[moira.git] / afssync / INSTRUCTIONS

[This is a still-under-construction rewrite of the afssync
instructions, adapted to the Ingres/Maxine -> Oracle/SPARC port, and
is also being updated and simplified.]


The executables are in /moira/bin/ on the moira server, with sources
in /mit/moiradev/src/afssync/.  Most of the commands are run on the
Moira server.

FULL INSTRUCTIONS
("SUMMARY" is below)

####	Set up a workspace						####

mkdir -p /moira/sync
cd /moira/sync

####	This is preparation for the resync, to save non-Moira users.    ####
First, get a recent copy of the prdb, and extract non-Moira entries:

	/moira/bin/udebug aggy -port 7002
	rcp root@aggy:/usr/afs/db/prdb.DB0 prdb.old
	/moira/bin/udebug aggy -port 7002
If the two udebugs show that the version changed, lather-rinse-repeat.
(udebug can be found in afsuser; "aggy" here and below is some DB server)
(Also check for "0 of them for write" at the end.  It might matter.)

	/moira/bin/pt_util -x -m -u -g -d prdb.extra -p prdb.old
	perl /moira/bin/pt_util.pl < prdb.extra > prdb.extra.sort
to extract and prepare the personal groups and special user entries in
the old prdb for being reincorporated into the new prdb.

	awk '/^[^ ][^:]*@/ {printf "KERBEROS:%s\n",$1}' prdb.extra > foreign
	blanche afs-foreign-users -f foreign
Get a list of all the @andrew.cmu.edu type (non- athena.mit.edu cell)
users, and sync the Moira list afs-foreign-users to this list.
Moira then adds those entries to the group system:afs-foreign-users,
thus keeping them from being lost in the prdb resync.

	awk '/^[^ ][^:@]*$/ {printf "KERBEROS:%s\n",$1}' prdb.extra > oddities
	echo "LIST:afs-foreign-users" >> oddities
	blanche afs-odd-entities -f oddities
Do the equivalent of afs-foreign-users for domestic users.  We make
the afs-foreign-users list a member of the more general afs-odd-entities.
WAIT for the incremental updates from the `blanche` changes to complete.

####   Now the actual resync begins.  Incremental updates must stop.   ####

	touch /moira/afs/noafs
to disable AFS incremental updates during the synchronization.  The
afs.incr (?) will wait 30 minutes on an incremental update before
timing out, so the resync should complete in that time, or list
changes in Moira might need to be propagated by hand.

	/moira/bin/afssync prdb.moira
to dump the prdb data that is in Moira (users, groups, and group
memberships).  This step takes about ten minutes, but can be done
concurrently with the next few steps.

REPEAT the first two sets of commands, above, thus regenerating
prdb.extra from a now completely-up-to-date prdb.

*** Make sure the "afssync" command has completed ***

	cp prdb.moira prdb.new
	/moira/bin/pt_util -w -d prdb.extra.sort -p prdb.new
This use of pt_util will presumably log errors about failed user
creations and list additions.  (To start over, do both the `cp` and
`pt_util` again.)  You can filter out the "User or group doesn't exist"
type of lines that were caused by a user deactivation with something
like:
	awk -F\| '$8 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
	perl -e 'for(cat /tmp/deactivated`){ chop; $ex{$_}=1;} \
		foreach $L (`cat prdb.extra.err`){ $f=0; \
		@w=split(/[ :]/,$L); for(@w){ $f=1 if $ex{$_}; } \
		next if $f; print $L; }'
Now, back to the resync.

	pts listmax > /var/prdb.listmax
	foreach i ( <db servers> )
	    bos shutdown $i ptserver
	    bos exec $i "rm /usr/afs/db/prdb.DB*; mv /usr/afs/db/prdb.new /usr/afs/db/prdb.DB0"
	end
	foreach i ( <db servers> )
	    bos restart $i ptserver
	end

	/moira/bin/udebug prill -port 7002
to watch the status of the servers to make sure things are going well,
where "prill" is preferred db server (the sync site).

