openbsd-ports/net/openafs/files/openafs-setup

422 lines
13 KiB
Bash
Executable File

#!/bin/ksh
# Copyright (c) 2005-2006 Jaime Fournier <ober@LinBSD.org>
#
# Script to configure a single server OpenAFS Cell.
# We use Kaserver for authentication, and OpenAFS lkm/afsd for client.
#
# Require root.
if [[ `/usr/bin/whoami` != "root" ]]
then
echo "Please run this script as root. Thanks"
exit
fi
export PATH=/bin:/usr/bin:/sbin:/usr/sbin:%LOCALBASE%/bin:%LOCALBASE%/sbin
SERVBIN=%LOCALBASE%/libexec/openafs
# Ask for a password, saving the input in $resp.
# Display $1 as the prompt.
# *Don't* echo input.
if [[ `mount|grep /vicepa` = "" ]]
then
echo "Could not find an aggregate mounted at /vicepa"
echo "Without this we can not install a server."
echo "Please mount a partition under /vicepa"
echo "A /vicepa directory will not work as"
echo "OpenAFS requires fileserver to have it's own paritition"
exit
fi
askpass() {
set -o noglob
stty -echo
read resp?"$1 "
stty echo
set +o noglob
echo
}
ask() {
local _question=$1 _default=$2
set -o noglob
echo -n "$_question "
[[ -z $_default ]] || echo -n "[$_default] "
read resp
resp=${resp:=$_default}
set +o noglob
}
move_file() {
if [[ -f ${1} ]]
then
/bin/mv ${1:?} ${1:?}.arla
else
echo "cannot rename file ${1} as it does not exist."
fi
}
err() {
echo "$1"
exit
}
TMPRC=`/usr/bin/mktemp`
if [[ -f /etc/rc.conf.local ]]
then
/bin/cat /etc/rc.conf.local|sed -e 's#^afs=YES#afs=NO#g' > ${TMPRC}
/bin/mv ${TMPRC} /etc/rc.conf.local
else
echo "afs=NO" > /etc/rc.conf.local
fi
if [[ `/usr/bin/grep %LOCALBASE%/lib/openafs/libafs.o /etc/rc.securelevel` = "" ]]
then
/bin/cat <<EOF>> /etc/rc.securelevel
if [[ -f %LOCALBASE%/lib/openafs/libafs.o ]]
then
/sbin/modload %LOCALBASE%/lib/openafs/libafs.o
fi
EOF
fi
if [[ `sysctl kern.securelevel|awk -F"=" '{print $2}'` == 1 ]]
then
cat <<EOF
#######################################
You are running at a secure level that does not allow for loading
kernel modules. An update has been made to /etc/rc.securelevel in
order to load OpenAFS on the next reboot.
Please reboot for this to take effect.
Then just rerun this script to continue the setup.
#######################################
EOF
exit
else
if [[ `modstat|grep afs` == "" ]]
then
/sbin/modload %LOCALBASE%/lib/openafs/libafs.o
fi
fi
# Test if arla is mounted. If so unmount
if [[ `mount|awk '(($1 ~ "^/dev/xfs") && ($3 ~ "^/afs")) {print $0}'` != "" ]]
then
echo "/afs is already mounted. Attmepting to unmount"
/sbin/umount -f /afs|| err "Could not umount /afs. exiting"
fi
# test if openafs afsd(1) is running, if so clean up /etc and ask for reboot.
if [[ `ps -k|awk '($NF == "(afsd)") {print $0}'` != "" ]]
then
echo "OpenAFS afsd is currently running. It can not be killed. "
echo "Please reboot, and rerun this script. Thanks."
exit
fi
FQDN=`hostname`
IP=`netstat -rn -f inet|grep ^default|awk '{print $NF}'|xargs ifconfig |grep inet\ |awk '{print $2}'`
ask 'CELLNAME? ' ${FQDN#*.}
CELLNAME=$resp
ask 'SERVER NAME (full fqdn)? ' ${FQDN}
SERVER=$resp
ask 'SERVER IP? ' ${IP}
IP=$resp
ask 'Cache size? ' 198112
CACHESIZE=$resp
if [[ ! -d /afs ]] then
mkdir -p -m 0755 /afs || return 1
fi
if [[ `grep $IP /etc/hosts|grep ${SERVER}` = "" ]]
then
echo "Could not find a proper /etc/host entry for the information provided."
