Script started on Tue Jan 15 13:58:01 2002
[papadoc.root]# dpkg -l | grep afs
ii  openafs-module 1.2.2-2+1.00.C The AFS distributed filesystem- Kernel Modul
[papadoc.root]# lsmod
Module                  Size  Used by
softdog                 2564   2  (autoclean)
rtc                     7288   0  (autoclean)
ipt_REJECT              3680  15  (autoclean)
iptable_filter          2624   0  (autoclean) (unused)
loop                   10192   0  (autoclean)
serial                 48576   0  (autoclean)
autofs4                11652   1 
ip_tables              16128   2  [ipt_REJECT iptable_filter]
unix                   18756  32  (autoclean)
[papadoc.root]# kadmin.local -q 'getprincs' | grep -i afs
afs@BAYOUR.COM
[papadoc.root]# kadmin.local -q 'getprincs' | grep -i turbo
Authenticating as principal turbo/admin@BAYOUR.COM with password.
turbo@BAYOUR.COM
[papadoc.root]# kadmin.local -q 'getprinc turbo'
Authenticating as principal turbo/admin@BAYOUR.COM with password.
Principal: turbo@BAYOUR.COM
Expiration date: [never]
Last password change: Fri Nov 16 22:38:24 CET 2001
Password expiration date: [none]
Maximum ticket life: 0 days 04:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Nov 16 22:38:24 CET 2001 (turbo/admin@BAYOUR.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 6
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
[papadoc.root]# apt-get -q install openafs-dbserver openafs-krb5 libpam-openafs-session
Reading Package Lists...
Building Dependency Tree...
The following extra packages will be installed:
  openafs-client openafs-fileserver 
The following NEW packages will be installed:
  libpam-openafs-session openafs-client openafs-dbserver openafs-fileserver openafs-krb5 
0 packages upgraded, 5 newly installed, 0 to remove and 0  not upgraded.
Need to get 8598B/2092kB of archives. After unpacking 4788kB will be used.
Do you want to continue? [Y/n] 
Get:1 ftp://papadoc.bayour.com LDAPv3-Take3/. libpam-openafs-session 1.0-3 [8598B]
Fetched 8598B in 1s (6456B/s)
Preconfiguring packages ...
Configuring Openafs-client
--------------------------

  AFS filespace is organized into cells or administrative domains.
  Each workstation belongs to one cell.  Usually the cell is the DNS
  domain name of the site.

[4m What AFS cell does this workstation belong to? [24mbayour.com

  AFS uses a  area of the disk to cache remote files for faster
  access.  This cache will be mounted on /var/cache/openafs.  It is
  important that the cache not overfill the partition it is located
  on.  Often, people find it useful to dedicate a partition to their
  AFS cache.

[4m How large is your AFS cache (kb)? [24m50000[K

Should the Openafs filesystem be started and mounted at boot? Normally, most users who install the openafs-client package expect to
run it at boot.  However, if you are planning on setting up a new cell or are on a laptop, you may not want it started at boot
time. If you answer no to this question, run /etc/init.d/openafs-client force-start to run.

[4mRun Openafs client now and at boot? [24mno

In order to contact an AFS cell, you need the IP addresses of the cell's database servers.  Normally, this information is read from
/etc/openafs/CellServDB.  However, if Openafs cannot find a cell in that file it can use DNS to look for AFSDB records that contain
the information.

[4mLook up AFS cells in DNS? [24myes

Configuring Openafs-fileserver
------------------------------

AFS fileservers belong to a cell.  They have the key for that cell's Kerberos service and serve volumes into that cell.  Normally,
this cell is the same cell as the workstation's client belongs to.

