1 [[!meta title="SIPB AFS-Moira Synchronizer"]]
3 The SIPB AFS-Moira Synchronizer allows SIPB cell AFS groups to be
4 automatically synchronized with a related Moira group by adding the
5 Moira list to the Moira list <tt>sipb-afs-sync</tt>. In theory,
6 this should eliminate most of the need to contact
7 <tt>sipb-afsreq</tt> in order to control ACLs for SIPB project
8 lockers (requests to <tt>sipb-afsreq</tt> are still necessary to get
9 new lockers created, and to add new lists to the <tt>sipb-afs-sync</tt>
13 Suppose you have a Moira list <tt>super-project</tt> that you
14 want synchronized with the <tt>sipb.mit.edu</tt> cell so that you
15 can use it as the ACL in the <tt>sipb.mit.edu</tt> AFS cell. To set
16 it up to by synchronized, you first need to make sure that
17 <tt>super-project</tt> is flagged as an AFS group in Moira (so that
18 there is a corresponding <tt>athena.mit.edu</tt> cell group), as
21 blanche super-project -G
23 Then if a SIPB AFS administrator (e.g., e-mail <tt>sipb-afsreq</tt>)
24 adds <tt>super-project</tt> to the <tt>sipb-afs-sync</tt> list, as
27 blanche sipb-afs-sync -a super-project
29 the membership of the AFS group <tt>system:super-project</tt>
30 will then be copied from the <tt>athena.mit.edu</tt> cell into the
31 <tt>sipb.mit.edu</tt> cell, creating the group if necessary, and
32 creating sipb cell PTS entries for any Kerberos principals as
33 necessary. The sipb cell group will be kept up-to-date with
34 changes to the athena one.
36 Currently, the synchronization is run in a cron job on rc that updates
37 every 15 minutes. Certain special groups (like
38 system:administrators) are in a blacklist that will not be
39 synchronized. If you want to change the blacklist status of a
40 group, contact <tt>sipb-afsreq</tt>.
42 Maintainers: <tt>tabbott</tt>, <tt>nelhage</tt>