Bug#322638: unwinding afs-newcell

Tue, 23 Aug 2005 22:10:08 -0700 


Hi,
I managed to screw up the config again, somehow. In this version, afs-newcell fails. However, I noticed something that seems worth pointing out. 

Note that when afs-newcell fails, and I run it again, I get the error

vos create riverside.dulci.biostat.duke.edu a root.afs -localauth
Volume root.afs already exists
Error in vos create command.
This is presumably left over from the previous invocation of afs-newcell. Can this be added to the unwinding? 

BTW, I'm not sure why I'm getting the

Error while creating system:administrators: Entry for id already exists

What does this mean?
I'm not bothering to clean up this version of the config, since I'm going to be running it shortly again anyway, and I only sent it because of this small point. 

                                                            Faheem.

*********************************************************************
riverside:/home/faheem# riverside:/home/faheem# riverside:/home/faheem# apt-get -q install openafs-dbserver openafs-krb5 krb5-admin-server 
Reading Package Lists...
Building Dependency Tree...
The following extra packages will be installed:
  krb5-config krb5-kdc krb5-user openafs-client openafs-fileserver
The following NEW packages will be installed:
  krb5-admin-server krb5-config krb5-kdc krb5-user openafs-client 
openafs-dbserver openafs-fileserver openafs-krb5
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/3275kB of archives.
After unpacking 7786kB of additional disk space will be used.
Do you want to continue? [Y/n]


Reading package fields... 0%
Reading package fields... 12% Reading package fields... 25% Reading package fields... 37% Reading package fields... 50% Reading package fields... 62% Reading package fields... 75% Reading package fields... 87% Reading package fields... Done
Reading package status... 0% Reading package status... 0% Reading package status... 12% Reading package status... 25% Reading package status... 37% Reading package status... 50% Reading package status... 62% Reading package status... 75% Reading package status... 87% Reading package status... Done
Retrieving bug reports... 0% [0/8] Retrieving bug reports... 0% [0/8] Retrieving bug reports... 12% [1/8] Retrieving bug reports... 25% [2/8] Retrieving bug reports... 37% [3/8] Retrieving bug reports... 50% [4/8] Retrieving bug reports... 62% [5/8] Retrieving bug reports... 75% [6/8] Retrieving bug reports... 87% [7/8] Retrieving bug reports... Done 
Preconfiguring packages ...
Configuring krb5-config
-----------------------

  When users attempt to use Kerberos and specify a principal or user
  name without specifying what administrative Kerberos realm that
  principal belongs to, the system appends the default realm.
  Normally default realm is the upper case version of the local DNS
  domain.

What is the default Kerberos version 5 realm? DULCI.BIOSTAT.DUKE.EDU


Configuring krb5-kdc
--------------------
By default, Kerberos4 requests are allowed from principals that do not require preauthentication. This allows Kerberos4 services to exist while requiring most users to use Kerberos5 clients to get their initial tickets. These tickets can then be converted to Kerberos4 tickets. Alternatively, the mode can be set to full, allowing Kerberos4 to get initial tickets even when preauthentication would normally be required, or to disable, which will disable all Kerberos4 support. 

  1. disable  2. full  3. nopreauth  4. none

Kerberos4 compatibility mode to use: 4 3


Configuring krb5-admin-server
-----------------------------

Setting up a Kerberos Realm
This package contains the administrative tools necessary to run on the Kerberos master server. However, installing this package does not automatically set up a Kerberos realm. Doing so requires entering passwords and as such is not well-suited for package installation. To create the realm, run the krb5_newrealm command. You may also wish to read /usr/share/doc/krb5-kdc/README.KDC and 
the administration guide found in the krb5-doc package.
Don't forget to set up DNS information so your clients can find your KDC and admin servers. Doing so is documented in the administration guide. 

Configuring openafs-client
--------------------------

AFS filespace is organized into cells or administrative domains. Each 
workstation belongs to one cell.  Usually the cell is the DNS
domain name of the site.

 What AFS cell does this workstation belong to? dulci.biostat.duke.edu
AFS uses an area of the disk to cache remote files for faster access. This cache will be mounted on /var/cache/openafs. It is important that the cache not overfill the partition it is located on. Often, people find it useful to dedicate a partition to their AFS cache. 

