Maybe useful command, found in a 1995 REXX script of mine. kas setfields -name joeblow -pwexpires 186 -reuse no -attempts 5 -locktime 25 -admin admin -password whatever but kas setfields -name admin -pwexpires 186 -reuse no -admin admin -password whatever ------------------------------------------------------------------------------- On 2-15-2001, I registered at the Transarc/IBM site (http://www.transarc.ibm.com) in order to download the latest AFS 3.6 patch, using userid=rickjas and my standard Internet password. (Different now. try jasper2 ...) I got a 2,730,828 byte file called rs_aix42.tar.gz, which expanded to a 24,930,304 byte tar file, which I un-tar'd into the /afs/d/software/fixes/AFS_3.6_Patch_1 directory. This created 29 files in the bin directory. 30 files in the etc directory. 143 files in the include directory. 47 files in the lib directory. 14 files in the root.client directory. 32 files in the root.server directory. I didn't do anything with this, though. ------------------------------------------------------------------------------- On 5-7-2002, I got patch level 4, which supports AIX v5L, which I unzipped into the /afs/d/software/fixes/AFS_3.6_Patch_4 directory. I didn't do anything with this either, though. I also saved the README at http://w3/~jasper/afs36.patch4.readme.html Transarc's full, online AFS publications can be found at http://www.transarc.ibm.com/Library/documentation/afs_doc.html You'll need to authenticate using rickjas/-1. ------------------------------------------------------------------------------- On 6-27-2002, I went to http://www.transarc.ibm.com again to download the latest AFS patch, patch 5, because after applying service to my AIX 4.3 system, AFS integrated login quit working. One reason was some update to bos.rte.security reverted the /usr/lib/security/methods.cfg back to its original state! How stupid! This wiped out our mod to that file to allow AFS logins. But even so, this didn't work again until I updated AFS. (is this really true, Rick? bear experience says yes ??) (Yes, it really is true. penguin confirms this) To find the right page, 1) Click on the "Downloads" button on the upper right hand side of the Transarc home page. 2) Click on "AFS" under the MENU on the right, 3) Follow the "AFS v3.6 Patches Release" link, The http://www.transarc.ibm.com/Downloads/afs36/index.htm page talked about AFS 3.6 Patch 5 -- Base Configuration 2.38 -- June, 2002, with a README link (http://www.transarc.ibm.com/Support/afs/readmes/afs36.patch5.readme.html) and a download link at https://www6.software.ibm.com/dl/afs36/afs36-p. Curious it was https 'cause this page asked for your userid (rickjas) and password (see above). A few more links and it then asked me again for my userid/password for www6.software.ibm.com (the same). I then finally got to ftp://fsprodww:u36di7vb@207.25.253.61/afs/3.6.patches/rs_aix43.tar.gz This got me a 8,875,695 byte file called rs_aix43.tar.gz, which I attempted to download to the /afs/d/software/AFS_3.6_Patch_5 directory, but I got errors cd /afs/d/software/AFS_3.6_Patch_5 gzip -d < ~/rs_aix43.tar.gz | tar xf - Downloaded again, this time getting 8,878,639 bytes and it worked ok. There are 13 interesting client files under the root.client/usr/vice/etc directory, which get copied to the /usr/vice/etc directory on your client machine. To install these fixes, as root with AFS up (obviously), mv -f /usr/vice/etc/afsd /usr/vice/etc/afsd-old mv -f /usr/vice/etc/afs_dynamic_auth /usr/vice/etc/afs_dynamic_auth-old # cd /afs/d/software/fixes/AFS_3.6_Patch_5/root.client/usr/vice/etc # cd /afs/d/software/fixes/AFS_3.6_Patch_7/root.client/usr/vice/etc cd /afs/d/software/fixes/AFS_3.6_Patch13_for_AIX_5.2/root.client/usr/vice/etc cp -p afs* curpag /usr/vice/etc cp -p C/* /usr/vice/etc/C cp -p dkload/* /usr/vice/etc/dkload Note: /usr/vice/etc/afsd is normally running and /usr/vice/etc/afs_dynamic_auth might be active as well, and since you cannot copy the new programs over the top of the running ones, we renamed the old ones first. Then reboot. Or if you don't have AFS running, you can do it