[OpenAFS] OpenAFS Newbie Questions

[Nathan Davis]

Raymond wrote:

> As a newbie to AFS, I am unclear on much of AFS

>

The Administration Guide is an excellent source.  If you have already, it would
be well-worth the time to read it.


>
>
> I have a RH73 server and wish to replace the /home directory and mount with an
> AFS volume. Redhat will be reloaded soon with all partitions recreated and
> formated with ext3 or reiserfs. The primary use of this machine will be to
> share user data located on this machine. The /home partition is typically
> structured as /home/<org unit>/<user>/ with public, protected and private
> subdirectories. The clients are all Win2K machines spread across a continent
> via T1 and DS3 wan.
>
> 1) Is the vicex partition where all the user (/home) data is stored. If so,
> can I  create a /vicea partition in lieu of the /home partition during RH73
> installation? When creating a new user via console useradd or kde's kuser,
> would the home directory be /vicea/usr/<org unit>/<user>/ or
> /afs/<cell>/usr/<org unit>/<user>/  ?
>

Typically, you create a volume per user.  This is more flexible to manage, and
also AFS enforces per-volume, not per-user, quotas.

A volume is stored on a vicepx partition, and a vicepx partition may contain
multiple volumes.  You can move volumes between partitions (even between
machines) by issuing a single command.

As for creating users, see "Creating and Deleting User Accounts with the uss
Command Suite" and/or "Administering User Accounts" is the Administration Guide.


> 2) After perusing the list archives, it appears only ext2 is guaranteed to
> work with the client cache. Therefore, is it advisable to create a 100+ meg
> ext2 /usr/afs/cache  partition during RH73 installation?
>

Yes.  Only it should be /usr/vice/cache instead of /usr/afs/cache.  Also, some
people (including myself on a few machines) are having no problems with an ext3
cache.  Nevertheless, I would still suggest using ext2 just to be safe.


>
> 3) I wish to replicate the /vicea partition to a geographically remote machine
> for fault-tolerance. Is this easily achievable?
>

AFS allows you to create read-only replicas of a volume.  This does not work well
for home directories, however.  You could create backup volumes at a
geographically remote machine, where they could be readily restored.  Also, you
could spread the volumes out across multiple servers/locations so that if one
went down only volumes on that server would be unavailable.


>
> 4) Is the OpenAFS Windoz client similar to the Transarc client outlined in the
> Transarc documentation?
>

Sorry, can't help you with this one.  I've only used OpenAFS Windows clients, and
not much at that.


>
> 5) I currently utilize pam for all user application authentication to the
> system. Does the RH73 RPM version of OpenAFS support this? Is Kerberos
> implicitly utilized to create an encryption *hash" or should I wrap OpenAFS
> file transfers with SSH2?
>

The RH 7.3 RPMs include a PAM module.  All you need to do is add an entry into
/etc/pam.d/systemauth, or /etc/pam.d/<service> where <service> is the name of the
service you want to authenticate using AFS.  The former enables
AFS-authentication for all services, whereas the latter give you more granular
control.  Note:  you still need a passwd (or NIS, LDAP, etc.) entry for the user.

By default OpenAFS does not encrypt file transfers.  I believe this can be
changed on a per-client basis, however.

Hope this helps,

--Nathan Davis