echo "There needs to be an entry like the following in /etc/hosts"
echo "${IP} ${SERVER}"
echo "Please add, and rerun this script."
exit
fi
# make sure no client or server daemons are running before we begin. Nuke existing configurations
pkill -9 -x kaserver buserver ptserver vlserver bosserver fileserver
# make sure previous processes died off, and are not running. Otherwise advise reboot.
sleep 5
PG=`pgrep -x kaserver buserver ptserver vlserver bosserver fileserver`
if [[ `echo ${PG}` != "" ]]
then
echo " It appears one, or more of the the following servers are still running."
ps ${PG:?}
echo " Process ID ${PG} did not die, so we can not continue."
if [[ `/usr/bin/grep %LOCALBASE%/bin/bos /etc/rc.local` = "" ]]
then
echo " Please edit /etc/rc.local and remove the following lines"
echo " ---------------cut here---------------------------------"
echo " if [ -x %LOCALBASE%/sbin/bosserver ]; then"
echo " %LOCALBASE%/sbin/bosserver"
echo " fi"
echo " ---------------cut here---------------------------------"
fi
echo " Then reboot and run this script again."
exit
fi
rm -rf /var/openafs /etc/openafs
mkdir -m 700 /etc/openafs /var/openafs /var/openafs/db
mkdir -m 755 /etc/openafs/server /var/openafs/server /var/openafs/cache
/bin/echo "/afs:/var/openafs/cache:${CACHESIZE:?}" > /etc/openafs/cacheinfo
KAS=%LOCALBASE%/sbin/kas
BOS=%LOCALBASE%/bin/bos
FS=%LOCALBASE%/bin/fs
VOS=%LOCALBASE%/sbin/vos
PTS=%LOCALBASE%/bin/pts
while :; do
askpass "Please enter the initial password you wish to use with the 'admin' user -->"
passwd1="$resp"
askpass "Please confirm -->"
passwd2="$resp"
if [[ ${passwd1:?} != ${passwd2:?} ]]
then
echo "\n passwords did not match. Please re-enter"
else
echo "\n passwords look good"
unset passwd2
break
fi
done
cat << EOF
You will be prompted several times now for the key.
Please make sure you enter the same passphrase in
each of them.
EOF
ask 'OK?'
#create cell configurations
echo "${CELLNAME:?}" > /etc/afs/ThisCell
echo ">${CELLNAME:?} #Cell name
${IP:?} #${SERVER:?}" >> /etc/afs/CellServDB
ln -s /etc/afs/CellServDB /etc/openafs/CellServDB
ln -s /etc/afs/ThisCell /etc/openafs/ThisCell
ln -s /etc/afs/CellServDB /etc/openafs/server/CellServDB
ln -s /etc/afs/ThisCell /etc/openafs/server/ThisCell
ln -s /etc/openafs/server/KeyFile /etc/openafs/KeyFile
#make sure arla is not mounted, and afsd is killed.
if [[ `/sbin/mount|/usr/bin/awk '($3 ~ "^/afs") {print $0}'` != "" ]]
then
/usr/bin/pkill -x afsd
/sbin/umount -f /afs||return 1
fi
#rename all the conflicting arla binaries.
move_file /usr/sbin/fs
move_file /usr/sbin/vos
move_file /usr/sbin/pts
move_file /usr/sbin/pts
if [[ `/usr/bin/grep %LOCALBASE%/lib/openafs/libafs.o /etc/rc.securelevel` = "" ]]
then
/bin/cat <<EOF>> /etc/rc.securelevel
if [[ -f %LOCALBASE%/lib/openafs/libafs.o ]]
then
/sbin/modload %LOCALBASE%/lib/openafs/libafs.o
fi
EOF
fi
if [[ `/usr/bin/grep %LOCALBASE%/sbin/afsd /etc/rc.local` = "" ]]
then
/bin/cat <<EOF>> /etc/rc.local
if [[ -f %LOCALBASE%/sbin/afsd ]]
then
%LOCALBASE%/sbin/afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 5000
fi
EOF
fi
#begin server setup.
