diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index f972c7a744..71ab24740b 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -359,7 +359,7 @@ install: uninstall: -all: run-tests dirpath.conf OpenAFS/Dirpath.pm libxfiles.a libdumpscan.a $(TEST_PROGRAMS)\ +all: run-tests OpenAFS/Dirpath.pm libxfiles.a libdumpscan.a $(TEST_PROGRAMS)\ afsdump_scan afsdump_dirlist afsdump_extract dumptool @chmod +x run-tests @@ -378,25 +378,9 @@ check: run-tests $(TEST_PROGRAMS) check-fast: run-tests $(TEST_PROGRAMS) ./run-tests -all -fast -dirpath.conf: Makefile - @echo "creating $@" - @echo "# auto-generated by src/tests/Makefile" >$@ - @echo "# DO NOT EDIT" >>$@ - @echo "afsconfdir=@afsconfdir@" >>$@ - @echo "viceetcdir=@viceetcdir@" >>$@ - @echo "afssrvbindir=@afssrvbindir@" >>$@ - @echo "afssrvsbindir=@afssrvsbindir@" >>$@ - @echo "afssrvlibexecdir=@afssrvlibexecdir@" >>$@ - @echo "afsdbdir=@afsdbdir@" >>$@ - @echo "afslogsdir=@afslogsdir@" >>$@ - @echo "afslocaldir=@afslocaldir@" >>$@ - @echo "afsbackupdir=@afsbackupdir@" >>$@ - @echo "afsbosconfigdir=@afsbosconfigdir@" >>$@ - @echo "afskerneldir=@afskerneldir@" >>$@ - @echo "initdir=@sysconfdir@" >>$@ - @echo "localstatedir=@localstatedir@" >>$@ - @echo "ostype=@MKAFS_OSTYPE@" >>$@ - +# Note: The autoconf variables are not fully expanded +# until make is run so we resort to creating the +# configuration at make time. OpenAFS/Dirpath.pm: Makefile @echo "Creating OpenAFS/Dirpath.pm" @echo "# This is -*- perl -*-" >$@ @@ -420,12 +404,25 @@ OpenAFS/Dirpath.pm: Makefile @echo " 'afslocaldir' => '@afslocaldir@'," >>$@ @echo " 'afsbackupdir' => '@afsbackupdir@'," >>$@ @echo " 'afsbosconfigdir' => '@afsbosconfigdir@'," >>$@ - @echo " 'afskerneldir' => '@afskerneldir@'," >>$@ - @echo " 'initdir' => '@sysconfdir@'," >>$@ - @echo " 'localstatedir' => '@localstatedir@'," >>$@ @echo " 'ostype' => '@MKAFS_OSTYPE@'," >>$@ + @if test "@afsconfdir@" = "/usr/afs/etc" ; then \ + echo " # transarc paths" ;\ + echo " 'cachedir' => '/usr/vice/cache'," ;\ + echo " 'afsddir' => '/usr/vice/etc'," ;\ + echo " 'initdir' => '/usr/vice/etc'," ;\ + echo " 'afskerneldir' => '/usr/vice/etc/modload'," ;\ + echo " 'afswsbindir' => '/usr/afsws/bin'," ;\ + else \ + echo " # modern paths" ;\ + echo " 'cachedir' => '@localstatedir@/openafs/cache'," ;\ + echo " 'afsddir' => '@afssrvsbindir@'," ;\ + echo " 'initdir' => '@sysconfdir@'," ;\ + echo " 'afskerneldir' => '@afskerneldir@'," ;\ + echo " 'afswsbindir' => '@afssrvbindir@'," ;\ + fi >>$@ @echo "};" >>$@ @echo "" >>$@ @echo "1;" >>$@ + .PHONY: all install clean realclean distclean mostlyclean install uninstall check diff --git a/src/tests/OpenAFS/Auth.pm b/src/tests/OpenAFS/Auth.pm index 2523433811..ac0b9641a7 100644 --- a/src/tests/OpenAFS/Auth.pm +++ b/src/tests/OpenAFS/Auth.pm @@ -7,6 +7,18 @@ use OpenAFS::Dirpath; use OpenAFS::ConfigUtils; my $path = $OpenAFS::Dirpath::openafsdirpath; +my $classes = { + 'mit' => 'OpenAFS::Auth::MIT', + #'heimdal' => 'OpenAFS::Auth::Heimdal', + 'kaserver' => 'OpenAFS::Auth::Kaserver', +}; + +my $bos = "$path->{'afssrvbindir'}/bos"; +my $aklog = "$path->{'afswsbindir'}/aklog"; +my $tokens = "$path->{'afswsbindir'}/tokens"; +my $asetkey = "$path->{'afssrvbindir'}/asetkey"; +my $kas = "$path->{'afssrvsbindir'}/kas"; +my $klog = "$path->{'afswsbindir'}/klog"; # # Create an auth type for the specified Kerberos implementation. @@ -27,24 +39,36 @@ my $path = $OpenAFS::Dirpath::openafsdirpath; # $auth->authorize('admin'); # sub create { + my $parms = {@_}; + my $type = 'mit'; + + if (defined $parms->{'type'}) { + $type = $parms->{'type'}; + } + $type =~ tr/A-Z/a-z/; + my $class = $classes->{$type}; + unless($class) { + die "Unsupported kerberos type: $type\n"; + } + return $class->new(@_); +} + +# +# Create an auth instance. +# +sub new { + my $class = shift; my $self = { # default values 'type' => 'MIT', - 'keytab' => "$path->{'afsconfdir'}/krb5.keytab", 'cell' => '', 'realm' => '', + 'admin' => 'admin', 'debug' => '0', # user specified values @_, }; - # check for supported kerberos type. - my $type = $self->{'type'}; - $self->{'type'} = _check_kerberos_type($type) or - die "Unsupported kerberos type: $type\n"; - - # create the sub-class for the kerberos type. - my $class = "OpenAFS::Auth::$self->{'type'}"; $self = bless($self, $class); # attempt get default values. @@ -75,19 +99,6 @@ sub create { return $self; } -# -# Check for supported kerberos type, and allow for case insensitivity. -# -sub _check_kerberos_type { - my $type = shift; - foreach my $supported ('MIT', 'Heimdal', 'Kaserver') { - if ($type =~ /^$supported$/i) { - return $supported; - } - } - return undef; -} - # # Returns the cell name from the ThisCell configuration file. # @@ -149,6 +160,19 @@ sub debug { return $self->{'debug'}; } +# +# check_program($prog) - verify the program is installed. +# +sub check_program { + my $self = shift; + my $program = shift; + unless ( -f $program ) { + die "error: Missing program: $program\n"; + } + unless ( -x $program ) { + die "error: Not executable: $program\n"; + } +} #------------------------------------------------------------------------------------ # MIT Kerberos authorization commands. @@ -159,20 +183,17 @@ use OpenAFS::Dirpath; use OpenAFS::ConfigUtils; our @ISA = ("OpenAFS::Auth"); + # # Sanity checks before we get started. # sub _sanity_check { my $self = shift; - unless (defined $path->{'afssrvbindir'}) { - die "error: \$path->{'afssrvbindir'} is not defined.\n"; - } - unless (-f "$path->{'afssrvbindir'}/aklog") { - die "error: $path->{'afssrvbindir'}/aklog not found.\n"; - } - unless (-x "$path->{'afssrvbindir'}/aklog") { - die "error: $path->{'afssrvbindir'}/aklog not executable.\n"; - } + + $self->check_program($aklog); + $self->check_program($tokens); + $self->check_program($asetkey); + unless ($self->{'realm'}) { die "error: Missing realm parameter Auth::create().\n"; } @@ -182,44 +203,20 @@ sub _sanity_check { unless ( -f $self->{'keytab'} ) { die "error: Kerberos keytab file not found: $self->{'keytab'}\n"; } - unless ( -f $self->{'keytab'} ) { - die "error: Keytab file not found: $self->{'keytab'}\n"; - } + + print "debug: Verifying the keytab and admin name, $self->{'admin'}.\n" if $self->debug; + run("kinit -k -t $self->{'keytab'} $self->{'admin'}"); + + print "debug: Getting the afs principal and kvno from the keytab.