OIT SysCore

We're currently testing "copying" the /usr/afsws & /usr/k5 trees, via cfengine, to local drives instead of linking to them in AFS. This is a precursor to taking advantage of using shared Kerberos & AFS libraries instead of always statically linking these apps. This will make updates to Kerberos for bugs & security much easier, as applications which use them will not need to be rebuilt. In case of AFS service troubles, applications which make use of these libraries will continue to be available -- as their dependant libraries are not mounted in AFS.

A small (hopefully unnoticable) change was made to the cfengine configuration, moving the disable action before the copy. This allows the removal of the /usr/afsws & /usr/k5 symlinks before the recursive copy operation. This allows for a continued "simple" afs client installation and configuration (by just creating the links), and allows cfengine to do the heavy lifting once the machine is finally configured.

Right now I'm currently testing this under linux only -- I'll expand it to the platforms we care about (solaris sparc & solaris x86) next week.

update

In order to make this a bit more efficient, I've added a file called ".update" to the /usr/k5 & /usr/afsws directories. Cfengine won't "check" all of the files in the tree for copying unless the timestamp on this file differs from what's on the local HD of the machine. There's a lot of stuff in that tree, and doing checkum verifications on all of the files, every 15 minutes, is just a bad idea. I've also rolled this out to Solaris and Irix.