welcome: please sign in

Diff for "MemberManual/TransferringFiles/OpenAFS/Debian"

Differences between revisions 5 and 20 (spanning 15 versions)
Revision 5 as of 2007-11-11 23:49:34
Size: 2487
Comment: using afs didn't work for me as advertised, removed portion in preference for other
Revision 20 as of 2011-03-03 08:30:50
Size: 4378
Editor: ClintonEbadi
Comment: note: look back at this after testing a fresh kerberos install to see if it can be used without any configuration
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from MemberManual/TransferringFiles/OpenAFS/DebianClient
Line 5: Line 6:
[[TableOfContents]] <<TableOfContents>>
Line 11: Line 12:
sudo aptitude install openafs-client aptitude install openafs-client
Line 17: Line 18:
 * The default value for "Size of AFS cache in kB" is okay. You can
 
increase the cache size if you want.
 * The default value for "Size of AFS cache in kB" is okay. You can increase the cache size if you want.
Line 20: Line 20:
 * DB server host names for your home cell: `deleuze.hcoop.net`  * DB server host names for your home cell: `afs.hcoop.net`
Line 22: Line 22:
You may need to run `dpkg-reconfigure openafs-client` to get asked all of these questions.
Line 28: Line 29:
sudo aptitude install module-assistant
sudo module-assistant prepare
sudo module-assistant install openafs-modules
aptitude install module-assistant
module-assistant prepare
module-assistant auto-install openafs
Line 33: Line 34:
OpenAFS's cache is located at /var/cache/openafs, and it must be on an ext2 or ext3 filesystem. If /var/cache is not on an ext2 or ext3 filesystem, you'll need to mount an ext2 or ext3 filesystem at /var/cache/openafs. OpenAFS cache does not work well, if at all, on ReiserFS systems. OpenAFS's cache is located at /var/cache/openafs, and it must be on an ext2, ext3 or ext4 filesystem. If /var/cache is not on an ext2, ext3 or ext4 filesystem, you'll need to mount an ext2, ext3 or ext4 filesystem at /var/cache/openafs. OpenAFS cache does not work well, if at all, on ReiserFS systems.
Line 37: Line 38:
sudo /etc/init.d/openafs-client restart /etc/init.d/openafs-client restart
Line 45: Line 46:
sudo aptitude install openafs-krb5 krb5-user aptitude install openafs-krb5 krb5-user
Line 48: Line 49:
The default Kerberos version 5 realm can be HCOOP.NET, and
deleuze.hcoop.net will be both the Kerberos server for your realm and
the administrative server for your realm.
{{{#!wiki note
You may not need to set anything other than the default realm--everything else should be fetched automatically through DNS.
Line 52: Line 52:
Default Kerberos version 5 realm: `HCOOP.NET`
Kerberos servers for your realm: `deleuze.hcoop.net`
Administrative server for your Kerberos realm: `deleuze.hcoop.net`
It does not, however, hurt to hard code these settings since they are unlikely to ever change.
}}}
Line 56: Line 55:
 * Default Kerberos version 5 realm: `HCOOP.NET`
 * Kerberos servers for your realm: `kerberos.hcoop.net`
 * Administrative server for your Kerberos realm: `kerberos.hcoop.net`
Line 57: Line 59:
If you are using Ubuntu Hardy, you might also need to add the following to your {{{/etc/krb5.conf}}} file, in the {{{[domain_realm]}}} section. It gets rid of a pesky warning.

{{{
        hcoop.net = HCOOP.NET
        .hcoop.net = HCOOP.NET
}}}

On Debian unstable, you may need to add `allow_weak_crypto = true` to the libdefaults section of `/etc/krb5.conf`.

----
''What, exactly, is the relevant contents of {{{/etc/krb5.conf}}}? As a Gentoo user I'm not asked the configuration questions at install, but instead need to edit this file manually.''
----
Line 72: Line 86:

= Troubleshooting =

== ReiserFS ==

First, if you are using ReiserFS, the AFS daemon will simply refuse to work because it cannot use that filesystem for its cache. If the daemon doesn't run, you'll get a puzzling error message that might make you think you have a firewall problem.

To get the daemon to work, edit the `/etc/openafs/afs.conf` to make it use the memory cache. It is said to be less stable than the hard disk cache. The {{{README.Debian}}} file also suggests creating a loopback ext2 filesystem for the cache.