this way. As root on the machine you want to update AFS on, d=/afs/d/software/fixes/AFS_3.6_Patch11_for_AIX_5.2/root.client/usr/vice/etc cd /usr/vice/etc scp -p root@jasper:$d/afs* . scp -p root@jasper:$d/curpag . scp -p root@jasper:$d/C/* C scp -p root@jasper:$d/dkload/* dkload Then /etc/rc.afs or reboot to start AFS. One interesting thing with this level of AFS, your @sys variable gets set to rs_aix43 by default (verified by a fs sysname command). I had to create and initialize the /afs/d/rs_aix43 directory. See my README in /afs/d/rs_aix43. ------------------------------------------------------------------------------- This is my README from the /afs/d/software/fixes/AFS_3.6_Patch_5_for_Windows directory, The i386_nt40.zip file in this directory contains fixes for AFS for Windows, downloaded from IBM's http://www.transarc.ibm.com web site on June 27, 2002. W A R N I N G !!!!! When I installed this on my machine, the AFS Client binary, that nice, little program sitting on the icon tray on the bottom right of your screen, with a padlock for an icon, got erased. It wasn't the case that just the option to display/run it or not got reset, the binary itself was erased. So, I suggest first squirreling that thing away so you can restore it afterwards. To install the fixes, 1) Save a copy of afscreds.exe. From a DOS window, cd \Program Files\IBM\AFS\Client\Program or perhaps for your machine, cd \Program Files\AFS\Client\Program copy afscreds.exe afscreds.sav 2) Unzip the zip file you'll find in this directory, putting the files into a local directory on your Windows machine, 3) Run setup. 4) It will want to reboot your machine, but before you do, check on that afscreds.exe program, restoring it if necessary. cd \Program Files\IBM\AFS\Client\Program or cd \Program Files\AFS\Client\Program, if this is what you did before copy afscreds.sav afscreds.exe 5) Reboot Windows. ------------------------------------------------------------------------------- For some AFS Admin hints, see http://www.transarc.ibm.com/Support/afs/admin.html Especially the "Changing the IP Address of an AFS Server or Client" link to http://www.transarc.ib.mcom/Support/afs/admin/change_ip.html ------------------------------------------------------------------------------- In afs1's root's crontab, I do a nightly vos backupsys, which creates the *.backup volumes for all AFS volumes. This enables users to always be able to look at yesterday's files by mounting their .backup volume, like so /local/bin/fs mkm Yesterday u.jasper.backup Yesterday's files will by in the new Yesterday directory. It would be nice, but not required, to remove the mount point after you use it, like so /local/bin/fs rmm Yesterday ------------------------------------------------------------------------------- Bob Oesterland keeps the AFS code in /afs/rchland.ibm.com/usr3/rgo/newafs, at least as of 9/97. See the AFS FORUM for the latest details. ------------------------------------------------------------------------------- The template for new userids is in /afs/alm/common/uss/uss.template. ------------------------------------------------------------------------------- As Rick Haeckel found out on 5/4/1999, a privileged userid needs 3 things in order to be able to add ids, create volumes, etc. 1) The admin flag on in kas. To see, kas exa adminraj. The first line will be User data for adminraj (ADMIN) To set, kas setfields jasper -flags ADMIN -admin adminraj -pass your-pw To unset, kas setfields jasper -flags NOADMIN -admin adminraj -pass your-pw 2) A member of system:administrators To see, pts mem system:administrators To add, pts add jasper system:adminstrators To remove, pts remove jasper system:adminstrators 3) Inclusion in the file, /usr/afs/etc/UserList on all AFS servers. To check or modify, do so on the AFS server running the upserver process. On 5/4/1999, this was elm. On 10/13/1999, this was ash. The change will get propogated to the other AFS servers within 5 minutes. ------------------------------------------------------------------------------- To see what version of the AFS client code you're