\n" if $self->debug; + $self->_prepare_make_keyfile(); } # -# Create the KeyFile from the Kerberos keytab file. The keytab file -# should be created using the Kerberos kadmin command (or with the kadmin.local command -# as root on the KDC). See the OpenAFS asetkey man page for details. -# -sub make_keyfile { +# Read the keytab to find the kvno of the afs principal. +# +sub _prepare_make_keyfile { my $self = shift; - # asetkey annoyance. The current asetkey implementation requires the ThisCell and CellServDB files - # to be present but they really are not needed to create the KeyFile. This check is done here - # rather than in the _sanity_checks() because the ThisCell/CellServerDB are created later in - # the process of creating the new cell. - unless ( -f "$path->{'afsconfdir'}/ThisCell" ) { - die "error: OpenAFS configuration file is required, $path->{'afsconfdir'}/ThisCell\n"; - } - unless ( -f "$path->{'afsconfdir'}/CellServDB" ) { - die "error: OpenAFS configuration file is required, $path->{'afsconfdir'}/CellServDB\n"; - } - - unless ( -f "$path->{'afssrvbindir'}/asetkey" ) { - die "error: $path->{'afssrvbindir'}/asetkey is missing.\nWas OpenAFS built with Kerberos support?\n"; - } - unless ( -x "$path->{'afssrvbindir'}/asetkey" ) { - die "error: Do not have execute permissions on $path->{'afssrvbindir'}/asetkey\n"; - } - unless ( -d $path->{'afsconfdir'} ) { - die "error: OpenAFS configuration directory '$path->{'afsconfdir'}' is missing.\n"; - } - unless ( -w $path->{'afsconfdir'} ) { - die "error: Write access to the OpenAFS configuration directory '$path->{'afsconfdir'}' is required.\n"; - } - - # Run klist to get the kvno of the afs key. Search for afs/cellname@REALM # then afs@REALM. klist must be in the path. my %keys = (); @@ -262,9 +259,37 @@ sub make_keyfile { die "error: Could not find an afs key matching 'afs/$cell\@$realm' or ". "'afs/$cell' in keytab $self->{'keytab'}\n"; } + + $self->{'afs_principal'} = $afs_principal; + $self->{'afs_kvno'} = $afs_kvno; +} - # Run asetkey on the keytab to create the KeyFile. asetkey must be in the PATH. - run("$path->{'afssrvbindir'}/asetkey add $afs_kvno $self->{'keytab'} $afs_principal"); +# +# Create the KeyFile from the Kerberos keytab file. The keytab file +# should be created using the Kerberos kadmin command (or with the kadmin.local command +# as root on the KDC). See the OpenAFS asetkey man page for details. +# +sub make_keyfile { + my $self = shift; + + # The current asetkey implementation requires the ThisCell and CellServDB files + # to be present but they really are not needed to create the KeyFile. A check is done here + # rather than in the _sanity_checks() because the ThisCell/CellServerDB are created later in + # the process of creating the new cell. + unless ( -d $path->{'afsconfdir'} ) { + die "error: OpenAFS configuration directory '$path->{'afsconfdir'}' is missing.\n"; + } + unless ( -w $path->{'afsconfdir'} ) { + die "error: Write access to the OpenAFS configuration directory '$path->{'afsconfdir'}' is required.\n"; + } + unless ( -f "$path->{'afsconfdir'}/ThisCell" ) { + die "error: OpenAFS configuration file is required, $path->{'afsconfdir'}/ThisCell\n"; + } + unless ( -f "$path->{'afsconfdir'}/CellServDB" ) { + die "error: OpenAFS configuration file is required, $path->{'afsconfdir'}/CellServDB\n"; + } + + run("$asetkey add $self->{'afs_kvno'} $self->{'keytab'} $self->{'afs_principal'}"); } # @@ -272,13 +297,13 @@ sub make_keyfile { # sub authorize { my $self = shift; - my $principal = shift || 'admin'; + my $principal = shift || $self->{'admin'}; my $opt_aklog = ""; $opt_aklog .= " -d" if $self->debug; run("kinit -k -t $self->{'keytab'} $principal"); - run("$path->{'afssrvbindir'}/aklog $opt_aklog"); - run("$path->{'afssrvbindir'}/tokens"); + run("$aklog $opt_aklog"); + run("$tokens"); } @@ -305,6 +330,11 @@ sub _sanity_check { } } +sub make_keyfile { + my $self = shift; + die "not implemented."; +} + # # Get kerberos ticket and AFS token for the user. # @@ -321,23 +351,36 @@ use OpenAFS::Dirpath; use OpenAFS::ConfigUtils; our @ISA = ("OpenAFS::Auth"); + # # Various checks during initialization. # sub _sanity_check { my $self = shift; + $self->check_program($kas); + $self->check_program($klog); + $self->check_program($tokens); unless ($self->{'realm'}) { die "Missing realm parameter Auth::create().\n"; } } +sub make_keyfile { + my $self = shift; + run("$kas create afs -noauth"); + run("$kas create admin -noauth"); + run("$kas setfields admin -flags admin -noauth"); + run("$bos addkey localhost -kvno 0 -noauth"); +} + # # Get kerberos ticket and AFS token for the user. # sub authorize { my $self = shift; my $principal = shift || 'admin'; - run("echo \"Proceeding w/o authentication\"|klog -pipe ${principal}\@$self->{'realm'}"); + #run("echo \"Proceeding w/o authentication\"|klog -pipe ${principal}\@$self->{'realm'}"); + run("klog $principal\@$self->{'realm'}"); } 1; diff --git a/src/tests/OpenAFS/OS.pm b/src/tests/OpenAFS/OS.pm index d30afd03dc..6d685acb7c 100644 --- a/src/tests/OpenAFS/OS.pm +++ b/src/tests/OpenAFS/OS.pm @@ -13,30 +13,24 @@ my $path = $OpenAFS::Dirpath::openafsdirpath; # and commands. # sub create { + my $class = _get_class($path->{'ostype'}); + $class->new(@_); +} + +# +# Create the OS object. +# +sub new { + my $class = shift; my $self = { 'debug'=>0, 'ostype'=>$path->{'ostype'}, @_, }; - my $class = _get_class($self->{'ostype'}); $self = bless($self, $class); + $self->{'syscnf'} = "$path->{'initdir'}/test-afs-rc.conf"; $self->{'commands'} = $self->get_commands(); - - # Put the paths to the cache and afsd into the path - # table. Assume legacy paths if the the viceetcdir is set to - # the Transarc path. - if ($path->{'viceetcdir'} eq '/usr/vice/etc') { - # set in the makefile dest targets - $path->{'cachedir'} = "/usr/vice" unless $path->{'cachedir'}; - $path->{'afsddir'} = "/usr/vice/etc" unless $path->{'afsddir'}; - } - else { - # set in the makefile install targets - $path->{'cachedir'} = "$path->{'localstatedir'}/openafs" unless $path->{'cachedir'}; - $path->{'afsddir'} = "$path->{'afssrvsbindir'}" unless $path->{'afsddir'}; - } - return $self; } @@ -156,6 +150,16 @@ sub find_pids { return @pids; } +# +# Returns the number of pids found for a program name. +# +sub number_running { + my $self = shift; + my $program = shift; + my @pids = $self->find_pids($program); + return scalar @pids; +} + #-------------------------------------------------------------- package OpenAFS::OS::Linux; use warnings; @@ -169,12 +173,11 @@ our @ISA = qw(OpenAFS::OS::Unix); # sub get_commands { my $self = shift; - my $syscnf = "$path->{'initdir'}/testclient.conf"; my $commands = { - 'client-start' => "SYSCNF=$syscnf $path->{'initdir'}/afs.rc start", - 'client-stop' => "SYSCNF=$syscnf $path->{'initdir'}/afs.rc stop", - 'client-restart' => "SYSCNF=$syscnf $path->{'initdir'}/afs.rc restart", + 'client-start' => "SYSCNF=$self->{'syscnf'} $path->{'initdir'}/afs.rc start", + 'client-stop' => "SYSCNF=$self->{'syscnf'} $path->{'initdir'}/afs.rc stop", + 'client-restart' => "SYSCNF=$self->{'syscnf'} $path->{'initdir'}/afs.rc restart", 'client-forcestop' => sub { $self->client_forcestop() }, 'fileserver-start' => sub { $self->fileserver_start() }, 'fileserver-stop' => sub { $self->fileserver_stop() }, @@ -201,12 +204,11 @@ sub configure_client { }; my $debug = $self->{'debug'}; - my $syscnf = "$path->{'initdir'}/testclient.conf"; - open (SYSCNF, "> $syscnf") or - die "error: Cannot open afs.rc configuration file $syscnf, $!