html >> >> so the mailing list isn't completely broken. But is there something >> odd going on with it? >> > > Most likely the rpi.edu mail server is blocking mail that has an rpi.edu > from address but was not sent from one of the approved rpi.edu mail > servers as listed in the rpi.edu TXT record > > "v=spf1 ip4:128.113.2.225/29 ip4:128.113.2.231 ip4:128.113.2.232 > ip4:128.113.2.233 ip4:128.113.26.109 -all" > > Since the mailing list mail does not originate from one of the approved > mail servers it is blocked. > > The mailing list is not broken. Okay, that seems likely. I believe we have made changes on our mail server in the last two months. It's pretty likely that this the first time I've sent a message to this list since those changes. Thanks! -- Garance Alistair Drosehn= dro...@rpi.edu Senior Systems Programmer or g...@freebsd.org Rensselaer Polytechnic Institute; Troy, NY; USA ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1
Hardware + software Russ stated that the PPC arch. would be best . Tedc From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Dave Botsch <bot...@cnf.cornell.edu> Sent: Friday, February 10, 2017 9:24:08 AM To: openafs-info@openafs.org Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 Hi, Tedd. As I understand it, the ask from IBM would be for the donation of one AIX license for the purposes of an OpenAFS buildbot? I'm not finding anything from Russ in this thread. Thanks. On Wed, Feb 08, 2017 at 11:04:51PM +, Ted Creedon wrote: > 1. I'l be willing to plead our case w/IBM, any shortcut names/emails? > 2. What is the desired configuration (hw & sw)? > 3. N.b I'm on a comcast dhcp line, fast & stable as long as there are no 24 > hr shutdowns, I use dyndns to host my domain creedon.biz. > 4. I have several boxen on an 3KVA UPS - works fine, lots of power avail. > 5. My shop has A/C so servers run continuously 24/7 year 'round. > 6. After Russ's comments is it all going to be worthwhile? > 7. I have 3 afs servers on line (well as soon as I can get afs re-installed) > 8. I have geronimo.creedon.biz as a spare build machine. > time nice make -j500 takes 30 sec. Its a duplicate of ookpik.creedon.biz > dual xeon 64Gig, etc). > (ookpik has a xeon phi board installed if anyone wants to play). > 9. I built/maintain all my own servers (since 1967). > 10. Backups are the user's resp. although my servers could easily host > another afs domain. > > > From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on > behalf of Dave Botsch <bot...@cnf.cornell.edu> > Sent: Wednesday, February 8, 2017 10:22:54 AM > To: openafs-info@openafs.org > Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 > > Hi, Ted et al. > > Please see below... > > On Mon, Feb 06, 2017 at 09:25:35PM +, Ted Creedon wrote: > > I just happen to have a spare dual xeon 64gb linux box that could be made > > available. > > and smaller MAC w/ parallels on it. > > > > I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K > > > > with a little effort... > > > > IBM generally waives license fees for non profits. > > tedc > > > > If you are willing to host on the HW mentioned above, as a non-profit, > the Foundation can certainly make the ask of IBM. We would just need a > bit more detail on the exact ask. > > > > If what you meant was for the foundation > > itself to pay for virtual build servers, > > all that takes if for the foundation to > > decide to spend real money. I presume > > they have considered that, but it might > > be worth asking the question explicitly > > if it has not been explicitly answered > > (I really have not been following the > > foundations activities). > > > > W.r.t. build hosts, we've been working with folk on attempting to get a > Windows build host or two up. Now that we are into Feb 2017, I need to > follow up on those efforts. > > If there's an ask for the Foundation to spend $$ on something > particular, be it build hosts, or even hiring someone to work on, say, > the AIX port, please submit a formal ask to foundat...@openafs.org . > Contigent on funds, we will really consider it. And, donating any type > of funding towards this (for example, your org donates a $10K stipend > towards us hiring an independant contractor to work on AIX would go a > long way). > > Thanks. > > > It might not even cost a lot (as I recall, > > there are various on-demand builder > > spin-up capabilities in at least some > > SCMs so it is free until the commit), > > but it is all work someone would have > > to research. > -- > > David William Botsch > OpenAFS Foundation Board > bot...@cnf.cornell.edu > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info -- David William Botsch Programmer/Analyst @CNFComputing bot...@cnf.cornell.edu ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1
1. I'l be willing to plead our case w/IBM, any shortcut names/emails? 2. What is the desired configuration (hw & sw)? 3. N.b I'm on a comcast dhcp line, fast & stable as long as there are no 24 hr shutdowns, I use dyndns to host my domain creedon.biz. 4. I have several boxen on an 3KVA UPS - works fine, lots of power avail. 5. My shop has A/C so servers run continuously 24/7 year 'round. 6. After Russ's comments is it all going to be worthwhile? 7. I have 3 afs servers on line (well as soon as I can get afs re-installed) 8. I have geronimo.creedon.biz as a spare build machine. time nice make -j500 takes 30 sec. Its a duplicate of ookpik.creedon.biz dual xeon 64Gig, etc). (ookpik has a xeon phi board installed if anyone wants to play). 9. I built/maintain all my own servers (since 1967). 10. Backups are the user's resp. although my servers could easily host another afs domain. From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Dave Botsch <bot...@cnf.cornell.edu> Sent: Wednesday, February 8, 2017 10:22:54 AM To: openafs-info@openafs.org Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 Hi, Ted et al. Please see below... On Mon, Feb 06, 2017 at 09:25:35PM +, Ted Creedon wrote: > I just happen to have a spare dual xeon 64gb linux box that could be made > available. > and smaller MAC w/ parallels on it. > > I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K > > with a little effort... > > IBM generally waives license fees for non profits. > tedc > If you are willing to host on the HW mentioned above, as a non-profit, the Foundation can certainly make the ask of IBM. We would just need a bit more detail on the exact ask. > If what you meant was for the foundation > itself to pay for virtual build servers, > all that takes if for the foundation to > decide to spend real money. I presume > they have considered that, but it might > be worth asking the question explicitly > if it has not been explicitly answered > (I really have not been following the > foundations activities). > W.r.t. build hosts, we've been working with folk on attempting to get a Windows build host or two up. Now that we are into Feb 2017, I need to follow up on those efforts. If there's an ask for the Foundation to spend $$ on something particular, be it build hosts, or even hiring someone to work on, say, the AIX port, please submit a formal ask to foundat...@openafs.org . Contigent on funds, we will really consider it. And, donating any type of funding towards this (for example, your org donates a $10K stipend towards us hiring an independant contractor to work on AIX would go a long way). Thanks. > It might not even cost a lot (as I recall, > there are various on-demand builder > spin-up capabilities in at least some > SCMs so it is free until the commit), > but it is all work someone would have > to research. -- David William Botsch OpenAFS Foundation Board bot...@cnf.cornell.edu ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1
can you fix this error? [This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing] From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Ted Creedon <tcree...@easystreet.net> Sent: Monday, February 6, 2017 1:25 PM To: openafs-info@openafs.org Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 [This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing] I just happen to have a spare dual xeon 64gb linux box that could be made available. and smaller MAC w/ parallels on it. I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K with a little effort... IBM generally waives license fees for non profits. tedc From: Gary Buhrmaster <gary.buhrmas...@gmail.com> Sent: Monday, February 6, 2017 10:24 AM To: Ted Creedon Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 On Mon, Feb 6, 2017 at 5:34 PM, Ted Creedon <tcree...@easystreet.net> wrote: > why not use vm's for all non linux builds? If what you meant was for the foundation itself to pay for virtual build servers, all that takes if for the foundation to decide to spend real money. I presume they have considered that, but it might be worth asking the question explicitly if it has not been explicitly answered (I really have not been following the foundations activities). It might not even cost a lot (as I recall, there are various on-demand builder spin-up capabilities in at least some SCMs so it is free until the commit), but it is all work someone would have to research. I would not be at all surprised if the commercial companies providing support have not already moved in the direction of cloud based virtual builders (makes little sense to own a $10K server for occasional builds), but that is for their own customers. If you mean architecture emulation, it can be very slow (although might be acceptable), but the bigger problem may be licensing of the OS and the compilers. Last I knew AIX (where this started) is licensed software, and so is XLC (if using the IBM compiler is required for kernel modules). ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1
I just happen to have a spare dual xeon 64gb linux box that could be made available. and smaller MAC w/ parallels on it. I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K with a little effort... IBM generally waives license fees for non profits. tedc From: Gary Buhrmaster <gary.buhrmas...@gmail.com> Sent: Monday, February 6, 2017 10:24 AM To: Ted Creedon Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1 On Mon, Feb 6, 2017 at 5:34 PM, Ted Creedon <tcree...@easystreet.net> wrote: > why not use vm's for all non linux builds? If what you meant was for the foundation itself to pay for virtual build servers, all that takes if for the foundation to decide to spend real money. I presume they have considered that, but it might be worth asking the question explicitly if it has not been explicitly answered (I really have not been following the foundations activities). It might not even cost a lot (as I recall, there are various on-demand builder spin-up capabilities in at least some SCMs so it is free until the commit), but it is all work someone would have to research. I would not be at all surprised if the commercial companies providing support have not already moved in the direction of cloud based virtual builders (makes little sense to own a $10K server for occasional builds), but that is for their own customers. If you mean architecture emulation, it can be very slow (although might be acceptable), but the bigger problem may be licensing of the OS and the compilers. Last I knew AIX (where this started) is licensed software, and so is XLC (if using the IBM compiler is required for kernel modules). ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Fw: it would be nice to have an administrators guide
Ben, Thank you. So far by using the eclipse IDE , I've added afslog=true to [appdefaults] I'll implement your directions after a quick nap -afslog doesn't cooperate, I'll figure that out today. ted From: Benjamin Kaduk <ka...@mit.edu> Sent: Sunday, December 25, 2016 2:10:13 PM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Fw: it would be nice to have an administrators guide On Fri, Dec 23, 2016 at 02:00:20AM +0000, Ted Creedon wrote: > > > it would be nice to have an administrators guide on how to set up the keys > for openafs 1.8 + heimdal 7.1 > > the intermixture of ad, heimdal & mit is confusing to say the least. > > could you provide one? The main difference between the key setup for 1.6 and the key setup for 1.8 is that 1.6 uses a kerberos keytab named rxkad.keytab to store the server-private keys (a regression introduced as part of the fix for OPENAFS-SA-2013-003 [0]), whereas for 1.8 the keys an OpenAFS-specific file KeyFileExt is used. Buried in the 1.8.0 release notes is an item that the 'akeyconvert' utility reads rxkad.keytab and writes out the corresponding bits to KeyFileExt. So, the short answer to your question would be to start with the quick start guide for Unix (http://docs.openafs.org/QuickStartUnix/index.html) for the cell setup instructions, including creating rxkad.keytab in the "Starting the BOS Server" section, and then running 'akeyconvert' after creating rxkad.keytab. I do not run any heimdal-based realms or cells, so I cannot really provide heimdal-specific instructions, but the main point of integration between kerberos and OpenAFS is that there should be a kerberos principal afs/@REALM in the kerberos realm to be used for the cell. Kerberos keys with strong (i.e., AES) encryption types should be used for that principal, and a keytab created for it with name rxkad.keytab in the OpenAFS server configuration directory (i.e., /etc/openafs/server on Debian). After creating the rxkad.keytab, run 'akeyconvert' on that system, and copy the resulting KeyFileExt to any additional AFS server machines in the cell. Users of the cell need to have user principals in order to be able to use aklog (or klog.krb5 is that is desired), and the PTS entries with the corresponding names need to exist in the protection database in order for those AFS users to be able to have filesystem permissions granted to them. Please reply back if there are parts that need further clarification. -Ben [0] This is a regression because it forces most AFS binaries to be linked against libkrb5, whereas traditionally one could operate AFS independently of kerberos except for aklog (if desired) and asetkey. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Fw: it would be nice to have an administrators guide
it would be nice to have an administrators guide on how to set up the keys for openafs 1.8 + heimdal 7.1 the intermixture of ad, heimdal & mit is confusing to say the least. could you provide one? tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
some progress anyway, I get tokens but no /afs export KRB5CCNAME=FILE:/run/user/0/krb5cc/primary afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 5 afsd: Error calling AFSOP_CACHEFILE for '/usr/vice/cache/D0/V2000' kinit admin ad...@creedon.biz's Password: aklog tokens Tokens held by the Cache Manager: User's (AFS ID 501) tokens for a...@creedon.biz [Expires Jun 23 09:02] --End of list-- BUT /afs doesn't get mounted to /vicepa ookpik:/usr/src/linux-4.1.31-30 # ls /afs ookpik:/usr/src/linux-4.1.31-30 # mount |g afs ookpik:/usr/src/linux-4.1.31-30 # fs mkmount /afs/.$C root.cell -rw fs: mount points must be created within the AFS file system From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, December 22, 2016 3:58:31 PM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Thu, Dec 22, 2016 at 11:42:41PM +0000, Ted Creedon wrote: > different outcome w/ 7.1.0 but no tokens from eiher afslog or aklog (still > carps about > /run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT) Ah, this is a "fancy" default coming into play, no doubt. /run/user may be isolated for various users with filesystem namespaces to prevent cross-user attacks (though I guess that may not be coming into play here). I also recall issues where the /run/user//krb5cc/ directory was not created automatically, so check that it exists. > ookpik:/data1/openafs-1.8.0pre1 # kinit -afslog admin > ad...@creedon.biz's Password: > ookpik:/data1/openafs-1.8.0pre1 # klist -AT > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: ad...@creedon.biz > > IssuedExpires Principal > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 krbtgt/creedon@creedon.biz > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 afs/creedon@creedon.biz Okay, now the kerberos part is succeeding, so any issue here is on the AFS side. > > > Dec 22 15:33:01 201 Jun 23 07:32:57 201 Tokens for creedon.biz > > > ## > aklog > aklog: Couldn't determine realm of user:aklog: unknown RPC error > (-1765328189) while getting realm This seems to suggest that aklog -noprdb might succeed. > # > open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or > directory) There are two ticket caches in play here, which can be confusing to both humans (i.e., me) and software. Is KRB5CCNAME modified between any of the pasted output you have given here? Did you consciously try to set either /run/user/0/krb5cc/tkt or FILE:/tmp/krb5cc_0? Is aklog linked against a heimdal or MIT libkrb5? Please provide any /etc/krb5.conf declarations relating to names of credentials caches. I don't think it's particularly helpful to be randomly trying different versions of the software; I would rather get good solid debugging output from a specific setup and understand what is failing, so that software changes can be targetted instead of "shotgun style". -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
