The Special Case of admins.pub

The contents of file:///afs/acm.jhu.edu/group/admins.pub are regularly mutated manually by admins. While changes will be propagated by the normal autonomic release machinery to file:///afs/acm.jhu.edu/readonly/group/admins.pub (symlinked from file:///afs/acm.jhu.edu/group/admins.pub.ro for compatibility), depending on the mutations made, it may be advisable to manually release this volume (group.admins.pub) to more eagerly push changes to the read-only mountpoint. Many of the files therein are referenced via symlink or explicit configuration on various hosts; see below for the manifest.

AFS Volumes Impacted

Note that admins.pub.readonly (and groups.readonly and root.ro.readonly and root.cell.readonly, which are necessary for the full paths above) are even being served by our “core database” machines, e.g. typhon and friends, so that its contents remain available even in incredibly adverse conditions.

Manifest

Adminly-things

authorized_keys

Administrator SSH public keys. See SSH. Externally referenced by symlink and/or cron copy by admin-controlled hosts at ~localadmin/.ssh and/or ~root/.ssh.

k5login

A list of /admin principals for kerberized logins to administrative accounts on admin-controlled machines. Externally referenced similarly to authorized_keys.

forward

The contents of ~/.forward on administrative accounts on admin-controlled machines. Externally referenced similarly to authorized_keys.

HOSTS.TXT

An abortive attempt at a single authoritative file for our DNS and DHCP needs; was more relevant when our configuration mattered to other people.

homedir.skel

Skeleton user home directory, used by ../scripts/new-user.

scripts

Automation of adminly tasks. Mutually referential and often referenced by this documentation.

Global Parameters

kdc.conf

The Kerberos Key Distribution Center’s global, non-secret parameters. See Configuration. Externally referenced by all KDCs via symlink at /etc/krb5kdc/kdc.conf.

ceph.conf

Global parameters of the Ceph cluster. See Ceph Storage System. Externally referenced by all ceph nodes via symlink at /etc/ceph/ceph.conf.

CellServDB.server

AFS CellServDB file for AFS servers. Not externally referenced (yet?), but should match /etc/openafs/server/CellServDB on these nodes.

UserList

Super-users of the AFS cell. See AFS. Externally referenced on all AFS servers via symlink in /etc/openafs/server.

UserList.annotated

A comment-ful version of the above. See AFS.

Published Materials

certs/*.crt

The public components of X.509 certificates issued to us. Available for ease of access, not externally referenced by systems.

certs/jhu-cert-chain.pem

The certificate chain from a global CA to our certificates. Externally referenced by name on servers speaking TLS; see for example ../networks/webserver.

notes

What you are reading now!

postfix-local-afs.diff

Patches to postfix to make it build a local.afs program for delivery into AFS. See Patching for AFS.

The paths README-BRAVE-NEW-WORLD and README-BRAVE-NEW-WORLD-GROUPS are symlinks into these notes now but are preserved from earlier days.