Make sure the beacons are working, and that once quorom is established
(~90 seconds) that the servers are resynchronizing their notions of
the databases and that the "dbcurrent" and "up" fields all become set
and the state goes to "1f".  Also, if "sdi" isn't running, watch out
for large rx packet queues on port 7002 using rxdebug, as the
fileservers may get excessively backlogged, and restart servers, if
necessary, if the congestion remains excessive.

	pts listmax
	cat /var/prdb.listmax
and if the id maxima are lower than the saved ones, reset them
appropriately to the saved ones using `pts setmax`.

	pts ex system:administrators
as a good spot check, especially since it has special people.
(also spot check one of the personal groups and perhaps, something like
the membership of rcmd.ronald-ann)

	rm /moira/afs/noafs
to remove the lock file and let Moira's afs incrementals continue.


NOTES

1. Don't do this when you're tired...  There may be no cleanup procedure
available, with certain mistakes.

2. /moira/afs/noafs is only good for 30 minutes.  Keep track of the
critical log, and you may have to do some operations by hand when the
operation is complete.  Also, if requests depend on other requests, they
may be processed out of order, and fail, and may need to be done by hand.


SUMMARY

	# db servers with sync site first:
set db=(prill agamemnon chimera)
set u="/moira/bin/udebug -port 7002 -server"
set prefix="/moira/sync/prdb"
cd `dirname $prefix`

#######    The following DOES NOT WORK currently.  pt_util needs fixing
####	BEFORE Moira and afs.incr are closed off:
	# repeat as necessary:
$u $db[2]; rcp root@$db[2]\:/usr/afs/db/prdb.DB0 $prefix.old; $u $db[2]
/moira/bin/pt_util -x -m -u -g -d $prefix.extra -p $prefix.old
awk '/^[^ ][^:]*@/ {printf "KERBEROS:%s\n",$1}' $prefix.extra > extra.foreign
blanche afs-foreign-users -f extra.foreign
awk '/^[^ ][^:@]*$/ {printf "KERBEROS:%s\n",$1}' $prefix.extra > extra.domestic
echo "LIST:afs-foreign-users" >> extra.domestic
blanche afs-odd-entities -f extra.domestic

####	WAIT for the above afs.incr events to take place (see moira.log)
touch /moira/afs/noafs
/moira/bin/afssync $prefix.moira >& $prefix.afssync.err &
	# repeat as necessary:
$u $db[2]; rcp root@$db[2]\:/usr/afs/db/prdb.DB0 $prefix.old; $u $db[2]
/moira/bin/pt_util -x -m -u -g -d $prefix.extra -p $prefix.old
perl /moira/bin/pt_util.pl < $prefix.extra > $prefix.extra.sort
wait
more $prefix.afssync.err
cp $prefix.moira $prefix.new
/moira/bin/pt_util -w -d $prefix.extra.sort -p $prefix.new >& $prefix.extra.err
	# and review $prefix.extra.err

pts listmax > $prefix.listmax
set dbdir=/usr/afs/db
foreach i ( $db )
    echo "$i..."
    rcp -px $prefix.new ${i}:$dbdir
end
foreach i ( $db )
    bos shutdown $i ptserver
    bos exec $i "rm $dbdir/prdb.DB*; mv $dbdir/prdb.new $dbdir/prdb.DB0"
end
foreach i ( $db )
    bos restart $i ptserver
end