FILE:/tmp/krb5cc_0 not = /run/user/0/krb5cc/tkt not= to krb5cc/primary i.e. klist -A says Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@creedon.biz and aklog carps about missing /run/user/0/krb5cc/tkt but its krb5cc/primary that exists tree /run/user/0/ /run/user/0/ |-- KSMserver__0 |-- dconf | `-- user |-- gvfs |-- kdeinit5__0 |-- klauncherTJ3534.1.slave-socket |-- krb5cc | `-- primary |-- pulse `-- systemd |-- notify `-- private 5 directories, 7 files From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, December 22, 2016 3:58:31 PM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Thu, Dec 22, 2016 at 11:42:41PM +0000, Ted Creedon wrote: > different outcome w/ 7.1.0 but no tokens from eiher afslog or aklog (still > carps about > /run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT) Ah, this is a "fancy" default coming into play, no doubt. /run/user may be isolated for various users with filesystem namespaces to prevent cross-user attacks (though I guess that may not be coming into play here). I also recall issues where the /run/user//krb5cc/ directory was not created automatically, so check that it exists. > ookpik:/data1/openafs-1.8.0pre1 # kinit -afslog admin > ad...@creedon.biz's Password: > ookpik:/data1/openafs-1.8.0pre1 # klist -AT > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: ad...@creedon.biz > > IssuedExpires Principal > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 krbtgt/creedon@creedon.biz > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 afs/creedon@creedon.biz Okay, now the kerberos part is succeeding, so any issue here is on the AFS side. > > > Dec 22 15:33:01 201 Jun 23 07:32:57 201 Tokens for creedon.biz > > > ## > aklog > aklog: Couldn't determine realm of user:aklog: unknown RPC error > (-1765328189) while getting realm This seems to suggest that aklog -noprdb might succeed. > # > open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or > directory) There are two ticket caches in play here, which can be confusing to both humans (i.e., me) and software. Is KRB5CCNAME modified between any of the pasted output you have given here? Did you consciously try to set either /run/user/0/krb5cc/tkt or FILE:/tmp/krb5cc_0? Is aklog linked against a heimdal or MIT libkrb5? Please provide any /etc/krb5.conf declarations relating to names of credentials caches. I don't think it's particularly helpful to be randomly trying different versions of the software; I would rather get good solid debugging output from a specific setup and understand what is failing, so that software changes can be targetted instead of "shotgun style". -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
different outcome w/ 7.1.0 but no tokens from eiher afslog or aklog (still carps about /run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT) ookpik:/data1/openafs-1.8.0pre1 # kinit -afslog admin ad...@creedon.biz's Password: ookpik:/data1/openafs-1.8.0pre1 # klist -AT Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@creedon.biz IssuedExpires Principal Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 krbtgt/creedon@creedon.biz Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 afs/creedon@creedon.biz Dec 22 15:33:01 201 Jun 23 07:32:57 201 Tokens for creedon.biz ## aklog aklog: Couldn't determine realm of user:aklog: unknown RPC error (-1765328189) while getting realm # open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or directory) From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, December 22, 2016 12:31:50 PM To: Ted Creedon Cc: Michael Meffie; openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Thu, Dec 22, 2016 at 07:50:02PM +, Ted Creedon wrote: > Yes it should but it doesn't. See the conundrum in kadmin->get krbgtkt ? > I.e how can Principal: krbtgt/creedon@creedon.biz have a ticket if it was > never loggged in? It doesn't have a ticket; ad...@creedon.biz has a ticket. The ticket that ad...@creedon.biz has is a ticket-granting ticket, i.e., the service principal it is for is krbtgt/creedon@creedon.biz. -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
Yes it should but it doesn't. See the conundrum in kadmin->get krbgtkt ? I.e how can Principal: krbtgt/creedon@creedon.biz have a ticket if it was never loggged in? I'll try 7.1 tedc see below: kadmin> get krb* Principal: krbtgt/creedon@creedon.biz Principal expires: never Password expires: never Last password change: 2016-12-17 01:03:08 UTC Max ticket life: unlimited Max renewable life: unlimited Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2016-12-17 01:03:08 UTC Modifier: kadmin/ad...@creedon.biz Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1] PK-INIT ACL: Aliases: Principal: krbtgt/creedon@creedon.biz Principal expires: never Password expires: never Last password change: 2016-12-20 00:29:08 UTC Max ticket life: unlimited Max renewable life: unlimited Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2016-12-20 00:29:08 UTC Modifier: kadmin/ad...@creedon.biz Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1] PK-INIT ACL: Aliases: From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, December 22, 2016 10:35:56 AM To: Ted Creedon Cc: Michael Meffie; openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Thu, Dec 22, 2016 at 06:07:08AM +, Ted Creedon wrote: > Heimdal set the ticket up..(I think) > So how does one login krbtgt? > PS making progress on the glibc/swig bug > Suse Leap uses glibc 2.22 the current is 2.24, offhand I suspect something > like a missing .align 64 > tedc > > ad...@creedon.biz's Password: > ookpik:/data1/openafs-1.8.0pre1 # klist > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: ad...@creedon.biz > > IssuedExpiresPrincipal > Dec 21 21:52:59 2016 >>>Expired<<< krbtgt/creedon@creedon.biz This is the important part; the local TGT in the cache has expired and cannot be used to get a new service ticket for AFS. Running 'kinit' should prompt for admin's password and get things into a workable state where aklog has a chance at succeeding. -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
Heimdal set the ticket up..(I think) So how does one login krbtgt? PS making progress on the glibc/swig bug Suse Leap uses glibc 2.22 the current is 2.24, offhand I suspect something like a missing .align 64 tedc ad...@creedon.biz's Password: ookpik:/data1/openafs-1.8.0pre1 # klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@creedon.biz IssuedExpiresPrincipal Dec 21 21:52:59 2016 >>>Expired<<< krbtgt/creedon@creedon.biz kadmin> get krbtgt* Principal: krbtgt/creedon@creedon.biz Principal expires: never Password expires: never Last password change: 2016-12-17 01:03:08 UTC Max ticket life: unlimited Max renewable life: unlimited Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2016-12-17 01:03:08 UTC Modifier: kadmin/ad...@creedon.biz Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1] PK-INIT ACL: Aliases: Principal: krbtgt/creedon@creedon.biz Principal expires: never Password expires: never Last password change: 2016-12-20 00:29:08 UTC Max ticket life: unlimited Max renewable life: unlimited Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2016-12-20 00:29:08 UTC Modifier: kadmin/ad...@creedon.biz Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1] PK-INIT ACL: Aliases: From: Michael Meffie <mmef...@sinenomine.net> Sent: Wednesday, December 21, 2016 6:15:58 AM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Wed, 21 Dec 2016 02:21:13 + Ted Creedon <tcree...@easystreet.net> wrote: > if > KRB5CCNAME="FILE:/tmp/krb5cc_0" > is set > > one gets: > > aklog -d > Authenticating to cell creedon.biz (server ookpik.creedon.biz). > Trying to authenticate to user's realm CREEDON.BIZ. > Getting tickets: afs/creedon@creedon.biz > Kerberos error code returned by get_cred : -1765328352 > aklog: Couldn't get creedon.biz AFS tickets: > aklog: Ticket expired while getting AFS tickets Thanks for testing 1.8.0pre1 Ted. That error code indicates the ticket has expired, krb5 error -1765328352 = KRB5KRB_AP_ERR_TKT_EXPIRED What does klist show? Thanks, Mike ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: aklog carps Couldn't determine realm of user
if KRB5CCNAME="FILE:/tmp/krb5cc_0" is set one gets: aklog -d Authenticating to cell creedon.biz (server ookpik.creedon.biz). Trying to authenticate to user's realm CREEDON.BIZ. Getting tickets: afs/creedon@creedon.biz Kerberos error code returned by get_cred : -1765328352 aklog: Couldn't get creedon.biz AFS tickets: aklog: Ticket expired while getting AFS tickets tedc From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Ted Creedon <tcree...@easystreet.net> Sent: Tuesday, December 20, 2016 4:28:33 PM To: openafs-info@openafs.org Subject: [OpenAFS] aklog carps Couldn't determine realm of user This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing v 1.80pre1 open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "aklog: Couldn't determine realm of user:", 40) = 40 I'm stuck! tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] aklog carps Couldn't determine realm of user
v 1.80pre1 open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "aklog: Couldn't determine realm of user:", 40) = 40 I'm stuck! tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Compile failure
compile fails again using the latest heimdal-master export|g -i krb declare -x KRB5_CONFIG="/usr/heimdal/bin/krb5-config --libs --deps" declare -x PATH_KRB5_CONFIG="/usr/heimdal/bin/krb5-config --libs --deps" ookpik:/data1/openafs-1.6.18.2 # configure:27910: checking for krb5-config configure:27941: result: /usr/heimdal/bin/krb5-config --libs --deps configure:29042: checking for library containing res_search configure:29073: gcc -o conftest -I/usr/heimdal/include -L/usr/heimdal/lib conftest.c >&5 /tmp/cc8MEyGl.o: In function `main': conftest.c:(.text+0xa): undefined reference to `res_search' collect2: error: ld returned 1 exit status configure:29073: $? = 1 configure: failed program was: | /* confdefs.h */ | #define PACKAGE_NAME "OpenAFS" | #define PACKAGE_TARNAME "openafs" | #define PACKAGE_VERSION "1.6.18.2" | #define PACKAGE_STRING "OpenAFS 1.6.18.2" | #define PACKAGE_BUGREPORT "" | #define PACKAGE_URL "" | #define PACKAGE "openafs" | #define VERSION "1.6.18.2" | #define STDC_HEADERS 1 ____________ From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on behalf of Ted Creedon <tcree...@easystreet.net> Sent: Thursday, August 11, 2016 9:42:10 AM Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Compile failure Thanks whats the -ldl for in krb5-config? ________ From: Chaskiel Grundman <c...@andrew.cmu.edu> Sent: Wednesday, August 10, 2016 8:08:01 AM To: Benjamin Kaduk Cc: Ted Creedon; openafs-info@openafs.org Subject: Re: [OpenAFS] Compile failure I rejected ted's reply because 2MB of logs seemed excessive. Here's a relevant bit of the log: configure:25263: gcc -c conftest.c >&5 configure:25263: $? = 0 configure:25264: result: yes configure:25301: checking size of long configure:25320: result: 8 configure:25627: checking for krb5-config configure:25658: result: /usr/heimdal/bin/krb5-config configure:25668: checking for krb5 support in krb5-config configure:25679: result: yes configure:25695: checking for krb5_init_context configure:25695: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:25695: $? = 0 configure:25695: result: yes configure:26638: checking for krb5_get_error_message configure:26638: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26638: $? = 0 configure:26638: result: yes configure:26645: checking for krb5_free_error_message configure:26645: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26645: $? = 0 configure:26645: result: yes It suggests that krb5-config was used, but it only put -lkrb5 in libs. That's consistent with what I see on ubuntu trusty: % krb5-config.heimdal --version heimdal 1.6.99 % krb5-config.heimdal --libs -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 It apears to get the full set of libraries, you need to add --deps: % krb5-config.heimdal --libs --deps -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread -lpthread -ldl -lresolv -pthread -lpthread ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re:
-ldl is an output... not an argument Apparently configure needs to be modded via KRB5_CONFIG= "krb5-config --deps --libs" then rerun configure? ____ From: Ted Creedon Sent: Thursday, August 11, 2016 9:42:10 AM Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Compile failure Thanks whats the -ldl for in krb5-config? From: Chaskiel Grundman <c...@andrew.cmu.edu> Sent: Wednesday, August 10, 2016 8:08:01 AM To: Benjamin Kaduk Cc: Ted Creedon; openafs-info@openafs.org Subject: Re: [OpenAFS] Compile failure I rejected ted's reply because 2MB of logs seemed excessive. Here's a relevant bit of the log: configure:25263: gcc -c conftest.c >&5 configure:25263: $? = 0 configure:25264: result: yes configure:25301: checking size of long configure:25320: result: 8 configure:25627: checking for krb5-config configure:25658: result: /usr/heimdal/bin/krb5-config configure:25668: checking for krb5 support in krb5-config configure:25679: result: yes configure:25695: checking for krb5_init_context configure:25695: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:25695: $? = 0 configure:25695: result: yes configure:26638: checking for krb5_get_error_message configure:26638: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26638: $? = 0 configure:26638: result: yes configure:26645: checking for krb5_free_error_message configure:26645: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26645: $? = 0 configure:26645: result: yes It suggests that krb5-config was used, but it only put -lkrb5 in libs. That's consistent with what I see on ubuntu trusty: % krb5-config.heimdal --version heimdal 1.6.99 % krb5-config.heimdal --libs -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 It apears to get the full set of libraries, you need to add --deps: % krb5-config.heimdal --libs --deps -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread -lpthread -ldl -lresolv -pthread -lpthread ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Compile failure
Thanks whats the -ldl for in krb5-config? From: Chaskiel Grundman <c...@andrew.cmu.edu> Sent: Wednesday, August 10, 2016 8:08:01 AM To: Benjamin Kaduk Cc: Ted Creedon; openafs-info@openafs.org Subject: Re: [OpenAFS] Compile failure I rejected ted's reply because 2MB of logs seemed excessive. Here's a relevant bit of the log: configure:25263: gcc -c conftest.c >&5 configure:25263: $? = 0 configure:25264: result: yes configure:25301: checking size of long configure:25320: result: 8 configure:25627: checking for krb5-config configure:25658: result: /usr/heimdal/bin/krb5-config configure:25668: checking for krb5 support in krb5-config configure:25679: result: yes configure:25695: checking for krb5_init_context configure:25695: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:25695: $? = 0 configure:25695: result: yes configure:26638: checking for krb5_get_error_message configure:26638: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26638: $? = 0 configure:26638: result: yes configure:26645: checking for krb5_free_error_message configure:26645: gcc -o conftest -I/usr/heimdal/includeconftest.c -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 >&5 configure:26645: $? = 0 configure:26645: result: yes It suggests that krb5-config was used, but it only put -lkrb5 in libs. That's consistent with what I see on ubuntu trusty: % krb5-config.heimdal --version heimdal 1.6.99 % krb5-config.heimdal --libs -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 It apears to get the full set of libraries, you need to add --deps: % krb5-config.heimdal --libs --deps -L/usr/lib/x86_64-linux-gnu/heimdal -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread -lpthread -ldl -lresolv -pthread -lpthread ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Compile failure
