Quoting Derrick Brashear <[email protected]>:
I kind of follow what you're saying here. However: 1) CellServDB is "where are database servers" 2) what's in the VLDB is "where are the volumes" so just because it appeared in 1, well, that has nothing to do with 2. mantra: "solve the real problem"
Makes sense. Right now I think the real problem is my DNS configuration: externally, each AFS server's host name resolves only to its public IP address, internally to both its private and public IP addresses.
CellServDB on each host must list the addresses that the database servers are reachable at from *this* host. not what each believes their own address are. Make it so.
That would mean listing both its private IP address and its public IP address (which both resolve to the same name).
e.g. a db server behind a nat would list its internal address for itself; one outside a nat would list the external address which you are port forwarding from. The internal server would include in NetInfo as its first line: f (external address) e.g. f 8.8.8.8 if its external address was 8.8.8.8 then whatever internal address
I don't think the "f" option applies in my situation. My servers aren't behind a NAT: they each have a public IP address via PPP; their broadband CPEs act as modems only. Both route between the Internet and an internal network and both run an iptables firewall that includes a NAT.
NetRestrict could be used to mask unwanted addresses, *but* you probably want both addresses, the local and the external, so if there are these two only, mask none with NetRestrict.
So, in your opinion no NetRestrict file is necessary?
Now, as to fileservers, the same tip(s) with NetInfo/NetRestrict apply.
So far, I currently have a server NetInfo file with the external address only (you think that should include the internal address too?) and a NetRestrict file containing the address for the internal network (which I gather you think it should not).
Here, the CellServDB only *needs* to provide an address for at least one server, but ideally you still list, for each server, an address which reaches it.
Right not it contains only the external IP address for the other server, as well as it's own external IP address. The plan is to add an external address for a third server soon.
vos delentry is for a VLDB entry, not a server, so you didn't remove any server addresses from the VLDB with it. remsite removes a server for a volume. delentry removes a whole volume entry. ...
Considering what I've seen, that would explain things.
... changeaddr -remove removes an address but probably still isn't what you want. make the fileserver register the addresses you want (using netinfo and netrestrict), start it and let it register. all will be well.
I'll try again tomorrow. Thanks, Jaap _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
