Here's an old set of scripts I use for cold start: ##cleanup for the nth time.. Transarc path used to match IBM docs.
rm /usr/afs/db/* rm /usr/afs/logs/* rm /usr/afs/local/* rm /usr/afs/logs/* rm /usr/afs/logs/* rm -Rf /usr/vice/cache/* rm /usr/afs/etc/KeyFile rm /usr/afs/etc/UserList rm /usr/vice/etc/AFSLog rm /usr/vice/etc/CellServDB rm /usr/vice/etc/ThisCell cat /usr/afs/etc/CellServDB /usr/afs/etc/ThisCell /usr/afs/local/BosConfig usr/vice/etc/CellServDB /usr/vice/etc/ThisCell ##cat should be zilch.. #local server nome remote nanook export H='nanook.home.ted-doris.fam' export S='nome.home.ted-doris.fam' export C='home.ted-doris.fam' ##user gets to figure out how to make "home.ted-doris.fam" work on the internet.. #bos_users. - used for kas not KRB5 export bos_users='afs admin tedc administrator root test' #order is important because of UID, possibly #usersp_pts used for KRB5 pts & bos export pts_users='admin tedc Administrator root test' echo $S $C $H echo $bos_users echo $pts_users echo $id_pts echo $PASS bosserver -noauth& bos setcellname $S $C -noauth bos listhosts $S -noauth #bos create $S kaserver simple /usr/afs/bin/kaserver -cell $C -noauth bos create $S buserver simple /usr/afs/bin/buserver -cell $C -noauth bos create $S ptserver simple /usr/afs/bin/ptserver -cell $C -noauth bos create $S vlserver simple /usr/afs/bin/vlserver -cell $C -noauth #kas V4 users and roles if KRB4 is used #create in afs root tedc admin Administrator order #set up Kerberos 4 users and roles (admin) kas -cell $C -noauth create afs create root create tedc create admin examine afs examine admin setfields admin -flags admin # for root tedc admin Administrator quit kas -admin root # get into kas with admin privs ka> examine tedc ka>quit ##KRB5 principals If krb5 is used kadmin.local -q "addprinc [EMAIL PROTECTED]" #use same kvno as was created above.. kadmin.local -q "modprinc -kvno 2 [EMAIL PROTECTED]" ktutil ktutil: rkt /etc/krb5.keytab ktutil: l #delete old [EMAIL PROTECTED] keys ktutil: wrkt /etc/krb5.keytab ktutil: q kadmin.local -q "ktadd -k /etc/krb5.keytab -e des-cbc-crc:normal [EMAIL PROTECTED]" asetkey add 2 /etc/krb5.keytab afs #make /usr/afs/KeyFile keyfile_dump /usr/afs/etc/KeyFile #dumps KeyFile to stdout #shell scripts note order of users must match UID's. starts at 500 #kas create adds users to Authentication database use if KRB4 is used for i in $users ;do kas delete $i $PASS -noauth ;done for i in $users ;do kas create $i $PASS -noauth ;done for i in $users ;do kas setfields $i -flags admin -noauth ;done for i in $users ;do kas examine $i -noauth ;done ############################################# bos users #set up bos users for i in $bos_users; do bos adduser -user $i -server $S -cell $C -noauth; done #verify bos users bos listusers -server $S -cell $C -noauth OR bos adduser $S admin -cell $C -noauth bos addkey $S -kvno 0 -cell $C -noauth bos listkeys $S -cell $C -noauth ##HacksForOthers #do only if keys don't match (kvno's) ##kas -cell $C -noauth ## setpassword afs -kvno 1 ################################## pts users and roles grep admin /etc/passwd #get admin uid ## for i in $pts_users; do pts createuser -name $i -cell $C -noauth; done for i in $pts_sers; do pts adduser $i system:administrators -cell $C -noauth; done for i in $pts_users; do pts membership $i -cell $C -noauth; done ## pts createuser -name admin -cell $C -id 501 -noauth pts adduser admin system:administrators -cell $C -noauth pts membership admin -cell $C -noauth pts createuser -name tedc -cell $C -id 502 -noauth pts adduser tedc system:administrators -cell $C -noauth pts membership tedc -cell $C -noauth pts createuser -name Administrator -cell $C -id 503 -noauth pts adduser Administrator system:administrators -cell $C -noauth pts membership Administrator cell $C -noauth pts createuser -name root -cell $C -id 504 -noauth pts adduser root system:administrators -cell $C -noauth pts membership root -cell $C -noauth pts createuser -name test -cell $C -id 1100 -noauth pts adduser test system:administrators -cell $C -noauth pts membership test -cell $C -noauth #verify ############################################# bos restart $S -all -cell $C -noauth ps ax|grep afs #note servers running ##note don't use runntp, set -notimeset in /etc/sysconfig/afs-client if client and server are on same machine this is now the default #start file, volume servers, salvager bos create $S fs fs /usr/afs/bin/fileserver /usr/afs/bin/volserver /usr/afs/bin/salvager -cell $C -noauth bos status $S fs -long -noauth vos create $S /vicepa root.afs -cell $C -noauth fs setacl /afs system:anyuser rl vos syncvldb $S -cell $C -verbose -noauth vos syncserv $S -cell $C -verbose -noauth ## choose if first or second server machine ####################################### #Sync (main) SERVER SETUP bos create $S upserver simple "/usr/afs/bin/upserver -crypt /usr/afs/etc -clear /usr/afs/bin" -cell $C -noauth ####################################### END OF SERVER SETUP #1 for system controller ####################################### SUBSEQUENT SERVER SETUPS for slaves bos create $S upclientetc simple "/usr/afs/bin/upclient $H -crypt /usr/afs/etc" -cell $C -noauth bos create $S upclientbin simple "/usr/afs/bin/upclient $H -clear /usr/afs/bin" -cell $C -noauth ## Linux CLIENT SETUP insmod libafs #sometime cd /usr/vice/etc rm ThisCell cp /usr/afs/etc/ThisCell . rm CellServDB #insert entries for other servers in CellServDB cp /usr/afs/etc/CellServDB . #assuming /usr/vice is mounted on /dev/sdaxx as and ext3 filesystem mkdir /usr/vice/cache echo "/afs:/usr/vice/cache:100000" >/usr/vice/etc/cacheinfo ## memory or disk cache in afsd daemon call\ ## setup start scripts cp /data/afs-client /etc/init.d cp /data/afs-server /etc/init.d cp /data/afs-client.syscfg /etc/sysconfig/afs-client ## start servers&client /etc/init.d/afs-client stop /etc/init.d/afs-server stop /etc/init.d/afs-server start /etc/init.d/afs-client start ps ax|g afs kinit admin password: **** #check up klog admin tokens;pts membership tedc -cell $C -noauth bos status $S fs checkvolumes #root.afs previously created vos create $S /vicepa root.cell fs mkmount /afs/.$C root.cell -rw fs mkmount /afs/$C root.cell fs lsmount /afs/.$C fs lsmount /afs/$C vos addsite $S a root.afs vos addsite $S a root.cell vos release root.afs vos release root.cell fs setquota -path /afs/.$C -max 50000 fs setquota -path /afs/$C -max 50000 fs listquota -path /afs/.$C fs listquota -path /afs/$C # make RW mount point fs setacl /afs/$C system:anyuser rl fs setacl /afs/.$C system:authuser rw fs examine /afs fs examine /afs/.$C fs examine /afs/$C fs checkvolumes ##flush out fs examine /afs fs examine /afs/ fs examine /afs/.$C fs examine /afs/$C _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