\n"; + open (SYSCNF, "> $self->{'syscnf'}") or + die "error: Cannot open afs.rc configuration file $self->{'syscnf'}, $!\n"; - print "debug: creating afs.rc configuration file $syscnf\n" if $debug; + print "debug: creating afs.rc configuration file $self->{'syscnf'}\n" if $debug; print SYSCNF <<"_SYSCNF_"; AFS_CLIENT=on AFS_SERVER=off @@ -216,7 +218,7 @@ CACHESIZE=$config->{'cachesize'} OPTIONS="-confdir $path->{'viceetcdir'}" WAIT_FOR_SALVAGE=no AFSDIR=/afs -CACHEDIR=$path->{'cachedir'}/cache +CACHEDIR=$path->{'cachedir'} CACHEINFO=$path->{'viceetcdir'}/cacheinfo VERBOSE= AFS_POST_INIT= @@ -228,7 +230,7 @@ MODLOADDIR=$path->{'afskerneldir'} _SYSCNF_ close SYSCNF; if ($debug) { - if (open(SYSCNF, "< $syscnf")) { + if (open(SYSCNF, "< $self->{'syscnf'}")) { while () { chomp; print "debug: $_\n"; } @@ -237,10 +239,10 @@ _SYSCNF_ } # Create a cache directory if none. - unless ( -d "$path->{'cachedir'}/cache" ) { - print "debug: making cache directory: $path->{'cachedir'}/cache\n" if $debug; - system("mkdir -p $path->{'cachedir'}/cache"); - system("chmod 0700 $path->{'cachedir'}/cache"); + unless ( -d "$path->{'cachedir'}" ) { + print "debug: making cache directory: $path->{'cachedir'}\n" if $debug; + system("mkdir -p $path->{'cachedir'}"); + system("chmod 0700 $path->{'cachedir'}"); } # Create the local /afs directory on which the afs filespace will be mounted. diff --git a/src/tests/OpenAFS/config.pm b/src/tests/OpenAFS/config.pm index 9e5333bf9f..9e4052899e 100644 --- a/src/tests/OpenAFS/config.pm +++ b/src/tests/OpenAFS/config.pm @@ -94,12 +94,10 @@ what you want... =cut -@CmdPath = (split(/:/, $ENV{PATH}), +@CmdPath = ( $OpenAFS::Dirpath::openafsdirpath->{'afssrvbindir'}, # For servers - '/usr/local/bin', # Many sites put AFS in /usr/local - '/usr/local/etc', - '/usr/afsws/bin', # For people who use Transarc's - '/usr/afsws/etc'); # silly reccommendations + $OpenAFS::Dirpath::openafsdirpath->{'afswsbindir'}, + ); =item $err_table_dir - Error table directory diff --git a/src/tests/afs-newcell.pl b/src/tests/afs-newcell.pl index b2bf36212a..8ec1bc1c31 100755 --- a/src/tests/afs-newcell.pl +++ b/src/tests/afs-newcell.pl @@ -12,38 +12,39 @@ use OpenAFS::OS; use OpenAFS::Auth; use Getopt::Long; use Pod::Usage; +use Socket; =head1 NAME - afs-newcell - Set up initial database server for AFS cell. + afs-newcell - Set up the initial database and file server for a new OpenAFS cell. =head1 SYNOPSIS B - B<--batch> - B<--debug> - B<--dont-unwind> - B<--help> - B<--ostype>=os - B<--server>=hostname - B<--cellname>=cell - B<--partition>=partition - B<--admin>=administrator - B<--kerberos-type>=authentication_type - B<--kerberos-realm>=realm_name - B<--kerberos-keytab>=keytab_file - B<--skip-make-keyfile> - B<--with-dafs> - B<--options-fileserver>=options - B<--options-volserver>=options - B<--options-salvageserver>=options - B<--options-salvager>=options + [ B<--batch> ] + [ B<--debug> ] + [ B<--unwind> ] + [ B<--help> ] + [ B<--server>=hostname ] + [ B<--cellname>=cell ] + [ B<--partition>=partition ] + [ B<--admin>=administrator ] + [ B<--kerberos-type>=authentication_type ] + [ B<--kerberos-realm>=realm_name ] + [ B<--kerberos-keytab>=keytab_file ] + [ B<--with-dafs> ] + [ B<--options-ptserver>=options ] + [ B<--options-vlserver>=options ] + [ B<--options-fileserver>=options ] + [ B<--options-volserver>=options ] + [ B<--options-salvageserver>=options ] + [ B<--options-salvager>=options ] =head1 DESCRIPTION This script sets up the initial AFS database and configures the first -database/file server. It also sets up an AFS cell's root volumes. It assumes -that you already have a fileserver and database servers installed. The +database/file server. It also sets up an AFS cell's root volumes. The +fileserver and database server binaries must already be installed. The fileserver should have an empty root.afs. This script creates root.cell, user, service and populates root.afs. @@ -88,7 +89,7 @@ The asetkey command requires a cell configuration. You will need an administrative principal created in a Kerberos realm. This principal will be added to system:administrators and thus will be able to run administrative commands. Generally the user is a root instance of some -administravie user. For example if jruser is an administrator then it would be +administrative user. For example if jruser is an administrator then it would be reasonable to create jruser/root and specify jruser/root as the user to be added in this script using the 'admin' command line option. You will also need to create a keyfile for this adminstrative user which is used by the script to @@ -125,17 +126,17 @@ sub prompt($$) { # sub mkvol($$$$) { my ($vol, $mnt, $srv, $part) = @_; - run("$path->{'afssrvsbindir'}/vos create $srv $part $vol -maxquota 0 -localauth"); - unwind("$path->{'afssrvsbindir'}/vos remove $srv $part $vol -localauth"); - run("$path->{'afssrvbindir'}/fs mkm $mnt $vol "); - run("$path->{'afssrvbindir'}/fs sa $mnt system:anyuser rl"); + run("$path->{'afssrvsbindir'}/vos create $srv $part $vol -maxquota 0"); + unwind("$path->{'afssrvsbindir'}/vos remove $srv $part $vol"); + run("$path->{'afssrvbindir'}/fs mkmount $mnt $vol "); + run("$path->{'afssrvbindir'}/fs setacl $mnt system:anyuser rl"); } #----------------------------------------------------------------------------------- # check_program($prog) - verify the program is installed. # sub check_program($) { - my ($program) = @_; + my ($program) = @_; unless ( -f $program ) { die "error: Missing program: $program\n"; } @@ -150,32 +151,30 @@ sub check_program($) { # options my $batch = 0; my $debug = 0; -my $dont_unwind = 0; +my $unwind = 1; my $help = 0; -my $ostype = $path->{'ostype'}; -my $server = 'localhost'; my $cellname = 'testcell'; -my $partition = '/vicepa'; +my $partition = 'a'; my $admin = 'admin'; my $kerberos_type = 'MIT'; my $kerberos_realm = 'TESTCELL'; my $kerberos_keytab = "$path->{'afsconfdir'}/krb5.keytab"; -my $skip_make_keyfile = 0; my $with_dafs = 0; +my $options_ptserver = ''; +my $options_vlserver = ''; my $options_fileserver = ''; my $options_volserver = ''; my $options_salvageserver = ''; my $options_salvager = ''; -$server = `hostname`; +my $server = `hostname -f`; chomp $server; GetOptions ( - "batch" => \$batch, + "batch!" => \$batch, "debug!" => \$debug, - "dont-unwind!" => \$dont_unwind, + "unwind!" => \$unwind, "help" => \$help, - "ostype=s" => \$ostype, "server=s" => \$server, "cellname=s" => \$cellname, "partition=s" => \$partition, @@ -183,8 +182,9 @@ GetOptions ( "kerberos-type=s" => \$kerberos_type, "kerberos-realm=s" => \$kerberos_realm, "kerberos-keytab=s" => \$kerberos_keytab, - "skip-make-keyfile" => \$skip_make_keyfile, "with-dafs" => \$with_dafs, + "options-ptserver=s" => \$options_ptserver, + "options-vlserver=s" => \$options_vlserver, "options-fileserver=s" => \$options_fileserver, "options-volserver=s" => \$options_volserver, "options-salvageserver=s" => \$options_salvageserver, @@ -196,17 +196,17 @@ if ($help) { exit 0; } -# print debug messages when running commands. +# To print debug messages in the run() calls. $OpenAFS::ConfigUtils::debug = $debug; -# -# Verify we have a clean slate before starting. +#----------------------------------------------------------------------------- +# Prereq: Must be root and must not already have a cell configuration. # my @problems = (); my $try_rm_cell = 0; if ($> != 0) { - push(@problems, "This script should run as root."); + push(@problems, "You must be root to run this script."); } my @afsconfigfiles = ( @@ -215,6 +215,8 @@ my @afsconfigfiles = ( "$path->{'afsconfdir'}/UserList", "$path->{'afsdbdir'}/prdb.DB0", "$path->{'afsbosconfigdir'}/BosConfig", + "$path->{'afsddir'}/ThisCell", + "$path->{'afsddir'}/CellServDB", ); foreach my $configfile (@afsconfigfiles) { if ( -f $configfile ) { @@ -231,8 +233,8 @@ if (@problems) { exit 1; } -# -# Interactive mode +#----------------------------------------------------------------------------- +# Prereq: System requirements notification. # unless ($batch) { @@ -246,20 +248,16 @@ this script. See 'pod2text $0' for more details. the --partition option for alternative mount points.) 2) The OpenAFS client and server binaries must be installed. - The init scripts to start and stop the client and servers - must be installed and configured. OpenAFS/OS.pm must be - configured for your system. There should be no remants - from a previous cell. Run afs-rmcell to remove any. + There should be no remnants from a previous cell. + Run afs-rmcell to remove any. -3) A Kerberos realm with Kerberos4 support must be available. +3) A Kerberos realm with Kerberos 4 support must be available. Supported Kerberos implementations are Heimdal with Kth-kerberos compatibility, MIT Kerberos 5, and - Kaserver (deprecated). OpenAFS/Auth.pm must be configured - for your system. + Kaserver (deprecated). 4) A Kerberos keytab file containing the afs principal - and the administrator principal must be be present at - $path->{'afsconfdir'}/krb5.keytab. + and the administrator principal must be be present. See the asetkey man page for information about creating the keytab file. The default name of the administrator principal is 'admin'. See the --admin option for @@ -270,87 +268,154 @@ eoreqs my $answer = prompt("Does your system meet these requirements? (yes/no)", "no"); unless ($answer=~/^y/i ) { print "OK: Aborted.\n"; - exit 0; + exit 0; } +} - print "\nServer options:\n"; - $ostype = prompt("Which OS?", $ostype); - $server = prompt("What server name should be used?", $server); - $cellname = prompt("What cellname should be used?", $cellname); - $partition = prompt("What vice partition?", $partition); - $admin = prompt("What administrator username?", $admin); - if($admin =~ /@/) { - die "error: Please specify the username without the realm name.\n"; - } +#----------------------------------------------------------------------------- +# Prereq: Verify required binaries, directories, and permissions. +# +my $bosserver = "$path->{'afssrvsbindir'}/bosserver"; +my $bos = "$path->{'afssrvbindir'}/bos"; +my $fs = "$path->{'afssrvbindir'}/fs"; +my $pts = "$path->{'afssrvbindir'}/pts"; +my $vos = "$path->{'afssrvsbindir'}/vos"; +my $afsrc = "$path->{'initdir'}/afs.rc"; +my $aklog = "$path->{'afswsbindir'}/aklog"; +my $tokens = "$path->{'afswsbindir'}/tokens"; +my $klog = "$path->{'afswsbindir'}/klog"; +my $kas = "$path->{'afssrvsbindir'}/kas"; - print "\nKerberos options:\n"; - $kerberos_type = prompt("Which Kerberos is to be used?", $kerberos_type); +check_program($bosserver); +check_program($bos); +check_program($fs); +check_program($pts); +check_program($vos); +check_program($afsrc); +check_program($tokens); + +#----------------------------------------------------------------------------- +# Prereq: Cell configuration +# +if ($batch) { if ($kerberos_type!~/kaserver/i) { - $kerberos_realm = prompt("What Kerberos realm?", $kerberos_realm); - $kerberos_keytab = prompt("What keytab file?", $kerberos_keytab); - $answer = prompt("Create OpenAFS KeyFile from a keytab? (yes/no)", "yes"); - $skip_make_keyfile = ($answer=~/^y/i) ? 0 : 1; + check_program($aklog); + unless ( -f $kerberos_keytab ) { + die "error: Missing keytab file: $kerberos_keytab\n"; + } } +} +else { + my $answer; + get_options: { + $answer = prompt("Print afs-newcell debugging messages? (yes/no)", $debug ? "yes" : "no"); + $debug = ($answer=~/^y/i) ? 1 : 0; - print "\nFileserver options:\n"; - $answer = prompt("Use DAFS fileserver (requires DAFS build option)? (yes/no)", "no"); - $with_dafs = ($answer=~/^y/i) ? 1 : 0; - $options_fileserver = prompt("fileserver options:", $options_fileserver); - $options_volserver = prompt("volserver options:", $options_volserver); - $options_salvageserver = prompt("salvageserver options:", $options_salvageserver); - $options_salvager = prompt("salvager options:", $options_salvager); - - print "\nConfirmation:\n"; - print "OS Type : $ostype\n"; - print "Server name : $server\n"; - print "Cell name : $cellname\n"; - print "Partition : $partition\n"; - print "Administrator : $admin\n"; - print "Kerberos : $kerberos_type\n"; - if ($kerberos_type!~/kaserver/i) { - print "Realm : $kerberos_realm\n"; - print "Keytab file : $kerberos_keytab\n"; - print "Make KeyFile : ", $skip_make_keyfile ? "yes" : "no", "\n"; - } - print "DAFS fileserver : ", $with_dafs ? "yes" : "no", "\n"; - print "fileserver options : $options_fileserver\n"; - print "volserver options : $options_volserver\n"; - print "salvagerserver options : $options_salvageserver\n"; - print "salvager options : $options_salvager\n"; - print "\n"; - - $answer = prompt("Continue? (yes/no)", "yes"); - unless ($answer=~/^y/i ) { - print "OK: Aborted.\n"; - exit 0; - } - - # Save the options for the next time. - $answer = prompt("Save as command-line options? (yes/no)", "yes"); - if ($answer=~/^y/i ) { - my $switches = ""; - $switches .= "--batch"; - $switches .= " --debug" if $debug; - $switches .