running, type what /usr/vice/etc/afsd | grep 'Base' It'll return something like Base configuration afs3.4 4.36 or Base configuration afs3.6 2.38 or Base configuration afs3.6 2.55 (for AIX 5.2 machines) (or see which version see which level see what level) ------------------------------------------------------------------------------- Bob Oesterland has the afs code in /afs/rchland.ibm.com/rs_aix41/dev/afs34. ------------------------------------------------------------------------------- AFS is from Transarc, afs-sales@transarc.com, 1-412-338-4400. ------------------------------------------------------------------------------- To see what server a file system is on, fs whereis . eg, jasper's home directory "is on host WILLOW.ALMADEN.IBM.COM" ------------------------------------------------------------------------------- To see what volume a directory is on, fs listvol /afs/.almaden.ibm.com/wsadmin You can then do a vos release on it by first getting the admin token, ksh pagsh klog admin vos release wsadmin ------------------------------------------------------------------------------- To use the quota-tool, klog admin cd /afs/alm/ais/afsadmin/db quota-tool ------------------------------------------------------------------------------- The normal AIX command groups, returns a line like 33536 32517 staff. The first few numbers are "Process Authentication Groups", an AFS concept. The rest of the line is the normal groups one can find defined in etc/group. ------------------------------------------------------------------------------- There are 7 access rights in an ACL, read, lookup, insert, delete, write, lock (k), and adminster. These form the sequence, rlidwka. There are also 4 commonly used shorthand forms of these rights: - write = All rights except adminster (rlidwk). - read = Read and lookup (rl). - all = All rights (rlidwka). - none = No rights. This removes the entry from the ACL. ------------------------------------------------------------------------------- To determine if a particular action is allowed on a file, AFS first looks at ACL. If the action is disallowed, it's disallowed. Period. If it's allowed, AFS then looks at the standard UNIX *owner* permissions (the first set of permissions triplets you see from the ls command). If the action is allowed, then AFS permits the action. If not, the action is disallowed. For example, even if the ACL permits jasper to write a file, if the ls command shows -r--r--r--, jasper can't write to it. Note that even if the permissions are -r--rw-rw-, jasper can't write to it. The group and other triplets are ignored by AFS. ------------------------------------------------------------------------------- The two "command suites" are fs & pts. fs help or pts help will get you an abbreviated list of the "operation codes" in each suite. - fs stands for "File Server" and has 35 operation codes (subcommands) eg, to let any authorized afs user read a directory, fs sa -d htdocs -a system:authuser rl But this isn't what I wanted, so to remove the above, fs sa -d htdocs -a system:authuser none - pts stands for "ProTection Server" and has 15 subcommands. ------------------------------------------------------------------------------ Two questions. Since the 7 access rights don't address the execute permission at all, how is that handled? Is just the owner's x-bit looked at (perhaps reading more into their "the owner mode bits are the only ones of consequence inside AFS" than they intended, or are all the x-bits looked at? I forgot the other question. ------------------------------------------------------------------------------ To authenticate to another AFS user temporarily, most commonly to get the admin token, first pagsh, then klog admin. E.G. pagsh -c /bin/ksh ------------------------------------------------------------------------------ The list of AFS userids are found in /afs/almaden.ibm.com/common/uss/uid.list or by kas list. ------------------------------------------------------------------------------ One day, I cd htdocs and did a fs sa -d . -clear. This cleared all the permissions, preventing me from doing