echo "!%LOCALBASE%/sbin/bosserver -noauth &"
%LOCALBASE%/sbin/bosserver -noauth &
echo "!$BOS setcellname $SERVER $CELLNAME -noauth"
$BOS setcellname $SERVER $CELLNAME -noauth
echo "!$BOS listhosts $SERVER -noauth"
$BOS listhosts $SERVER -noauth
echo "!$BOS create $SERVER kaserver simple $SERVBIN/kaserver -cell $CELLNAME -noauth"
$BOS create $SERVER kaserver simple $SERVBIN/kaserver -cell $CELLNAME -noauth
echo "!$BOS create $SERVER buserver simple $SERVBIN/buserver -cell $CELLNAME -noauth"
$BOS create $SERVER buserver simple $SERVBIN/buserver -cell $CELLNAME -noauth
echo "!$BOS create $SERVER ptserver simple $SERVBIN/ptserver -cell $CELLNAME -noauth"
$BOS create $SERVER ptserver simple $SERVBIN/ptserver -cell $CELLNAME -noauth
echo "!$BOS create $SERVER vlserver simple $SERVBIN/vlserver -cell $CELLNAME -noauth"
$BOS create $SERVER vlserver simple $SERVBIN/vlserver -cell $CELLNAME -noauth
echo "!$KAS create afs -cell $CELLNAME -noauth -initial_password PASSWD"
$KAS create afs -cell $CELLNAME -noauth -initial_password $passwd1
echo "!$KAS create admin -cell $CELLNAME -noauth -initial_password PASSWD"
$KAS create admin -cell $CELLNAME -noauth -initial_password $passwd1
echo "!$KAS examine afs -cell $CELLNAME -noauth -admin_username admin -password_for_admin PASSWD"
$KAS examine afs -cell $CELLNAME -noauth -admin_username admin -password_for_admin $passwd1
echo "!$KAS setfields admin -flags admin -cell $CELLNAME -noauth -admin_username admin -password_for_admin PASSWD"
$KAS setfields admin -flags admin -cell $CELLNAME -noauth -admin_username admin -password_for_admin $passwd1
echo "!$KAS examine admin -cell $CELLNAME -noauth -admin_username admin -password_for_admin PASSWD"
$KAS examine admin -cell $CELLNAME -noauth -admin_username admin -password_for_admin $passwd1
echo "!$BOS adduser $SERVER admin -cell $CELLNAME -noauth "
$BOS adduser $SERVER admin -cell $CELLNAME -noauth
echo "!$BOS addkey $SERVER -kvno 0 -cell $CELLNAME -noauth"
$BOS addkey $SERVER -kvno 0 -cell $CELLNAME -noauth
echo "!$BOS listkeys $SERVER -cell $CELLNAME -noauth"
$BOS listkeys $SERVER -cell $CELLNAME -noauth
echo "!$KAS setpassword afs -kvno 1 -cell $CELLNAME -noauth -admin_username admin -password_for_admin PASSWD"
$KAS setpassword afs -kvno 1 -cell $CELLNAME -noauth -admin_username admin -password_for_admin $passwd1
echo "!$KAS examine afs -cell $CELLNAME -noauth -admin_username admin -password_for_admin PASSWD"
$KAS examine afs -cell $CELLNAME -noauth -admin_username admin -password_for_admin $passwd1
echo "!$BOS addkey $SERVER -kvno 1 -cell $CELLNAME -noauth"
$BOS addkey $SERVER -kvno 1 -cell $CELLNAME -noauth
echo "!$BOS listkeys $SERVER -cell $CELLNAME -noauth"
$BOS listkeys $SERVER -cell $CELLNAME -noauth
echo "!$PTS createuser -name admin -cell $CELLNAME -noauth"
$PTS createuser -name admin -cell $CELLNAME -noauth
echo "!$PTS adduser admin system:administrators -cell $CELLNAME -noauth"
$PTS adduser admin system:administrators -cell $CELLNAME -noauth
echo "!$PTS membership admin -cell $CELLNAME -noauth"
$PTS membership admin -cell $CELLNAME -noauth
echo "!$BOS restart $SERVER -all -cell $CELLNAME -noauth"
$BOS restart $SERVER -all -cell $CELLNAME -noauth
