2 # Copyright (C) 2000 by Sam Hartman
3 # This file may be copied either under the terms of the GNU GPL or the IBM Public License
4 # either version 2 or later of the GPL or version 1.0 or later of the IPL.
8 use OpenAFS::ConfigUtils;
13 use vars qw($admin $server $cellname $cachesize $part
14 $requirements_met $shutdown_needed $csdb);
15 my $rl = new Term::ReadLine('afs-newcell');
19 afs-newcell - Set up initial database server for AFS cell.
23 B<afs-newcell> [B<--requirements-met>] [B<--admin> admin_user] [B<--cellname> cellname] [B<--cachesize> size] [B<--partition> partition-letter]
28 This script sets up the initial AFS database and configures the first
29 database/file server. It also sets up an AFS cell's root volumes. It
30 assumes that you already have a fileserver and database servers. The
31 fileserver should have an empty root.afs. This script creates root.cell,
32 user, service and populates root.afs.
34 The B<requirements-met> option specifies that the initial requirements
35 have been met and that the script can proceed without displaying the
36 initial banner or asking for confirmation.
38 The B<admin> option specifies the name of the administrative user.
39 This user will be given system:administrators and susers permission in
42 The B<cellname> option specifies the name of the cell.
44 The B<cachesize> option specifies the size of the AFS cache.
48 Sam Hartman <hartmans@debian.org>
54 # mkvol(volume, mount)
57 run("$openafsdirpath->{'afssrvsbindir'}/vos create $server $part $vol -localauth");
58 unwind("$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part $vol -localauth");
59 run("$openafsdirpath->{'afssrvbindir'}/fs mkm $mnt $vol ");
60 run("$openafsdirpath->{'afssrvbindir'}/fs sa $mnt system:anyuser rl");
64 "requirements-met" => \$requirements_met,
65 "cellname=s" => \$cellname,
66 "cachesize=s" => \$cachesize,
67 "partition=s" => \$part,
68 "admin=s" => \$admin);
70 unless ($requirements_met) {
74 In order to set up a new AFS cell, you must meet the following:
76 1) You need a working Kerberos realm with Kerberos4 support. You
77 should install Heimdal with Kth-kerberos compatibility or MIT
80 2) You need to create the single-DES AFS key and load it into
81 $openafsdirpath->{'afsconfdir'}/KeyFile. If your cell's name is the same as
82 your Kerberos realm then create a principal called afs. Otherwise,
83 create a principal called afs/cellname in your realm. The cell
84 name should be all lower case, unlike Kerberos realms which are all
85 upper case. You can use asetkey from the openafs-krb5 package, or
86 if you used AFS3 salt to create the key, the bos addkey command.
88 3) This machine should have a filesystem mounted on /vicepa. If you
89 do not have a free partition, on Linux you can create a large file by using
90 dd to extract bytes from /dev/zero. Create a filesystem on this file
91 and mount it using -oloop.
93 4) You will need an administrative principal created in a Kerberos
94 realm. This principal will be added to susers and
95 system:administrators and thus will be able to run administrative
96 commands. Generally the user is a root instance of some administravie
97 user. For example if jruser is an administrator then it would be
98 reasonable to create jruser/root and specify jruser/root as the user
99 to be added in this script.
101 5) The AFS client must not be running on this workstation. It will be
102 at the end of this script.