any more fs sa to try to restore them. I had to back out of that directory (cd) and then fs sa -d htdocs -a aix_support rl jasper rlidwka afsback rl to recover. Dale says the owner can always change the permissions for a directory. ------------------------------------------------------------------------------ The following was gleamed from /afs/alm/rcf/desktop/igor/rel/Tools/DataVault/YesterdaysHomeFiles. To see yesterday's files, mount the nightly AFS backup via fs mkmount Old user.jasper.backup. fs lsmount Old will show either fs: File 'Old' doesn't exist or 'Old' is a mount point for volume '#user.jasper.backup' Everything will be under the Old directory. Unmount it when you're done with a fs rmmount Old. ------------------------------------------------------------------------------ These are Rick's notes on adding a new AFS volume. Create a new AFS volume for polyfem group as /afs/alm/sst/web with an initial quota of 50mb. I had to add the volume to Dale's database. vos create [-Server] cedar [-Partition] vicepa [-NAme] dept.sst.web cd /afs/.almaden.ibm.com/sst fs mkm[ount] [-dir] web [-vol] dept.sst.web chown 13720 web /* afs id of polyfem */ chgrp staff web fs setq web 50000 fs sa web polyfem all system:administrators none I used Dale's script in /afs/alm/rcf/afsadmin/db to add the volume to the afs_volumes database daa afs_volumes dept.sst.web and then answer the yes/no questions and entered: dept.sst.web dept.sst.web polyfem K19A 50000 2 cedar a ------------------------------------------------------------------------------ On 10/14/1999, Greg Wallraff noticed his AFS volume wasn't there. A vos listvldb user.gmwall command, showed me his volume is on willow's partition h (viceph). A vos listvldb -server willow -partition h command showed me there were 5 other volumes on that server & partition. dept.pst.k31 dummy.willow.viceph user.gmwall user.gmwall.extra user.k54sec user.schiefer and none of them were available. Logging onto willow, I noticed it had crashed on 10/10/1999 at 2 am. There's a /usr/afs/logs/SalvageLog that shows the salvager running when the system rebooted, but it didn't show anything interesting. If you ls -l /viceph, you see along with the normal V[0-9]*.vl files (which must be the volumes?), there was a -rw-r--r-- 1 root sys 151552 Oct 12 02:21 salvage.inodes.lv08.14194 file. Interesting. To run salvage on an AIX server, unless you specify server, partition, AND volume, the file server "hangs" or "pauses" while the salvage is happening. So you want to specify all three. For example, bos salvage -server willow -partition viceph -volume user.gmwall -localauth So, I typed for i in user.gmwall.extra user.k54sec user.schiefer dept.pst.k31 dummy.willow.viceph do echo bos salvage -server willow -partition viceph -volume $i -localauth done and everything got fixed and all volumes came back fine. ------------------------------------------------------------------------------- On 10-30-2000, I called Jay Yi in Santa Teresa (463-4477) and got his copy of the latest AFS 3.6 code directly from the Santa Teresa AFS tree at /afs/stllp.sanjose.ibm.com/rs_aix42/usr/afsws36 ------------------------------------------------------------------------------- To create a new userid at Delphion, - Logon to root on afs1, - klog admin (1adapter) to authenticate yourself so you can write into /afs/.d/common - cd /afs/.d/common/uss - USER=azam - Find the next unused userid number, by adding one to the last used one. e.g. pts liste | grep 160 You'll add one to that last number, for the new userid, eg if 16015, then you'll use 16016. - cp bulk-add-template $USER - vi $USER and update - userid => the new userid you want to add - Person's Name => First and Last Name - uid # => The userid number from above (16004 in our example) - uss bulk $USER -admin admin -dryrun To test it, or - uss bulk $USER -admin admin To really add it. This will - Add the $USER userid to the kas and pts databases, - Set its initial password to new4now, - Create a u.