Re: [OpenAFS] How to replicate files on different machines

[Jeffrey Altman]

Chris Huebsch wrote:
> Is there a free multi-master capable KRB-V Server available? Last time I
> had a look at Heimdal and MIT they were not.

Heimdal and MIT are not multi-master.  They could be made to be but
there has not been significant interest to make it happen.

> Last weekend I seriously considered replacing kaserver with KRB-V due to
> severe problems with saslauthd and pam_afs.so (segfaults...).
> 
> But after replacing my openladap with fedora-ds (which is multi-master)
> some time ago, I do not want to reintroduce a single point of failure to
> my systems.

MIT Kerberos 1.6 and higher and Heimdal support the use of LDAP database
backends.  If you have a multi-master LDAP backend, does that satisfy
your requirement?

Jeffrey Altman


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [OpenAFS] How to replicate files on different machines

[Chris Huebsch]

Hello,

On Tue, 19 Dec 2006, Jeffrey Hutzelman wrote:

If you're setting up a new cell, don't use the kaserver; it's deprecated, and 
for good reason.  Set up a real Kerberos realm instead, and then use 'kinit' 
to get Kerberos tickets followed by 'aklog' to get AFS tokens.


Is there a free multi-master capable KRB-V Server available? Last time I
had a look at Heimdal and MIT they were not.

Last weekend I seriously considered replacing kaserver with KRB-V due to
severe problems with saslauthd and pam_afs.so (segfaults...).

But after replacing my openladap with fedora-ds (wich is multi-master)
some time ago, I do not want to reintroduce a single point of failure to
my systems.

Thanks


Chris
--
 TU Chemnitz, Informatik, VSR  | Chemnitzer Linux-Tage 2007, 3.-4. Maerz
  Str. d. Nationen 62, B204| http://chemnitzer.linux-tage.de
   D-09107 Chemnitz|
+49 371 531-31118, Fax -831118 | http://www.huebsch-gemacht.de -> weblog
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replicate files on different machines

[Jeffrey Hutzelman]

On Tuesday, December 19, 2006 05:12:43 PM +0530 
[EMAIL PROTECTED] wrote:



I'm trying to use 'kinit' and 'aklog' to get admin tokens for accessing
the cell under /afs on my client machine. Though these are installed on
my machine, I'm not able to configure these, since I'm not able to find
the syntax for using 'aklog' in 1.4.2 documentation. As we use 'kas' tool
to create Authentication Database entries, which are later accessed by
'klog' command, is there any similar way to create entries for 'aklog'
and 'kinit'?


If you're setting up a new cell, don't use the kaserver; it's deprecated, 
and for good reason.  Set up a real Kerberos realm instead, and then use 
'kinit' to get Kerberos tickets followed by 'aklog' to get AFS tokens.


If you have an existing cell which uses the kaserver, then 'klog' is the 
correct command.  However, you still will not be able to see into a 
newly-created volume unless you obtain tokens for a user that exists in the 
PTS database and is a member of the system:administrators group.  Of 
course, if you have an existing cell, then you should already have at least 
one such user, and you should also have an existing root.cell volume which 
has a more permissive ACL.


-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replicate files on different machines

[shailesh_joshi]

Hi.

I'm trying to use 'kinit' and 'aklog' to get admin tokens for accessing the 
cell under /afs on my client machine.
Though these are installed on my machine, I'm not able to configure these, 
since I'm not able to find the syntax for using 'aklog' in 1.4.2 documentation.
As we use 'kas' tool to create Authentication Database entries, which are later 
accessed by 'klog' command, is there any similar way to create entries for 
'aklog' and 'kinit'?

Write now the output of these commands is as follows.

# aklog
aklog: Couldn't get ps1.pspl.co.in AFS tickets:
aklog: No credentials cache found while getting AFS tickets
#

# kinit
kinit(v5): Cannot resolve network address for KDC in requested realm while 
getting initial credentials
#

Regards,
Shailesh




Date: Tue 19 Dec 05:28:23 IST 2006
From: Jeffrey Hutzelman <[EMAIL PROTECTED]>
Subject: Re: [OpenAFS] How to replicate files on different machines


On Friday, December 15, 2006 11:56:07 AM +0530 
[EMAIL PROTECTED] wrote:

> I'm using OpenAFS 1.4.2 on Fedora 5.
> I want to replicate file(s) on 2 machines (both Fedora 5).
> How could this be achieved?
> Do I need to install OpenAFS server on both the machines, and if this is
> the requirement, how could the servers be synchronized?

Replication applies to whole volumes, not individual files, and requires an 
explicit "release" operation to cause changes to the read/write volume to 
be propagated to the read-only replicas.  AFS does not provide replication 
of read/write data.



