RSS
 

Posts Tagged ‘openafs’

Remove Openafs Server from the VLDB

07 Dec

# vos changeaddr -remove -oldaddr SERVER_NAME

Removed server SERVER_NAME from the VLDB.

 
No Comments

Posted in Linux

 

OpenAFS 1.4.8 之後就支援大於 2TB 的磁區

05 Jun

之前我都用 Scientific Linux 預設的套件. 目前他們只有更新到 1.4.7 所以一直沒辦法用大於 2TB 的磁區. 最後還是自己compile比較新的 codes. 1.4.10 好感動. 終於看到正常的磁區了 :D 

# vos partinfo fileserver a
Free space on partition /vicepa: 6384571488 K blocks out of total 6384756940
# vos partinfo fileserver b
Free space on partition /vicepb: 3190493552 K blocks out of total 3190696956
 
No Comments

Posted in Linux

 

設定 OpenAFS 備份 Volume

20 Apr 
#vos addsite -server XXXXX3 -partition a -id root.afs
#vos release -id root.afs
#vos examine -i root.afs
root.afs                          536870912 RW          4 K  On-line
    XXXXX /vicepa
    RWrite  536870912 ROnly  536870913 Backup          0
    MaxQuota       5000 K
    Creation    Mon Feb  4 14:18:08 2008
    Copy        Mon Feb  4 14:18:08 2008
    Backup      Never
    Last Update Mon Feb  4 14:26:56 2008
    0 accesses in the past day (i.e., vnode references)

    RWrite: 536870912     ROnly: 536870913
    number of sites -> 3
       server XXXXX partition /vicepa RW Site
       server XXXXX2 partition /vicepa RO Site
       server XXXXX3 partition /vicepa RO Site
 
No Comments

Posted in Linux

 

設定 OpenAFS 快取的大小

03 Apr

如果我要設定2GB快取. 就修改 /etc/rc.d/init.d/afs 檔案.設定 $CACHESIZE 值為 2 * 1024 * 1024. 如下 :

# vi /etc/rc.d/init.d/afs
...(omit)
CACHEINFO=${CACHEINFO:-/usr/vice/etc/cacheinfo}
CACHE=${CACHEDIR:-/usr/vice/cache}
AFS=${AFSDIR:-/afs}
CACHESIZE=2097152
...(omit)
 
No Comments

Posted in Linux

 

設定 OpenAFS 加密

03 Apr

可以用 fs getcrypt 指令檢查目前你的 OpenAFS 是否有加密.

# fs getcrypt
Security level is currently clear.

如果出現上列訊息就代表沒加密.

可以使用 fs setcrypt on 指令加密.

# fs getcrypt
Security level is currently crypt (data security).

這樣就比較安心些 :)

當然如果你想每次開機都啟動妳可以寫在 init 下的 afs 的 $AFS_POST_INIT 變數內. 如下 :

# vi /etc/rc.d/init.d/afs
...(omit)
CACHEINFO=${CACHEINFO:-/usr/vice/etc/cacheinfo}
CACHE=${CACHEDIR:-/usr/vice/cache}
AFS=${AFSDIR:-/afs}
AFS_POST_INIT="/usr/bin/fs setcrypt on"
...(omit)

如果你使用Mac你就要改 /var/db/openafs/etc/config/afs.conf 檔案.

AFS_POST_INIT="/usr/bin/fs setcrypt on"
 
No Comments

Posted in Linux

 

設定蘋果上的 OpenAFS 自動執行 aklog

23 Jan

由於要使用 OpenAFS 所以必需在 Mac 上設定成 Kerberos 認證. 但是光有 Kerberos 認證密碼還不夠. 還要取得 afs 的認可. 通常可以在 Terminal 下打 aklog 的命令. 但是當使用者登入 Mac 後, 還要要求使用者打一個指令, 使用者會跳腳. 只好努力的問 Google 大師. 慶幸的是終於有突破了. 使用者不用在敲 aklog 就可以取得 afs token.

首先, 先去下載 http://www.ibiblio.org/macsupport/kerberos/10.4/afs-login.sh 這個 script. 主要讓使用者登入後再後置執行 aklog. 在蘋果上的設定是

sudo defaults write com.apple.loginwindow LoginHook /Library/Management/afs-login.sh

編輯 /etc/ttys 檔案

vi /etc/ttys

# Look for a line that reads:
#console “/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow” vt100 on secure window=/System/Library/CoreServices/WindowServer onoption=”/usr/libexec/getty std.9600″

# Edit this line so that it reads as follows (there are no breaks in this line):
#console “/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow -LoginHook /Library/Management/afs-login.sh” vt100 on secure window=/System/Library/CoreServices/WindowServer onoption=”/usr/libexec/getty std.9600″

這樣就可以了 :P 這個搞好久. 終於搞定 :D

HOWTO Get AFS token (aklog) Mac OS X after Login Kerberos?

