Doh, have found the answer myself:
# cat > /usr/afs/local/NetRestrict
192.168.1.254
192.168.2.254
^D
# bos restart -server phylo -all
# vos listaddrs
phylo.natur.cuni.cz
taxo5.natur.cuni.cz
#
http://www.eyrie.org/~eagle/tmp/openafs/5/sysid.html
Martin
Martin MOKREJŠ wrote:
Hi,
I am just following an old discussion on this list and have the
following problem on Gentoo linux with a server having 3 net interfaces.
AFS tries to use all of them. I gathered from the discussion it is
difficult to set up afs use different interfaces for different purposes.
OK, let's at least make it to ignore those two local interfaces:
# vos listaddrs
vsu_ClientInit: Could not get afs tokens, running unauthenticated.
phylo.natur.cuni.cz
192.168.1.254
192.168.2.254
taxo5.natur.cuni.cz
#
the first row points to the preferred interface (actually eth0), and the
last row points to another machine having only a single interface. The
addresses 192.168. are local interfaces eth1 and eth2. How can I get rid
of them?
# ls -la /usr/afs/local/sysid
-rw-r--r-- 1 root root 32 Mar 7 18:36 /usr/afs/local/sysid
# cat /usr/afs/local/NetInfo
195.113.57.18
#
How can I make sure openafs has picked up the file? I am using openafs
package made by Gentoo (1.4.0-r2) and it installs into different
directories (thus am not sure /usr/afs/local/NetInfo is picked up).
"vos changeaddr x.x.x.x -remove" did not help as it complains volumes
exist on the server (but listvldb shows them as being on the eth0 IP
address). :((
Thanks for any help.
Martin
Harald Barth wrote:
I have a server with 3 network interfaces. Can I use the server 3
interfaces
and put for some clients into CellServDB IP address of eth0 or eth1
or eth2 interface
respectively?
First there are the IP numbers of the vldb servers which should be
provided by DNS. You can have a different set on the inside and the
outside, but I would not recommend it. Then the vldb will tell the
client where to find the volume. As all vldbs will tell the same
answer to all clients, the ones that do not have connections to
the IP addrs that the vldb point to will loose (or first get a
timeout).
- AFS uses all addresses by enumerating the network devices found by
the kernel
- The smallest IP number _must_ be on the first device, otherwise
nothing works
- It depends on pure luck if the internal cluster IPs are published
to the outside, causing longish timeouts for client boot procedures.
It would be nice to be able to tell AFS exactly which IPs to use for
what.
You can restrict what interfaces AFS talks over by making a file called
NetInfo, one IP number per line, and putting that into the same
directory where you find your sysid file.
I don't think AFS can handle the whole "inside/outside" of todays
strange firewall policies very well. You can restrict AFS to one
"side", but trying to span a cell with some servers or interfaces
firewalled is just asking for a lot of work. I think I could pull
it off but I do not think I'd like it.
Harald.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Dr. Martin Mokrejs
Faculty of Science, Charles University
Vinicna 5, 128 43 Prague, Czech Republic
http://www.iresite.org
http://www.iresite.org/~mmokrejs
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