 How large is your AFS cache (kB)? 50000


/afs generally contains an entry for each cell that a client can talk to. 
Traditionally, these entries were generated by servers in
the client's home cell. However, OpenAFS clients can generate the contents of /afs dynamically based on the contents of /etc/openafs/CellServDB and DNS.
If you generate /afs dynamically, you may need to create /etc/openafs/CellAlias to include aliases for common cells. DO NOT SELECT THIS OPTION IF THIS MACHINE IS THE FIRST DATABASE SERVER IN A NEW CELL . 

Dynamically generate the contents of /afs? no


Selecting previously deselected package krb5-config.
(Reading database ... 81199 files and directories currently installed.)
Unpacking krb5-config (from .../krb5-config_1.6_all.deb) ...
Selecting previously deselected package krb5-user.
Unpacking krb5-user (from .../krb5-user_1.3.6-2sarge2_i386.deb) ...
Selecting previously deselected package krb5-kdc.
Unpacking krb5-kdc (from .../krb5-kdc_1.3.6-2sarge2_i386.deb) ...
Selecting previously deselected package krb5-admin-server.
Unpacking krb5-admin-server (from .../krb5-admin-server_1.3.6-2sarge2_i386.deb) 
...
Selecting previously deselected package openafs-client.
Unpacking openafs-client (from .../openafs-client_1.3.81-3sarge1_i386.deb) ...
Selecting previously deselected package openafs-fileserver.
Unpacking openafs-fileserver (from 
.../openafs-fileserver_1.3.81-3sarge1_i386.deb) ...
Selecting previously deselected package openafs-dbserver.
Unpacking openafs-dbserver (from .../openafs-dbserver_1.3.81-3sarge1_i386.deb) 
...
Selecting previously deselected package openafs-krb5.
Unpacking openafs-krb5 (from .../openafs-krb5_1.3-10.1_i386.deb) ...
Setting up krb5-config (1.6) ...
Configuring krb5-config
-----------------------

Enter the hostnames of Kerberos servers in the DULCI.BIOSTAT.DUKE.EDU Kerberos 
realm separated by spaces.

What are the Kerberos servers for your realm? 
riverside.dulci.biostat.duke.edu


Enter the hostname of the administrative (password changing) server for  the 
DULCI.BIOSTAT.DUKE.EDU  Kerberos realm.

What is the administrative  server for your Kerberos realm? 
riverside.dulci.biostat.duke.edu



Setting up krb5-user (1.3.6-2sarge2) ...
Setting up krb5-kdc (1.3.6-2sarge2) ...

Setting up krb5-admin-server (1.3.6-2sarge2) ...
Starting Kerberos Administration Servers: kadmind: No such file or directory 
while initializing, aborting
kadmind.

Setting up openafs-client (1.3.81-3sarge1) ...
Configuring openafs-client
--------------------------
AFS uses the file /etc/openafs/CellServDB to hold the list of servers that should be contacted to find parts of a cell. The cell you claim this workstation belongs to is not in that file. Enter the host names of the database servers separated by spaces. IMPORTANT: If you are creating a new cell and this machine is to be a database server in that cell, only enter this machine's name; add the other servers later after they are functioning. Also, do not enable the AFS client to start at boot on this server until the cell is configured. When you are ready you can edit /etc/openafs/afs.conf.client to enable the client. 

What hosts are DB servers for your home cell? riverside.duk lci.bo 
iostat.duke.ed  edu


Should the Openafs filesystem be started and mounted at boot? Normally, most 
users who install the openafs-client package expect to
run it at boot. However, if you are planning on setting up a new cell or are on a laptop, you may not want it started at boot time. If you choose not to start AFS at boot , run /etc/init.d/openafs-client force-start to start the client when you wish to run 
it.

Run Openafs client now and at boot? yes   no



Setting up openafs-fileserver (1.3.81-3sarge1) ...
Starting AFS Server: bosserver.

