[OpenAFS] Is OpenAFS appropriate?

Stephen Bosch posting@vodacomm.ca
Wed, 21 Jan 2004 00:52:41 -0700


Hi, everybody:

Well, I've been hammering away at our first ever OpenAFS install for 
about four full days now, and there is some good news and some bad news.

The good news is, it is running. It starts and stops properly with the 
rc script. It mounts, and, when access control is lax, users can move 
throughout the /afs tree. I spent hours trying to understand uss. I have 
a template file that sort of works. I created a user, and did my best to 
make sure that the user existed with the same UID as in the *nix space.

The bad news is that, in spite of using the pam modules, tokens are not 
being issued at login time. I have created a user with the same UID, 
password and login name, configured pam.d/login and pam.d/sshd to use 
the afs pam module, and yet, no tokens. The only way to be assured of a 
token is by using klog... and that, really, is just one of many 
obstacles I am facing. Getting volumes and volumes management straight 
is another challenge. And then there are backups. The whole point of 
this exercise was to centralize our data on RAID and give us an easy way 
of scaling up storage while improving data redundancy.

It is also bad news that as yet I am still doing the client work on the 
single file server (just no point in installing a client on another 
machine until I'm comfortable enough with this).

It has taken me so very long to get this far. I've read a lot of 
documentation. I don't know how much it is sticking. The learning curve 
is steep.

I have a few questions and concerns, and I wanted to get your feedback.

First of all, this seems really very convoluted. It takes a lot to 
confuse me, but I'll concede, this has me pretty confused. The 
documentation is in classic IBM style -- comprehensive, yes, but arcane, 
often ambiguous, and written in the sort of technical style I'd 
forgotten even existed. Anyway, convoluted and confusing is bad, 
especially when it comes to something as important as data integrity. 
What if something goes sideways? What of our data? If it's this 
confusing, is it really such a good idea for us to be trusting our 
company data to it? How much time are we going to be spending 
administering this? We simply don't have the full time resources to 
dedicate to it.

Does OpenAFS have a real future? I know there are a fair number of folks 
using it, but I really do think it has to get a whole lot *simpler* to 
administer, for lack of a better word. I'll say it -- these last four 
days have been some of the most brutal days as a sysadmin I've spent. 
Somebody talked about bleeding from the eyes... I can relate.

The thing is -- we *need* a network file system. We decided upon AFS 
because it seemed the furthest along, and the alternatives didn't 
inspire confidence. It's a desert out there. There's classic NFS -- 
insecure, problems with file locking, horrible with unexpected network 
outages. NFS V4 is supposed to address these things but is far from 
ready. There's CODA, really just an uncle to AFS and essentially 
unmaintained; Intermezzo -- much more limited, also stagnant. As for 
SMB/CIFS -- don't even go there. It's useless to us if it doesn't 
preserve permissions, and SMB is just too slow.

You, the list members, have used/are using AFS. I guess what I want to 
know is, is it worth the continued effort, or are we entering a world of 
pain here? If yes, can anybody suggest a more manageable alternative?

Cheers,

Stephen Bosch