$USER AFS volume, - Mount it at /afs/.delphion.com/u/$USER, - chown the mount point to $USER, - Set the disk quota to 150 MB, - Set the initial permissions correctly, - Copy over a default .profile & .kshrc, - Create a public_html directory and empty index.html, - Create a 1-liner file in the newaccts directory called etc.passwd.entry_$USER, containing e.g. azam:*:16004:1:Mohammed Azam:/u/azam:/bin/ksh Things still to do, - kas setf $USER -lifetime 768:00 -pwexpires 0 -admin admin - vos release root.cell - Add this userid to whatever groups are appropriate. Use pts liste -groups to see a list of all defined AFS groups. As of 2-20-2001, the only active groups were develop and system:administrators (very restricted). To add the user to a group. pts add $USER develop - Add $USER to common password file, cp -p passwd passwd.save cat newaccts/etc.passwd.entry_$USER passwd.save | sort -u > passwd - If you want to logon to it immediately, as root on the AIX system, /local/bin/UpdateSSIConfig Otherwise it'll be propogated to all systems within 15 minutes. ------------------------------------------------------------------------------- To install AFS on an AIX machine at Delphion, As root on the target machine, find a file system with 3 MB free, and cd there, for example, - cd /tmp ftp these two files from a machine with AFS on it, for example, ftp jasper get /afs/d/software/base/AFS_3.6/afsinstall.sh afsinstall.sh get /afs/d/software/base/AFS_3.6/afsclient-42.tar afsclient-42.tar quit chmod +x afsinstall.sh ./afsinstall.sh afsclient-42.tar When done, rm afsinstall.sh afsclient-42.tar This will install AFS, attempts to link in /local, and start AFS. Verify the /local link got installed, as it won't override a local /local file system for example. ls -l /local - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - To configure Integrated login - vi /etc/security/login.cfg (If a pre-AIX 4.3.3 system), - vi /usr/lib/security/methods.cfg (If an AIX 4.3.3 system), and modify and/or add these 5 lines at the bottom. DCE: program = /usr/vice/etc/afs_dynamic_auth AFS: program = /usr/vice/etc/afs_dynamic_auth Note: When modifying any of these files, do not add comments even though it appears that comments are ok because there are some at the beginning. Comments in the middle of these files, screw things up! - vi /etc/security/user - Change the SYSTEM line in the "default" stanza from SYSTEM = "compat" to SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])" - Also add a registry = DCE line to the "default" stanza (not AFS like you might think). - For all userids that you want to be able to login using a normal, local AIX password (i.e. encrypted password in /etc/security/passwd), override the changes to the default stanza you just made by adding these two lines in their stanza. SYSTEM = "compat" and registry = files At a minimum, this will include the root user (otherwise you'll be unable to authenticate as root!!), but may include other ids as well. - Add the following line to all the other, non-default stanzas registry = files This is to fix the lsuser command, else smitty user admin-type things won't work. It also fixes things when a rmuser command fails with this message, 3004-696 Error removing "inst1". which took an hour of head-banging-against-the-wall to remember. ------------------------------------------------------------------------------- To get the common password file, first check the existing /etc/passwd file and try to reduce it as much as possible, removing unnecessary ids (always a good idea to clean up junk), but also resolve any conflicts with exsting AFS ids. When there are no (more) conflicts, then - cp -p /etc/passwd /etc/passwd.noafs touch 0422123497 /etc/passwd /local/bin/UpdateSSIConfig If you get the message ksh: /local/bin/UpdateSSIConfig: not found. then check to insure /usr/bin/perl exists. If it doesn't, then you need to install the perl.rte fileset from either the AIX install CD, or simpler, from /afs/d/software/base/AIX.4.3.3 - crontab -e To add these lines, # # Check for new AFS userids and update my /etc/passwd file. 5,20,35,50 * * * * /afs/delphion.com/@sys/local/bin/UpdateSSIConfig ------------------------------------------------------------------------------- To