= " --dont_unwind" if $dont_unwind; - $switches .= " --ostype='$ostype'" if $ostype; - $switches .= " --server='$server'" if $server; - $switches .= " --cellname='$cellname'" if $cellname; - $switches .= " --partition='$partition'" if $partition; - $switches .= " --admin='$admin'" if $admin; - $switches .= " --kerberos-type='$kerberos_type'" if $kerberos_type; - $switches .= " --kerberos-realm='$kerberos_realm'" if $kerberos_realm; - $switches .= " --kerberos-keytab='$kerberos_keytab'" if $kerberos_keytab; - $switches .= " --skip-make-keyfile" if $skip_make_keyfile; - $switches .= " --with-dafs" if $with_dafs; - $switches .= " --options-fileserver='$options_fileserver'" if $options_fileserver; - $switches .= " --options-volserver='$options_volserver'" if $options_volserver;; - $switches .= " --options-salvageserver='$options_salvageserver'" if $options_salvageserver;; - $switches .= " --options-salvager='$options_salvager'" if $options_salvager; + print "\nServer options:\n"; + $server = prompt("What server name should be used?", $server); + $cellname = prompt("What cellname should be used?", $cellname); + $partition = prompt("What vice partition?", $partition); + $admin = prompt("What administrator username?", $admin); + if($admin =~ /@/) { + die "error: Please specify the username without the realm name.\n"; + } - my $conf = prompt("Filename for save?", "afs-newcell.conf"); - open(CONF, "> $conf") or die "error: Cannot open file $conf: $!\n"; - print CONF "$switches\n"; - close CONF; + print "\nKerberos options:\n"; + $kerberos_type = prompt("Which Kerberos is to be used?", $kerberos_type); + if ($kerberos_type=~/kaserver/i) { + check_program($klog); + check_program($kas); + } + else { + check_program($aklog); + $kerberos_realm = $cellname; + $kerberos_realm =~ tr/a-z/A-Z/; + $kerberos_realm = prompt("What Kerberos realm?", $kerberos_realm); + get_keytab: { + $kerberos_keytab = prompt("What keytab file?", $kerberos_keytab); + unless ( -f $kerberos_keytab ) { + print "Cannot find keytab file $kerberos_keytab\n"; + redo get_keytab; + } + } + } + + print "\nDatabase Server options:\n"; + $options_ptserver = prompt("ptserver options:", $options_ptserver); + $options_vlserver = prompt("vlserver options:", $options_vlserver); + + print "\nFileserver options:\n"; + $answer = prompt("Use DAFS fileserver (requires DAFS build option)? (yes/no)", "no"); + $with_dafs = ($answer=~/^y/i) ? 1 : 0; + $options_fileserver = prompt("fileserver options:", $options_fileserver); + $options_volserver = prompt("volserver options:", $options_volserver); + $options_salvageserver = prompt("salvageserver options:", $options_salvageserver); + $options_salvager = prompt("salvager options:", $options_salvager); + + print "\nConfirmation:\n"; + print "Server name : $server\n"; + print "Cell name : $cellname\n"; + print "Partition : $partition\n"; + print "Administrator : $admin\n"; + print "Kerberos : $kerberos_type\n"; + if ($kerberos_type!~/kaserver/i) { + print "Realm : $kerberos_realm\n"; + print "Keytab file : $kerberos_keytab\n"; + } + print "DAFS fileserver : ", $with_dafs ? "yes" : "no", "\n"; + print "ptserver options : $options_ptserver\n"; + print "vlserver options : $options_vlserver\n"; + print "fileserver options : $options_fileserver\n"; + print "volserver options : $options_volserver\n"; + print "salvagerserver options : $options_salvageserver\n"; + print "salvager options : $options_salvager\n"; + print "\n"; + + $answer = prompt("Correct? (yes/no/quit)", "yes"); + exit(0) if $answer=~/^q/i; + redo get_options if $answer!~/^y/i; + } + + # Save the options as a shell script for the next run. + $answer = prompt("Save these options? (yes/no)", "yes"); + if ($answer=~/^y/i ) { + my $script = ''; + get_script_name: { + $script = prompt("File name for save?", "run-afs-newcell.sh"); + last get_script_name if ! -f $script; + + $answer = prompt("File $script already exists. Overwrite? (yes/no/quit)", "no"); + exit(0) if $answer=~/^q/i; + last get_script_name if $answer=~/^yes/i; + redo get_script_name; + } + + my @switches = (); + push(@switches, "--batch"); # automatically added to the script + push(@switches, "--debug") if $debug; + push(@switches, "--nounwind") unless $unwind; + push(@switches, "--server='$server'") if $server; + push(@switches, "--cellname='$cellname'") if $cellname; + push(@switches, "--partition='$partition'") if $partition; + push(@switches, "--admin='$admin'") if $admin; + push(@switches, "--kerberos-type='$kerberos_type'") if $kerberos_type; + push(@switches, "--kerberos-realm='$kerberos_realm'") if $kerberos_realm; + push(@switches, "--kerberos-keytab='$kerberos_keytab'") if $kerberos_keytab; + push(@switches, "--with-dafs") if $with_dafs; + push(@switches, "--options-ptserver='$options_ptserver'") if $options_ptserver; + push(@switches, "--options-vlserver='$options_vlserver'") if $options_vlserver; + push(@switches, "--options-fileserver='$options_fileserver'") if $options_fileserver; + push(@switches, "--options-volserver='$options_volserver'") if $options_volserver;; + push(@switches, "--options-salvageserver='$options_salvageserver'") if $options_salvageserver;; + push(@switches, "--options-salvager='$options_salvager'") if $options_salvager; + + open(SCRIPT, "> $script") or die "error: Cannot open file $script: $!\n"; + print SCRIPT "#!/bin/sh\n"; + print SCRIPT "perl afs-newcell.pl \\\n"; + print SCRIPT join(" \\\n", map(" $_", @switches)); + print SCRIPT "\n\n"; + close SCRIPT; + chmod(0755, $script); } } @@ -358,9 +423,8 @@ if ($debug) { print "debug: afs-newcell options\n"; print "debug: \$batch = '$batch'\n"; print "debug: \$debug = '$debug'\n"; - print "debug: \$dont_unwind = '$dont_unwind'\n"; + print "debug: \$unwind = '$unwind'\n"; print "debug: \$help = '$help'\n"; - print "debug: \$ostype = '$ostype'\n"; print "debug: \$server = '$server'\n"; print "debug: \$cellname = '$cellname'\n"; print "debug: \$partition = '$partition'\n"; @@ -368,51 +432,77 @@ if ($debug) { print "debug: \$kerberos_type = '$kerberos_type'\n"; print "debug: \$kerberos_realm = '$kerberos_realm'\n"; print "debug: \$kerberos_keytab = '$kerberos_keytab'\n"; - print "debug: \$skip_make_keyfile = '$skip_make_keyfile'\n"; print "debug: \$with_dafs = '$with_dafs'\n"; + print "debug: \$options_pteserver = '$options_ptserver'\n"; + print "debug: \$options_pteserver = '$options_vlserver'\n"; print "debug: \$options_fileserver = '$options_fileserver'\n"; print "debug: \$options_volserver = '$options_volserver'\n"; print "debug: \$options_salvageserver = '$options_salvageserver'\n"; print "debug: \$options_salvager = '$options_salvager'\n"; } -# -# Create an auth object for the type of kerberos -# to be used for authentication in our cell. + +#----------------------------------------------------------------------------- +# Prereq: Sanity check the forward and reverse name resolution. # +if ($server eq 'localhost') { + die "error: localhost is not a valid --server parameter. Use the ip hostname of this machine.