openafs-1.6.18.2 linux 4.1.27-27 heimdal-master --with-krb5=/usr/heimdal gcc -O -I/data1/openafs-1.6.18.2/src/config -I/data1/openafs-1.6.18.2/include -I. -I. -D_LARGEFILE64_SOURCE -o ptserver ptserver.o ptutils.o ptprocs.o ptint.ss.o ptint.xdr.o utils.o map.o /data1/openafs-1.6.18.2/lib/libubik.a /data1/openafs-1.6.18.2/lib/libauth.a /data1/openafs-1.6.18.2/lib/librxkad.a /data1/openafs-1.6.18.2/lib/librxstat.a /data1/openafs-1.6.18.2/lib/librx.a /data1/openafs-1.6.18.2/lib/liblwp.a /data1/openafs-1.6.18.2/lib/libdes.a /data1/openafs-1.6.18.2/lib/libcmd.a /data1/openafs-1.6.18.2/lib/libafscom_err.a /data1/openafs-1.6.18.2/lib/libsys.a /data1/openafs-1.6.18.2/lib/libafsutil.a -lresolv /data1/openafs-1.6.18.2/lib/libaudit.a -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /data1/openafs-1.6.18.2/lib/libauth.a(akimpersonate.o): undefined reference to symbol 'encode_EncTicketPart@@HEIMDAL_ASN1_1.0' /usr/heimdal/lib64/libasn1.so.8: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:99: recipe for target 'ptserver' failed make[3]: *** [ptserver] Error 1 make[3]: Leaving directory '/data1/openafs-1.6.18.2/src/ptserver' Makefile:235: recipe for target 'ptserver' failed make[2]: *** [ptserver] Error 2 make[2]: Leaving directory '/data1/openafs-1.6.18.2' Makefile:692: recipe for target 'build' failed make[1]: *** [build] Error 2 make[1]: Leaving directory '/data1/openafs-1.6.18.2' Makefile:36: recipe for target 'all' failed make: *** [all] Error 2 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] hard drive relaibility
During a drive upgrade a brand new WD29EFRX 2TB drive containing my RW volumes crashed. After talking to drive recovery firms I've learned that the new reliability philosophy is cheap drives & rely on the users RAID for recovery, Fortunately I have 4 RO backups, One repair firm said they see new drives with incredible amounts of dirt inside. Here is a drive reliability report. http://www.extremetech.com/computing/228497-backblaze-releases-billion-hour-hard-drive-reliability-report Looks like solid state drives + thumb drives for off site storage is the way ti go. tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Compiling w/ heimdal
Any clues? linux v 4.1.15-8 afs v 1.6.17 heimdal 1.6.99 (master) carps gcc -O -I/data/openafs-1.6.17/src/config -I/data/openafs-1.6.17/include -I. -I. -D_LARGEFILE64_SOURCE -o ptserver ptserver.o ptutils.o ptprocs.o ptint.ss.o ptint.xdr.o utils.o map.o /data/openafs-1.6.17/lib/libubik.a /data/openafs-1.6.17/lib/libauth.a /data/openafs-1.6.17/lib/librxkad.a /data/openafs-1.6.17/lib/librxstat.a /data/openafs-1.6.17/lib/librx.a /data/openafs-1.6.17/lib/liblwp.a /data/openafs-1.6.17/lib/libdes.a /data/openafs-1.6.17/lib/libcmd.a /data/openafs-1.6.17/lib/libafscom_err.a /data/openafs-1.6.17/lib/libsys.a /data/openafs-1.6.17/lib/libafsutil.a -lresolv /data/openafs-1.6.17/lib/libaudit.a -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/heimdal/lib64 -L/usr/heimdal/lib64 -lkrb5 /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /data/openafs-1.6.17/lib/libauth.a(akimpersonate.o): undefined reference to symbol 'encode_EncTicketPart@@HEIMDAL_ASN1_1.0' /usr/heimdal/lib64/libasn1.so.8: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:99: recipe for target 'ptserver' failed make[3]: *** [ptserver] Error 1 make[3]: Leaving directory '/data/openafs-1.6.17/src/ptserver' Makefile:235: recipe for target 'ptserver' failed make[2]: *** [ptserver] Error 2 make[2]: Leaving directory '/data/openafs-1.6.17' Makefile:692: recipe for target 'build' failed make[1]: *** [build] Error 2 make[1]: Leaving directory '/data/openafs-1.6.17' Makefile:36: recipe for target 'all' failed make: *** [all] Error 2 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] compile fails kernel version 4.4.0-1-default
I would have too think that after all this time whatever license there is has been overtaken by events. What would IBM do - sue a penniless entity? IBM is not being damaged, in fact its users running IBM PCs and other hardware have benefited from the free support. I look at any agreement as a "bait and switch" that enabled IBM to relieve itself from the cost of supporting a defective product. In fact IBM licensed a "Pig in a poke". Take the ball and run with it. Tedc From: Edgecombe, Jason <jwedg...@uncc.edu> Sent: Wednesday, March 2, 2016 10:25 AM To: Brandon Allbery Cc: Ted Creedon; openafs-info@openafs.org Subject: Re: [OpenAFS] compile fails kernel version 4.4.0-1-default Can the OpenAFS folks work on kAFS? I was under the impression that they were "tainted" by having read the IBM-provided code. --- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu<mailto:jwedg...@uncc.edu> | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Wed, Mar 2, 2016 at 10:21 AM, Brandon Allbery <ballb...@sinenomine.net<mailto:ballb...@sinenomine.net>> wrote: Not until someone adds pioctl support to it. -Original Message- From: openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org> [mailto:openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org>] On Behalf Of Ted Creedon Sent: Wednesday, March 2, 2016 10:13 AM Cc: openafs-info@openafs.org<mailto:openafs-info@openafs.org> Subject: Re: [OpenAFS] compile fails kernel version 4.4.0-1-default Would it be appropriate to force a move to kafs now? From: openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org> <openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org>> on behalf of Benjamin Kaduk <ka...@mit.edu<mailto:ka...@mit.edu>> Sent: Tuesday, March 1, 2016 7:31 PM To: Michael Laß Cc: OpenAFS-info@openafs.org<mailto:OpenAFS-info@openafs.org> Subject: Re: [OpenAFS] compile fails kernel version 4.4.0-1-default On Tue, 1 Mar 2016, Michael Laß wrote: > Hi! > > Am 23.01.2016 um 18:22 schrieb Benjamin Kaduk > <ka...@mit.edu<mailto:ka...@mit.edu>>: > > > > Though the patches linked there are sufficient to permit the build > > to complete, there are some more subtle behavior changes in the > > kernel in that some of the splice functions will now return > > ERESTARTSYS if there is any signal pending in the current process. > > In particular, there are presumed to be codepaths for which we do > > not have proper error handling, that could lead to data loss. > > Further analysis is needed (which I am not prepared to undertake at > > present). > > It seems like you were spot on with this. Some Arch Linux users have been > brave enough to test OpenAFS with these patches on Linux 4.4. One reported a > data corruption issue now. Quote from > https://aur.archlinux.org/packages/openafs/: > > > I tried the patch and I get problems. When I do checkout a different branch > > of my software from a git repository things fail and I'm left with a > > corrupted workspace. The log files shows the following message: > > kernel: afs: Lost contact with file server ... in cell ... (code > > -512) (all multi-homed ip addresses down for the server) > > kernel: afs: failed to store file (network problems) > > kernel: afs: file server ... in cell ... is back up (code 0) > > (multi-homed address; other same-host interfaces may still be down) > > > Guess what error core -512 is… Yep, it’s -ERESTARTSYS. > > So there is definitely some additional work required for Linux 4.4. Hi Michael, Thank you for reporting this back to the list. To the list members: I would like to point out that no openafs developer has stated that they are working on this issue, and it appears that a proper fix will require modifications through many different parts of the cache manager; that is, it will be an invasive change that requires substantial development effort. There is a real risk that OpenAFS will not be able to support kernels from the
Re: [OpenAFS] compile fails kernel version 4.4.0-1-default
Would it be appropriate to force a move to kafs now? From: openafs-info-ad...@openafs.orgon behalf of Benjamin Kaduk Sent: Tuesday, March 1, 2016 7:31 PM To: Michael Laß Cc: OpenAFS-info@openafs.org Subject: Re: [OpenAFS] compile fails kernel version 4.4.0-1-default On Tue, 1 Mar 2016, Michael Laß wrote: > Hi! > > Am 23.01.2016 um 18:22 schrieb Benjamin Kaduk : > > > > Though the patches linked there are sufficient to permit the build to > > complete, there are some more subtle behavior changes in the kernel in > > that some of the splice functions will now return ERESTARTSYS if there is > > any signal pending in the current process. In particular, there are > > presumed to be codepaths for which we do not have proper error handling, > > that could lead to data loss. Further analysis is needed (which I am not > > prepared to undertake at present). > > It seems like you were spot on with this. Some Arch Linux users have been > brave enough to test OpenAFS with these patches on Linux 4.4. One reported a > data corruption issue now. Quote from > https://aur.archlinux.org/packages/openafs/: > > > I tried the patch and I get problems. When I do checkout a different branch > > of my software from a git repository things fail and I'm left with a > > corrupted workspace. The log files shows the following message: > > kernel: afs: Lost contact with file server ... in cell ... (code -512) (all > > multi-homed ip addresses down for the server) > > kernel: afs: failed to store file (network problems) > > kernel: afs: file server ... in cell ... is back up (code 0) (multi-homed > > address; other same-host interfaces may still be down) > > > Guess what error core -512 is… Yep, it’s -ERESTARTSYS. > > So there is definitely some additional work required for Linux 4.4. Hi Michael, Thank you for reporting this back to the list. To the list members: I would like to point out that no openafs developer has stated that they are working on this issue, and it appears that a proper fix will require modifications through many different parts of the cache manager; that is, it will be an invasive change that requires substantial development effort. There is a real risk that OpenAFS will not be able to support kernels from the 4.4 series and newer -- the openafs package is slated for removal from Debian testing in just three weeks. If there are sites that will be adversely affected by the lack of a functioning openafs client for linux kernel 4.4 or newer, it will be easier if they can contribute resources now, rather than months from now when these kernels make their way into the linux distributions deployed at these sites. -Ben ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Release of MacOS 10 client
Competition is the life of trade. From: openafs-info-ad...@openafs.orgon behalf of Jeffrey Altman Sent: Wednesday, January 27, 2016 2:09 PM To: openafs-info@openafs.org Subject: Re: [OpenAFS] Release of MacOS 10 client On 1/27/2016 1:23 PM, Garrett Wollman wrote: > > Jeffrey, > > Those of us who are not AuriStor customers are naturally reluctant to > depend on AuriStor's continued generosity in making these clients > freely available. (And those of us who are SNA customers are > naturally desirous of a client that is supported under our SNA > contracts.) > > -GAWollman Garrett, At the moment fewer than 4% of client downloads from our site are being used to access cells that fund the development of those clients. It is for that exact reason that we stopped distributing clients via the OpenAFS web site. Even though all of the effort, expenses and liability associated with producing the Windows and OSX and iOS clients were borne by AuriStor, Inc. (formerly known as Your File System, Inc.), the money that should have paid for the development went into someone else's bank account. Developers do not work for free. If you full time job is developing and supporting a distributed file system, it is not a hobby and you expect to get paid. Otherwise it isn't possible to put a roof over your head and feed your spouse and kids. freeloader noun a person who takes advantage of others' generosity without giving anything in return. This is the appropriate term describing the vast majority of AFS cell operators around the globe. My guess is that fewer than 20% of cell operators spend any money supporting the development, packaging and distribution of software supporting their cell. The AuriStor File System is not free. There are real costs associated with developing the clients, the servers, and the admin tooling. Not to mention mobile friendly html5 web front-ends, nfs3 front ends, and other proxy services. AuriStor clients are not built from the OpenAFS code base. They are built from the AuriStor code base and provide seamless access to IBM AFS 3.6, OpenAFS and AuriStor File System services. As the saying goes, you get what you pay for. If you want a file system that provides wire privacy that isn't using a watered down 1970s deprecated encryption system, support for the IPv6 that is available from your home and mobile Internet providers, the ability to host imap mail or other multi-writer workloads in /afs without melting down the cell, and the ability to saturate servers with multiple 10gbit NICs, give us a ring. Jeffrey Altman ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] compile fails kernel version 4.4.0-1-default
/data/openafs-1.6.16/src/libafs/MODLOAD-4.4.0-1-default-ted-MP/osi_groups.c:612:29: error: ‘union key_payload’ has no member named ‘value’ keyring_pag = key->payload.value; ^ scripts/Makefile.build:259: recipe for target '/data/openafs-1.6.16/src/libafs/MODLOAD-4.4.0-1-default-ted-MP/osi_groups.o' failed ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] make fails on linux 4.3.0-1
1. cherry pick acinclude.m4.zip 2. unzip 3. run regen.sh 4. make install seems to work so far thanks tedc From: Michael Meffie <mmef...@sinenomine.net> Sent: Friday, November 13, 2015 10:26 AM To: Benjamin Kaduk Cc: Ted Creedon; OpenAFS-info@openafs.org Subject: Re: [OpenAFS] make fails on linux 4.3.0-1 On Fri, 13 Nov 2015 12:07:52 -0500 Benjamin Kaduk <ka...@mit.edu> wrote: > On Fri, 13 Nov 2015, Ted Creedon wrote: > > > or opensuse tumbleweed > > > > make[3]: Entering directory '/data/openafs-1.6.15/src/gtx' > > gtx is hardly an essential part of openafs; I would recommend that someone > backports commit 5d53c12b95c6ffac6c00e4fec6138a51b6185dd7 and you can just > disable building gtx. Here's a cherry-pick for 1.6.x, http://gerrit.openafs.org/12095 which adds the --disable-gtx option to configure. Thanks, Mike -- Michael Meffie <mmef...@sinenomine.net> ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] make fails on linux 4.3.0-1
or opensuse tumbleweed make[3]: Entering directory '/data/openafs-1.6.15/src/gtx' gcc -fPIC -O -I/data/openafs-1.6.15/src/config -I/data/openafs-1.6.15/include -I. -I. -D_LARGEFILE64_SOURCE -c curseswindows.c curseswindows.c: In function ‘gator_cursesgwin_getdimensions’: curseswindows.c:779:27: error: dereferencing pointer to incomplete type ‘WINDOW {aka struct _win_st}’ aparms->maxx = cwp->wp->_maxx; ^ /data/openafs-1.6.15/src/config/Makefile.config:149: recipe for target 'curseswindows.o' failed make[3]: *** [curseswindows.o] Error 1 make[3]: Leaving directory '/data/openafs-1.6.15/src/gtx' Makefile:348: recipe for target 'gtx' failed make[2]: *** [gtx] Error 2 make[2]: Leaving directory '/data/openafs-1.6.15' Makefile:692: recipe for target 'build' failed make[1]: *** [build] Error 2 make[1]: Leaving directory '/data/openafs-1.6.15' Makefile:36: recipe for target 'all' failed make: *** [all] Error 2 oo___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS still in development?
My daughter's system - a light user- requires weekly rebooting - same scenario as Brandon's. FYI When SUN migrated from SUN OS to SV5 R4 1,000 fatal bugs were discovered fixed. The only problem I have with Linux is the constant upgrading kernel module recompiling. What Linux needs is a MS driver compatibility mode. Tedc On Mon, Jun 22, 2015 at 7:16 AM, Brandon Allbery ballb...@sinenomine.net wrote: On Mon, 2015-06-22 at 10:12 -0400, Daria Brashear wrote: On Mon, Jun 22, 2015 at 10:09 AM, Ted Creedon tcree...@easystreet.net wrote: EG OSX has a memory leak that requires weekly rebooting (per apple support) Details? Cuz uh, I'm not rebooting weekly and... I've been rebooting weekly for essentially the entire time I've used OS X (back to Tiger on PPC) because of various memory leaks that become evident as slowness and failure of some services after about a week of operation. I am not sure this is what Ted is getting at, though. (Granting that my normal use of pretty much any system is likely to be regarded by others as a stress test. :) -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix openafs kerberos infrastructure xmonadhttp://sinenomine.net
Re: [OpenAFS] OpenAFS still in development?