create a new AFS volumes, - Be klog'd as a system admin (e.g. admin, jasper, rebecca, bruce, cht) Please follow the rule that all volume names must equal their mount points, with slashes in the mount point, substituted with periods in the volume name. E.G. /afs/d/FakeDFS/images is a mount point for volume FakeDFS.images Also, do not define more than one mount point per AFS volume. To create the volume, - vos create afs1 a To give it a mount point, - fs mkm /afs/.d/new/volume/name new.volume.name New AFS volumes have an initial quota of only 5000 (5 MB). To increase it, - fs sq /afs/.d/new/volume/name new-quota New AFS directories, inherit their initial permissions from their parent directory, but this rule does not cross AFS volume boundaries. The only ACL that new AFS volumes get by default, is system:administrators rlidwka You may want to initialize the ACLs on your new AFS volume, before you start populating it with data. - fs sa /afs/.d/new/volume/name If necessary, - vos release ------------------------------------------------------------------------------- To get a cron job to run with AFS credentials, create your script with #!/usr/afsws/bin/pagsh in line 1, then klog from some password file that you can read. For example, /local/bin/klog -principal kevin -password $(cat /u/kevin/.private/afs_password) Doing it the way I had originally tried, with #!/bin/ksh in line 1 (I always start scripts this way!), and having a /local/bin/pagsh, THEN klog-ing, fails. ------------------------------------------------------------------------------- I've got the Delphion AFS being backed up nightly from reindeer (the ADSM/TSM server). To restore, tn reindeer and login as root dsmc which is set up to look at the AFS backups by default. To query a file, q backup /afs/delphion.com/FakeDFS/ips/converters/xml2db.sh or if this gives you ANS1092E No files matching search criteria were found then try q backup /afs/delphion.com/FakeDFS/ips/converters/xml2db.sh -inactive To restore, restore /afs/delphion.com/FakeDFS/ips/converters/xml2db.sh /xml2db.sh or restore /afs/delphion.com/FakeDFS/ips/converters/xml2db.sh /xml2db.sh -inactive If you get messages when restoring like so, ** Interrupted ** ANS1114I Waiting for mount of offline media. ANS4035W File '/xml2db.sh' currently unavailable on server. the tape the file is on, must not be in the server or something else is wrong. Contact somebody that knows what they're doing (Mike Crom or Rick Jasper). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - One thing I haven't automated (yet) is the updating of the afs.dsm.opt file. It lists all the directories I want to back up, which means it has to be updated as new directories are created. The normal AIX file backups on reindeer are done using a different dsm.opt file, i.e. /usr/bin/dsmc incr -optfile=/usr/tivoli/tsm/client/ba/bin/normal.dsm.opt which means to restore normal AIX files on reindeer, you need to call dsmc like this. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Normally, the root.afs volume does not have a mount point, so if you wanted to modify something under the root /afs directory, you have to play games, creating a temporary mount point somewhere, making the changes you want there, then removing that temporary mount point. Something like this from your home directory for example, fs mkm AFS_root root.afs cd AFS_root Make your changes, then cd .. fs rmm AFS_root For the record, fs lsm /afs/delphion.com '/afs/delphion.com' is a mount point for volume '#root.cell' #=R/O and fs lsm /afs/.delphion.com '/afs/.delphion.com' is a mount point for volume '%root.cell' %=R/W You get this R/W mount point by using the -RW option to the fs mkm command. fs mkmount /afs/.delphion.com root.cell -rw There are 2 AFS mount points (directories) & 4 convenience links under /afs (root.afs), drwxrwxrwx 6 root system 2048 Dec 04 21:50 .delphion.com drwxrwxrwx 6 root system 2048 Dec 04 21:50 delphion.com lrwxr-xr-x 1 daemon system 13 Nov 16 2000 .d -> .delphion.com lrwxr-xr-x 1 daemon system 13 Oct 20 2000 .delphion -> .delphion.com