The SIPB AFS-Moira Synchronizer allows SIPB cell AFS groups to be automatically synchronized with a related Moira group by adding the Moira list to the Moira list sipb-afs-sync. In theory, this should eliminate most of the need to contact sipb-afsreq in order to control ACLs for SIPB project lockers (requests to sipb-afsreq are still necessary to get new lockers created, and to add new lists to the sipb-afs-sync list).
Suppose you have a Moira list super-project that you want synchronized with the sipb.mit.edu cell so that you can use it as the ACL in the sipb.mit.edu AFS cell. To set it up to by synchronized, you first need to make sure that super-project is flagged as an AFS group in Moira (so that there is a corresponding athena.mit.edu cell group), as follows:
blanche super-project -G
Then if a SIPB AFS administrator (e.g., e-mail sipb-afsreq) adds super-project to the sipb-afs-sync list, as follows:
blanche sipb-afs-sync -a super-project
the membership of the AFS group system:super-project will then be copied from the athena.mit.edu cell into the sipb.mit.edu cell, creating the group if necessary, and creating sipb cell PTS entries for any Kerberos principals as necessary. The sipb cell group will be kept up-to-date with changes to the athena one.
Currently, the synchronization is run in a cron job on rc that updates every 15 minutes. Certain special groups (like system:administrators) are in a blacklist that will not be synchronized. If you want to change the blacklist status of a group, contact sipb-afsreq.
Maintainers: tabbott, nelhage