106 $_ = $rl->readline("Do you meet these requirements? [y/n] ");
108 print "Run this script again when you meet the requirements\n";
113 die "This script should almost always be run as root. Use the --requirements-met option to run as non-root.\n";
116 open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
119 print "The AFS client is currently running on this workstation.\n";
120 print "Please restart this script after running $openafsinitcmd->{'client-stop'}\n";
123 if(m:^/afs on AFS:) {
124 print "The AFS client is currently running on this workstation.\n";
125 print "Please restart this script after running $openafsinitcmd->{'client-stop'}\n";
131 unless ( -f "$openafsdirpath->{'afsconfdir'}/KeyFile") {
132 print "You do not have an AFS keyfile. Please create this using asetkey from openafs-krb5 or
133 the bos addkey command";
137 print "If the fileserver is not running, this may hang for 30 seconds.\n";
138 run("$openafsinitcmd->{'filesrv-stop'}");
139 $server = `hostname`;
141 $admin = $rl->readline("What administrative principal should be used? ") unless $admin;
142 die "Please specify an administrative user\n" unless $admin;
145 die "The administrative user must be in the same realm as the cell and no realm may be specified.\n";
148 $cellname = $rl->readline("What cellname should be used? ") unless $cellname;
149 die "Please specify a cellname\n" unless $cellname;
151 if (! -f "$openafsdirpath->{'afsconfdir'}/ThisCell") {
152 open(CELL, "> $openafsdirpath->{'afsconfdir'}/ThisCell");
153 print CELL "${cellname}";
157 open(CELL, "$openafsdirpath->{'afsconfdir'}/ThisCell") or
158 die "Cannot open $openafsdirpath->{'afsconfdir'}/ThisCell: $!\n";
164 run( "echo \\>$lcell >$openafsdirpath->{'afsconfdir'}/CellServDB");
165 $csdb = `host $server|awk '{print $4 " #" $1}'`;
166 run( "echo $csdb >>$openafsdirpath->{'afsconfdir'}/CellServDB");
167 run("$openafsinitcmd->{'filesrv-start'}");
168 unwind("$openafsinitcmd->{'filesrv-stop'}");
169 $shutdown_needed = 1;
170 run ("$openafsdirpath->{'afssrvbindir'}/bos addhost $server $server -localauth ||true");
171 run("$openafsdirpath->{'afssrvbindir'}/bos adduser $server $admin -localauth");
172 unwind("$openafsdirpath->{'afssrvbindir'}/bos removeuser $server $admin -localauth");
173 if ( -f "$openafsdirpath->{'afsdbdir'}/prdb.DB0" ) {
174 die "Protection database already exists; cell already partially created\n";
176 open(PRDB, "|$openafsdirpath->{'afssrvsbindir'}/pt_util -p $openafsdirpath->{'afsdbdir'}/prdb.DB0 -w ")
177 or die "Unable to start pt_util: $!\n";
178 print PRDB "$admin 128/20 1 -204 -204\n";
179 print PRDB "system:administrators 130/20 -204 -204 -204\n";
180 print PRDB" $admin 1\n";
182 unwind( "rm $openafsdirpath->{'afsdbdir'}/prdb* ");
183 # Start up ptserver and vlserver
184 run("$openafsdirpath->{'afssrvbindir'}/bos create $server ptserver simple $openafsdirpath->{'afssrvlibexecdir'}/ptserver -localauth");
185 unwind("$openafsdirpath->{'afssrvbindir'}/bos delete $server ptserver -localauth");
187 run("$openafsdirpath->{'afssrvbindir'}/bos create $server vlserver simple $openafsdirpath->{'afssrvlibexecdir'}/vlserver -localauth");
188 unwind("$openafsdirpath->{'afssrvbindir'}/bos delete $server vlserver -localauth");
190 run( "$openafsdirpath->{'afssrvbindir'}/bos create $server fs fs ".
191 "-cmd $openafsdirpath->{'afssrvlibexecdir'}/fileserver ".
192 "-cmd $openafsdirpath->{'afssrvlibexecdir'}/volserver ".