To get afs token in Linux is quite easy. But, getting afs token in Mac OS X is very painful. After you login Kerberos in Mac OS X, you have to type “aklog” command to get your AFS token when you use OpenAFS. Otherwise, you have no permission to access OpenAFS files. This problem was stuck me for while. Finally, I found the solution. I asume you already have Kerberos servers ready and your Mac could talk with Kerveros servers.

You have to download this (http://www.ibiblio.org/macsupport/kerberos/10.4/afs-login.sh) script. In my case, I modified  the script as following:

########## Begin Script ##########

#!/bin/tcsh -f
############################ afs-login.sh ##########################
# Mike Bydalek | mbydalek at contentconnections com
# Use 'defaults write com.apple.loginwindow LoginHook' to make this
# script run upon user login.
####################################################################
# very minor mods by bil hays (bil_hays at unc edu)
############

### Description ###
#
# This script runs aklog for the particular user upon logging in
# to grab AFS tokens.

### Debug/testing sanity check ###
if ( $#argv < 1 ) then
echo "No user specified!"
exit 1
endif

### Script action ###
# We just need to run aklog
/usr/bin/aklog
su $1 -c /usr/bin/aklog

### Always exit with 0 status
exit 0

########## End Script ##########

After you got the script, you could put that script whatever you like. I prefer to put the script in /Library/Management directory. We also need to tell Mac OS X to do the Login Hook. Please see the following command :



sudo defaults write com.apple.loginwindow LoginHook /Library/Management/afs-login.sh


You also need to edit /etc/ttys file in order to make Login Hook functional.



vi /etc/ttys


# Look for a line that reads:
#console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on secure window=/System/Library/CoreServices/WindowServer onoption="/usr/libexec/getty std.9600"

# Edit this line so that it reads as follows (there are no breaks in this line):
#console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow -LoginHook /Library/Management/afs-login.sh" vt100 on secure window=/System/Library/CoreServices/WindowServer onoption="/usr/libexec/getty std.9600"

You could use "klist" command to check your tokens.

$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: USERNAME@XXXXX.EDU.TW

Valid Starting     Expires            Service Principal
01/23/09 16:11:42  02/22/09 16:11:42  krbtgt/XXXXX.EDU.TW@XXXXX.EDU.TW
	renew until 01/23/09 16:11:42
01/23/09 16:11:43  02/22/09 16:11:42  afs@XXXXX.EDU.TW
	renew until 01/23/09 16:11:42


References :
 
No Comments

Posted in Macintosh

 

turn off openafs server auto restart at sunday 4am settings

19 Jan 
[root@XXX ~]# bos setrestart -server XXX -time never -cell xxx.xxxxx.edu.tw
[root@XXX ~]# bos getrestart XXX
Server XXX restarts never
Server XXX restarts for new binaries at 5:00 am
 
No Comments

Posted in Linux

 

[openafs] copy acl of current directory to children directories.

13 Oct

find ./ -type d | sed -e ‘s/\ /\\\ /’ -e ‘s/\x27/\\\x27/’ | xargs -i fs copyacl -f . -t {}

 
2 Comments

Posted in Linux

 

create keytab for webserver

20 Aug

before, you should install kstart

[root@chat kstart-3.13]# ./configure KRB5_CONFIG=/etc/krb5.conf –with-aklog=/usr/bin/aklog –enable-setpag
[root@chat kstart-3.13]# make
[root@chat kstart-3.13]# make install

modify /etc/rc.d/init.d/httpd file:

from :

start() {
echo -n $”Starting $prog: ”
check13 || exit 1
LANG=$HTTPD_LANG daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

to :

start() {
echo -n $”Starting $prog: ”
check13 || exit 1
/usr/local/bin/k5start -b -l 1d -tUf /etc/httpd/conf/http.keytab — \
env LANG=$HTTPD_LANG $httpd $OPTIONS
#        LANG=$HTTPD_LANG daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

 
No Comments

Posted in Linux

 

設定使用者目錄 Sites 權限為 webservers 可讀寫

09 Jun

# ls /home/ | xargs -i find ‘{}’/Sites -type d | xargs -i fs setacl ‘{}’ webservers write
首先列出使用者目錄. 將該輸出傳到find找目錄的參數. 在將此輸出導到 fs 設定 ACL 讓 webservers 權限能寫. 前提, webservers必須先設置好存取群組.

 
No Comments

Posted in Linux

 
« Older Entries