Dear all,
we do maintain two CES clusters (CESA and CESB), and used to migrate
virtual IPs from one to the other when doing maintenance. This worked
great, but: now we have introduced kerberized NFSv4. In order to have
this same functionality, we thought of moving the SPNs corresponding to
the vIPs from one AD object to another, so for example
# Before the move:
CESA has nfs/ces-1.domain.com nfs/ces-2.domain.com
CESB has nfs/ces-3.domain.com
# After the move
CESA has nfs/ces-1.domain.com
CESB has nfs/ces-3.domain.com nfs/ces-2.domain.com
This kinda works out, but we do have troubles with the client credential
caches, in the sense that the NFS mount works again after we do:
kdestroy -c /var/lib/gssproxy/clients/krb5cc_0 && KRB5CCNAME=KCM:
kdestroy -A
Does anybody have a similar setup / usecase, or how do you manage e.g.
upgrades without downtime or multiple CES clusters?
Thanks for any insight!
cheers
leo
--
Paul Scherrer Institut
Dr. Leonardo Sala
Group Leader Data Analysis and Research Infrastructure
Group Leader Data Curation a.i.
Deputy Department Head Science IT Infrastructure and Services department
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland
Phone: +41 56 310 3369
[email protected]
www.psi.ch
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