Setting up openafs-dbserver (1.3.81-3sarge1) ...
Setting up openafs-krb5 (1.3-10.1) ...
riverside:/home/faheem# krb5_newrealm
This script should be run on the master KDC/admin server to initialize
a Kerberos realm.  It will ask you to type in a master key password.
This password will be used to generate a key that is stored in
/etc/krb5kdc/stash.  You should try to remember this password, but it
is much more important that it be a strong password than that it be
remembered.  However, if you lose the password and /etc/krb5kdc/stash,
you cannot decrypt your Kerberos database.
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 
'DULCI.BIOSTAT.DUKE.EDU',
master key name 'K/[EMAIL PROTECTED]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: Re-enter KDC database master key to verify: create: Password mismatch while reading master key from keyboard riverside:/home/faheem# krb5_newrealm 
This script should be run on the master KDC/admin server to initialize
a Kerberos realm.  It will ask you to type in a master key password.
This password will be used to generate a key that is stored in
/etc/krb5kdc/stash.  You should try to remember this password, but it
is much more important that it be a strong password than that it be
remembered.  However, if you lose the password and /etc/krb5kdc/stash,
you cannot decrypt your Kerberos database.
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 
'DULCI.BIOSTAT.DUKE.EDU',
master key name 'K/[EMAIL PROTECTED]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: Re-enter KDC database master key to verify: Starting Kerberos KDC: krb5kdc krb524d. 
Starting Kerberos Administration Servers: kadmind.


Now that your realm is set up you may wish to create an administrative
principal using the addprinc subcommand of the kadmin.local program.
Then, this principal can be added to /etc/krb5kdc/kadm5.acl so that
you can use the kadmin program on other computers.  Kerberos admin
principals usually belong to a single user and end in /admin.  For
example, if jruser is a Kerberos administrator, then in addition to
the normal jruser principal, a jruser/admin principal should be
created.

Don't forget to set up DNS information so your clients can find your
KDC and admin servers.  Doing so is documented in the administration
guide.
riverside:/home/faheem# kadmin.local
Authenticating as principal faheem/[EMAIL PROTECTED] with password.
kadmin.local:  addprinc faheem/admin
WARNING: no policy specified for faheem/[EMAIL PROTECTED]; defaulting to no 
policy
Enter password for principal "faheem/[EMAIL PROTECTED]": Re-enter password for principal "faheem/[EMAIL PROTECTED]": Principal "faheem/[EMAIL PROTECTED]" created. 
kadmin.local:  addprinc faheem/admin
WARNING: no policy specified for [EMAIL PROTECTED]; defaulting to no policy
Enter password for principal "[EMAIL PROTECTED]": Re-enter password for principal "[EMAIL PROTECTED]": Principal "[EMAIL PROTECTED]" created. kadmin.local: kadmin.local: exit 
riverside:/home/faheem# kadmin.local
Authenticating as principal faheem/[EMAIL PROTECTED] with password.
kadmin.local:  addprinc -randkey -e des-cbc-crc:v4 afs
WARNING: no policy specified for [EMAIL PROTECTED]; defaulting to no policy
Principal "[EMAIL PROTECTED]" created.
kadmin.local:  ktd add      ktadd -k /tmp/afs.keytab -e 
des-cbc-crc:v4 afs
Entry for principal afs with kvno 3, encryption type DES cbc mode with CRC-32 
added to keytab WRFILE:/tmp/afs.keytab.
kadmin.local:   getprinc afs
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Tue Aug 23 22:42:53 EDT 2005
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Tue Aug 23 22:42:53 EDT 2005 (faheem/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 3, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
kadmin.local:  EXIT    exit
riverside:/home/faheem# asetkey add <kvno> /tmp/afs.keytab [EMAIL PROTECTED]
riverside:/home/faheem# cp /chre     
chrestomanci.homelinux.org:/tnp  mp/afsm           
                          
  ls
afs-newcell  cd.mp3               dead.letter  
dukevpn-4.6.00.0045-3.fc2.src.rpm  fastICA_1.1-5.tar.gz  screenlog.0
afs-rootvol  cluster-1.26.tar.gz  Desktop      fastICA                          
  mail                  XF86Config
riverside:/home/faheem# cp    which afs-ne ewcell
/usr/sbin/afs-newcell
riverside:/home/faheem# cp afs-newcell /usr/sbin/
riverside:/home/faheem# cp afs-newcell 
/usr/sbin/
afs-newcell afs-rootvol riverside:/home/faheem# cp afs- /usr/sbin/[EMAIL PROTECTED]@ootvol riverside:/home/faheem# umount /viec  cepa riverside:/home/faheem# mou   rm -rf /vie cepa/ 
riverside:/home/faheem#  dd if=/dev/zero of=/var/lib/openafs/vicepa bs=1024k 
count=
riverside:/home/faheem# afs-newcell
                            Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.

