From efc6f691b439e63a69977d80715399918ddf2aca Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Sat, 25 Nov 2000 02:16:31 +0000
Subject: [PATCH] Add afs configuration scripts

---
 debian/ConfigUtils.pm |  26 +++++++++
 debian/afs-newcell    | 131 ++++++++++++++++++++++++++++++++++++++++++
 debian/afs-rootvol    |  53 ++---------------
 debian/rules          |   5 ++
 4 files changed, 167 insertions(+), 48 deletions(-)
 create mode 100644 debian/ConfigUtils.pm
 create mode 100644 debian/afs-newcell

diff --git a/debian/ConfigUtils.pm b/debian/ConfigUtils.pm
new file mode 100644
index 000000000..4d35047bc
--- /dev/null
+++ b/debian/ConfigUtils.pm
@@ -0,0 +1,26 @@
+# This is -*- perl -*-
+
+package Debian::OpenAFS::ConfigUtils;
+
+use strict;
+use vars qw( @ISA @EXPORT @unwinds);
+@ISA = qw(Exporter);
+require Exporter;
+@EXPORT = qw(@unwinds run unwind);
+
+sub run ($) {
+  print join(' ', @_);
+  print "\n";
+  system (@_)  == 0
+    or die "Failed: $?\n";
+}
+
+# This subroutine takes a command to run in case of failure.  After
+# each succesful step, this routine should be run with a command to
+# undo the successful step.
+
+	 sub unwind($) {
+	   push @unwinds, $_[0];
+	 }
+
+1;
diff --git a/debian/afs-newcell b/debian/afs-newcell
new file mode 100644
index 000000000..9c180e26f
--- /dev/null
+++ b/debian/afs-newcell
@@ -0,0 +1,131 @@
+#!/usr/bin/perl -w
+
+use Term::ReadLine;
+use strict;
+use Debian::OpenAFS::ConfigUtils;
+use vars qw($admin $server
+	   $requirements_met );
+my $rl = new Term::ReadLine('afs-newcell');
+
+# main script
+
+unless ($requirements_met) {
+  print <<eoreqs;
+			    Prerequisites
+
+In order to set up a new AFS cell, you must meet the following:
+
+1) You need a working Kerberos realm with Kerberos4 support.  You
+   should install Heimdal with Kth-kerberos compatibility or MIT
+   Kerberos5.
+
+2) You need to create the AFS key and load it into
+   /etc/openafs/server/KeyFile.  If your cell's name is the same as
+   your Kerberos realm then create a principal called afs.  Otherwise,
+   create a principal called afs/cellname in your realm.  The cell
+   name should be all lower case, unlike Kerberos realms which are all
+   upper case.  You can use asetkey from the openafs-krb5 package, or
+   if you used AFS3 salt to create the key, the bos addkey command.
+
+3) This machine should have a filesystem mounted on /vicepa.  If you
+   do not have a free partition, then create a large file by using dd
+   to extract bytes from /dev/zero.  Create a filesystem on this file
+   and mount it using -oloop.  
+
+4) You will need an administrative principal created in a Kerberos
+realm.  This principal will be added to susers and
+system:administrators and thus will be able to run administrative
+commands.  Generally the user is a root instance of some administravie
+user.  For example if jruser is an administrator then it would be
+reasonable to create jruser/root and specify jruser/root as the user
+to be added in this script.
+
+5) The AFS client must not be running on this workstation.  It will be
+at the end of this script.
+
+eoreqs
+
+  $_ = $rl->readline("Do you meet these requirements? [y/n] ");
+  unless (/^y/i ) {
+    print "Run this script again when you meet the requirements\n";
+    exit(1);
+  }
+}
+open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
+while(<MOUNT>) {
+if(m:^AFS:) {
+print "The AFS client is currently running on this workstation.\n";
+print "Please restart this script after running /etc/init.d/openafs-client stop\n";
+exit(1);
+}
+}
+close MOUNT;
+
+unless ( -f "/etc/openafs/server/KeyFile") {
+  print "You do not have an AFS keyfile.  Please create this using asetkey from openafs-krby or 
+the bos addkey command";
+  exit(1);
+}
+
+unlink("/etc/openafs/Server/CellServDB"); # ignore errors
+# stop bosserver here
+$server = `hostname`;
+chomp $server;
+$admin = $rl->readline("What administrative principal should be used?");
+ die "Please specify an administrative user\n" unless $admin;
+$admin =~ s:/:.:g;
+if($admin =~ /@/) {
+die "The administrative user must be in the same realm as the cell and no realm may be specified.\n";
+}
+open(CELL, "/etc/openafs/server/ThisCell") 
+  or die "Cannot open /etc/openafs/server/ThisCell: $!\n";
+my $cell = <CELL>;
+chomp $cell;
+run ("bos addhost $server $server -localauth ||true");
+run("bos adduser $server $admin -localauth");
+unwind("bos removeuser $server $admin -localauth");
+if ( -f "/var/lib/openafs/db/prdb.DB0" ) {
+  die "Protection database already exists; cell already partially created\n";
+  }
+open(PRDB, "|pt_util -p /var/lib/openafs/db/prdb.DB0 -w ")
+or die "Unable to start pt_util: $!\n";
+print PRDB "$admin 128/20 1 -204 -204\n";
+print PRDB "system:administrators 130/20 -204 -204 -204\n";
+print PRDB" $admin 1\n";
+close PRDB;
+unwind( "rm /var/lib/openafs/db/prdb* ");
+
+# Start up ptserver and vlserver
+run("bos create $server ptserver simple /usr/lib/openafs/ptserver -localauth");
+unwind("bos delete $server ptserver -localauth");
+
+run("bos create $server vlserver simple /usr/lib/openafs/vlserver -localauth");
+unwind("bos delete $server vlserver -localauth");
+
+run( "bos create $server fs fs ".
+     "-cmd /usr/lib/openafs/fileserver ".
+     "-cmd /usr/lib/openafs/volserver ".
+     "-cmd /usr/lib/openafs/salvager -localauth");
+unwind( "bos delete $server fs -localauth ");
+
+run("vos create $server a root.afs -localauth");
+
+# bring up client
+run("echo $cell >/etc/openafs/ThisCell");
+run("/etc/init.d/openafs-client force-start");
+
+print <<eomsg; 
+Now, get tokens as $admin in the $cell cell.  Then, run
+afs-rootvol.
+eomsg
+
+
+
+
+@unwinds = ();
+END {
+# We need to do a bos shutdown first; it may fail
+# if didn't get far enough in
+#    system("bos shutdown $server -localauth");
+  run(pop @unwinds) while @unwinds;
+  }
diff --git a/debian/afs-rootvol b/debian/afs-rootvol
index 1ba8e71f1..c0a87b5a8 100644
--- a/debian/afs-rootvol
+++ b/debian/afs-rootvol
@@ -27,21 +27,7 @@ Sam Hartman <hartmans@mit.edu>
 
