[gpfsug-discuss] Moving CES IPs between two CES clusters and KRB NFSv4

[Leonardo Sala]

Dear all,

we do maintain two CES clusters (CESA and CESB), and used to migrate 
virtual IPs from one to the other when doing maintenance. This worked 
great, but: now we have introduced kerberized NFSv4. In order to have 
this same functionality, we thought of moving the SPNs corresponding to 
the vIPs from one AD object to another, so for example


# Before the move:

CESA has nfs/ces-1.domain.com nfs/ces-2.domain.com

CESB has nfs/ces-3.domain.com

# After the move

CESA has nfs/ces-1.domain.com

CESB has nfs/ces-3.domain.com nfs/ces-2.domain.com


This kinda works out, but we do have troubles with the client credential 
caches, in the sense that the NFS mount works again after we do:

kdestroy -c /var/lib/gssproxy/clients/krb5cc_0 && KRB5CCNAME=KCM: 
kdestroy -A


Does anybody have a similar setup / usecase, or how do you manage e.g. 
upgrades without downtime or multiple CES clusters?

Thanks for any insight!


cheers

leo


-- 
Paul Scherrer Institut
Dr. Leonardo Sala
Group Leader Data Analysis and Research Infrastructure
Group Leader Data Curation a.i.
Deputy Department Head Science IT Infrastructure and Services department
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland

Phone: +41 56 310 3369
leonardo.sala at psi.ch
www.psi.ch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20250415/08fa9e77/attachment.htm>