\n"; +} +my $packed_ip = gethostbyname($server); +unless (defined $packed_ip) { + die "error: gethostbyname failed, $?\n"; +} +my $ip_from_name = inet_ntoa($packed_ip); +print "debug: $server ip address is $ip_from_name\n" if $debug; +if ($ip_from_name=~/^127/) { + die "error: Loopback address $ip_from_name cannot not be used for server $server. Check your /etc/hosts file.\n"; +} + +my $name_from_ip = gethostbyaddr($packed_ip, AF_INET); +print "debug: hostname of $ip_from_name is $name_from_ip\n" if $debug; +if ($name_from_ip ne $server) { + die "error: Name from ip $name_from_ip does not match ip from name $ip_from_name for --server $server. ". + " Use the correct --server parameter and verify forward and reverse name resolution is working.\n"; +} + +#----------------------------------------------------------------------------- +# Prereq: The vice partition must be available and empty. +# +unless ($partition=~/^(([a-z])|([a-h][a-z])|([i][a-v]))$/) { + die "error: Invalid partition id specified: $partition. Valid values are a..z and aa..iv\n"; +} +unless ( -d "/vicep$partition" ) { + die "error: Missing fileserver partition, /vicep$partition\n"; +} +if ( -d "/vicep$partition/AFSIDat" ) { + die "error: Fileserver partition is not empty. /vicep$partition/AFSIDat needs to be removed.\n"; +} +open(LS, "ls /vicep$partition |") or + die "error: ls /vicep$partition failed, $!\n"; +while () { + chomp; + if (/^V\d+.vol$/) { + die "error: Fileserver partition, /vicep$partition, is not empty.\n"; + } +} +close LS; + +# Prereq: authorization and platform specific objects. my $auth = OpenAFS::Auth::create( 'debug'=>$debug, 'type'=>$kerberos_type, 'cell'=>$cellname, 'realm'=>$kerberos_realm, 'keytab'=>$kerberos_keytab, + 'admin'=>$admin, ); my $os = OpenAFS::OS::create( 'debug'=>$debug, - 'ostype'=>$ostype, ); -# -# Sanity checks before we begin. Make sure we have correct -# binaries, directories, and permissions. -# - -my $bosserver = "$path->{'afssrvsbindir'}/bosserver"; -my $bos = "$path->{'afssrvbindir'}/bos"; -my $fs = "$path->{'afssrvbindir'}/fs"; -my $pts = "$path->{'afssrvbindir'}/pts"; -my $vos = "$path->{'afssrvsbindir'}/vos"; - -check_program($bosserver); -check_program($bos); -check_program($fs); -check_program($pts); -check_program($vos); - - -# -# Sanity check admin username and convert kerberos 5 notation to afs. +#----------------------------------------------------------------------------- +# Prereq: Sanity check admin username and convert kerberos 5 notation to afs. # if ($admin =~ /@/) { die "error: Please specify the username without the realm name.\n"; @@ -420,20 +510,51 @@ if ($admin =~ /@/) { my $username = $admin; $username=~s:/:.:g; # convert kerberos separators to afs separators. -# Shutdown the client and server, if running. +#----------------------------------------------------------------------------- +# Prereq: Save the paths and setup configuration in a form that is easily +# read by the shell scripts. +# +open(CONF, "> dirpath.conf") or die "error: Cannot open file dirpath.conf for writing: $!\n"; +my ($n, $v); +while(($n,$v)=each(%{$path})) { + print CONF "$n=$v\n"; +} +close CONF; +open(CONF, "> run-tests.conf") or die "error: Cannot open file run-tests.conf for writing: $!\n"; + print CONF <<"__CONF__"; +CELLNAME=$cellname +PARTITION=$partition +ADMIN=$admin +KERBEROS_TYPE=$kerberos_type +KERBEROS_REALM=$kerberos_realm +KERBEROS_KEYTAB=$kerberos_keytab +__CONF__ +close CONF; + +unless ($batch) { + my $answer = prompt("Last chance to cancel before setup begins. Continue? (yes/no)", "yes"); + exit(0) unless $answer=~/^y/i; +} + +#----------------------------------------------------------------------------- +# Prereq: Shutdown the client and server, if running. +# run($os->command('client-stop')); run($os->command('fileserver-stop')); +#----------------------------------------------------------------------------- +# Prereq: Verify the server processes are not running. # -# Attempt the client setup for this system before we try to create the cell. -# +foreach my $program ('bosserver', 'ptserver', 'vlserver', 'kaserver', 'fileserver') { + die "error: program is already running, $program\n" if $os->number_running($program); +} + +#----------------------------------------------------------------------------- +# Perform Platform-Specific Procedures $os->configure_client(); -# -# Create the initial server configuration and the server administrator, temporarily running -# with -noauth. -# - +#----------------------------------------------------------------------------- +# WORKAROUND: # bosserver attempts to create the following directories with these limited # permissions. However, bosserver does not create parent directories as needed, so # the directories are not successfully created when they are more than one level @@ -451,158 +572,219 @@ run("chmod 0700 $path->{'afsdbdir'}"); run("chmod 0755 $path->{'afslogsdir'}"); run("chmod 0777 $path->{'viceetcdir'}"); +#----------------------------------------------------------------------------- +# Starting the BOS Server +# +# Start the bosserver and create the initial server configuration. +# Authorization is disabled by the -noauth flag. +# print "debug: Starting bosserver...\n" if $debug; run("$path->{'afssrvsbindir'}/bosserver -noauth"); +if ($unwind) { unwind($os->command('remove', "$path->{'afsconfdir'}/ThisCell")); unwind($os->command('remove', "$path->{'afsconfdir'}/CellServDB")); unwind($os->command('remove', "$path->{'afsconfdir'}/UserList")); unwind($os->command('remove', "$path->{'afsbosconfigdir'}/BosConfig")); unwind($os->command('fileserver-stop')); - -run("$bos setcellname $server $cellname -localauth"); -run("$bos addhost $server $server -localauth"); -run("$bos adduser $server $username -localauth"); - unwind("$bos removeuser $server $username -localauth"); - -# -# Create the AFS KeyFile. (This must be done after bosserver creates the configuration files.) -# -unless ($skip_make_keyfile) { - print "debug: Making the keyfile...\n" if $debug; - $auth->make_keyfile(); } -unless ( -f "$path->{'afsconfdir'}/KeyFile") { - die "You do not have an AFS keyfile. Please create this using asetkey or the bos addkey command.