#### This is preparation for the resync, to save non-Moira users. ####
First, get a recent copy of the prdb, and extract non-Moira entries:
- /moira/bin/udebug aggy -port 7002
- rcp -px root@aggy:/usr/afs/db/prdb.DB0 prdb.old
- /moira/bin/udebug aggy -port 7002
+ /moira/bin/udebug prill -port 7002
+ rcp -px root@prill:/usr/afs/db/prdb.DB0 prdb.old
+ /moira/bin/udebug prill -port 7002
If the two udebugs show that the version changed, lather-rinse-repeat.
-(udebug can be found in afsuser; "aggy" here and below is some DB server)
+(udebug can be found in /usr/athena/bin; "prill" here and below is some
+DB server)
(Also check for "0 of them for write" at the end. It might matter.)
/moira/bin/pt_util -x -m -u -g -d prdb.extra -p prdb.old
to extract and prepare the personal groups and special user entries in
the old prdb for being reincorporated into the new prdb.
- awk -F\| '$8 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
- perl -e 'for(`cat /tmp/deactivated`) { chop; $ex{$_}=1;} \
- $punt=0; foreach $L (`cat prdb.extra.sort`){ \
- @w=split(/ /,$L); $_=$w[0]; if ( /:/ ) \
- {@x=split(/:/,$w[0]); if($ex{$x[0]}) {$punt=1;}else{$punt=0;}} \
- print $L unless $punt==1;}' > prdb.extra.trimmed
+ awk -F\| '$9 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
+
+and the following perl script:
+
+#!/usr/athena/bin/perl -w
+
+open(OUT, ">prdb.extra.trimmed");
+
+for ( `cat /tmp/deactivated` ) {
+ chop;
+ $ex{$_} = 1;
+}
+
+$punt = 0;
+
+foreach $L ( `cat prdb.extra.sort` ) {
+ @w = split(/ /,$L);
+ $_ = $w[0];
+ if ( /:/ ) {
+ @x = split(/:/,$w[0]);
+ if ($ex{$x[0]}) {
+ $punt=1;
+ } else {
+ $punt=0;
+ }
+ } else {
+ # If we got here, we're either a user, a prefixless
+ # group, or a group member.
+ $punt = 0 if $w[0];
+ }
+ print OUT $L unless $punt == 1;
+}
+
+close(OUT);
+exit 0;
+
to remove the personal groups for users who are deactivated
awk '/^[^ ][^:]*@/ {printf "KERBEROS:%s\n",$1}' prdb.extra.trimmed \
`pt_util` again.) You can filter out the "User or group doesn't exist"
type of lines that were caused by a user deactivation with something
like:
- awk -F\| '$8 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
+ awk -F\| '$9 == 3 {print $1}' /backup/backup_1/users > /tmp/deactivated
perl -e 'for(`cat /tmp/deactivated`){ chop; $ex{$_}=1;} \
foreach $L (`cat prdb.extra.err`){ $f=0; \
@w=split(/[ :]/,$L); for(@w){ $f=1 if $ex{$_}; } \
becasue we didn't trim the prdb.extra.sort file in the past.))
Assuming htese errors are due to a username change, the groups should
be renamed, and you should regenerate prdb.extra.trimmed starting with
-a fresh prdb from aggy. (You may want to abort and
+a fresh prdb from prill. (You may want to abort and
rm /moira/afs/noafs and try again later.)
pts listmax > prdb.listmax
to watch the status of the servers to make sure things are going well,
where "prill" is preferred db server (the sync site).
-Make sure the beacons are working, and that once quorom is established
+Make sure the beacons are working, and that once quorum is established
(~90 seconds) that the servers are resynchronizing their notions of
the databases and that the "dbcurrent" and "up" fields all become set
and the state goes to "1f". Also, if "sdi" isn't running, watch out
pts ex system:administrators
as a good spot check, especially since it has special people.
(also spot check one of the personal groups and perhaps, something like
-the membership of rcmd.ronald-ann)
+the membership of rcmd.reynelda)
rm /moira/afs/noafs
to remove the lock file and let Moira's afs incrementals continue.
+ The afssync program doesn't deal with null instance KERBEROS
+members of lists which are groups (example: if LIST zacheiss contains
+KERBEROS zacheiss@ATHENA.MIT.EDU). To get around this, run:
+
+/moira/bin/sync.pl
+
+Which will create /var/tmp/sync.out, which contains the pts commands
+needed to add all the null instance KERBEROS members back to the pts
+groups they belong in. If it looks sane, run:
+
+sh /var/tmp/sync.out
+
+Any failed additions are probably from lists that contain both USER
+username and KERBEROS username@ATHENA.MIT.EDU.
NOTES