lrwxr-xr-x 1 daemon system 12 Nov 16 2000 d -> delphion.com lrwxr-xr-x 1 daemon system 12 Oct 20 2000 delphion -> delphion.com There are 10 AFS mount points, 4 real directories & 1 link under /afs/d (root.cell), drwxrwxrwx 7 rebecca system 2048 Nov 18 09:52 FakeDFS drwxrwxrwx 5 jasper system 2048 Oct 31 2000 afsdoc drwxr-xr-x 2 root system 2048 Dec 04 21:13 alm <-- Real Directory drwxrwxrwx 6 root system 2048 Jun 16 10:22 bigtmp drwxr-xr-x 3 jasper system 2048 Nov 16 2000 common <-- Real Directory lrwxr-xr-x 1 jasper system 7 May 05 2003 dfs -> FakeDFS drwxrwxrwx 9 root system 6144 Dec 08 16:40 fami drwxrwxrwx 10 root system 2048 Aug 14 16:52 projects drwxrwxrwx 3 root sys 2048 Nov 19 2000 rs_aix41 drwxrwxrwx 2 root system 2048 Nov 20 2000 rs_aix42 drwxrwxrwx 3 root system 2048 Jun 27 2002 rs_aix43 drwxrwxrwx 7 jasper system 2048 Dec 05 10:10 servers drwxr-xr-x 3 jasper staff 2048 Jul 03 2001 software <-- Real Directory drwxrwxrwx 2 root system 2048 Dec 04 20:48 u <-- Real Directory drwxrwxrwx 7 jasper system 2048 Jul 18 09:46 w3 In those 4 real directories, are alm/afs alm/dfs common <- Real data, no mount points. software/base software/fixes u/* <- 41 user directories as of 12-9-2003. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - On December 4, 2003, we had a mini-disaster where portions of AFS was wiped out by a rogue script. For the 18 AFS volumes affected, virtually all the files and directories were wiped out. The exception was my home directory, where only a third of my stuff was erased before the script was cancelled. The problem was, how best to restore the files from the nightly backupsys done on AFS every day at 3 AM. I could and did just mount the backup volume somewhere and cp -pRh all the files over, but this had two problems, * it didn't pick up hidden files, * it reset the timestamps on links, and * it didn't preserve AFS ACLs. The tar command had the same shortcomings. Best I decided, was to pipe a "vos dump" of the backup volume, directly to a "vos restore" command. It all boiled down to doing this for the 18 affected volumes, vos rename u.eric u.eric.bex vos dump u.eric.bex.backup | vos restore afs1 a u.eric The convenient one-liner was a=u.eric;vos rename $a $a.bex;vos dump $a.bex.backup | vos restore afs1 a $a The above worked like a champ, but there were problems later on the client machines in seeing the newly-restored volumes, having to do with AFS caching. I don't understand it. At times machines cleared up on their own, perhaps due to * elapsed time, * all usage (e.g. cd's) of the directory on the machine ended, * vos release root.cell * the AFS cache getting used enough to get the bad data flushed * or we rebooted the system. Even the next day, there were still AFS caching problems, but then we had a convenient power outage at 1PM, so all machines got rebooted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - On December 9, 2003, we had another power outage and AFS's salvage at restart took a very long time. When it was done, there were still problems. A ls -l /afs/ took too long and produced this message, ls -l /afs/ ls: 0653-341 The file /afs/.delphion.com does not exist. total 12 lrwxr-xr-x 1 daemon system 13 Nov 16 2000 .d -> .delphion.com lrwxr-xr-x 1 daemon system 13 Oct 20 2000 .delphion -> .delphion.com lrwxr-xr-x 1 daemon system 12 Nov 16 2000 d -> delphion.com lrwxr-xr-x 1 daemon system 12 Oct 20 2000 delphion -> delphion.com drwxrwxrwx 6 root system 2048 Dec 04 21:50 delphion.com Digging further, vos listvldb root.cell root.cell RWrite: 536870915 ROnly: 536870916 Backup: 536870917 number of sites -> 2 server afs1.delphion.com partition /vicepa RW Site server afs1.delphion.com partition /vicepa RO Site Which looked normal, but a vos examine showed otherwise vos examine root.cell **** Could not attach volume 536870915 **** RWrite: 536870915 ROnly: 536870916 Backup: 536870917 number of sites -> 2 server afs1.delphion.com partition /vicepa RW Site server afs1.delphion.com partition /vicepa RO Site So I ran a salvage on root.cell,which took a few minutes, bos salvage afs1 a root.cell bos.salvage.root.cell -localauth Starting salvage. bos: waiting for salvage to complete. bos: waiting for salvage to complete. ... bos: salvage completed But it was still bad. The bos.salvage.root.cell showed SalvageLog: @(#)Base configuration afs3.6 2.3 12/10/2003 09:17:48 STARTING AFS SALVAGER 2.4 (/usr/afs/bin/salvager /vicepa 536870915) 12/10/2003 09:24:11 CHECKING CLONED VOLUME 536870917. 