4) You will need an administrative principal created in a Kerberos
   realm.  This principal will be added to susers and
   system:administrators and thus will be able to run administrative
   commands.  Generally the user is a root or admin instance of some
   administravie user.  For example if jruser is an administrator then
   it would be reasonable to create jruser/root (or jruser/admin) and
   specify that as the user to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
   at the end of this script.

Do you meet these requirements? [y/n] y
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bos: could not find entry (can't find cell '<default>' in 
cell database)

bosserver.
What administrative principal should be used? fahem em/admin

/etc/openafs/server/CellServDB already exists, renaming to .old
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos adduser riverside.dulci.biostat.duke.edu faheem.admin -localauth
pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545
Ubik Version is: 2.0
Error while creating system:administrators: Entry for id already exists
pt_util: Ubik Version number changed during execution.
Old Version = 2.0, new version = 33554432.0
bos create riverside.dulci.biostat.duke.edu ptserver simple 
/usr/lib/openafs/ptserver -localauth
bos create riverside.dulci.biostat.duke.edu vlserver simple 
/usr/lib/openafs/vlserver -localauth
bos create riverside.dulci.biostat.duke.edu fs fs -cmd 
/usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd 
/usr/lib/openafs/salvager -localauth
Waiting for database elections: done.
vos create riverside.dulci.biostat.duke.edu a root.afs -localauth
Volume 536870912 created on partition /vicepa of 
riverside.dulci.biostat.duke.edu
/etc/init.d/openafs-client force-start
Starting AFS services: fs: Input/output error
.
The AFS client failed to start.
Please fix whatever problem kept it from running.
bos shutdown riverside.dulci.biostat.duke.edu -localauth
bos delete riverside.dulci.biostat.duke.edu fs -localauth
bos delete riverside.dulci.biostat.duke.edu vlserver -localauth
bos delete riverside.dulci.biostat.duke.edu ptserver -localauth
rm /var/lib/openafs/db/prdb*
bos removeuser riverside.dulci.biostat.duke.edu faheem.admin -localauth
riverside:/home/faheem# afs-newcell
                            Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.

4) You will need an administrative principal created in a Kerberos
   realm.  This principal will be added to susers and
   system:administrators and thus will be able to run administrative
   commands.  Generally the user is a root or admin instance of some
   administravie user.  For example if jruser is an administrator then
   it would be reasonable to create jruser/root (or jruser/admin) and
   specify that as the user to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
   at the end of this script.

Do you meet these requirements? [y/n] y
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bosserver.
What administrative principal should be used? faheem/admin

/etc/openafs/server/CellServDB already exists, renaming to .old
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos adduser riverside.dulci.biostat.duke.edu faheem.admin -localauth
pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545
Ubik Version is: 2.0
Error while creating system:administrators: Entry for id already exists
pt_util: Ubik Version number changed during execution.
Old Version = 2.0, new version = 33554432.0
bos create riverside.dulci.biostat.duke.edu ptserver simple 
/usr/lib/openafs/ptserver -localauth
bos create riverside.dulci.biostat.duke.edu vlserver simple 
/usr/lib/openafs/vlserver -localauth
bos create riverside.dulci.biostat.duke.edu fs fs -cmd 
/usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd 
/usr/lib/openafs/salvager -localauth
Waiting for database elections: done.
vos create riverside.dulci.biostat.duke.edu a root.afs -localauth
Volume root.afs already exists
Error in vos create command.
Failed: 65280
bos shutdown riverside.dulci.biostat.duke.edu -localauth
bos delete riverside.dulci.biostat.duke.edu fs -localauth
bos delete riverside.dulci.biostat.duke.edu vlserver -localauth
bos delete riverside.dulci.biostat.duke.edu ptserver -localauth
rm /var/lib/openafs/db/prdb*
bos removeuser riverside.dulci.biostat.duke.edu faheem.admin -localauth
riverside:/home/faheem# afs-newcellafs-newcell~ 
exit
exit
 bs=1024
32+0 records in
32+0 records out
33554432 bytes transferred in 0.090458 seconds (370939797 bytes/sec)
riverside:/home/faheem# mke2fs -e /var/lib/openafs/vicepa
mke2fs 1.37 (21-Mar-2005)
/var/lib/openafs/vicepa is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
8192 inodes, 32768 blocks
1638 blocks (5.00%) reserved for the super user
First data block=1
4 block groups
8192 blocks per group, 8192 fragments per group
2048 inodes per group
Superblock backups stored on blocks:
        8193, 24577
Writing inode tables: 0/41/42/43/4done Creating journal (4096 blocks): done 
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
riverside:/home/faheem#  mkdir /vicepa
riverside:/home/faheem# mount -oloop /var/lib/openafs/vicepa /vicepa
riverside:/home/faheem# afs-newcell
                            Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.

