Over the weekend I moved all volumes off anise.

We now have three DB servers.  I just added rosemary and
fennel this morning.  This will ease the pain when anise
get's upgraded.

I've also updated one client (login02) to use the new
DB servers.  The rest (of the HEP) machines will get
updated at 10am via Cfengine.

Full details at ginseng:/u/l/tn/afs/add-db-server.  Will 
and Matt: please read that document!

steve
--

 > ---- Original Message ----
 > From: Steve Rader via UW-HEP Help System <help@hep.wisc.edu>
 > 
 > After building and testing what is probably the smallest, lighest
 > AFS-KRB5 cell in the world (on my 2.5lb sub-notebook), I'm pretty
 > comfortable with AFS-KRB5.  The executive summary is
 > 
 >  - afs2k5db migrates the AFS-KRB4 database (kaserver.DBo) to the KRB5 KDC
 > 
 >  - asetkey dumps the KRB5 AFS key (afs@HEP.WISC.EDU) into the AFS KeyFile file
 > 
 >  - fakeka replaces kaserver for backward (AFS-KRB4) compatibility 
 > 
 >  - pam_krb5afs.so does KRB5 auth and generates tokens
 > 
 >  - kinit and aklog replace klog when AFS-KRB4 is turned off
 > 
 > AFS-KRB4 and AFS-KRB5 can be ran in parallel so the migration should
 > be fairly painless.  Here's when Will and I decided on:
 > 
 >  - move anise's volumes (roughly users a through m) to garlic
 > 
 >  - bring up slave pts and vl database services on garlic
 >    and rosemary
 > 
 >  - replace anise's hardware and os
 > 
 >  - bring up KRB5 on anise
 > 
 >  - convert the AFS-KRB4 database to KRB5, stop kaserver and run fakeka
 > 
 >  - move all user volumes (including those on thyme) to anise
 > 
 >  - replace thyme's hardware and os
 > 
 >  - add RO user volumes to thyme (vos -convertROtoRW DR goodness!)
 > 
 >  - migrate from pam_afs.so to pam_krb5afs.so
 > 
 >  - announce a sunset date for klog (KRB4)
 > 
 >  - sniff those still running KRB4 and re-notify them of the sunset
 > 
 >  - turn of fakeka