\n"; +sleep(10); # allow bosserver some time to start accepting connections... + +#----------------------------------------------------------------------------- +# Defining Cell Name and Membership for Server Processes +# +run("$bos setcellname $server $cellname -noauth"); +run("$bos addhost $server $server -noauth"); +run("$bos adduser $server $username -noauth"); +if ($unwind) { + unwind("$bos removeuser $server $username -noauth"); } -# make the krb.conf file if the realm name is different than the cell name. -$auth->make_krb_config(); +# WORKAROUND: +# The initial bosserver startup may create CellServDB entry which does +# not match the host name retured by gethostbyaddr(). This entry will +# cause ptserver/vlserver quorum errors and so is removed. +open(HOSTS, "$bos listhosts $server |") or + die "error: failed to run bos listhosts, $?\n"; +my @hosts = ; +close HOSTS; +foreach (@hosts) { + chomp; + if (/^\s+Host \d+ is (.*)/) { + my $host = $1; + print "debug: bos listhosts: host=[$host]\n" if $debug; + if ($host ne $name_from_ip) { + print "debug: removing invalid host '$host' from CellServDB.\n" if $debug; + run("$bos removehost $server $host -noauth"); + } + } +} -# -# Start up the ptserver and vlserver. +#----------------------------------------------------------------------------- +# Starting the Database Server Processes # print "debug: Starting the ptserver and vlserver...\n" if $debug; -run("$bos create $server ptserver simple $path->{'afssrvlibexecdir'}/ptserver -localauth"); +run("$bos create $server ptserver simple -cmd \"$path->{'afssrvlibexecdir'}/ptserver $options_ptserver\" -noauth"); +if ($unwind) { unwind($os->command('remove', "$path->{'afsdbdir'}/prdb.DB0")); unwind($os->command('remove', "$path->{'afsdbdir'}/prdb.DBSYS1")); - unwind("$bos delete $server ptserver -localauth"); - unwind("$bos stop $server ptserver -localauth"); + unwind("$bos delete $server ptserver -noauth"); + unwind("$bos stop $server ptserver -noauth"); +} -run("$path->{'afssrvbindir'}/bos create $server vlserver simple $path->{'afssrvlibexecdir'}/vlserver -localauth"); +run("$bos create $server vlserver simple -cmd \"$path->{'afssrvlibexecdir'}/vlserver $options_vlserver\" -noauth"); +if ($unwind) { unwind($os->command('remove', "$path->{'afsdbdir'}/vldb.DB0")); unwind($os->command('remove', "$path->{'afsdbdir'}/vldb.DBSYS1")); - unwind("$bos delete $server vlserver -localauth"); - unwind("$bos stop $server vlserver -localauth"); - -# -# Start the file server. -# -print "debug: Starting the fileserver...\n" if $debug; -if ($with_dafs) { - run( "$bos create $server dafs dafs ". - "-cmd $path->{'afssrvlibexecdir'}/fileserver $options_fileserver ". - "-cmd $path->{'afssrvlibexecdir'}/volserver $options_volserver ". - "-cmd $path->{'afssrvlibexecdir'}/salvageserver $options_salvageserver". - "-cmd $path->{'afssrvlibexecdir'}/salvager $options_salvager". - "-localauth"); + unwind("$bos delete $server vlserver -noauth"); + unwind("$bos stop $server vlserver -noauth"); } -else { - run( "$bos create $server fs fs ". - "-cmd $path->{'afssrvlibexecdir'}/fileserver $options_fileserver ". - "-cmd $path->{'afssrvlibexecdir'}/volserver $options_volserver ". - "-cmd $path->{'afssrvlibexecdir'}/salvager $options_salvager ". - "-localauth"); + +if ($kerberos_type =~ /kaserver/i) { + print "warning: kaserver is deprecated!\n"; + run("$bos create $server kaserver simple -cmd \"$path->{'afssrvlibexecdir'}/kaserver $options_vlserver\" -noauth"); + if ($unwind) { + unwind($os->command('remove', "$path->{'afsdbdir'}/kaserver.DB0")); + unwind($os->command('remove', "$path->{'afsdbdir'}/kaserver.DBSYS1")); + unwind("$bos delete $server kaserver -noauth"); + unwind("$bos stop $server kaserver -noauth"); + } } - unwind("$bos delete $server fs -localauth "); - unwind("$bos stop $server fs -localauth "); -# -# Create the AFS administrator (with the same name as the server administrator). -# -print "debug: Creating users...\n" if $debug; -sleep(10); # wait to avoid "no quorum elected" errors. +sleep(10); # to allow the database servers to start servicing requests. +#----------------------------------------------------------------------------- +# Initializing Cell Security +# +# Create the AFS administrative account and the AFS server encryption key. +# Make the krb.conf file if the realm name is different than the cell name. + +$auth->make_krb_config(); +$auth->make_keyfile(); +unless ( -f "$path->{'afsconfdir'}/KeyFile") { + die "Failed to create $path->{'afsconfdir'}/KeyFile. Please create this using asetkey or the bos addkey command.\n"; +} + +print "debug: Creating admin user...\n" if $debug; run("$pts createuser -name $username -cell $cellname -noauth"); run("$pts adduser $username system:administrators -cell $cellname -noauth"); run("$pts membership $username -cell $cellname -noauth"); +print "debug: Restarting the database servers to use the new encryption key.\n" if $debug; +run("$bos restart $server -all -noauth"); +sleep(10); # to allow the database servers to start servicing requests. + +#----------------------------------------------------------------------------- +# Starting the File Server, Volume Server, and Salvager # -# Create the root afs volume. -# +print "debug: Starting the fileserver...\n" if $debug; +if ($with_dafs) { + run( "$bos create $server dafs dafs ". + "-cmd \"$path->{'afssrvlibexecdir'}/fileserver $options_fileserver\" ". + "-cmd \"$path->{'afssrvlibexecdir'}/volserver $options_volserver\"". + "-cmd \"$path->{'afssrvlibexecdir'}/salvageserver $options_salvageserver\" ". + "-cmd \"$path->{'afssrvlibexecdir'}/salvager $options_salvager\" ". + "-noauth"); + if ($unwind) { + unwind("$bos delete $server dafs -noauth"); + unwind("$bos stop $server dafs -noauth"); + } +} +else { + run( "$bos create $server fs fs ". + "-cmd \"$path->{'afssrvlibexecdir'}/fileserver $options_fileserver\" ". + "-cmd \"$path->{'afssrvlibexecdir'}/volserver $options_volserver\" ". + "-cmd \"$path->{'afssrvlibexecdir'}/salvager $options_salvager\" ". + "-noauth"); + if ($unwind) { + unwind("$bos delete $server fs -noauth"); + unwind("$bos stop $server fs -noauth"); + } +} + +# Create the root.afs volume. print "debug: Creating root.afs volume...\n" if $debug; run("$vos create $server $partition root.afs -cell $cellname -noauth"); +if ($unwind) { unwind($os->command('remove', "$partition/AFSIDat ")); unwind($os->command('remove', "$partition/V*.vol")); unwind($os->command('remove', "$partition/Lock")); - unwind("$vos remove $server $partition root.afs -cell $cellname -noauth"); + unwind("$vos remove $server $partition root.afs -cell $cellname -localauth"); +} -# The initial configuration is done, turn on authorization checking. -#run("$bos setauth $server -authrequired on -cell $cellname -localauth"); -# unwind("$bos setauth $server -authrequired off -cell $cellname -localauth"); - - -# -# Bring up the AFS client. +#----------------------------------------------------------------------------- +# Installing Client Functionality # print "debug: Starting the OpenAFS client...