	# checks, etc:
$u $db[1]

######## more on checks

rm /moira/afs/noafs
Commit	Line	Data
26efe406	1	[This is a still-under-construction rewrite of the afssync
	2	instructions, adapted to the Ingres/Maxine -> Oracle/SPARC port, and
	3	is also being updated and simplified.]
	4
	5
	6	The executables are in /moira/bin/ on the moira server, with sources
	7	in /mit/moiradev/src/afssync/. Most of the commands are run on the
	8	Moira server.
	9
	10	FULL INSTRUCTIONS
	11	("SUMMARY" is below)
	12
a46edefa	13	#### Set up a workspace ####
	14
	15	mkdir -p /moira/sync
	16	cd /moira/sync
	17
26efe406	18	#### This is preparation for the resync, to save non-Moira users. ####
	19	First, get a recent copy of the prdb, and extract non-Moira entries:
	20
a46edefa	21	/moira/bin/udebug aggy -port 7002
	22	rcp root@aggy:/usr/afs/db/prdb.DB0 prdb.old
	23	/moira/bin/udebug aggy -port 7002
26efe406	24	If the two udebugs show that the version changed, lather-rinse-repeat.
a46edefa	25	(udebug can be found in afsuser; "aggy" here and below is some DB server)
26efe406	26	(Also check for "0 of them for write" at the end. It might matter.)
26efe406	27
a46edefa	28	/moira/bin/pt_util -x -m -u -g -d prdb.extra -p prdb.old
a46edefa	29	perl /moira/bin/pt_util.pl < prdb.extra > prdb.extra.sort
26efe406	30	to extract and prepare the personal groups and special user entries in
	31	the old prdb for being reincorporated into the new prdb.
	32
	33	awk '/^[^ ][^:]*@/ {printf "KERBEROS:%s\n",$1}' prdb.extra > foreign
	34	blanche afs-foreign-users -f foreign
	35	Get a list of all the @andrew.cmu.edu type (non- athena.mit.edu cell)
	36	users, and sync the Moira list afs-foreign-users to this list.
	37	Moira then adds those entries to the group system:afs-foreign-users,
	38	thus keeping them from being lost in the prdb resync.
	39
	40	awk '/^[^ ][^:@]*$/ {printf "KERBEROS:%s\n",$1}' prdb.extra > oddities
	41	echo "LIST:afs-foreign-users" >> oddities
	42	blanche afs-odd-entities -f oddities
	43	Do the equivalent of afs-foreign-users for domestic users. We make
	44	the afs-foreign-users list a member of the more general afs-odd-entities.
	45	WAIT for the incremental updates from the `blanche` changes to complete.
	46
	47	#### Now the actual resync begins. Incremental updates must stop. ####
	48
	49	touch /moira/afs/noafs
	50	to disable AFS incremental updates during the synchronization. The
	51	afs.incr (?) will wait 30 minutes on an incremental update before
	52	timing out, so the resync should complete in that time, or list
	53	changes in Moira might need to be propagated by hand.
	54
a46edefa	55	/moira/bin/afssync prdb.moira
26efe406	56	to dump the prdb data that is in Moira (users, groups, and group
	57	memberships). This step takes about ten minutes, but can be done
	58	concurrently with the next few steps.
	59
	60	REPEAT the first two sets of commands, above, thus regenerating
	61	prdb.extra from a now completely-up-to-date prdb.
3d8d4b36	62
3d8d4b36	63	* Make sure the "afssync" command has completed *
3d8d4b36	64
a46edefa	65	cp prdb.moira prdb.new
a46edefa	66	/moira/bin/pt_util -w -d prdb.extra.sort -p prdb.new
26efe406	67	This use of pt_util will presumably log errors about failed user
	68	creations and list additions. (To start over, do both the `cp` and
	69	`pt_util` again.) You can filter out the "User or group doesn't exist"
	70	type of lines that were caused by a user deactivation with something
	71	like:
	72	awk -F\\| '$8 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
	73	perl -e 'for(cat /tmp/deactivated`){ chop; $ex{$_}=1;} \
	74	foreach $L (`cat prdb.extra.err`){ $f=0; \
	75	@w=split(/[ :]/,$L); for(@w){ $f=1 if $ex{$_}; } \
	76	next if $f; print $L; }'
	77	Now, back to the resync.
	78
	79	pts listmax > /var/prdb.listmax
	80	foreach i ( <db servers> )
	81	bos shutdown $i ptserver