EG OSX has a memory leak that requires weekly rebooting (per apple support) On Sunday, June 21, 2015, Harald Barth h...@kth.se wrote: I do not believe that the OpenAFS mailing lists are an appropriate forum to discuss AuriStor. My response to Michael provided details on AuriStor because I felt it was necessary in order to properly answer the implied questions. What I've learned so far from AuriStor it looks like it could be a replacement for OpenAFS on the platforms it's available. And it can more as Jeff tells us. If that strategy is good advertising depends on cultural background. The question of supported platforms is an interesting one because it is very unclear what it means for OpenAFS to support a platform. What are the criteria? Is it sufficient to say that if you can build OpenAFS on the OS and hardware architecture that it is supported? Sorry, supported was probably a bad choice of word. But I don't know if availabe or runable or it builds it ships would be better. I am quite sure there are other criteria that could be added to the mix. I know that you take supported very seriously. I would be happy if other software vendors (which are not into file systems) would do that as well. * Linux . Red Hat Enterprise Linux (YFSI is a Red Hat Technology Partner) . Fedora . Debian . Ubuntu * Microsoft Windows * Apple OSX and iOS * Oracle Solaris * IBM AIX * Android Servers are supported everywhere but on Windows, iOS and Android but the performance varies significantly based upon the OS release, processor architecture, and underlying hardware so there are combinations that we recommend and those we do not. The failure to list an OS family or Linux distribution does not imply that YFSI will not support AuriStor on that platform. It only implies that there has been insufficient customer interest to this point for YFSI to expend the necessary resources on development, testing and certification (where applicable.) Thanks for the list. I guess on the main HW which is amd64 for most of the OSes above. Both at work and privately I run OpenAFS on platforms that are not on the list and even in the future will not have much customer interest. In the end software development has to be a partnership between those that build and those that deploy. If those that deploy do not fund those that build there will not be sufficient development hours and talent to build the solutions those that deploy require. I see that this partnership has stopped working in many places. It makes me sad. P.S. My apologies for the long reply. You don't need to apologise. Harald. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org javascript:; https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Criteria for platform support
My observation is that a platform is supported when the software operates in conformance with the: Use's manual Users Reference Manual System Administrator's Manual System Administrator's Reference Manual And interfaces that use published C++ header files that compile link Otherwise the 1:10:100 ratio applies. (1 to fix in design, 10 in coding, 100 after release) The IBM docs hash all this together. Tedc
Re: [OpenAFS] Windows XP SP3 NIM not working
MIT krb5 3.2.2 NetIdMgr 1.3.1.0 oafs .1.6.2 don't work together but updating to: oafs 1.7.3100 seems to work fine I'll keep you posted as O upgrade other XP SP3 systems On Wed, Jan 21, 2015 at 6:00 AM, Karel Nykles knyk...@civ.zcu.cz wrote: Did you try recomended version for XP, which is 1.6? Or combination OpenAFS 1.6, MIT KFW, NIM 2.102? For now unsupported XP system, it should be ok. Karel Dne 4. 1. 2015 v 1:41 Ted Creedon napsal(a): The 2.1.02 NetIdMgr carps failed to load module openafs, mitkrb5, mitkrb4 heimdal is installed and the kinit, aklog,t okens commands work fine 1.7.3.200 OAFS for win otherwise works fine tedc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Windows XP SP3 NIM not working
The 2.1.02 NetIdMgr carps failed to load module openafs, mitkrb5, mitkrb4 heimdal is installed and the kinit, aklog,t okens commands work fine 1.7.3.200 OAFS for win otherwise works fine tedc
Re: [OpenAFS] Request for testing: NATs and 1.6.6pre*
Would this be why the hourglass symbol no longer appears from a windows XP client? Without the hourglass one can't tell if the mouse click on the folder registered. tedc On Thu, Dec 19, 2013 at 9:29 PM, Jukka Tuominen jukka.tuomi...@finndesign.fi wrote: Hi Andrew, I'm running the latest stable fileserver released over ppa.launchpad.net/openafs/stable/ubuntu which is currently 1.6.5.1 (OS: Ubuntu 10.04 LTS) I use a client image that works behind NAT, both inside LAN and over WAN. But it does use the latest OpenAFS packages provided by the above mentioned ppa server, too. Even though things work nicely usability-wise (just boot and log-in graphically), I still think it should have a bit smoother two-way data transfer behind the scene. Applications like Firefox like to write constantly something to a homedir which happens to be on a server. This sometimes freezes the application momentarily, even though the amount of data transferred is still modest. If you think this is the kind of configuration you're interested, and you can provide a patch file that works on top of this, I could try to test it during the weekend. br, jukka BTW, if anybody's interested in knowing what OpenAFS is used for here, please see www.liitin.org Hi all, 1.6.6pre1 and 1.6.6pre2 contain an extra feature in the OpenAFS fileserver that could possibly help with communicating with clients behind NATs (Network Address Translation). It's not completely certain how much this feature helps, though, so it will be removed from the 1.6.6 release unless we get some more information about it. If you are running a fileserver that you believe may have some trouble talking to clients behind NATs, testing this feature would be very helpful. This is most relevant for any site that may have fileservers that are talking to NAT'ed clients, where the clients are old enough to not have the client-side NAT improvements (pre-1.6); this is most common at sites that have users accessing AFS from home that don't know much about AFS. You can test this new feature by just running a fileserver with 1.6.6pre* and see if anything improves; there is no additional configuration or anything to do. But how do you know if this is a problem for you at all? Usually the most user-visible symptom is that access to AFS hangs while a client is tryign to write to AFS, but a lot of different things can cause that. To know if that is being caused _specifically_ because of problems reaching clients behind NATs, you can check the fileserver's FileLog. In there, if you see a lot of log messages talking about errors trying to contact specific IPs and port numbers, you may be suffering from this. In particular, it's somewhat likely to be related to NATs if you see a lot of such error messages logged referring to non-7001 ports. And it's especially likely if you see a lot of connection errors for non-7001 ports that are obviously incrementing over time. (For example, you see an error for port 8005, then 8006, then 8007, etc, all from the same IP.) It can also help to know if the IPs you see logged in FileLog are behind NATs in the first place. If you have no way of knowing that, you can sort-of detect what hosts may be behind NATs by sending the fileserver the SIGXCPU signal, and looking at the resulting /usr/afs/local/hosts.dump file. If you see an entry for a host with a public IP like ip:203.0.113.40, and later on in that entry you see a list of IPs that include private IPs, like [ 203.0.113.40:7001 192.168.1.5:7001], that host may be behind a NAT. Detecting a client behind a NAT in this way is far from perfect, but it's just another things to check. Common private IP ranges are of course 192.168/16, 172.16/20, and 10/8. A client can obviously be behind a NAT without an IP in any of those ranges, but those are commonly used by consumer-grade home routers and stuff like that. Anyway, if you ever look into why an OpenAFS fileserver appears to be slow/hanging, and the above information suggests that client NATs are an issue, it would be very helpful if you tried looking into some posible fixes. If you cannot deploy 1.6.6pre* on a server experiencing this issue, we can also provide patches specifically for this issue based on a previous stable version, if that's more feasible. There are also additional possible patches in this area that are not in 1.6.6pre*, if you want to try other approaches. Or even if you can't actually deploy any testing code, I'd still like to hear from you if you think you are experiencing issues in this area. More information is always appreciated. Remember that if we don't hear anything, this will be pulled out. For developers: obviously I'm skipping over the details of what any of this actually does. The 'extra feature' is gerrit 9420, which will be reverted via gerrit 10135. See also:
Re: [OpenAFS] Re: Shared admin access for buildbot master
Would a SuSE build slave be helpful? On Mon, Sep 9, 2013 at 6:41 PM, Jeffrey Altman jalt...@secure-endpoints.com wrote: [Moving to openafs-info] Jason, You are the admin because you volunteered to be. Not for any other reason. You are welcome to share the responsibility with anyone you trust. Jeffrey Altman On 9/9/2013 9:18 PM, Jason Edgecombe wrote: Hi everyone, I would like to discuss the topic of sharing admin access and duties with others. What would the group like to see happen? Currently, I am the admin for the buildbot master (and the debian-i386 slave on the same machine), and I'm the admin of the rhel5 buildslave. We've had fewer people offer to administer build slaves than host them. Thanks, Jason ___ release-team mailing list release-t...@openafs.org http://lists.openafs.org/mailman/listinfo/release-team
Re: [OpenAFS] vos shadow to backup user homes
I usually mount not only /vicepxx but also /usr/afs /usr/vice on the raid drives, that way a motherboard upgrade requires swapping the controller drives. A consistent problem is raid driver upgrades which for the low end controllers never happen. On Mon, Aug 26, 2013 at 6:46 AM, step...@physics.unc.edu wrote: Hi Shouri, I've used shadow volumes in the past. Thankfully I never had to test bringing an entire shadow server into production. I also plan to use it in the near future (barring contrary advice from the list) for a server which houses dozens of TBs of research data for a project which can suffer some downtime (as long as it's unavoidable) but not as much downtime as would be needed to restore dozens of ~1TB volumes. I'll leave the topic open though, and would welcome comments on shadow volumes from any of the devs. Regarding rsync, depending on the size of your partitions, its performance may make you cry. I use an rsync-based backup application for my non-AFS data and am starting to surpass the limits of what rsync can do in a reasonable amount of time and RAM on current hardware. However the main reason I'm replying is your comment about RAID. IMO, anytime you're configuring a mission-critical system without RAID you're probably asking for future headaches. I think the only time I'd consider it is if the system had no unique data on it and could be made part of a HA cluster using [heartbeat, etc]. But at that point you're just abstracting your redundancy at a different level. All of my database and fileservers currently use hardware raid (3ware or LSI/PERC). But one of my idle time projects -- a bit of an inside joke since I have no idle time -- is to play around with ZFS on linux to see if I feel it's ready for prime time yet or not. PS. I noticed Associate Professor in your signature. Have you consulted with your local IT support? If they're not overworked, they may have additional advice specific to your site, discipline, etc. Cheers, Stephen On Sun, 25 Aug 2013, Shouri Chatterjee wrote: Dear All, I wanted to ask about vos shadow and whether it is being used as a solution on production systems to back-up user home directories. The most significant information I can find is a thread from this email archive last year. http://lists.openafs.org/** pipermail/openafs-info/2012-**December/039077.htmlhttp://lists.openafs.org/pipermail/openafs-info/2012-December/039077.html I can dedicate a server to host only shadow volumes. If an active server fails and dies, the shadow copy can be brought online. Is this a better solution than, say: (1) keeping a periodically rsync'd copy of the /vicepx partitions on a shadow server (2) afs over drbd I am trying to use commodity hardware (no RAID, no scope for software RAID either) to build cheap AFS storage. Shouri Shouri Chatterjee Associate Professor Department of Electrical Engineering IIT Delhi, Hauz Khas New Delhi 110016 India Phone: +91 11 2659 1099 (O) +91 11 2659 1619 (R) __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] vos shadow to backup user homes
The only problem with MD RAID is the lack of admin software support. If anyone knows of a good GUI... On Mon, Aug 26, 2013 at 8:06 AM, Harald Barth h...@kth.se wrote: However the main reason I'm replying is your comment about RAID. IMO, anytime you're configuring a mission-critical system without RAID you're probably asking for future headaches. My experiences with RAID, especially HW-Raid is mixed. Last week I got an DL360 G4 with some built-in HW-RAID(5) that returned read errors from the RAID to the OS without failing any drive(s). On an email server. Looks to me like a serious bug in the RAID-firmware. I even have found high-end RAID (Rio) whose memory did not deploy any ECC. One device did make stripes of zeroes into every block that got through it. Then there are HW-RAIDs which can detect silent bit-rot on your HDs and some that can't. All of my database and fileservers currently use hardware raid (3ware or LSI/PERC). But one of my idle time projects -- a bit of an inside joke since I have no idle time -- is to play around with ZFS on linux to see if I feel it's ready for prime time yet or not. I currently trust linux SW RAID (MD) and ZFS more than any HW RAID. So almost all our file servers have been migrated from HW-RAID to SW-RAID or ZFS. Plan is to complement that with shadow volumes for some volumes which have data that need an way of instant resore. Harald. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Upgrading
I have /vicepa and /usr/afs and /usr/vice all mounted on their own partitions then I install the new linux, recompile openaffs, install the init scrips and everything works fiine on 3 servers. I've done this on every suse release since 9.x Tedc On Thu, Apr 4, 2013 at 8:01 AM, Bill MacAllister w...@stanford.edu wrote: --On Thursday, April 04, 2013 05:45:27 AM -0700 J skyliner...@yahoo.com wrote: Wondering if anyone can offer advice as to how best upgrade OpenAFS on Debian 5.0.2. The OpenAFS kernel module package is listed as openafs-modules-2.6.26-2-486. Should I upgrade Linux first, then OpenAFS? Or vice versa? Another option would be to build a new server, but I'm wondering which would be the less convoluted path. Any tutorials or information you can point me to is appreciated. John If you build a second server you will not need any down time. You get the second server working and vos move everything there. Then shutdown or rebuild the first server. It makes sense to just upgrade the first server and keep it. Then next time you want to upgrade it is a lot less work. If you do it this way you will want to use Russ Allbery's mvto: http://www.eyrie.org/~eagle/**software/afs-admin-tools/mvto.**htmlhttp://www.eyrie.org/~eagle/software/afs-admin-tools/mvto.html Bill -- Bill MacAllister Infrastructure Delivery Group, Stanford University __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] compile problem w/ 1.6.2 on kernel 3.7.10-1.1 OpenSuSE 12.3 RC2
OpenSuSE 12.3 RC2 kernel 3.7.10-1.1 ./configure --enable-transarc-paths --enable-namei-fileserver \ --with-linux-kernel-headers=/usr/src/linux --enable-supergroups \ --enable-bitmap-later compile_et.o: In function `main': compile_et.c:(.text+0x6ea): undefined reference to `yyin' compile_et.c:(.text+0x70f): undefined reference to `yyout' compile_et.c:(.text+0x726): undefined reference to `yyout' compile_et.c:(.text+0x9f1): undefined reference to `yyin' compile_et.o: In function `yyerror': compile_et.c:(.text+0xc91): undefined reference to `yylineno' error_table.o: In function `yyparse': error_table.c:(.text+0x948): undefined reference to `yylex' error_table.c:(.text+0xdca): undefined reference to `yylex' collect2: error: ld returned 1 exit status make[3]: *** [compile_et] Error 1 make[2]: *** [comerr] Error 2 make[1]: *** [build] Error 2 make: *** [all] Error 2 1.6.2 compiles OK on kernel 3.1.10-1.16
Re: [OpenAFS] compile problem w/ 1.6.2 on kernel 3.7.10-1.1 OpenSuSE 12.3 RC2
both byacc bison were installed, removed byacc compiling now.. thanks tedc On Thu, Mar 7, 2013 at 11:08 AM, Ted Creedon tcree...@easystreet.netwrote: yes On Thu, Mar 7, 2013 at 11:07 AM, Benjamin Kaduk ka...@mit.edu wrote: On Thu, 7 Mar 2013, Ted Creedon wrote: OpenSuSE 12.3 RC2 kernel 3.7.10-1.1 ./configure --enable-transarc-paths --enable-namei-fileserver \ --with-linux-kernel-headers=/**usr/src/linux --enable-supergroups \ --enable-bitmap-later compile_et.o: In function `main': compile_et.c:(.text+0x6ea): undefined reference to `yyin' compile_et.c:(.text+0x70f): undefined reference to `yyout' Is bison installed on the system in question? -Ben Kaduk
Re: [OpenAFS] Re: Advice on a use case
How about an update R/W or R/O dropdown for windows tedc On Tue, Nov 6, 2012 at 8:49 AM, Andrew Deason adea...@sinenomine.netwrote: On Tue, 6 Nov 2012 00:06:53 -0800 Timothy Balcer timo...@telmate.com wrote: I have a need to think about replicating large volumes (multigigabyte) of large number (many terabytes of data total), to at least two other servers besides the read write volume, and to perform these releases relatively frequently (much more than once a day, preferably) How much more frequently? Hourly? Some people do 4 times hourly (and maybe more) successfully. Also, these other two (or more) read-only volumes for each read write volume will be remote volumes, transiting across relatively fat, but less than gigabit, pipes (100+ megabits) Latency may matter more than bandwidth; do you know what it is? For the moment what I have decided to experiment with is a simple system. My initial idea is to work the afs read-only volume tree into an AUFS union, with a local read write partition in the mix. This way, writes will be local, but I can periodically flush writes to the AFS tree, double check they have been written and released, and then remove them from the local partition.. this should maintain integrity and high availability for the up-to-the-moment recordings, given I RAID the local volume. Obviously, this still introduces a single point of failure... so I'd like to flush as frequently as possible. Incidentally, it seems you can NFS export such a union system fairly simply. I'm not sure I understand the purpose of this; are you trying to write new data from all of the 'remote' locations, and you need those writes to 'finish' quickly? But, I feel as if I am missing something... it has become clear that releasing is a pretty intensive operation, and if we're talking about multiple gigabytes per release, I can imagine it being extremely difficult. Is there a schema that i can use with OpenAFS that will help alleviate this problem? Or perhaps another approach I am missing that may solve it better? Eh, some people do that; it just reduces the benefit of the client-side caching. Every time you release a volume, the server tells clients that for all data in that volume, the client needs to check with the server to see if the cached data is different from what's actually in the volume. But that may not matter so much, especially for a small number of large files. To improve things, you can maybe try to reduce the number of volumes that are changing. That is, if you are adding new data in batches, I don't know if it's feasible for you to add that 'batch' of data by creating a new volume instead of writing to existing volumes. And, of course, the release process may not be fast enough to actually do releases as quickly as you want. There are maybe some ways to ship around volume dumps yourself to get around that, and some pending improvements to the volserver that would help, but I would only think about that after you try the releases yourself. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] is YFS a derived work?