 use vars qw($rl $server  $part $requirements_met);
 use vars qw( @unwinds);
-
-sub run ($) {
-  print join(' ', @_);
-  print "\n";
-  system (@_)  == 0
-    or die "Filed: $?\n";
-}
-
-# This subroutine takes a command to run in case of failure.  After
-# each succesful step, this routine should be run with a command to
-# undo the successful step.
-
-	 sub unwind($) {
-	   push @unwinds, $_[0];
-	 }
+use Debian::OpenAFS::ConfigUtils;
 
 
 # This subroutine creates a volume, mounts it and then sets the access
@@ -78,14 +64,11 @@ In order to set up the root.afs volume, you must meet the following pre-conditio
     system:administrators and with a principal that is in the susers
     file of the servers in the cell.
 
-3) You need a fileserver in the cell with partitions mounted.
+3) You need a fileserver in the cell with partitions mounted and a root.afs volume created.
    Presumably, it has no volumes on it, although the script will work
-   so long as root.afs and root.cell do not exist.
-
-4) The AFS client must not be running on this workstation.  The
-   workstation will be moved into the new cell and the client started
-   as part of the process.
+   so long as nothing besides root.afs exists.
 
+4) The AFS client must be running pointed at the new cell.
 eotext
     $_ = $rl->readline("Do you meet these conditions? (Y/n) ");
     unless (/^y/i ) {
@@ -94,20 +77,7 @@ eotext
     }
 
 }
-
-open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
-while(<MOUNT>) {
-if(m:^AFS:) {
-print "The AFS client is currently running on this workstation.\n";
-print "Please restart this script after running /etc/init.d/openafs-client stop\n";
-exit(1);
-}
-}
-close MOUNT;
-
-
 # Get configuration information we need
-
 open(CELL, "/etc/openafs/server/ThisCell")
 or die "Unable to find out what cell this machine serves: $!\n";
 my $cell = <CELL>;
@@ -129,19 +99,6 @@ $part = "a" unless $part;
 }
 
 
-
-
-run("echo $cell >/etc/openafs/ThisCell");
-
-run("vos create $server $part root.afs -localauth -cell $cell");
-unwind("vos remove $server $part root.afs -localauth");
-
-
-run("/etc/init.d/openafs-client start");
-unwind("/etc/init.d/openafs-client stop");
-
-run("aklog snorklewacker.mit.edu -k ZONE.MIT.EDU");
-
 run("fs sa /afs system:anyuser rl");
 
 run("vos create $server $part root.cell -localauth");
@@ -178,7 +135,7 @@ run( "vos release root.cell -localauth" );
 unwind( "vos remove $server $part root.cell.readonly -localauth ");
 unwind( "vos remove $server $part root.afs.readonly -localauth ");
 
-#@unwinds = ();
+@unwinds = ();
 
 END {
   run(pop @unwinds) while @unwinds;
diff --git a/debian/rules b/debian/rules
index 06535f561..7bf7f9e3b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -45,6 +45,9 @@ configure-stamp:
 
 
 		$(MAKE) links
+	install -d dest/root.client/usr/vice/etc
+	install -d dest/root.server/usr/afs/bin
+
 	touch configure-stamp
 
 build: configure-stamp build-stamp
@@ -77,6 +80,8 @@ install: build
 	cp dest/root.client/usr/vice/etc/afs.rc debian/openafs-client.init
 	cp dest/root.client/usr/vice/etc/afs.conf debian/openafs-client/etc/openafs/afs.conf
 	install -m 755 -o root -g root debian/afs-rootvol debian/openafs-dbserver/usr/sbin
+	install -D debian/ConfigUtils.pm \
+		debian/openafs-dbserver/usr/lib/perl5/Debian/OpenAFS/ConfUtils.pm
 	(cd debian&&pod2man --section 8 --center "Debian GNU/Linux"  \
 		afs-rootvol ) >debian/openafs-dbserver/usr/share/man/man8/afs-rootvol.8
 
-- 
2.39.5