== Konqueror ==

Konqueror simply hangs when trying to browse {{{/afs}}} with the default CellServerDB. This happens because it is trying to access AFS volumes it doesn't have access to or that are not accessible, and hangs indefinitely. There is a lot of cells pre-configured in the Debian package, and probably some of them are not valid or not accessible. Once the content of {{{/etc/openafs/CellServerDB}}} has been erased of everything except for the hcoop.net entry, browsing {{{/afs}}} with Konqueror should work.
----
CategoryNeedsWork

This is the chapter of the MemberManual that describes how to install and configure OpenAFS Client on Debian based systems. These instructions were adapted from HCoop user bpt's instructions.

OpenAFS Client Installation

aptitude install openafs-client

Answer the configuration questions as follows:

  • AFS cell this workstation belongs to: hcoop.net

  • The default value for "Size of AFS cache in kB" is okay. You can increase the cache size if you want.
  • Dynamically generate the contents of /afs? Yes
  • DB server host names for your home cell: afs.hcoop.net

  • Run Openafs client now and at boot? Yes

You may need to run dpkg-reconfigure openafs-client to get asked all of these questions.

Kernel Module Installation

OpenAFS requires a kernel module, and Debian does not provide third-party kernel modules as binary packages. Module-assistant can download, compile, and install kernel modules for you. Install that, then install the OpenAFS module:

aptitude install module-assistant
module-assistant prepare
module-assistant auto-install openafs

OpenAFS's cache is located at /var/cache/openafs, and it must be on an ext2, ext3 or ext4 filesystem. If /var/cache is not on an ext2, ext3 or ext4 filesystem, you'll need to mount an ext2, ext3 or ext4 filesystem at /var/cache/openafs. OpenAFS cache does not work well, if at all, on ReiserFS systems.

Restart OpenAFS:

/etc/init.d/openafs-client restart

Now you should be able to see files in /afs/hcoop.net, but you won't have any AFS tokens. So let's install some Kerberos packages.

Kerberos Installation

aptitude install openafs-krb5 krb5-user

You may not need to set anything other than the default realm--everything else should be fetched automatically through DNS.

It does not, however, hurt to hard code these settings since they are unlikely to ever change.

  • Default Kerberos version 5 realm: HCOOP.NET

  • Kerberos servers for your realm: kerberos.hcoop.net

  • Administrative server for your Kerberos realm: kerberos.hcoop.net

If you are using Ubuntu Hardy, you might also need to add the following to your /etc/krb5.conf file, in the [domain_realm] section. It gets rid of a pesky warning.

        hcoop.net = HCOOP.NET
        .hcoop.net = HCOOP.NET

On Debian unstable, you may need to add allow_weak_crypto = true to the libdefaults section of /etc/krb5.conf.


What, exactly, is the relevant contents of /etc/krb5.conf? As a Gentoo user I'm not asked the configuration questions at install, but instead need to edit this file manually.


Using AFS

Typically, to gain access to your HCoop AFS share, do the following on your local system:

kinit user@HCOOP.NET
aklog -c hcoop.net

Be sure that the openafs module is loaded or there will be errors. The tickets gained will last up to 10 hours but can be renewed with krenew for up to 8 days. Here's a common use:

krenew -K 30 -t

See the krenew man page to learn what these options are doing.

Troubleshooting

ReiserFS

First, if you are using ReiserFS, the AFS daemon will simply refuse to work because it cannot use that filesystem for its cache. If the daemon doesn't run, you'll get a puzzling error message that might make you think you have a firewall problem.

To get the daemon to work, edit the /etc/openafs/afs.conf to make it use the memory cache. It is said to be less stable than the hard disk cache. The README.Debian file also suggests creating a loopback ext2 filesystem for the cache.

Konqueror

Konqueror simply hangs when trying to browse /afs with the default CellServerDB. This happens because it is trying to access AFS volumes it doesn't have access to or that are not accessible, and hangs indefinitely. There is a lot of cells pre-configured in the Debian package, and probably some of them are not valid or not accessible. Once the content of /etc/openafs/CellServerDB has been erased of everything except for the hcoop.net entry, browsing /afs with Konqueror should work.


CategoryNeedsWork

MemberManual/TransferringFiles/OpenAFS/Debian (last edited 2019-01-07 13:36:57 by BjörnLindström)