http://opensource.org/licenses/ipl-1.0 IBM PL 1.0 states: *Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program. * All software I've received in conjunction with the Program are derivative works, including the NIM and Windows Client. YFS needs to demonstrate that it is an Original Work and doesn't look to me like it is. Its one more Contribution. What is the opinion of the Elders? Ted On Mon, Oct 1, 2012 at 9:53 PM, Troy Benjegerdes ho...@hozed.org wrote: Let's look at this another way... If someone actually bothers to file an IP lawsuit of any sort regarding AFS, then I think this would be the most credible sign of success I could possibly imagine. And then, in that case, if there were an issue, there would be sufficient community resources to re-write offending code, or re-purpose/extend things like Arla, or the linux kernel kafs client. What would be the downside of someone 'forcing' YFS back into the open source domain? By that time, there should be plenty of customers wanting support contracts that it won't matter. On Mon, Oct 01, 2012 at 10:21:54AM -0700, Ted Creedon wrote: The IP (intellectual property) in YFS seems to be derived from AFS's IP. If that case can be made, IBM or any other entity could force YFS back into the open source domain. The look and feel of YFS may also be a problem - see Broderbund or better yet their attorney's web page. http://www.quinnemanuel.com/attorneys/stern-claude-m.aspx My direct experience is from a dispute Tektronix had with ParcPlace over Smalltalk licensing back in the '80's. AFS may be able to claim infringement against other file systems because of its prior art (but its unpatented?). Which brings up a point, has IBM or CMU protected AFS's IP in any way? Tedc
[OpenAFS] is YFS a derived work?
The IP (intellectual property) in YFS seems to be derived from AFS's IP. If that case can be made, IBM or any other entity could force YFS back into the open source domain. The look and feel of YFS may also be a problem - see Broderbund or better yet their attorney's web page. http://www.quinnemanuel.com/attorneys/stern-claude-m.aspx My direct experience is from a dispute Tektronix had with ParcPlace over Smalltalk licensing back in the '80's. AFS may be able to claim infringement against other file systems because of its prior art (but its unpatented?). Which brings up a point, has IBM or CMU protected AFS's IP in any way? Tedc
[OpenAFS] AFS SAles Brochure
Has anyone ever done an AFS sales brochure comparing the features of AFS /w the competition, including the proposed YFS features? tedc
Re: [OpenAFS] the future
Is it available unsupported? tedc On Mon, Oct 1, 2012 at 5:57 PM, Jeffrey Altman jalt...@your-file-system.com wrote: On 9/30/2012 4:33 PM, Aaron Knister wrote: Regarding support, some type of subscription based model could go a long way. One if the reasons (other than frankly ignorance) that OpenAFS was frowned upon at UMBC was our lack of commercial support. I know there are entities that provide support but they seemed to require more effort than clicking a button, selecting my subscription type (X number of FileServers, Y number of supported clients, Z number of vldb servers, etc), and typing in a credit card number I have always received a significant amount of pushback for any pricing model that is based upon # of servers and especially # of clients. That is why the YFSI pricing model is based upon number a number of support incidents. It doesn't matter how many platforms you deploy or how many servers or number of clients, support is driven by how much support the organization requires and whether support is U.S. business hours monday to friday or 24/7/365. Support packages start at US$4995 per year. Jeffrey Altman
Re: [OpenAFS] the future
I didn't mean an unauthorized shutdown. How about taking a AFS wide survey using a aklog token driven one time pop up explaining that AFS is not being updated according to industry standards and that it needs substantial financial support. Most users are charged for computer support one way or another. AFS needs to be included just like Microsoft license fees. I.e. is there any way to get the users fired up? On Sat, Sep 29, 2012 at 7:13 AM, Jason Edgecombe ja...@rampaginggeek.comwrote: On 09/28/2012 11:33 PM, Troy Benjegerdes wrote: If we dust off some old AFS code and paint up with YFS, TFS, and WTFS (What The Foo is this File Stuff) logos, and have ourselves a nice horserace all the spreadsheet guys can take bets on, what might happen? As I understand, YFS, Inc. is taking this approach. How about at the next DEFCON hacker convention we organize a demo of a real-time AFS protocol encryption cracker and file-server spoofer? I expect this would have all the impact of turning off your servers but conveniently providing someone else to blame. Spreadsheet pushers like to play blame games, you know. Manager/Security: What do you mean that the bloody protocol is compromised and we can't fix it?! How much to get off of this crap right now? Much backlash. That would just make AFS fail. I doubt that we would win any customers by deliberately exposing them to security, regulatory, or legal problems. Jason
Re: [OpenAFS] the future
My intent was to foment a user uprising resulting in pressure on the .edu .com level administrators to provide funding from established budgets. More of a corporate funding than individual contributions. Perhaps a cc to the local spreadsheet managers would get the user needs better communicated. I.e. you can't aklog one time only until you fill out the poll, send it in w/cc to local financial folks. Tedc On Sun, Sep 30, 2012 at 8:41 AM, Troy Benjegerdes ho...@hozed.org wrote: On Sun, Sep 30, 2012 at 02:49:08AM -0700, Ted Creedon wrote: How about taking a AFS wide survey using a aklog token driven one time pop up explaining that AFS is not being updated according to industry standards and that it needs substantial financial support. Most users are charged for computer support one way or another. AFS needs to be included just like Microsoft license fees. I.e. is there any way to get the users fired up? I like this. But I think for this to work we need a simple URL like 'http://openafs.org/donate' that that shows up in the command line aklog client, and on a clickable link in the GUI client. Currently http://static.usenix.org/about/openafs/ is the only 'donate to OpenAFS' link I can find, but that requires cutting a check. The landing page for donations needs to accept PayPal, Amazon payments, Dwolla, and Bitcoin, as well as form to click saying 'My organization uses openafs, please contact __ who has purchasing authority' I think it would look better to have a full OpenAFS foundation with clear governance, but for the moment, all that is needed is some consensus to set up a 'donate' landing page on OpenAFS.org, and someone to set up the payment arrangements so checks get regularly cut to the address on the Usenix association page. If there is a consensus to go ahead with this, I would be willing to offer to handle the Dwolla and Bitcoin 'instant donate' links. I can beat whatever percentage Amazon and Paypal take and still make it worth my time, and I'll include the others because it makes for wider audience for contributions. If there is not a consensus to go ahead with this within a month or two, I'm going to (at whatever glacial pace I feel like it) release TFS version(s) for Linux, Android, and MacOS that have such a link and donate pages.
[OpenAFS] survey
how about an OpenAFS survey included as part of the distribution?
Re: [OpenAFS] Funding the formation of an OpenAFS Foundation
If IBM wants backward compatibility they should pay for it. They're coasting on your work. What's in a name? Who cares? Time to move on despite the risks. I'm willing to pay for AFS as long as I have access to sources under NDA, license or whatever. Ted On Thu, Sep 27, 2012 at 10:49 PM, Russ Allbery r...@stanford.edu wrote: Troy Benjegerdes ho...@hozed.org writes: So here's a general question for the list: Would you rather see OpenAFS end with a bang because the community imploded, or with a whimper when all the AFS admins that have been carrying the torch retire and the new CIO moves everyone to iCloud or google drive? Given those choices (which represent a false dichotomy, but fine, let's have this argument anyway), a whimper, because being nasty to other people is simply not okay, makes the world a worse place all around, and almost never actually helps. One of the deep flaws in the open source community at large right now, seen in all sorts of different projects, is that it has rather a large share of technically-competent abrasive assholes who really *like* being assholes and don't want to change, and who have therefore invented a marvellous little story that they tell themselves about how their behavior is actually courageous truthtelling, brutal honesty, a refusal to settle for the status quo, or otherwise part of why they're able to accomplish so much good work. It's all bullshit. They're just technically-competent people who also happen to be assholes. The actual reason why so much open source work is done by such people is not because they're better at it. It's because they drive off everyone who doesn't have thick skin or enjoys robust exchanges of views or whatever today's euphemism is for tolerating abusive behavior, and then use the fact that all surviving project members interact like they do as proof that their social behavior is acceptable. It's a self-selecting, self-perpetuating ecosystem that I'm increasingly uninterested in tolerating. It's also not actually productive. There are more technically-competent people in the world who like supportive, cooperative projects with functional, adult social expectations than people who thrive on abrasive conflict. If one stops tolerating abusive people, one often finds all sorts of people contributing who otherwise would take one look at the prevailing tone and just quietly walk away. Everyone is abrasive sometimes, but most people *try* not to be and apologize when they slip, and those are the kind of people I want to work with. It's also the kind of person that I want to be, and one starts to emulate the people one interacts with, for good or for ill. There are lots of places I could spend my time productively; the nature of the community is a primary selection criteria. (I could also go off on an extended discussion of how this particular pattern is deeply entangled with the gender bias in open source, but I'll spare you.) Besides, whether one attracts more developers that way or not, it's simply the right thing to do, at a level that's considerably more important than whether AFS survives as a technology or not. -- Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] the future
Its clear to me that the skill set needed to improve AFS is moving on. My only concern is dealing with vulture capitalists, buyouts and more financial quicksand. The reluctance of the major users to fund a mission critical file system like AFS is yet another example of corporate spread sheet management stupidity. I'd turn the file servers off for a day so so to simulate what the world would be like w/o AFS. Perhaps on a triple witching day.. Ted If you can self fund YFS and I hope you make out as well as Linus.
Re: [OpenAFS] Re: [AFS3-std] Re: IBM will not re-license OpenAFS .xg files
For what its worth, while at Mentor Graphics, I retained Scott Myers and an intern to write C++ header files for the IBIS specification. IBIS specifies how to model complex electronic circuits and interconnect (i.e. as in Intel motherboards). Equivalent complexity. I built a special room with 36 ft of whiteboard, Scott would layout the design and the intern would spend a week coding. So that is my level of effort estimate, once the spec is written, which took an industry committee of experts a wear to agree on. Interestingly, the header files spotted several ambiguities in the spec which is left unresolved guaranteed that multiple vendor IBIS implementations would be incompatible. Ted On Thu, Aug 30, 2012 at 8:56 PM, Derrick Brashear sha...@gmail.com wrote: Maintaining OpenAFS involves, among other things: * Kernel code as well as userspace code for various UNIXes. * Mac OS X development (with quite a bit of OS internals involvement). * Windows kernel file system development. * High-performance threaded code with a complex lock model. * A custom network protocol with substantial complexity. * Cryptographic network security models. Some of those things (such as the Windows kernel file system work) no other project, open source *or* commercial, does at the level that OpenAFS does. This is a level of complexity *far* beyond the typical open source project. The only open source projects I can think of with equivalent complexity are primarily maintained by full-time, professional developers whose job is to work on that software, and whose salaries are paid by companies like Red Hat, Novell, IBM, Google, or Oracle. Indeed, it has come back to me through 3rd party channels that Apple has told developers OpenAFS is doing it, so clearly it can be done ... as outsiders. [...] * A coherent mobile story for how mobile devices and applications are going to access data in AFS, including how they can authenticate without using user passwords (which are increasingly a bad authentication story anywhere but are particularly horrible on mobile devices). Apple has made this somewhat harder by removing developer access to the hardware device identifier. Largely I find myself in agreement with the rest of this. -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Transferring data from old server to new server
I have /usr/vice and /usr/afs on raid cards I just unplug the card move it and the drives to the new box. ted On Thu, Jul 26, 2012 at 4:22 AM, Youssef Eldakar youssefelda...@gmail.comwrote: 1.4.12+dfsg-3+ubuntu0.1. I am planning to replace this OpenAFS server with another one on another machine running Ubuntu 12.04, which comes with OpenAFS version 1.6.1-1. What's the simplest way to transfer the data over to the new server? Would just rsyncing /vicepa work? Thank you for advising.