\n" if $debug; run($os->command('client-start')); +if ($unwind) { unwind($os->command('client-stop')); +} -# # Run as the administrator. -# -$auth->authorize($admin); +$auth->authorize(); +#----------------------------------------------------------------------------- +# Configuring the Top Levels of the AFS Filespace # -# Create the root cell volumes, read-only and read-write. -# -print "debug: Creating the root volumes...\n" if $debug; +print "debug: Creating the volumes...\n" if $debug; run("$fs setacl /afs system:anyuser rl"); -run("$vos create $server $partition root.cell -localauth"); +run("$vos create $server $partition root.cell"); +if ($unwind) { unwind("$vos remove $server $partition root.cell -localauth"); +} run("$fs mkmount /afs/$cellname root.cell -cell $cellname -fast"); +if ($unwind) { unwind("$fs rmmount /afs/$cellname"); +} run("$fs setacl /afs/$cellname system:anyuser rl"); run("$fs mkmount /afs/.$cellname root.cell -cell $cellname -rw"); +if ($unwind) { unwind("$fs rmmount /afs/.$cellname"); +} -#run("$fs mkmount /afs/.root.afs root.afs -rw"); -# unwind("$fs rmmmount /afs/.root.afs"); +run("$fs examine /afs"); +run("$fs examine /afs/$cellname"); + +run("$vos addsite $server $partition root.afs"); +run("$vos addsite $server $partition root.cell"); +run("$vos release root.cell"); +run("$vos release root.afs"); + +run("$fs checkvolumes"); # so client notices the releases +print "debug: the following should show root.afs.readonly\n" if $debug; +run("$fs examine /afs"); +print "debug: the following should show root.cell.readonly\n" if $debug; +run("$fs examine /afs/$cellname"); +print "debug: the following should show root.cell\n" if $debug; +run("$fs examine /afs/.$cellname"); -# # Create some volumes in our new cell. -# print "debug: Creating the test volumes...\n" if $debug; -mkvol("user", "/afs/$cellname/user", $server, $partition); -mkvol("service", "/afs/$cellname/service", $server, $partition); -mkvol("unrep", "/afs/$cellname/unreplicated", $server, $partition); +mkvol("user", "/afs/.$cellname/user", $server, $partition); +mkvol("service", "/afs/.$cellname/service", $server, $partition); +mkvol("unrep", "/afs/.$cellname/unreplicated", $server, $partition); +mkvol("rep", "/afs/.$cellname/replicated", $server, $partition); -# make a read-only volume -mkvol("rep", "/afs/$cellname/.replicated", $server, $partition); -run("$fs mkmount /afs/$cellname/replicated rep.readonly"); -run("$vos addsite $server $partition rep -localauth"); -run("$vos release rep -localauth"); - unwind("$vos remove $server $partition rep.readonly -localauth"); +run("$vos addsite $server $partition rep"); +if ($unwind) { + unwind("$vos remsite $server $partition rep"); +} +run("$vos release rep"); +run("$fs mkmount /afs/.$cellname/.replicated rep -rw"); +run("$fs setacl /afs/.$cellname/.replicated system:anyuser rl"); - -# -# Create readonly volumes of our roots. -# -run("$vos addsite $server $partition root.afs -localauth"); -run("$vos addsite $server $partition root.cell -localauth"); -run("$vos release root.afs -localauth"); -run("$vos release root.cell -localauth"); - unwind("$vos remove $server $partition root.cell.readonly -localauth"); - unwind("$vos remove $server $partition root.afs.readonly -localauth"); +# Show the new volumes in the read-only path. +run("$vos release root.cell"); # done. @unwinds = (); # clear unwinds +print "info: DONE\n"; END { - if (!$dont_unwind && scalar @unwinds) { + if ($unwind && scalar @unwinds) { print "\ninfo: Error encountered, unwinding...\n"; while (@unwinds) { eval { diff --git a/src/tests/afs-rmcell.pl b/src/tests/afs-rmcell.pl index 7e0550fae0..92d8c69e7c 100644 --- a/src/tests/afs-rmcell.pl +++ b/src/tests/afs-rmcell.pl @@ -65,10 +65,12 @@ unless ($partition_id=~/^(([a-z])|([a-h][a-z])|([i][a-v]))$/) { unless ($batch) { my $rl = new Term::ReadLine('afs-rmcell'); - print "\n*** WARNING!! WARNING!! WARNING!! *** \n"; - print "You are about to permanently DESTROY the OpenAFS configuration, database, and volumes on this machine!\n\n"; - my $answer = $rl->readline("Do you really want to destroy the AFS cell data? (y/n) [n] "); - unless ($answer=~/^y/i ) { + print "\n*** WARNING !! WARNING !! WARNING !! *** \n\n"; + print "You are about to permanently DESTROY the OpenAFS\n"; + print "configuration, databases, and volumes on this machine!\n"; + my $answer = $rl->readline("Do you really want to destroy the AFS cell? (destroy/no) [no] "); + unless ($answer eq "destroy" ) { + print "info: must answer 'destroy' to continue.\n" if $answer!~/^n/i; print "info: Aborted.\n"; exit 0; } @@ -87,6 +89,8 @@ $os->remove("$path->{'afsdbdir'}/prdb.DB0"); $os->remove("$path->{'afsdbdir'}/prdb.DBSYS1"); $os->remove("$path->{'afsdbdir'}/vldb.DB0"); $os->remove("$path->{'afsdbdir'}/vldb.DBSYS1"); +$os->remove("$path->{'afsdbdir'}/kaserver.DB0"); +$os->remove("$path->{'afsdbdir'}/kaserver.DBSYS1"); $os->remove("$path->{'afsbosconfigdir'}/BosConfig"); $os->remove("$path->{'afslogsdir'}/*"); $os->remove("$path->{'afslocaldir'}/*"); @@ -95,6 +99,8 @@ $os->remove("$path->{'afsconfdir'}/ThisCell"); $os->remove("$path->{'afsconfdir'}/CellServDB"); $os->remove("$path->{'afsconfdir'}/KeyFile"); $os->remove("$path->{'afsconfdir'}/krb.conf"); +$os->remove("$path->{'afsddir'}/ThisCell"); +$os->remove("$path->{'afsddir'}/CellServDB"); $os->remove("/vicep$partition_id/AFSIDat "); $os->remove("/vicep$partition_id/V*.vol"); $os->remove("/vicep$partition_id/Lock"); diff --git a/src/tests/run-tests.in b/src/tests/run-tests.in index 600e038b3b..c5bff28abe 100755 --- a/src/tests/run-tests.in +++ b/src/tests/run-tests.in @@ -8,10 +8,13 @@ if test -f dirpath.conf; then . dirpath.conf else echo "error: Missing dirpath.conf file, try make dirpath.conf" + exit 1 fi -if test -f run-test.conf; then - . run-test.conf +if test -f run-tests.conf; then + . run-tests.conf +else + echo "warning: Missing run-tests.conf, using default values." fi @@ -372,6 +375,12 @@ objdir=`cd $objdir; pwd` export srcdir export objdir +# login +if [ "$KERBEROS_TYPE" != "kaserver" ] ; then + kinit -k -t $KERBEROS_KEYTAB $ADMIN || exit 1; + $afswsbindir/aklog -d -c $CELLNAME || exit 1; +fi + echo "-------------------------------------------------" echo "$PACKAGE-$VERSION" echo "hosttype $host" @@ -401,6 +410,10 @@ for a in $RUNTESTS; do else b="${objdir}/$a" fi + if test "`echo $a | cut -c1`" = "#" ; then # tests to skip + echo "Skipping $a" + continue + fi echo "Running $a" test "X$VERBOSE" != "X" && echo "Running test $a ($b)." if test "$a" = "setgroups" ; then