echo "!$BOS create $SERVER fs $SERVBIN/fileserver $SERVBIN/volserver $SERVBIN/salvager -cell $CELLNAME -noauth"
$BOS create $SERVER fs fs $SERVBIN/fileserver $SERVBIN/volserver $SERVBIN/salvager -cell $CELLNAME -noauth
echo "!$BOS status $SERVER fs -long -noauth"
$BOS status $SERVER fs -long -noauth
sleep 4
echo "!$VOS create $SERVER /vicepa root.afs -cell $CELLNAME -noauth"
$VOS create $SERVER /vicepa root.afs -cell $CELLNAME -noauth
sleep 4
echo "!$VOS syncvldb $SERVER -cell $CELLNAME -verbose -noauth"
$VOS syncvldb $SERVER -cell $CELLNAME -verbose -noauth
sleep 4
echo "!$VOS syncserv $SERVER -cell $CELLNAME -verbose -noauth"
$VOS syncserv $SERVER -cell $CELLNAME -verbose -noauth
sleep 4
echo "!$BOS create $SERVER upserver simple "$SERVBIN/upserver -crypt /etc/openafs -clear %LOCALBASE%/bin" -cell $CELLNAME -noauth"
$BOS create $SERVER upserver simple "$SERVBIN/upserver -crypt /etc/openafs -clear %LOCALBASE%/bin" -cell $CELLNAME -noauth
if ! pgrep ntpd>/dev/null; then
echo "ntpd is not running, consider running it to keep your time in sync!"
fi
pkill -9 -x kaserver buserver ptserver vlserver bosserver fileserver
#begin server configuration
echo "!%LOCALBASE%/sbin/bosserver"
%LOCALBASE%/sbin/bosserver
echo "!%LOCALBASE%/sbin/afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 5000"
%LOCALBASE%/sbin/afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 5000|| err "Failed to launch afsd.";
sleep 4
echo "!klogging as admin"
echo "!%LOCALBASE%/bin/klog -principal admin -password PASSWD"
%LOCALBASE%/bin/klog -principal admin -password $passwd1
echo "!$VOS addsite $SERVER /vicepa root.afs -cell $CELLNAME"
$VOS addsite $SERVER /vicepa root.afs -cell $CELLNAME
echo "!$VOS release root.afs"
$VOS release root.afs
echo "!$VOS create $SERVER /vicepa root.cell"
$VOS create $SERVER /vicepa root.cell
echo "!$FS mkmount /afs/.$CELLNAME root.cell -rw"
$FS mkmount /afs/.$CELLNAME root.cell -rw
echo "!$FS mkmount /afs/$CELLNAME -rw"
$FS mkmount /afs/$CELLNAME root.cell
$VOS addsite $SERVER /vicepa root.cell
$VOS release root.cell
echo "!$FS setacl /afs system:anyuser rl"
$FS setacl /afs system:anyuser rl
sleep 4
echo "!$FS mkmount /afs/$CELLNAME root.cell"
$FS mkmount /afs/$CELLNAME root.cell
echo "!$FS setacl /afs/$CELLNAME system:anyuser rl"
$FS setacl /afs/$CELLNAME system:anyuser rl
$VOS release root.afs
$VOS release root.cell
if [[ `grep %LOCALBASE%/sbin/bosserver /etc/rc.local` = "" ]]
then
cat <<EOF>>/etc/rc.local
if [ -x %LOCALBASE%/sbin/bosserver ]; then
%LOCALBASE%/sbin/bosserver
fi
EOF
fi
if [[ `grep %LOCALBASE%/bin/bos /etc/rc.shutdown` = "" ]]
then
cat <<EOF>>/etc/rc.shutdown
if [ -x %LOCALBASE%/bin/bos ]; then
/usr/bin/pgrep -x bosserver 1>/dev/null && \
%LOCALBASE%/bin/bos shutdown localhost -wait -localauth
fi
EOF
fi
cat <<EOF
###################################################################
Setup is complete and /afs should now be available
Please update /etc/login.conf for the daemon section
Make sure that openfiles-cur is set to a high enough level.
Otherwise you will get "partition full" messages when
writing files to afs.
This is the setting I use on the test cell.
:openfiles-cur=infinity:\
If you find any breakage please let me know <ober <AT> linbsd.org>
EOF