[OpenAFS] Is OpenAFS appropriate?

[Derek Atkins]

Hi,

Stephen Bosch <posting@vodacomm.ca> writes:

> Well, I've been hammering away at our first ever OpenAFS install for
> about four full days now, and there is some good news and some bad
> news.

Four days!?!?  The last time I installed a cell from scratch
(which was a few months ago) I got it all up and running in
about an hour.  That included the PAM modules to get login
working.  OTOH you didn't say what OS your server is running....

> It is also bad news that as yet I am still doing the client work on
> the single file server (just no point in installing a client on
> another machine until I'm comfortable enough with this).

This isn't necessarily a bad thing.  It's definitely a good bootstrap
step.

> It has taken me so very long to get this far. I've read a lot of
> documentation. I don't know how much it is sticking. The learning
> curve is steep.

True, it's a bit steep.  I'd suggest you take an AFS class to put it
all into perspective, because once you understand the fundamentals
it's really easy.  Also, once you get the cell up and running the
day-to-day admin is pretty easy.  Basically you just need to create
new accounts, create new volumes, configure (and run) backups, and
balance servers.  Periodically you'll need to update the software.

I don't know the size of your company, but a single person can handle
this part-time for a small company.

> I have a few questions and concerns, and I wanted to get your feedback.
>
> First of all, this seems really very convoluted. It takes a lot to
> confuse me, but I'll concede, this has me pretty confused. The
> documentation is in classic IBM style -- comprehensive, yes, but
> arcane, often ambiguous, and written in the sort of technical style
> I'd forgotten even existed. Anyway, convoluted and confusing is bad,
> especially when it comes to something as important as data
> integrity. What if something goes sideways? What of our data? If it's
> this confusing, is it really such a good idea for us to be trusting
> our company data to it? How much time are we going to be spending
> administering this? We simply don't have the full time resources to
> dedicate to it.

See above.  Once you understand AFS's architecture it's a LOT easier.
An AFS course would probably help you significantly.  Once you
understand the basics it becomes much less convoluted and complicated.
Seriously.

There are a few known failure modes and it's extremely rare for
anything to "fail sideways".

> Does OpenAFS have a real future? I know there are a fair number of
> folks using it, but I really do think it has to get a whole lot
> *simpler* to administer, for lack of a better word. I'll say it --
> these last four days have been some of the most brutal days as a
> sysadmin I've spent. Somebody talked about bleeding from the eyes... I
> can relate.

Yes, I certainly think it has a real future.  IBM may stop shipping
it, but that should just allow OpenAFS to continue on unleashed.
Significant progress was made to AFS once it was released a few years
ago.  There is a large amount of public support for the code.  It's
not going away any time soon.

> You, the list members, have used/are using AFS. I guess what I want to
> know is, is it worth the continued effort, or are we entering a world
> of pain here? If yes, can anybody suggest a more manageable
> alternative?

IMHO, yes, it's worth the effort.  Again, you may want to get someone
to teach you the basics to make the curve a bit easier.

I hope this helps,

> Cheers,
>
> Stephen Bosch

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant