[OpenAFS] Using OpenAFS with Web Servers

[Russ Allbery]

BNQ <binq@yahoo.com> writes:

> How suitable is OpenAFS for use as network attached storage for
> production level web servers?  The reason I want to do this is because I
> want all my clients to be in a center place.  Then I can have all my web
> server access pages from that place.  By doing this I have increased
> scalability, because I can expand the AFS cell as my storage needs grow,
> and I can have multiple web servers serving the same website.

> Has anybody tried doing this before?  How well would OpenAFS respond to
> read requests for thousands of small file every second?

All of www.stanford.edu is served out by five load-balanced servers with
all files stored in AFS.  We use large memory caches on each of the
Solaris servers, and it seems to hold up under the load quite well.  The
servers are authenticated with a distinguished Kerberos principal that has
read-only access to all the web page directories.

> If there anything that can be done to optimize such a system?  On the
> clients is the cache stored in memory or hard disk?  Is it possible to
> store it in both?  Would having a large client side cache (like 2G)
> solve my problems?

All of the tuning guides that I've seen warn against making the cache size
too large, as it just increases the search time.  What may help is to
decrease the cache block size if most of your files are very small.

> This system will also require me to create and maintain a large number
> of users.  I have decided that OpenLDAP is the best way to go about
> doing this.  Is it possible to integrate OpenAFS with OpenLDAP so that
> authentication is done though OpenLDAP, and authorized access to files
> is done though OpenAFS ACLs?

Our authentication mechanisms, although LDAP-based, are via a fairly large
and complex internally written Kerberos system, so I can't help you much
there.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>