	82	bos exec $i "rm /usr/afs/db/prdb.DB*; mv /usr/afs/db/prdb.new /usr/afs/db/prdb.DB0"
	83	end
	84	foreach i ( <db servers> )
	85	bos restart $i ptserver
	86	end
	87
	88	/moira/bin/udebug prill -port 7002
	89	to watch the status of the servers to make sure things are going well,
	90	where "prill" is preferred db server (the sync site).
	91
	92	Make sure the beacons are working, and that once quorom is established
	93	(~90 seconds) that the servers are resynchronizing their notions of
	94	the databases and that the "dbcurrent" and "up" fields all become set
	95	and the state goes to "1f". Also, if "sdi" isn't running, watch out
	96	for large rx packet queues on port 7002 using rxdebug, as the
	97	fileservers may get excessively backlogged, and restart servers, if
	98	necessary, if the congestion remains excessive.
	99
	100	pts listmax
	101	cat /var/prdb.listmax
	102	and if the id maxima are lower than the saved ones, reset them
	103	appropriately to the saved ones using `pts setmax`.
	104
	105	pts ex system:administrators
	106	as a good spot check, especially since it has special people.
3d8d4b36	107	(also spot check one of the personal groups and perhaps, something like
	108	the membership of rcmd.ronald-ann)
	109
26efe406	110	rm /moira/afs/noafs
26efe406	111	to remove the lock file and let Moira's afs incrementals continue.
3d8d4b36	112
3d8d4b36	113
26efe406	114	NOTES
3d8d4b36	115
26efe406	116	1. Don't do this when you're tired... There may be no cleanup procedure
3d8d4b36	117	available, with certain mistakes.
3d8d4b36	118
26efe406	119	2. /moira/afs/noafs is only good for 30 minutes. Keep track of the
3d8d4b36	120	critical log, and you may have to do some operations by hand when the
	121	operation is complete. Also, if requests depend on other requests, they
	122	may be processed out of order, and fail, and may need to be done by hand.
	123
3d8d4b36	124
26efe406	125	SUMMARY
	126
	127	# db servers with sync site first:
a46edefa	128	set db=(prill agamemnon chimera)
26efe406	129	set u="/moira/bin/udebug -port 7002 -server"
	130	set prefix="/moira/sync/prdb"
	131	cd `dirname $prefix`
	132
	133	####### The following DOES NOT WORK currently. pt_util needs fixing
	134	#### BEFORE Moira and afs.incr are closed off:
	135	# repeat as necessary:
	136	$u $db[2]; rcp root@$db[2]\:/usr/afs/db/prdb.DB0 $prefix.old; $u $db[2]
	137	/moira/bin/pt_util -x -m -u -g -d $prefix.extra -p $prefix.old
	138	awk '/^[^ ][^:]*@/ {printf "KERBEROS:%s\n",$1}' $prefix.extra > extra.foreign
	139	blanche afs-foreign-users -f extra.foreign
	140	awk '/^[^ ][^:@]*$/ {printf "KERBEROS:%s\n",$1}' $prefix.extra > extra.domestic
	141	echo "LIST:afs-foreign-users" >> extra.domestic
	142	blanche afs-odd-entities -f extra.domestic
	143
	144	#### WAIT for the above afs.incr events to take place (see moira.log)
	145	touch /moira/afs/noafs
	146	/moira/bin/afssync $prefix.moira >& $prefix.afssync.err &
	147	# repeat as necessary:
	148	$u $db[2]; rcp root@$db[2]\:/usr/afs/db/prdb.DB0 $prefix.old; $u $db[2]
	149	/moira/bin/pt_util -x -m -u -g -d $prefix.extra -p $prefix.old
	150	perl /moira/bin/pt_util.pl < $prefix.extra > $prefix.extra.sort
	151	wait
	152	more $prefix.afssync.err
	153	cp $prefix.moira $prefix.new
	154	/moira/bin/pt_util -w -d $prefix.extra.sort -p $prefix.new >& $prefix.extra.err
	155	# and review $prefix.extra.err
	156
	157	pts listmax > $prefix.listmax
	158	set dbdir=/usr/afs/db
	159	foreach i ( $db )
	160	echo "$i..."
	161	rcp -px $prefix.new ${i}:$dbdir
	162	end
	163	foreach i ( $db )
	164	bos shutdown $i ptserver
	165	bos exec $i "rm $dbdir/prdb.DB*; mv $dbdir/prdb.new $dbdir/prdb.DB0"
	166	end
	167	foreach i ( $db )
	168	bos restart $i ptserver
	169	end
3d8d4b36	170
26efe406	171	# checks, etc:
26efe406	172	$u $db[1]
3d8d4b36	173
26efe406	174	######## more on checks
3d8d4b36	175
26efe406	176	rm /moira/afs/noafs