[OpenAFS] remove RClone
how does one remove RClone from a vos listvldb? I.e. junk.vol RWrite: 536870936 ROnly: 536870964 RClone: 536870964
Re: [OpenAFS] loccalauth required for 2 of 3 servers
Best guess is the firewall is slow the R/W server geronimo is outside and the sync server ookpik and 3rd server redcloud are inside. So vos release on redcloud works and vos release on geronimo ookpik fail without -localauth Everything else works fine I suppose I'll try using geronimo as a default route for but i'll have to add a firewall to it (fwbuilder0. ted On Sat, May 26, 2012 at 5:45 PM, Derrick Brashear sha...@gmail.com wrote: ok, where's the failure? On Sat, May 26, 2012 at 2:08 PM, Ted Creedon tcree...@easystreet.net wrote: redcloud is only one of 3 servers that does not require -localauth the R/W server geronimo and the sync server ookpik fail as follows: 10:20:09.732516 IP ookpik.creedon.biz.60135 geronimo.creedon.biz.afs3-vlserver: rx ack first 2 serial 0 reason delay (65) -- Derrick
[OpenAFS] loccalauth required for 2 of 3 servers
redcloud is only one of 3 servers that does not require -localauth the R/W server geronimo and the sync server ookpik fail as follows: 10:20:09.732516 IP ookpik.creedon.biz.60135 geronimo.creedon.biz.afs3-vlserver: rx ack first 2 serial 0 reason delay (65)
Re: [OpenAFS] Re: -localauth switch
time is Thu May 24 10:51:58 2012 Local time is Thu May 24 10:51:59 2012 (time differential 1 secs) Last yes vote for 10.1.1.186 was 4 secs ago (sync site); Last vote started 3 secs ago (at Thu May 24 10:51:56 2012) Local db version is 1337880395.9 I am not sync site Lowest host 10.1.1.186 was set 4 secs ago Sync host 10.1.1.186 was set 4 secs ago The last trans I handled was 0.6 Sync site's db version is 1337880395.9 0 locked pages, 0 of them for write On Thu, Apr 12, 2012 at 1:06 PM, Andrew Deason adea...@sinenomine.netwrote: On Fri, 6 Apr 2012 14:18:52 -0700 Ted Creedon tcree...@easystreet.net wrote: vos release junk.vol Could not lock the VLDB entry for the volume 536870936. u: no quorum elected Error in vos release command. u: no quorum elected So, what does 'udebug server 7003' say for each dbserver? -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] -localauth switch
just upgraded to 1.6.1 and need the -localauth switch to vos release a volume any clues? the permissions keys look OK tedc
Re: [OpenAFS] Re: -localauth switch
Everything seems in order on 3 servers, CellServDB'ss, tokens, udebug, logs, etc except one server is dual homed and its second IP address is not in CellServDB The following only works with -localauth vos release junk.vol Could not lock the VLDB entry for the volume 536870936. u: no quorum elected Error in vos release command. u: no quorum elected On Fri, Apr 6, 2012 at 11:23 AM, Andrew Deason adea...@sinenomine.netwrote: On Fri, 6 Apr 2012 10:42:34 -0700 Ted Creedon tcree...@easystreet.net wrote: just upgraded to 1.6.1 and need the -localauth switch to vos release a volume I assume you mean that you used to be able to 'vos release' without -localauth. Do you have tokens? What error message do you get? -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] HowTo setup OpenAFS cell PDF, german
Babelfish is not all that bad. On Wed, Mar 28, 2012 at 9:32 AM, Lars Schimmer l.schim...@cgv.tugraz.atwrote: Hi! The workshop at the Chemnitz Linux Tag 2012 is done and today I changed some parts in the script of that workshop. It is now available, I just link here the Chemnitz Linux Tag pages, and it is still in german. But if you follow the commands, you should be able to setup a new cell on your own. That PDF is here: http://chemnitzer.linux-tage.de/2012/vortraege/folien/1018_OpenAFS.pdf The virtual server image on which that workshop is done is here: http://tetris.cgv.tugraz.at/clt2012/CLT12.de.tar.bz2 Maybe someone has time to translate that PDF to english? I can provide a .tex file and recreate the PDF afterwards in english. MfG, Lars Schimmer -- - TU Graz, Institut für ComputerGraphik WissensVisualisierung Tel: +43 316 873-5405 E-Mail: l.schim...@cgv.tugraz.at Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: OpenAFS 1.6.0 with Microsoft Active Directory 2008 - Questions about DES
I think the encryption is incorrect. Should be:DES-CBC-CRC tedc On Mon, Jan 9, 2012 at 8:05 AM, Jeff White jaw...@pitt.edu wrote: Thanks for the reply. I'm not sure what about short names would cause problems but I recall hearing about that with AD before so I'll assume it's just a weird thing/bug with Windows. I originally created a logon name of 'afs' not 'afs/pitt.edu' so ktpass or something changed it. I started over with an account named afs-pitt-edu-cell, exported the key, imported the key, and of course it still has the DES error as expected. Do you think the KdcUseRequestedEtypesForTicket**s registry change which I can't implement without breaking everything as I mentioned before is why DES is failing? I can see in gpresult that DES should be allowed and the DES box is checked on the account so other than that or the attributes Douglas Engert mentioned I don't know what could be wrong and I'll have to admit defeat and give up. C:\Users\jaw171.AFSDC-DEV**ktpass -princ afs/pitt@pitt.edu -mapuser afs-pitt- edu-cell -pass * -crypto DES-CBC-MD5 +rndpass /mapop add +desonly /ptype KRB5_NT _PRINCIPAL +dumpsalt -out afs-pitt-edu-cell.keytab Targeting domain controller: AFSDC-DEV.pitt.edu Using legacy password setting method Successfully mapped afs/pitt.edu to afs-pitt-edu-cell. Building salt with principalname afs/pitt.edu and domain PITT.EDU(encryption ty pe 3)... Hashing password with salt PITT.EDUafspitt.edu. Key created. Output keytab to afs-pitt-edu-cell.keytab: Keytab version: 0x502 keysize 48 afs/pitt@pitt.edu ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x3 (DE S-CBC-MD5) keylength 8 (0x57100bd91a01155d) Account afs-pitt-edu-cell has been set for DES-only encryption. Jeff White - Linux/Unix Systems Engineer University of Pittsburgh - CSSD On 01/08/2012 11:50 AM, Jeffrey Altman wrote: Separate from your DES issues, there are two serious problems here. 1. You are creating an account with a logon name of afs/pitt.edu instead of something like afs-pitt-edu-cell and then setting a Service Principal Name of afs/pitt@pitt.edu on that account. The slash in Kerberos is a name component separator. When aklog requests a ticket for afs/pitt@pitt.edu it is asking the PITT.EDU KDC for the principal afs pitt.edu Not the principal afs/pitt.edu 2. You cannot give the account the name AFS or have a short name of AFS. Doing so will cause name resolution of a...@pitt.edu to succeed which will in turn break all of your deployed Windows AFS clients. __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS on OpenSuse 12.1: No connection to filesystem
Works fine here but I compiled my own on 4 Suse 12.1 boxes. tedc
Re: [OpenAFS] recommended UFS parameters for cache partition?
Not necessarily true with on disk caching Disk heads dont recal after every seek On Tuesday, December 27, 2011, chas williams - CONTRACTOR c...@cmf.nrl.navy.mil wrote: On Mon, 26 Dec 2011 15:16:16 -0500 (EST) Benjamin Kaduk ka...@mit.edu wrote: (Or should I just not worry about it and assume that any potential improvements would be lost in the noise?) other than i believe you still cannot use journaling on the caching partition, there isnt much to do. however, as with all disks, the closer to the beginning of the disk the faster the filesystem will perform. this is why people now suggest putting swap at the beginning of the disk (ignoring any tiny boot partitions you might need). ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Happy Holidays -- Another year in the life of OpenAFS
Does any docbook conversion support typesetting or am I back to latex? I meant quarto, I have binding shearing although I feel like Ben Franklin sometimes. The handbook is quite handy. Tedc On Fri, Dec 23, 2011 at 5:48 AM, chas williams - CONTRACTOR c...@cmf.nrl.navy.mil wrote: i would hazard that content is more important than 'ease of use'. it really doesnt matter if you can carry the manual with you if it doesnt provide any useful help. there is nothing to prevent the current docbook from being rendered into quarto (i suspect you meant folio since quarto would be hard to use without cutting and binding). you could just do it by simply post-processing the .pdf with pdfnup. if you feel there is something specific missing, please open a bug. i know we are currently missing an index for the manual pages -- it got lost in the conversion. we also have .epub and .mobi (kindle) versions of the manuals available (generated from the same docbook/pod that is generating the .pdf and .html) for those that have moved beyond the whole dead trees thing. On Thu, 22 Dec 2011 21:51:39 -0800 Ted Creedon tcree...@easystreet.net wrote: Its not the docs content, just the formatting and ease of use. On Thu, Dec 22, 2011 at 8:39 PM, Jeffrey Altman jalt...@secure-endpoints.com wrote: On 12/22/2011 8:54 PM, David Boyes wrote: 1. Recreated the IBM format including hyperlinks, appendix, permuted index, Etc I have the original doc tools used to create the IBM docs, and the ability to produce and translate the .boo files. These tools can automagically do the above if asked. All of our documentation is now in Docbook. They include hyperlinks, the appendix, index, etc. The original IBM docs are of little interest in 2011. Jeffrey Altman
Re: [OpenAFS] Future of maemo port?
Just another side project. I need 3 AFS Appliances. They're cheap reliable, easy to maintain and transportable. Actually I could use several.. On Fri, Dec 23, 2011 at 5:52 AM, Jason Edgecombe ja...@rampaginggeek.comwrote: I don't think that I'll be able to help much with that. On 12/23/2011 12:55 AM, Ted Creedon wrote: AFS as an add on to he Dllink would suit me fine and allow shutting down 3 servers If a larger capacity circuit board is needed, that's not a a problm. maybe I'll have time after Jan 1. tedc On Thu, Dec 22, 2011 at 7:20 PM, Jason Edgecombejason@rampaginggeek.** com ja...@rampaginggeek.comwrote: Hi Ted, Other ARM devices, like the D-Link, that run Linux have a good chance to run OpenAFS. debian-arm does exist. I'm just wanted to formally deprecate the maemo code, which has been unmaintained for a while. On 12/22/2011 01:02 PM, Ted Creedon wrote: The Dlink DNS-320 NAS has an 800 MHz ARM + 128M of memory If it could be ported, that would be ideal I've requested the GPL build tree from Dlink I would not be adverse to sponsoring part of a project to provide a replacement board for same. tedc On Thu, Dec 22, 2011 at 9:32 AM, Jason Edgecombejason@rampaginggeek.** ** comja...@rampaginggeek.com**wrote: Hi Everyone, Are there any objections to removing the maemo port project from the wiki? Should it be replaced by something else? Maemo is dead and I have no clue about Meego, its successor. I haven't touched the Maemo port in a couple of years, and I have no device to develop or test on. What mobile platforms does it make sense to (hopefully) spend effort on? Insights? Comments? Thanks, Jason __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info **https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Future of maemo port?
I flash my own Netgear firewalls. The reverse engineering of all the DNS 320 features ought to be done on X86 boxes. i'd like to add VLC and hard disk recovery. The terminal interface via stelnet or ssh is fine. Not all the build scripts are included. On Fri, Dec 23, 2011 at 2:17 PM, Jason Edgecombe ja...@rampaginggeek.comwrote: The hardest part will likely be getting a development environment installed. There might be a forum or web site to support hacking on the Dlink. you can also get help from the debian-arm email list: http://lists.debian.org/**debian-arm/http://lists.debian.org/debian-arm/ On 12/23/2011 11:16 AM, Ted Creedon wrote: Just another side project. I need 3 AFS Appliances. They're cheap reliable, easy to maintain and transportable. Actually I could use several.. On Fri, Dec 23, 2011 at 5:52 AM, Jason Edgecombejason@rampaginggeek.** com ja...@rampaginggeek.comwrote: I don't think that I'll be able to help much with that. On 12/23/2011 12:55 AM, Ted Creedon wrote: AFS as an add on to he Dllink would suit me fine and allow shutting down 3 servers If a larger capacity circuit board is needed, that's not a a problm. maybe I'll have time after Jan 1. tedc On Thu, Dec 22, 2011 at 7:20 PM, Jason Edgecombejason@rampaginggeek.** ** comja...@rampaginggeek.com**wrote: Hi Ted, Other ARM devices, like the D-Link, that run Linux have a good chance to run OpenAFS. debian-arm does exist. I'm just wanted to formally deprecate the maemo code, which has been unmaintained for a while. On 12/22/2011 01:02 PM, Ted Creedon wrote: The Dlink DNS-320 NAS has an 800 MHz ARM + 128M of memory If it could be ported, that would be ideal I've requested the GPL build tree from Dlink I would not be adverse to sponsoring part of a project to provide a replacement board for same. tedc On Thu, Dec 22, 2011 at 9:32 AM, Jason Edgecombejason@rampaginggeek. ** comja...@rampaginggeek.comwrote: Hi Everyone, Are there any objections to removing the maemo port project from the wiki? Should it be replaced by something else? Maemo is dead and I have no clue about Meego, its successor. I haven't touched the Maemo port in a couple of years, and I have no device to develop or test on. What mobile platforms does it make sense to (hopefully) spend effort on? Insights? Comments? Thanks, Jason ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-**infohttps://lists.openafs.org/**mailman/listinfo/openafs-info https://lists.openafs.**org/mailman/listinfo/**openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-**infohttps://lists.openafs.org/mailman/listinfo/openafs-info https://lists.openafs.**org/**mailman/listinfo/**openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-**infohttps://lists.openafs.org/mailman/listinfo/openafs-info https://lists.openafs.**org/**mailman/listinfo/**openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info **https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Happy Holidays -- Another year in the life of OpenAFS
A documentation week would be more like it. My private docs stopped development some years ago using LaTex: 1. Recreated the IBM format including hyperlinks, appendix, permuted index, etc 2. Devised a customizable Quick Start Guide specific to each OS and default paths (Transarc, etc) using a single source file with 2 switches. 3. Published a quarto volume handbook which is quite handy (4 pages/sheet 2 sided). If I can be of help Merry Christmas and thanks for all your hard work. Tedc
Re: [OpenAFS] Future of maemo port?
The Dlink DNS-320 NAS has an 800 MHz ARM + 128M of memory If it could be ported, that would be ideal I've requested the GPL build tree from Dlink I would not be adverse to sponsoring part of a project to provide a replacement board for same. tedc On Thu, Dec 22, 2011 at 9:32 AM, Jason Edgecombe ja...@rampaginggeek.comwrote: Hi Everyone, Are there any objections to removing the maemo port project from the wiki? Should it be replaced by something else? Maemo is dead and I have no clue about Meego, its successor. I haven't touched the Maemo port in a couple of years, and I have no device to develop or test on. What mobile platforms does it make sense to (hopefully) spend effort on? Insights? Comments? Thanks, Jason __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Happy Holidays -- Another year in the life of OpenAFS
Its not the docs content, just the formatting and ease of use. On Thu, Dec 22, 2011 at 8:39 PM, Jeffrey Altman jalt...@secure-endpoints.com wrote: On 12/22/2011 8:54 PM, David Boyes wrote: 1. Recreated the IBM format including hyperlinks, appendix, permuted index, Etc I have the original doc tools used to create the IBM docs, and the ability to produce and translate the .boo files. These tools can automagically do the above if asked. All of our documentation is now in Docbook. They include hyperlinks, the appendix, index, etc. The original IBM docs are of little interest in 2011. Jeffrey Altman
Re: [OpenAFS] Future of maemo port?