193 "-cmd $openafsdirpath->{'afssrvlibexecdir'}/salvager -localauth");
194 unwind( "$openafsdirpath->{'afssrvbindir'}/bos delete $server fs -localauth ");
196 print "Waiting for database elections: ";
199 # Past this point we want to control when bos shutdown happens
200 $shutdown_needed = 0;
201 unwind( "$openafsdirpath->{'afssrvbindir'}/bos shutdown $server -localauth ");
202 run("$openafsdirpath->{'afssrvsbindir'}/vos create $server a root.afs -localauth");
205 $cachesize = $rl->readline("What size cache (in 1k blocks)? ") unless $cachesize;
206 die "Please specify a cache size\n" unless $cachesize;
208 run("echo $lcell >$openafsdirpath->{'viceetcdir'}/ThisCell");
209 run("cp $openafsdirpath->{'afsconfdir'}/CellServDB $openafsdirpath->{'viceetcdir'}/CellServDB");
210 run("echo /afs:/usr/vice/cache:${cachesize} >$openafsdirpath->{'viceetcdir'}/cacheinfo");
211 run("$openafsinitcmd->{'client-forcestart'}");
213 open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
219 unless ($afs_running) {
220 print "*** The AFS client failed to start.\n";
221 print "Please fix whatever problem kept it from running.\n";
224 unwind("$openafsinitcmd->{'client-stop'}");
227 $part = $rl ->readline("What partition? [a] ");
228 $part = "a" unless $part;
231 &OpenAFS::Auth::authadmin();
233 run("$openafsdirpath->{'afssrvbindir'}/fs sa /afs system:anyuser rl");
235 run("$openafsdirpath->{'afssrvsbindir'}/vos create $server $part root.cell -localauth");
236 unwind("$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part root.cell -localauth");
237 # We make root.cell s:anyuser readable after we mount in the next
239 open(CELLSERVDB, "$openafsdirpath->{'viceetcdir'}/CellServDB")
240 or die "Unable to open $openafsdirpath->{'viceetcdir'}/CellServDB: $!\n";
241 while(<CELLSERVDB>) {
243 if (/^>\s*([a-z0-9_\-.]+)/ ) {
244 run("$openafsdirpath->{'afssrvbindir'}/fs mkm /afs/$1 root.cell -cell $1 -fast");
245 unwind ("$openafsdirpath->{'afssrvbindir'}/fs rmm /afs/$1");
249 run("$openafsdirpath->{'afssrvbindir'}/fs sa /afs/$lcell system:anyuser rl");
250 run ("$openafsdirpath->{'afssrvbindir'}/fs mkm /afs/.$lcell root.cell -cell $lcell -rw");
251 unwind ("$openafsdirpath->{'afssrvbindir'}/fs rmm /afs/.$lcell");
252 run("$openafsdirpath->{'afssrvbindir'}/fs mkm /afs/.root.afs root.afs -rw");
253 unwind ("$openafsdirpath->{'afssrvbindir'}/fs rmm /afs/.root.afs");
255 mkvol( "user", "/afs/$lcell/user" );
256 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part user -localauth ");
258 mkvol( "service", "/afs/$lcell/service" );
259 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part service -localauth ");
261 mkvol( "rep", "/afs/$lcell/.replicated" );
262 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part rep -localauth ");
263 run( "$openafsdirpath->{'afssrvbindir'}/fs mkm /afs/$lcell/replicated rep.readonly " );
265 run( "$openafsdirpath->{'afssrvsbindir'}/vos addsite $server $part rep -localauth" );
266 run( "$openafsdirpath->{'afssrvsbindir'}/vos release rep -localauth" );
267 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part rep.readonly -localauth ");
269 mkvol( "unrep", "/afs/$lcell/unreplicated" );
270 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part unrep -localauth ");
272 $lcell =~ /^([^.]*)/;
274 run("ln -s /afs/$lcell /afs/$cellpart");
275 unwind ("rm /afs/$cellpart");
276 run( "ln -s /afs/.$lcell /afs/.$cellpart" );
277 unwind ("rm /afs/.$cellpart");
279 run( "$openafsdirpath->{'afssrvsbindir'}/vos addsite $server $part root.afs -localauth" );
280 run( "$openafsdirpath->{'afssrvsbindir'}/vos addsite $server $part root.cell -localauth" );
281 run( "$openafsdirpath->{'afssrvsbindir'}/vos release root.afs -localauth" );
282 run( "$openafsdirpath->{'afssrvsbindir'}/vos release root.cell -localauth" );
283 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part root.cell.readonly -localauth ");
284 unwind( "$openafsdirpath->{'afssrvsbindir'}/vos remove $server $part root.afs.readonly -localauth ");
290 # If we fail before all the instances are created, we need to perform
291 # our own bos shutdown
292 system("$openafsdirpath->{'afssrvbindir'}/bos shutdown $server -localauth") if $shutdown_needed;
293 run(pop @unwinds) while @unwinds;