[OpenAFS] Re: read-only to read-write fast?

Todd M. Lewis Todd_Lewis@unc.edu
Mon, 18 Aug 2003 08:16:37 -0400

Hein Roehrig wrote:
> As was recommended somewhere, we would first migrate the ro stuff to
> AFS, like software on /opt. For this an AFS->NFS gateway should be
> straightforward, no? 
> For the home directories, we are going to put a few users on our
> (small) central server to gain experience. If this works out, then
> more hardware can be justified :-) Is anybody using rw AFS->NFS
> gateways? I read that the OpenAFS NFS-translator source should work on
> Solaris!?  The point is that it will take some time to get an AFS
> client installed on all workstations...

How many workstations are you talking about?

I would strongly encourage avoiding AFS->NFS translators or gateways. 
Do NFS well, and do AFS well, but don't compromise the benefits of 
either to make them work in the same space. Get AFS clients installed, 
then everything you add to AFS is of benefit to everyone.

Then start systematically moving the RO stuff to AFS; either replace key 
  NFS directories or files with links to the new AFS locations, or links 
to notices about where the "stuff" has been moved to and how to access 
it, or notify people that the old stuff is mothballed and will go away 
on such-n-such a day, etc. as appropriate.

Moving home directories into AFS is a different problem, and should be 
handled as such.  We had a server with lots of users (I'm thinking ~120) 
with local accounts, and we converted them all to AFS overnight. 
Complicating this a little was the fact that they already had AFS 
accounts, so copying their UFS files into their AFS home directories 
required resolving name conflicts in a rational way -- login scripts had 
to keep working for example.  But we had the server space to do it.

You may have to convert a few "friendly" users and see what issues come 
up first. Most sites give users a simple set of login scripts and leave 
them on their own.  I've not heard of any site that does anything like 
what we do, but you've only got one shot at setting up something you can 
maintain for years, gives the AFS admin and each local host admin a 
chance to add appropriate pieces, and still gives users ultimate control 
over their environment.  Take a look at this (now rather old) document 
(http://www.unc.edu/atn/dci/user_environment/loginscripts.html) that 
describes out setup.  Here's a teaser:

    "In order to customize your own scripts, it is important to
     understand how this little network of scripts operates. Most
     UNIX books explain that your login scripts live in your home
     directory and are called either `.cshrc' and `.login' (for csh
     and tcsh users) or `.profile' and `.kshrc' (for ksh and bash
     users), and it's basically up to you, the user, to keep them
     working properly.

     That's true enough for stand-alone UNIX systems where your home
     directory is not shared among groups of disparate hosts. But for
     Isis users, that simple model doesn't hold up very well when your
     home directory is shared by hundreds of hosts running a dozen
     different operating systems, any one of which you might have
     reason to login to."

Good luck,
   / Todd_Lewis@unc.edu  919-962-5273  http://www.unc.edu/~utoddl /
  /              A hangover is the wrath of grapes.              /