AFS as an add on to he Dllink would suit me fine and allow shutting down 3 servers If a larger capacity circuit board is needed, that's not a a problm. maybe I'll have time after Jan 1. tedc On Thu, Dec 22, 2011 at 7:20 PM, Jason Edgecombe ja...@rampaginggeek.comwrote: Hi Ted, Other ARM devices, like the D-Link, that run Linux have a good chance to run OpenAFS. debian-arm does exist. I'm just wanted to formally deprecate the maemo code, which has been unmaintained for a while. On 12/22/2011 01:02 PM, Ted Creedon wrote: The Dlink DNS-320 NAS has an 800 MHz ARM + 128M of memory If it could be ported, that would be ideal I've requested the GPL build tree from Dlink I would not be adverse to sponsoring part of a project to provide a replacement board for same. tedc On Thu, Dec 22, 2011 at 9:32 AM, Jason Edgecombejason@rampaginggeek.** com ja...@rampaginggeek.comwrote: Hi Everyone, Are there any objections to removing the maemo port project from the wiki? Should it be replaced by something else? Maemo is dead and I have no clue about Meego, its successor. I haven't touched the Maemo port in a couple of years, and I have no device to develop or test on. What mobile platforms does it make sense to (hopefully) spend effort on? Insights? Comments? Thanks, Jason ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-infohttps://lists.openafs.org/**mailman/listinfo/openafs-info **https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info __**_ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/**mailman/listinfo/openafs-infohttps://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: windows openafs cache not updating
My problem may be Norton, I'll check it out ted On Mon, Dec 12, 2011 at 6:27 PM, Jonathan Nilsson jnils...@uci.edu wrote: FindClient: stillborn client 74024d60(d16fe8cc); conn 180213d0 (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc) CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:7001 CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), error 1 Could these messages be indicating a problem? (They appear frequently in the logs and I cannot tell if they correspond to specific read or write actions on the clients.) Yes, they indicate that the fileserver cannot contact that client to tell it that the files have changed (well, the latter two, anyway). Is that client behind a NAT or some kind of stateful firewall? No, the client has a static IP. Assuming not, a simple test you can perform to check that a client is reachable from the fileserver is by running: rxdebug client 7001 -version doh! that does not respond. in Control Panel - Windows Firewall - Allow a program or feature through Windows Firewall it seems like the OpenAFS client must have attempted to add itself, but not completely... i see a checkbox under the Public network type, but not in the Domain or Home/Work (Private) network type. when I add those checkboxes, then rxdebug client 7001 -version works. is it intentional to only allow 7001 on Public networks but not on Domain networks? thanks for the quick reply! -- Jonathan from the fileserver. If that does not respond with the version of that client, check firewalls et al and allow port udp 7001 to the client. This is assuming, though, that the client generally stays up. It can be normal to see messages like that if the client is abruptly removed from the network or shutdown in an unclean fashion, etc. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Jonathan.Nilsson at uci dot edu Social Sciences Computing Services SSPB 1265 | 949.824.1536
Re: [OpenAFS] windows openafs cache not updating
Same problem here w/ XP using 1.7.01 Linux clients are OK On Mon, Dec 12, 2011 at 4:40 PM, Jonathan Nilsson jnils...@uci.edu wrote: Hello, Has anyone had cache inconsistency problems with Windows clients? Two Windows 7 64-bit OpenAFS 1.7.3 clients are not seeing the same files when they look at the same volume via two different RW mount points. One client is making changes, and the other client is just reading the files, but both are accessing the volume via an RW mount point so that a 'vos release' won't be necessary. We've seen this problem occasionally before with earlier versions of OpenAFS too, but never bothered much because it seemed to fix itself eventually. But now, the only thing that makes the files show up is a reboot. An AFS - flush volume command from the context menu does not solve the problem. Some additional info: the server housing this volume is CentOS 6 64-bit, OpenAFS 1.4.14. We see messages like these scattered about in the FileLog for the client that is not seeing the changed files: FindClient: stillborn client 74024d60(d16fe8cc); conn 180213d0 (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc) CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:7001 CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), error 1 Could these messages be indicating a problem? (They appear frequently in the logs and I cannot tell if they correspond to specific read or write actions on the clients.) -- Jonathan.Nilsson at uci dot edu Social Sciences Computing Services SSPB 1265 | 949.824.1536
Re: [OpenAFS] /afs mounts RO on kernel 3.1.0-1.1
Looks like the mount points are all # (no%) and rooot.affs root.cell have disappeared. Will vos dump everything and remount all. The strangest thing is that some some machines the # mount points are writable; ted On Tue, Nov 15, 2011 at 8:40 AM, Marc Dionne marc.c.dio...@gmail.comwrote: On Sat, Nov 12, 2011 at 19:51, Ted Creedon tcree...@easystreet.net wrote: I'm upgrading my Linux bpxes to open suse 12.1 RC2 (3.1.0-1.1) I wouldn't recommend running a 3.1 kernel with OpenAFS 1.6.0. There's a bug that will eventually cause your system to hang under load. It is fixed in the master branch, and will be part of any upcoming 1.6 releases. While openafs-1.6.0 compiles installs OK the /afs/.creedon.biz file system gets mounted RO Other 1.6.0 versions of the client on other boxes with older kernels still are writable but the newer 1.6.0 client doesn't seem to work on kernel 3.1.0-1.1. but does work on kernel 2.6.34.7-0.7. eg: touch /afs/.creedon.biz/junk/foo touch: cannot touch `/afs/.creedon.biz/junk/foo': Read-only file system I have a few systems with 3.1 and 3.2-rc kernels (but running master, not 1.6) and this behaves normally for my cells. Marc
[OpenAFS] /afs mounts RO on kernel 3.1.0-1.1
I'm upgrading my Linux bpxes to open suse 12.1 RC2 (3.1.0-1.1) While openafs-1.6.0 compiles installs OK the /afs/.creedon.biz file system gets mounted RO Other 1.6.0 versions of the client on other boxes with older kernels still are writable but the newer 1.6.0 client doesn't seem to work on kernel 3.1.0-1.1. but does work on kernel 2.6.34.7-0.7. eg: touch /afs/.creedon.biz/junk/foo touch: cannot touch `/afs/.creedon.biz/junk/foo': Read-only file system any help would be appreciated tedc
Re: [OpenAFS] OpenAFS 1.6.002 on Windows; No Network Access doesn't mean anything
I'm having the same problem - can't set up a writable share but can view using a browser Hope there's a quick fix tedc On Mon, Sep 12, 2011 at 3:01 PM, Jeffrey Altman jalt...@secure-endpoints.com wrote: The AFS adapter is a loopback adapter. It has no Internet access because it isn't a network on which there is a router. On 9/12/2011 5:25 PM, John Tang Boyland wrote: I'm embarrassed to say that after two years of trying to get students to successfully install OpenAFS on Windows, I find that one of the diagnostics I was using is irrelevant. When a student installed OpenAFS but didn't get things to work, since I don't know Windows at all, I would try to wander around the myriad pages in the explorer. I stumbled on the Network and Sharing Center and sure enough AFS would be listed as an Unidentified Network and that it had No network access. I would click on AFS and get an AFS status page that shows IPv4 connectivity: No network access and activity: XXX packets sent and 0 received. We would try various magic incantations to get AFS to work. If they worked (i.e. we could go to \\afs\cs.uwm.edu in the Explorer window), the student would be happy and go off. And I wouldn't see the computer again. Finally someone got me my own computer to experiment with and (surprise surpise) even when AFS is working just fine, the Network and Sharing center STILL says that AFS has no network access. So, a view that I thought would help with diagnosis is worthless. Regards, John ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: openafs-1.6.0pre2 issues
ookpik:/usr/afs/logs # rxdebug 10.1.1.211 7003 Trying 10.1.1.211 (port 7003): ^C ookpik:/usr/afs/logs # rxdebug lizzy 7003 Trying 10.1.1.211 (port 7003): ^C ookpik:/usr/afs/logs # rxdebug lizzy 7003 Trying 10.1.1.211 (port 7003): ^C will backport to 1.4.14 and see what happens, if similar will tcpdump; no firewalls thanks ted On Wed, Feb 16, 2011 at 3:20 PM, Andrew Deason adea...@sinenomine.netwrote: On Wed, 16 Feb 2011 15:32:46 -0600 Ted Creedon tcree...@easystreet.net wrote: Andlizzy:/usr/afs/logs # udebug localhost 7003 Host's addresses are: 10.1.1.211 Okay, um... from ookpik: rxdebug 10.1.1.211 7003 rxdebug lizzy 7003 udebug 10.1.1.211 7003 I'm assuming there's no firewall on lizzy that could be interfering with this? You could try downgrading to 1.4.14 to see if it changes anything, but I have a hard time imagining what could possibly be doing that. -- Andrew Deason adea...@sinenomine.net
Re: [OpenAFS] Re: openafs-1.6.0pre2 issues
Backported to 1.4.14 same problem, but getting an error message ookpik:~ # rxdebug lizzy 7003 Trying 10.1.1.211 (port 7003): getstats call failed with code -1 ookpik:~ # tcpdump on lizzy while udebug'ed from ookpik lizzy.creedon.biz.afs3-prserver ookpik.creedon.biz.afs3-prserver: [bad udp cksum d710!] rx abort cid 12785f50 call# 67 seq 0 ser 68 secindex 2 serviceid 50 pt ubik reply vote-beacon vote yes until 2011/02/16 16:39:06 (32)
Re: [OpenAFS] Re: openafs-1.6.0pre2 issues
Did an iptables -L on lizzy and guess what? Somehow the firewall got turned on. back to 1.6. ted
Re: [OpenAFS] 127.0.0.2 keeps popping up
That's the point no 127.0.0.2 anywhere on any machine But putting it into NetRestrict on redcloud cured the problem There's a subtle bug somewhere either in afs or the called routine from Linux Udebug disclosed the second address when there was none This will show up in any machine with wi-fi (which I disable) ted On Fri, Feb 11, 2011 at 7:08 PM, Derrick Brashear sha...@gmail.com wrote: look at /etc/hosts on the machine? see if it's providing that as an ip for your hostname. On Fri, Feb 11, 2011 at 7:37 PM, Ted Creedon tcree...@easystreet.net wrote: ookpik (10.1.1.186) reports Fri Feb 11 16:12:02 2011 ubik: A Remote Server has addresses: Fri Feb 11 16:12:02 2011 10.1.1.210 Fri Feb 11 16:12:02 2011 127.0.0.2 and server redcloud's adddress (10.1.1.210) gets changed to 127.0.0.2 replecing redcloud.creedon.biz I.e. vos listvldb z2001.vol RWrite: 536870918 ROnly: 536870919 number of sites - 4 server geronimo.creedon.biz partition /vicepa RW Site server geronimo.creedon.biz partition /vicepa RO Site server ookpik.creedon.biz partition /vicepa RO Site server 127.0.0.2 partition /vicepa RO Site vos listaddrs ookpik.creedon.biz geronimo.creedon.biz geronimo1.creedon.biz 127.0.0.2 redcloud.creedon.biz Happens frequently tedc Openafs ver 1.4.14 Linux'es redcloud 2.6.34.7-0.7-desktop-ted geronimo 2.6.34.7-0.7-desktop-ted ookpik 2.6.27.7-9-i7 -- Derrick
[OpenAFS] 127.0.0.2 keeps popping up
ookpik (10.1.1.186) reports Fri Feb 11 16:12:02 2011 ubik: A Remote Server has addresses: Fri Feb 11 16:12:02 2011 10.1.1.210 Fri Feb 11 16:12:02 2011 127.0.0.2 and server redcloud's adddress (10.1.1.210) gets changed to 127.0.0.2 replecing redcloud.creedon.biz I.e. vos listvldb z2001.vol RWrite: 536870918 ROnly: 536870919 number of sites - 4 server geronimo.creedon.biz partition /vicepa RW Site server geronimo.creedon.biz partition /vicepa RO Site server ookpik.creedon.biz partition /vicepa RO Site server 127.0.0.2 partition /vicepa RO Site vos listaddrs ookpik.creedon.biz geronimo.creedon.biz geronimo1.creedon.biz 127.0.0.2 redcloud.creedon.biz Happens frequently tedc Openafs ver 1.4.14 Linux'es redcloud 2.6.34.7-0.7-desktop-ted geronimo 2.6.34.7-0.7-desktop-ted ookpik 2.6.27.7-9-i7
Re: [OpenAFS] openafs on suse 10.2 with kernel 2.6.18.2-34-default
I have always compiled the sources for SuSE. Move the libafs'uname-r'.ko from /usr/vice/etc to /lib/modules/'uname -r'/kernel/fs/afs and do a depmod. SuSE has /etc/init.d/afs-client and /etc/init.d/afs-sserver to stop/start afs. afs-client reads /etc/sysconfig/afs-client the with --mit-krb5 configure switch needs to be used to get aklog compiled... Tedc On Wed, Feb 2, 2011 at 5:21 AM, rosatrancoso rosatranc...@gmail.com wrote: Hello! I am trying to install openafs in machines with: cat /etc/SuSE-release: openSUSE 10.2 (X86-64) uname -r : 2.6.18.2-34-default I need to install openafs-client (which needs openafs) and openafs-krb5-mit. Everything installs OK but when I try to activate the service, it says that openafs-client is not installed. Why? Do I need to install openafs-kmp-default? The problem with this is that the available version of this rpm is not compatible with my kernel (2.6.18 versus http://download.opensuse.org/repositories/filesystems/SLE_10/x86_64/openafs-kmp-default-1.4.12.1_2.6.16.46_0.12-11.1.x86_64.rpm) I don't want to update the kernel as my machine has very important services running,.. So, what can I do? Compile openafs-kernel-source? Are there any other rpm's? Thank you Rosa
Re: [OpenAFS] Re: client crashes 1.4.14
I can start the client (on the server geronimo) and get an aklog token Since the -localauth switch works, I asssume its keyed properly (single des same kvno) If I do an ls /afs the cpu stops and a hard reset is required I suspect that the problem is in the mounts I have 3 more machines to experiment with all are 2.6.x kernels and the 1.4.14 tar.gz release source There are no error messages (the 1.6pre1 seemed to work on geronimo except for the RX cleanup errors.). the volumes all salvage OK sync Ted On Tue, Jan 18, 2011 at 6:25 PM, Andrew Deason adea...@sinenomine.netwrote: On Tue, 18 Jan 2011 15:54:42 -0800 Ted Creedon tcree...@easystreet.net wrote: 1.4.14 openafs on 2.6.34.7-0.7 linux Distro? And does this occur on 1.4.12.1? Because 1.4.14 is almost exactly the same as 1.4.12.1. the following happens when the client is started Message from syslogd@geronimo at Jan 18 15:50:59 ... kernel:[ 6918.225730] invalid opcode: [#1] PREEMPT SMP Message from syslogd@geronimo at Jan 18 15:50:59 ... kernel:[ 6918.225737] last sysfs file: /sys/devices/pci:00/:00:14.1/host1/target1:0:0/1:0:0:0/block/sdb/uevent We need more than that. All of the stuff around/after 'Call Trace:' or similar, and anything with 'openafs:' would probably help to at least point at something. You also typically want the text immediately _before_ the [cut here] - [please bite here] marker. All of that should be in syslog (possibly kern.log, or 'messages', or wherever the relevant syslog messages get sent to) -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: client crashes 1.4.14
bos listkeys $S bos: security object was passed a bad ticket error encountered while listing keys bos listkeys $S -localauth key 1 has cksum 1520092366 Keys last changed on Tue Jan 18 17:17:58 2011. All done. Looks like a keying problem - is there any way to print the key out rather than the checksum so I can check against asetkey? Ted On Wed, Jan 19, 2011 at 9:20 AM, Andrew Deason adea...@sinenomine.netwrote: On Wed, 19 Jan 2011 09:10:58 -0800 Ted Creedon tcree...@easystreet.net wrote: If I do an ls /afs the cpu stops and a hard reset is required So, I take this to mean that the machine is unresponsive? Can you try pressing Alt-SysRq-t and see if the process list traces are recorded when this occurs? -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: client crashes 1.4.14
I'll fix that - just figured out how ktutil won't wkt to an existing file (except append) ted On Wed, Jan 19, 2011 at 10:09 AM, Derrick Brashear sha...@gmail.com wrote: On Wed, Jan 19, 2011 at 12:48 PM, Ted Creedon tcree...@easystreet.net wrote: bos listkeys $S bos: security object was passed a bad ticket error encountered while listing keys with admin tokens? try -c (your cell)? Looks like a keying problem - is there any way to print the key out rather than the checksum so I can check against asetkey? doesn't look like a keying problem yet. not enough info to tell.