12/10/2003 09:24:11 root.cell.backup (536870917) updated 12/04/2003 21:50 12/10/2003 09:24:11 CHECKING CLONED VOLUME 536870916. 12/10/2003 09:24:11 Duplicate special inodes in volume header; salvage of volume 536870916 aborted 12/10/2003 09:24:11 SALVAGING VOLUME 536870915. 12/10/2003 09:24:11 Duplicate special inodes in volume header; salvage of volume 536870915 aborted 12/10/2003 09:24:11 Duplicate special inodes in volume header; salvage of volume 536870915 aborted 12/10/2003 09:24:11 Volume header salvage was unsuccessful: read-write volume 536870915 Salvage of volume 536870915 aborted ------------------------------------------------------------------------------- AFS Server Port Usage lsof -i -n | grep afs fileserve 16542 root 5u IPv4 0x70602800 0t0 UDP *:afs3-fileserver 7000 ptserver 3996 root 3u IPv4 0x70656700 0t0 UDP *:afs3-prserver 7002 vlserver 11210 root 3u IPv4 0x70622200 0t0 UDP *:afs3-vlserver 7003 kaserver 16284 root 5u IPv4 0x70674d00 0t0 UDP *:afs3-kaserver 7004 volserver 17564 root 4u IPv4 0x70616b00 0t0 UDP *:afs3-volser 7005 bosserver 17054 root 3u IPv4 0x70646900 0t0 UDP *:afs3-bos 7007 upserver 6248 root 3u IPv4 0x70641c00 0t0 UDP *:afs3-update 7008 ------------------------------------------------------------------------------- In my programming_opportunities file dated August 5, 1997 , I had - Write a program that will read a new CellServDB and verify there's a mount point for each cell under /afs. For all changes, create a script that will cd /afs/.almaden.ibm.com/common fs mkm temp root.afs cd temp Then, for each new cell, fs mkm root.cell -c and add their database server(s) into each client's /usr/vice/etc/CellServDB. And for each removed cell, fs rmm and remove their database server(s) from each client's /usr/vice/etc/CellServDB. Then, cd .. fs rmm temp vos release root.afs fs checkv ------------------------------------------------------------------------------- On 1-31-2005, I downloaded AFS Patch 11 for AIX 5.2 (yes, it's this specific) To get there, start at http://www.ibm.com/software/stormgmt/afs/support which gets redirected to http://www-306.ibm.com/software/stormgmt/afs/support And you'll find a "Download" section with a "Latest AFS v3.6 Patch Release" link, which on 1-31-2005, got me a 14 MB rs_aix52.tar.gz file. To make up the tar file for distribution, cd /afs/d/software/fixes/AFS_3.6_Patch11_for_AIX_5.2 gzip -d -c ~jasper/rs_aix52.tar.gz | tar -xvf - This got me the typical drwxr-xr-x 2 root bin 1024 Jan 09 21:00 bin drwxr-xr-x 2 root bin 1024 Jan 09 21:00 etc drwxr-xr-x 4 root bin 512 Jan 09 21:00 include drwxr-xr-x 3 root bin 512 Jan 09 21:00 lib drwxr-xr-x 3 root bin 512 Jan 09 21:00 root.client drwxr-xr-x 4 root bin 512 Jan 09 21:00 root.server directories. To make the tar file for distribution, cd /afs/d/software/fixes/AFS_3.6_Patch11_for_AIX_5.2/root.client mkdir etc cp -p usr/vice/etc/rc.afs etc cp -p /usr/vice/etc/ThisCell usr/vice/etc cp -p /usr/vice/etc/CellServDB usr/vice/etc echo '/afs:/usr/vice/cache:863271' > usr/vice/etc/cacheinfo chown -R root * /bin/tar -cvf /afs/d/software/base/AFS_3.6/afsclient-52.tar ./usr/vice ./etc/* Now as root on ghost, I can follow the "normal" AFS installation procedure, ie cd /tmp ftp jasper get /afs/d/software/base/AFS_3.6/afsinstall.sh afsinstall.sh get /afs/d/software/base/AFS_3.6/afsclient-52.tar afsclient-52.tar quit chmod +x afsinstall.sh ./afsinstall.sh When done, rm afsinstall.sh afsclient*tar You can also do the normal thing to get AFS logins to work. ------------------------------------------------------------------------------- See my ntp aixnotes file for when I changed afs1's time service. -------------------------------------------------------------------------------