[4mWhat cell does this server serve files for? [24mbayour.com

Selecting previously deselected package openafs-krb5.
(Reading database ... 71355 files and directories currently installed.)
Unpacking openafs-krb5 (from .../openafs-krb5_1.3-7_i386.deb) ...
Selecting previously deselected package openafs-client.
Unpacking openafs-client (from .../openafs-client_1.2.2-2_i386.deb) ...
Selecting previously deselected package libpam-openafs-session.
Unpacking libpam-openafs-session (from .../libpam-openafs-session_1.0-3_i386.deb) ...
Selecting previously deselected package openafs-fileserver.
Unpacking openafs-fileserver (from .../openafs-fileserver_1.2.2-2_i386.deb) ...
Selecting previously deselected package openafs-dbserver.
Unpacking openafs-dbserver (from .../openafs-dbserver_1.2.2-2_i386.deb) ...
Setting up openafs-krb5 (1.3-7) ...

Setting up openafs-client (1.2.2-2) ...
Configuring Openafs-client
--------------------------

AFS uses the file /etc/openafs/CellServDB to hold the list of servers that should be contacted to find parts of a cell.  The cell
you claim this workstation belongs to is not in that file.  Enter the host names of the database servers separated by spaces.
IMPORTANT: If you are creating a new cell and this machine is to be a database server in that cell, only enter this machine's name;
add the other servers later after they are functioning. Also, do not enable the AFS client to start at boot on this server until
the cell is configured.  When you are ready you can edit /etc/openafs/afs.conf.client to enable the client.

[4mWhat hosts are DB servers for your home cell? [24mpapadoc

Warning: loading /lib/modules/2.4.14-xfs2/fs/openafs.mp.o will taint the kernel: no license
Warning: loading /lib/modules/2.4.14-xfs2/fs/openafs.mp.o will taint the kernel: forced load

Setting up libpam-openafs-session (1.0-3) ...

Setting up openafs-fileserver (1.2.2-2) ...
Starting AFS Server: bosserver.

Setting up openafs-dbserver (1.2.2-2) ...

[papadoc.root]# ll /etc/krb5.keytab.afs
-rw-------    1 root     root           46 Jan 15 13:46 /etc/krb5.keytab.afs
[papadoc.root]# asetkey add 4 /etc/krb5.keytab.afs afs
[papadoc.root]# mount
/dev/sdd1 on / type xfs (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sdd2 on /tmp type xfs (rw)
/dev/sdd5 on /usr type xfs (rw)
/dev/sdd6 on /var type xfs (rw)
/dev/sdd7 on /vicepa type xfs (rw)
/dev/sdg2 on /home type xfs (rw)
/dev/sdh1 on /usr/local type xfs (rw)
/dev/vg1/lv1 on /home/system type xfs (rw)
automount(pid320) on /mnt type autofs (rw,fd=5,pgrp=320,minproto=2,maxproto=3)
[papadoc.root]# ls /vicepa/
[papadoc.root]# cd /vicepa/
[papadoc.root]# mklost+found 
mklost+found 1.25 (20-Sep-2001)
[papadoc.root]# ls
lost+found/
[papadoc.root]# pwd
/vicepa
[papadoc.root]# cd
[papadoc.root]# pwd
/root
[papadoc.root]# afs-newcell
			    Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.  

4) You will need an administrative principal created in a Kerberos
realm.  This principal will be added to susers and
system:administrators and thus will be able to run administrative
commands.  Generally the user is a root instance of some administravie
user.  For example if jruser is an administrator then it would be
reasonable to create jruser/root and specify jruser/root as the user
to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
at the end of this script.

[4mDo you meet these requirements? [y/n] [24my
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bosserver.
[4mWhat administrative principal should be used? [24mturbo
echo \>bayour.com >/etc/openafs/server/CellServDB
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos addhost papadoc papadoc -localauth ||true
bos adduser papadoc turbo -localauth
pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545
Ubik Version is: 2.0
Error while creating system:administrators: Entry for id already exists
pt_util: Ubik Version number changed during execution.
Old Version = 2.0, new version = 33554432.0
bos create papadoc ptserver simple /usr/lib/openafs/ptserver -localauth
bos create papadoc vlserver simple /usr/lib/openafs/vlserver -localauth
bos create papadoc fs fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -localauth
Waiting for database elections: done.
vos create papadoc a root.afs -localauth
Volume 536870912 created on partition /vicepa of papadoc
echo bayour.com >/etc/openafs/ThisCell
/etc/init.d/openafs-client force-start
Starting AFS services: afsd: All AFS daemons started.
 afsd.
Now, get tokens as turbo in the bayour.com cell.  Then, run
afs-rootvol.
[papadoc.root]# mount
/dev/sdd1 on / type xfs (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sdd2 on /tmp type xfs (rw)
/dev/sdd5 on /usr type xfs (rw)
/dev/sdd6 on /var type xfs (rw)
/dev/sdd7 on /vicepa type xfs (rw)
/dev/sdg2 on /home type xfs (rw)
/dev/sdh1 on /usr/local type xfs (rw)
/dev/vg1/lv1 on /home/system type xfs (rw)
automount(pid320) on /mnt type autofs (rw,fd=5,pgrp=320,minproto=2,maxproto=3)
AFS on /afs type afs (rw)
[papadoc.root]# ls /afs/
/bin/ls: /afs/: Permission denied
[papadoc.root]# klist 
Ticket cache: FILE:/tmp/krb5cc_0.1
Default principal: turbo@BAYOUR.COM

Valid starting     Expires            Service principal
01/15/02 13:56:41  01/15/02 17:56:41  host/papadoc.bayour.com@BAYOUR.COM
01/15/02 13:56:41  01/15/02 17:56:41  krbtgt/BAYOUR.COM@BAYOUR.COM


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[papadoc.root]# aklog bayour.com -k BAYOUR.COM
[papadoc.root]# klist
Ticket cache: FILE:/tmp/krb5cc_0.1
Default principal: turbo@BAYOUR.COM

Valid starting     Expires            Service principal
01/15/02 13:56:41  01/15/02 17:56:41  host/papadoc.bayour.com@BAYOUR.COM
01/15/02 13:56:41  01/15/02 17:56:41  krbtgt/BAYOUR.COM@BAYOUR.COM
01/15/02 14:04:20  01/15/02 17:56:41  afs@BAYOUR.COM


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[papadoc.root]# tokens

Tokens held by the Cache Manager:

User's (AFS ID 1) tokens for afs@bayour.com [Expires Jan 15 17:56]
   --End of list--
[papadoc.root]# pts member system:administrators
Members of system:administrators (id: -204) are:
  turbo
[papadoc.root]# afs-rootvol
			    Prerequisites

In order to set up the root.afs volume, you must meet the following pre-conditions:

1) The cell must be configured, running a database server with a
   volume location and protection server.  The afs-newcell script will
   set up these services.

2)  You must be logged into the cell with  tokens in
   system:administrators and with a principal that is in the susers
   file of the servers in the cell.

3) You need a fileserver in the cell with partitions mounted and a
   root.afs volume created.   Presumably, it has no volumes on it,
   although the script will work so long as nothing besides root.afs
   exists.  The afs-newcell script will set up the file server.

4) The AFS client must be running pointed at the new cell.
[4mDo you meet these conditions? (y/n) [24my
You will need to select a server (hostname) and AFS
partition on which to create the root volumes.
[4mWhat AFS Server should volumes be placed on? [24mpapadoc
[4mWhat partition? [a] [24m[K
fs sa /afs system:anyuser rl
vos create papadoc a root.cell -localauth
Volume 536870915 created on partition /vicepa of papadoc
fs mkm /afs/bayour.com root.cell -cell bayour.com  -fast
fs mkm /afs/andrew.cmu.edu root.cell -cell andrew.cmu.edu  -fast
fs mkm /afs/athena.mit.edu root.cell -cell athena.mit.edu  -fast
fs mkm /afs/biocenter.helsinki.fi root.cell -cell biocenter.helsinki.fi  -fast
fs mkm /afs/citi.umich.edu root.cell -cell citi.umich.edu  -fast
fs mkm /afs/cs.cmu.edu root.cell -cell cs.cmu.edu  -fast
fs mkm /afs/cs.uwm.edu root.cell -cell cs.uwm.edu  -fast
fs mkm /afs/cs.wisc.edu root.cell -cell cs.wisc.edu  -fast
fs mkm /afs/dementia.org root.cell -cell dementia.org  -fast
fs mkm /afs/dev.mit.edu root.cell -cell dev.mit.edu  -fast
fs mkm /afs/ece.cmu.edu root.cell -cell ece.cmu.edu  -fast
fs mkm /afs/es.net root.cell -cell es.net  -fast
fs mkm /afs/extundo.com root.cell -cell extundo.com  -fast
fs mkm /afs/ipp-garching.mpg.de root.cell -cell ipp-garching.mpg.de  -fast
fs mkm /afs/ir.stanford.edu root.cell -cell ir.stanford.edu  -fast
fs mkm /afs/isk.kth.se root.cell -cell isk.kth.se  -fast
fs mkm /afs/mekinok.com root.cell -cell mekinok.com  -fast
fs mkm /afs/meteo.uni-koeln.de root.cell -cell meteo.uni-koeln.de  -fast
fs mkm /afs/msu.edu root.cell -cell msu.edu  -fast
fs mkm /afs/nd.edu root.cell -cell nd.edu  -fast
fs mkm /afs/net.mit.edu root.cell -cell net.mit.edu  -fast
fs mkm /afs/openafs.org root.cell -cell openafs.org  -fast
fs mkm /afs/pitt.edu root.cell -cell pitt.edu  -fast
fs mkm /afs/rhic root.cell -cell rhic  -fast
fs mkm /afs/sipb.mit.edu root.cell -cell sipb.mit.edu  -fast
fs mkm /afs/sunsite.dk root.cell -cell sunsite.dk  -fast
fs mkm /afs/tu-chemnitz.de root.cell -cell tu-chemnitz.de  -fast
fs mkm /afs/umr.edu root.cell -cell umr.edu  -fast
fs mkm /afs/wu-wien.ac.at root.cell -cell wu-wien.ac.at  -fast
fs mkm /afs/zepa.net root.cell -cell zepa.net  -fast
fs sa /afs/bayour.com system:anyuser rl
fs mkm /afs/.bayour.com root.cell -cell bayour.com -rw
fs mkm /afs/.root.afs root.afs -rw
vos create papadoc a user -localauth
Volume 536870918 created on partition /vicepa of papadoc
fs mkm /afs/bayour.com/user user 
fs sa /afs/bayour.com/user system:anyuser rl
vos create papadoc a service -localauth
Volume 536870921 created on partition /vicepa of papadoc
fs mkm /afs/bayour.com/service service 
fs sa /afs/bayour.com/service system:anyuser rl
ln -s /afs/bayour.com /afs/bayour
ln -s /afs/.bayour.com /afs/.bayour
vos addsite papadoc a root.afs -localauth
Added replication site papadoc /vicepa for volume root.afs
vos addsite papadoc a root.cell -localauth
Added replication site papadoc /vicepa for volume root.cell
vos release root.afs -localauth
Released volume root.afs successfully
vos release root.cell -localauth
Released volume root.cell successfully
[papadoc.root]# ls /afs
andrew.cmu.edu/		citi.umich.edu/  dev.mit.edu/	       ir.stanford.edu/     nd.edu/	  sipb.mit.edu/    zepa.net/
athena.mit.edu/		cs.cmu.edu/	 ece.cmu.edu/	       isk.kth.se/	    net.mit.edu/  sunsite.dk/
bayour@			cs.uwm.edu/	 es.net/	       mekinok.com/	    openafs.org/  tu-chemnitz.de/
bayour.com/		cs.wisc.edu/	 extundo.com/	       meteo.uni-koeln.de/  pitt.edu/	  umr.edu/
biocenter.helsinki.fi/	dementia.org/	 ipp-garching.mpg.de/  msu.edu/		    rhic/	  wu-wien.ac.at/
[papadoc.root]# ls /afs/bayour.com/
service/  user/
[papadoc.root]# ls /afs/bayour.com/service
[papadoc.root]# ls /afs/bayour.com/user/
[papadoc.root]# exit

Script done on Tue Jan 15 14:06:38 2002