Re: [OpenAFS] resurrecting dead server
vos syncserv -server $S -partition a -dryrun -cell $C -localauth -verbose ends up with Aborted cut 7f9ebdaec000-7f9ebdaed000 rw-p 00:00 0 7fff833da000-7fff83425000 rw-p 00:00 0 [stack] 7fff83545000-7fff83546000 r-xp 00:00 0 [vdso] ff60-ff601000 r-xp 00:00 0 [vsyscall] Aborted On Tue, Jan 18, 2011 at 11:26 AM, Ted Creedon tcree...@easystreet.netwrote: I did a reinstall, kerberos, linux, everything Do I need to set up root.cell and root.afs prior to syncing /vicepa? ted On Sun, Jan 16, 2011 at 12:26 PM, Jason Edgecombe ja...@rampaginggeek.com wrote: I recommend a reinstall, then copy /usr/afs/etc from another server to copy the KeyFile, CellServ, etc. Jason On 01/16/2011 01:48 PM, Ted Creedon wrote: How about moving the /usr/afs directories from a known good server to the RW server and doing the same? ted On Sun, Jan 16, 2011 at 7:10 AM, Jason Edgecombeja...@rampaginggeek.com wrote: On 01/15/2011 01:05 PM, Ted Creedon wrote: my R/W server died but /vicepa and /vicepb were saved on their raid drives. this server also ran the krb5kdc... there are 2 other RO servers still OK but 2 out of 20 volumes are not up to date. both were running upclient etc the data on the RO servers is: /usr/afs/db: total 316 drwx-- 2 root root 4096 May 5 2009 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw--- 1 root root 1088 May 2 2009 bdb.DB0 -rw--- 1 root root 64 Jan 7 12:18 bdb.DBSYS1 -rw--- 1 root root 68672 May 5 2009 prdb.DB0 -rw--- 1 root root 68672 May 5 2009 prdb.DB0.bak -rw--- 1 root root 64 Jan 7 12:18 prdb.DBSYS1 -rw--- 1 root root 64 May 5 2009 prdb.DBSYS1.bak -rw--- 1 root root 18 Jan 7 12:18 vldb.DB0 -rw--- 1 root root 64 Jan 7 13:50 vldb.DBSYS1 /usr/afs/etc: total 80 drwxr-xr-x 2 root root 4096 Jun 16 2010 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 162 Jan 7 12:17 CellServDB -rw--- 1 root root 100 May 6 2009 KeyFile -rw-r--r-- 1 root root10 May 2 2009 NetRestrict -rw-r--r-- 1 root root11 May 6 2009 ThisCell -rw-r--r-- 1 root root39 Nov 15 2008 UserList /usr/afs/local: total 24 drwx-- 2 root root 4096 Jan 7 13:53 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 313 Apr 30 2009 BosConfig -rw-r--r-- 1 root root 10 May 6 2009 NetRestrict -rw-r--r-- 1 root root0 Jan 7 13:53 SALVAGE.fs srwxr-xr-x 1 root root0 Jan 7 12:22 fssync.sock= -rw-r--r-- 1 root root0 May 2 2009 salvage.lock -rw-r--r-- 1 root root 32 Jan 7 11:55 sysid -rw-r--r-- 1 root root 32 Jan 7 11:00 sysid.old what's the best way to proceed after I rekey PS I also have vos dump files but the 2 aforementiined volumes are not up to date. thanks tedc I suggest connecting the raid drives to another server, possibly one of your R/O servers. Mount the /vicepX partitions, restart the fileserver, then run vos syncserv and vos syncvldb to have the recovered volumes be remapped to the different server. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] resurrecting dead server
Does that mean it works or not? PS vicepa has root.afs 536870912 RW 4 K On-line root.afs.readonly 536870913 RO 4 K On-line root.cell 536870915 RW 2634 K On-line root.cell.readonly536870916 RO 24 K On-line do these need to be mounted before or after syncing? Ted On Tue, Jan 18, 2011 at 11:46 AM, Derrick Brashear sha...@gmail.com wrote: that's fixed post-1.6.0pre1. pre2 isn't out yet. On Tue, Jan 18, 2011 at 2:42 PM, Ted Creedon tcree...@easystreet.net wrote: vos syncserv -server $S -partition a -dryrun -cell $C -localauth -verbose ends up with Aborted cut 7f9ebdaec000-7f9ebdaed000 rw-p 00:00 0 7fff833da000-7fff83425000 rw-p 00:00 0 [stack] 7fff83545000-7fff83546000 r-xp 00:00 0 [vdso] ff60-ff601000 r-xp 00:00 0 [vsyscall] Aborted On Tue, Jan 18, 2011 at 11:26 AM, Ted Creedon tcree...@easystreet.net wrote: I did a reinstall, kerberos, linux, everything Do I need to set up root.cell and root.afs prior to syncing /vicepa? ted On Sun, Jan 16, 2011 at 12:26 PM, Jason Edgecombe ja...@rampaginggeek.com wrote: I recommend a reinstall, then copy /usr/afs/etc from another server to copy the KeyFile, CellServ, etc. Jason On 01/16/2011 01:48 PM, Ted Creedon wrote: How about moving the /usr/afs directories from a known good server to the RW server and doing the same? ted On Sun, Jan 16, 2011 at 7:10 AM, Jason Edgecombeja...@rampaginggeek.comwrote: On 01/15/2011 01:05 PM, Ted Creedon wrote: my R/W server died but /vicepa and /vicepb were saved on their raid drives. this server also ran the krb5kdc... there are 2 other RO servers still OK but 2 out of 20 volumes are not up to date. both were running upclient etc the data on the RO servers is: /usr/afs/db: total 316 drwx-- 2 root root 4096 May 5 2009 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw--- 1 root root 1088 May 2 2009 bdb.DB0 -rw--- 1 root root 64 Jan 7 12:18 bdb.DBSYS1 -rw--- 1 root root 68672 May 5 2009 prdb.DB0 -rw--- 1 root root 68672 May 5 2009 prdb.DB0.bak -rw--- 1 root root 64 Jan 7 12:18 prdb.DBSYS1 -rw--- 1 root root 64 May 5 2009 prdb.DBSYS1.bak -rw--- 1 root root 18 Jan 7 12:18 vldb.DB0 -rw--- 1 root root 64 Jan 7 13:50 vldb.DBSYS1 /usr/afs/etc: total 80 drwxr-xr-x 2 root root 4096 Jun 16 2010 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 162 Jan 7 12:17 CellServDB -rw--- 1 root root 100 May 6 2009 KeyFile -rw-r--r-- 1 root root10 May 2 2009 NetRestrict -rw-r--r-- 1 root root11 May 6 2009 ThisCell -rw-r--r-- 1 root root39 Nov 15 2008 UserList /usr/afs/local: total 24 drwx-- 2 root root 4096 Jan 7 13:53 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 313 Apr 30 2009 BosConfig -rw-r--r-- 1 root root 10 May 6 2009 NetRestrict -rw-r--r-- 1 root root0 Jan 7 13:53 SALVAGE.fs srwxr-xr-x 1 root root0 Jan 7 12:22 fssync.sock= -rw-r--r-- 1 root root0 May 2 2009 salvage.lock -rw-r--r-- 1 root root 32 Jan 7 11:55 sysid -rw-r--r-- 1 root root 32 Jan 7 11:00 sysid.old what's the best way to proceed after I rekey PS I also have vos dump files but the 2 aforementiined volumes are not up to date. thanks tedc I suggest connecting the raid drives to another server, possibly one of your R/O servers. Mount the /vicepX partitions, restart the fileserver, then run vos syncserv and vos syncvldb to have the recovered volumes be remapped to the different server. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- Derrick
[OpenAFS] BosConfig error
I backed up from 1.6.pre1 to 1.4.14 and the 1.4.14 bosserver carps about the BosCOnfig that worked under 1.6 Tue Jan 18 12:51:06 2011: Server directory access is okay Tue Jan 18 12:51:06 2011: bosserver: Something is wrong (-1) with the bos configuration file /usr/afs/local/BosConfig; aborting ted
Re: [OpenAFS] Re: resurrecting dead server
vos syncserv -server $S -partition a -dryrun -cell $C -localauth -verbose andvos syncvldb -server $S -partition a -cell $C -localauth -verbose work without errors. whats the best way to mount root.afs, root.cell and the 25 volumes ? thanks ted On Tue, Jan 18, 2011 at 12:05 PM, Andrew Deason adea...@sinenomine.netwrote: On Tue, 18 Jan 2011 11:56:27 -0800 Ted Creedon tcree...@easystreet.net wrote: Does that mean it works or not? You specified '-dryrun' in the syncserv options, so I would guess it didn't actually do anything. 'vos listvl root.afs' and root.cell can tell you if the vldb entries are pointed at the right place. If they're not, you can try syncserv/syncvldb'ing, probably with a 1.4 'vos' if you don't want that ugly error to appear. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: resurrecting dead server
Looks like all volumes are back up Some directories have a Permission denied problem is it the permissions on user admin or the setacl's for the directory - or both? Thanks for all your help ted
[OpenAFS] client crashes
1.4.14 openafs on 2.6.34.7-0.7 linux the following happens when the client is started Message from syslogd@geronimo at Jan 18 15:50:59 ... kernel:[ 6918.225730] invalid opcode: [#1] PREEMPT SMP Message from syslogd@geronimo at Jan 18 15:50:59 ... kernel:[ 6918.225737] last sysfs file: /sys/devices/pci:00/:00:14.1/host1/target1:0:0/1:0:0:0/block/sdb/uevent
Re: [OpenAFS] resurrecting dead server
How about moving the /usr/afs directories from a known good server to the RW server and doing the same? ted On Sun, Jan 16, 2011 at 7:10 AM, Jason Edgecombe ja...@rampaginggeek.comwrote: On 01/15/2011 01:05 PM, Ted Creedon wrote: my R/W server died but /vicepa and /vicepb were saved on their raid drives. this server also ran the krb5kdc... there are 2 other RO servers still OK but 2 out of 20 volumes are not up to date. both were running upclient etc the data on the RO servers is: /usr/afs/db: total 316 drwx-- 2 root root 4096 May 5 2009 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw--- 1 root root 1088 May 2 2009 bdb.DB0 -rw--- 1 root root 64 Jan 7 12:18 bdb.DBSYS1 -rw--- 1 root root 68672 May 5 2009 prdb.DB0 -rw--- 1 root root 68672 May 5 2009 prdb.DB0.bak -rw--- 1 root root 64 Jan 7 12:18 prdb.DBSYS1 -rw--- 1 root root 64 May 5 2009 prdb.DBSYS1.bak -rw--- 1 root root 18 Jan 7 12:18 vldb.DB0 -rw--- 1 root root 64 Jan 7 13:50 vldb.DBSYS1 /usr/afs/etc: total 80 drwxr-xr-x 2 root root 4096 Jun 16 2010 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 162 Jan 7 12:17 CellServDB -rw--- 1 root root 100 May 6 2009 KeyFile -rw-r--r-- 1 root root10 May 2 2009 NetRestrict -rw-r--r-- 1 root root11 May 6 2009 ThisCell -rw-r--r-- 1 root root39 Nov 15 2008 UserList /usr/afs/local: total 24 drwx-- 2 root root 4096 Jan 7 13:53 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 313 Apr 30 2009 BosConfig -rw-r--r-- 1 root root 10 May 6 2009 NetRestrict -rw-r--r-- 1 root root0 Jan 7 13:53 SALVAGE.fs srwxr-xr-x 1 root root0 Jan 7 12:22 fssync.sock= -rw-r--r-- 1 root root0 May 2 2009 salvage.lock -rw-r--r-- 1 root root 32 Jan 7 11:55 sysid -rw-r--r-- 1 root root 32 Jan 7 11:00 sysid.old what's the best way to proceed after I rekey PS I also have vos dump files but the 2 aforementiined volumes are not up to date. thanks tedc I suggest connecting the raid drives to another server, possibly one of your R/O servers. Mount the /vicepX partitions, restart the fileserver, then run vos syncserv and vos syncvldb to have the recovered volumes be remapped to the different server. Jason ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] resurrecting dead server
my R/W server died but /vicepa and /vicepb were saved on their raid drives. this server also ran the krb5kdc... there are 2 other RO servers still OK but 2 out of 20 volumes are not up to date. both were running upclient etc the data on the RO servers is: /usr/afs/db: total 316 drwx-- 2 root root 4096 May 5 2009 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw--- 1 root root 1088 May 2 2009 bdb.DB0 -rw--- 1 root root 64 Jan 7 12:18 bdb.DBSYS1 -rw--- 1 root root 68672 May 5 2009 prdb.DB0 -rw--- 1 root root 68672 May 5 2009 prdb.DB0.bak -rw--- 1 root root 64 Jan 7 12:18 prdb.DBSYS1 -rw--- 1 root root 64 May 5 2009 prdb.DBSYS1.bak -rw--- 1 root root 18 Jan 7 12:18 vldb.DB0 -rw--- 1 root root 64 Jan 7 13:50 vldb.DBSYS1 /usr/afs/etc: total 80 drwxr-xr-x 2 root root 4096 Jun 16 2010 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 162 Jan 7 12:17 CellServDB -rw--- 1 root root 100 May 6 2009 KeyFile -rw-r--r-- 1 root root10 May 2 2009 NetRestrict -rw-r--r-- 1 root root11 May 6 2009 ThisCell -rw-r--r-- 1 root root39 Nov 15 2008 UserList /usr/afs/local: total 24 drwx-- 2 root root 4096 Jan 7 13:53 ./ drwxr-xr-x 7 root root 4096 May 6 2009 ../ -rw-r--r-- 1 root root 313 Apr 30 2009 BosConfig -rw-r--r-- 1 root root 10 May 6 2009 NetRestrict -rw-r--r-- 1 root root0 Jan 7 13:53 SALVAGE.fs srwxr-xr-x 1 root root0 Jan 7 12:22 fssync.sock= -rw-r--r-- 1 root root0 May 2 2009 salvage.lock -rw-r--r-- 1 root root 32 Jan 7 11:55 sysid -rw-r--r-- 1 root root 32 Jan 7 11:00 sysid.old what's the best way to proceed after I rekey PS I also have vos dump files but the 2 aforementiined volumes are not up to date. thanks tedc
Re: [OpenAFS] Re: openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
I do an insmod ./libafs-*** from the /usr/vice/etc directory after I verify its actually reinstalled I'll keep you posted, right now I'm upgrading my main fileserver tedc On Mon, Jan 10, 2011 at 8:07 AM, Andrew Deason adea...@sinenomine.netwrote: On Sat, 8 Jan 2011 08:31:21 -0800 Ted Creedon tcree...@easystreet.net wrote: both insmod modprobe. I check it first before I move it to /lib/modules/'uname'/kernel/fs/afs/libafs.ko and depmod -a. Doesn't depmod haul in all the dependencies? Yeah, as Matt said, if you load it with modprobe after depmod, it should do the right thing. If you're loading it manually with insmod from some random dir, you need exportfs first. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: vos unlock vldb errror
I'm upgrading all my servers - I'll confirm thanks ted On Fri, Jan 7, 2011 at 9:14 PM, Andrew Deason adea...@sinenomine.netwrote: On Fri, 7 Jan 2011 12:04:58 -0800 Ted Creedon tcree...@easystreet.net wrote: vos unlockvldb -server ookpik ffails Unlocked all the VLDB entries for volumes on server ookpik *** glibc detected *** vos: free(): invalid pointer: 0x0068e320 *** This patch should fix it: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=18d99e29056f63276209caec304ac17f4ea3c2f1 Want to confirm? -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
I'm upgrading all my servers: So far with /configure --enable-transarc-paths --enable-namei-fileserver --with-linux-kernel-headers=/usr/src/linux --enable-bitmap-later --enable-supergroups *** server redcloud kernel 2.6.27.7-9 compiles and installs but errors out Starting OpenAFS Server/usr/afs/bin/bosserver: error while loading shared libraries: librokenafs.so.1: cannot open shared object file: No such file or directory startproc: exit status of parent of /usr/afs/bin/bosserver: 127 ** server geronimo kernel 2.6.22.5-31 seems to compile and install but git carps make all usage: git-diff-index [-m] [--cached] [common diff options] tree-ish [path...] and a client error insmod: error inserting './libafs-2.6.22.5-31-default-ted.mp.ko': -1 Unknown symbol in module server ookpik kernel 2.6.27.7-9 seems to compile * run OK but (geronimo contains the RW volumes) Help is appreciated thanks tedc