4) You will need an administrative principal created in a Kerberos
   realm.  This principal will be added to susers and
   system:administrators and thus will be able to run administrative
   commands.  Generally the user is a root or admin instance of some
   administravie user.  For example if jruser is an administrator then
   it would be reasonable to create jruser/root (or jruser/admin) and
   specify that as the user to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
   at the end of this script.

Do you meet these requirements? [y/n] y
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bos: could not find entry (can't find cell '<default>' in 
cell database)

bosserver.
What administrative principal should be used? fahem em/admin

/etc/openafs/server/CellServDB already exists, renaming to .old
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos adduser riverside.dulci.biostat.duke.edu faheem.admin -localauth
pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545
Ubik Version is: 2.0
Error while creating system:administrators: Entry for id already exists
pt_util: Ubik Version number changed during execution.
Old Version = 2.0, new version = 33554432.0
bos create riverside.dulci.biostat.duke.edu ptserver simple 
/usr/lib/openafs/ptserver -localauth
bos create riverside.dulci.biostat.duke.edu vlserver simple 
/usr/lib/openafs/vlserver -localauth
bos create riverside.dulci.biostat.duke.edu fs fs -cmd 
/usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd 
/usr/lib/openafs/salvager -localauth
Waiting for database elections: done.
vos create riverside.dulci.biostat.duke.edu a root.afs -localauth
Volume 536870912 created on partition /vicepa of 
riverside.dulci.biostat.duke.edu
/etc/init.d/openafs-client force-start
Starting AFS services: fs: Input/output error
.
The AFS client failed to start.
Please fix whatever problem kept it from running.
bos shutdown riverside.dulci.biostat.duke.edu -localauth
bos delete riverside.dulci.biostat.duke.edu fs -localauth
bos delete riverside.dulci.biostat.duke.edu vlserver -localauth
bos delete riverside.dulci.biostat.duke.edu ptserver -localauth
rm /var/lib/openafs/db/prdb*
bos removeuser riverside.dulci.biostat.duke.edu faheem.admin -localauth
riverside:/home/faheem# afs-newcell
                            Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.

4) You will need an administrative principal created in a Kerberos
   realm.  This principal will be added to susers and
   system:administrators and thus will be able to run administrative
   commands.  Generally the user is a root or admin instance of some
   administravie user.  For example if jruser is an administrator then
   it would be reasonable to create jruser/root (or jruser/admin) and
   specify that as the user to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
   at the end of this script.

Do you meet these requirements? [y/n] y
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bosserver.
What administrative principal should be used? faheem/admin

/etc/openafs/server/CellServDB already exists, renaming to .old
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos adduser riverside.dulci.biostat.duke.edu faheem.admin -localauth
pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545
Ubik Version is: 2.0
Error while creating system:administrators: Entry for id already exists
pt_util: Ubik Version number changed during execution.
Old Version = 2.0, new version = 33554432.0
bos create riverside.dulci.biostat.duke.edu ptserver simple 
/usr/lib/openafs/ptserver -localauth
bos create riverside.dulci.biostat.duke.edu vlserver simple 
/usr/lib/openafs/vlserver -localauth
bos create riverside.dulci.biostat.duke.edu fs fs -cmd 
/usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd 
/usr/lib/openafs/salvager -localauth
Waiting for database elections: done.
vos create riverside.dulci.biostat.duke.edu a root.afs -localauth
Volume root.afs already exists
Error in vos create command.
Failed: 65280
bos shutdown riverside.dulci.biostat.duke.edu -localauth
bos delete riverside.dulci.biostat.duke.edu fs -localauth
bos delete riverside.dulci.biostat.duke.edu vlserver -localauth
bos delete riverside.dulci.biostat.duke.edu ptserver -localauth
rm /var/lib/openafs/db/prdb*
bos removeuser riverside.dulci.biostat.duke.edu faheem.admin -localauth
riverside:/home/faheem# afs-newcellafs-newcell~ 
exit
exit


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to