> Write now I'm facing one other issue.
> I have installed server on 1st machine and client on 2nd machine (both
> Fedora 5). I have given the cell information for the server on 2nd
> machine in /usr/vice/etc/CellServDB, CellServDB.dist and ThisCell.
>
> However, when I start the client, the cell under /afs/ is not displayed
> as a directory.
>
># ls -l /afs/
> total 0
> ?- 0 root root 0 Jan  1  1970 ps2750.pspl.co.in

That is what the output from recent versions of 'ls' looks like when you 
don't have permission to access the file in question.  Most likely that is 
indeed a directory (actually, an AFS mount point), but since you have just 
set up a new cell, its contents are visible only to AFS administrators, and 
you don't have AFS admin tokens.  You will need to acquire tokens using 
tools like 'kinit' and 'aklog' before you can access that directory.

-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA


DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the 
individual or entity to which it is addressed. If you are not the intended 
recipient, you are not authorized to read, retain, copy, print, distribute or 
use this message. If you have received this communication in error, please 
notify the sender and delete all copies of this message. Persistent Systems 
Pvt. Ltd. does not accept any liability for virus infected mails.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replicate files on different machines

[Jeffrey Hutzelman]

On Friday, December 15, 2006 11:56:07 AM +0530 
[EMAIL PROTECTED] wrote:



I'm using OpenAFS 1.4.2 on Fedora 5.
I want to replicate file(s) on 2 machines (both Fedora 5).
How could this be achieved?
Do I need to install OpenAFS server on both the machines, and if this is
the requirement, how could the servers be synchronized?


Replication applies to whole volumes, not individual files, and requires an 
explicit "release" operation to cause changes to the read/write volume to 
be propagated to the read-only replicas.  AFS does not provide replication 
of read/write data.





Write now I'm facing one other issue.
I have installed server on 1st machine and client on 2nd machine (both
Fedora 5). I have given the cell information for the server on 2nd
machine in /usr/vice/etc/CellServDB, CellServDB.dist and ThisCell.

However, when I start the client, the cell under /afs/ is not displayed
as a directory.

# ls -l /afs/
total 0
?- 0 root root 0 Jan  1  1970 ps2750.pspl.co.in


That is what the output from recent versions of 'ls' looks like when you 
don't have permission to access the file in question.  Most likely that is 
indeed a directory (actually, an AFS mount point), but since you have just 
set up a new cell, its contents are visible only to AFS administrators, and 
you don't have AFS admin tokens.  You will need to acquire tokens using 
tools like 'kinit' and 'aklog' before you can access that directory.


-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replicate files on different machines

[Hartmut Reuter]

[EMAIL PROTECTED] wrote:

Hi.

I'm using OpenAFS 1.4.2 on Fedora 5. I want to replicate file(s) on 2
machines (both Fedora 5). How could this be achieved? Do I need to
install OpenAFS server on both the machines, and if this is the
requirement, how could the servers be synchronized?


Yes you need a fileserver on the second machine and you need to define
the replication side for each volume by using "vos addsite ...".
The synchronisation is acchieved by "vos release" for the volume.
This doesn't happen automatically, but you start some script via cron.




Write now I'm facing one other issue. I have installed server on 1st
machine and client on 2nd machine (both Fedora 5). I have given the
cell information for the server on 2nd machine in
/usr/vice/etc/CellServDB, CellServDB.dist and ThisCell.

However, when I start the client, the cell under /afs/ is not
displayed as a directory.

# ls -l /afs/ total 0 ?- 0 root root 0 Jan  1  1970
ps2750.pspl.co.in #

Hence I could not do any further file operations. Am I missing
something?


Did you start the afsd on the client with the option "-dynroot"?
Do you have a volume "root.cell" in your cell?
If both is true and your CellServDB and ThisCell information are correct
you should see your cell.

If you don't start afsd with "-dynroot" you need a volume "root.afs" and
inside it a mountpoint for your "root.cell" under the name of your cell.





Thanks and Regards, Shailesh Joshi 
___ OpenAFS-info mailing
list OpenAFS-info@openafs.org 
https://lists.openafs.org/mailman/listinfo/openafs-info



--
-
Hartmut Reuter   e-mail [EMAIL PROTECTED]
   phone +49-89-3299-1328
RZG (Rechenzentrum Garching)   fax   +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] How to replicate files on different machines

[shailesh_joshi]

Hi.

I'm using OpenAFS 1.4.2 on Fedora 5.
I want to replicate file(s) on 2 machines (both Fedora 5).
How could this be achieved?
Do I need to install OpenAFS server on both the machines, and if this is the 
requirement, how could the servers be synchronized?

Write now I'm facing one other issue.
I have installed server on 1st machine and client on 2nd machine (both Fedora 
5).
I have given the cell information for the server on 2nd machine in 
/usr/vice/etc/CellServDB, CellServDB.dist and ThisCell.

However, when I start the client, the cell under /afs/ is not displayed as a 
directory.

# ls -l /afs/
total 0
?- 0 root root 0 Jan  1  1970 ps2750.pspl.co.in
#

Hence I could not do any further file operations.
Am I missing something?

Thanks and Regards,
Shailesh Joshi
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info