[OpenAFS] AFS in a solaris 10 zone? How about Linux/Xen VM?

Jeffrey Hutzelman jhutz@cmu.edu
Wed, 30 Mar 2005 14:53:10 -0500 

On Wednesday, March 30, 2005 11:45:24 AM -0500 Dan Pritts 
<danno@internet2.edu> wrote:

> On Wed, Mar 23, 2005 at 09:54:23AM -0500, Robert Banz wrote:
>> > Near as I can tell, the only way to get AFS in a solaris zone is to run
>> > afsd in the global zone.  This is because zones are not full
>> > virtualization, but merely isolation from other processes and the
>> > fair-share scheduler to allocate resources to the zones.  I have not
>> > tried it, but it seems like it should work.
>>
>> The couple "caveats" i've found with running AFS in the global zone...
>> 	
>> 	1) UID-associated tokens are associated across all zones (including
>> 	the global.)  PAGs work fine, but I've got a couple things that rely on
>> 	UID  association...
>> 	2) To get /afs to appear as /afs in all of the zones, you use the a
>> loopback mount.  However, since this loopback mount doesn't look like
>> it's in AFS in the zone, PIOCTLs don't work.  Anyone think of a
>> workaround?
>
> I'm a bit hazy on AFS internals, but in this context, PIOCTLs means
> anything on the list below?
>
>   http://grand.central.org/pages/numbers/pioctls.html
>
> If so that's a pretty big list of limitations.  Like, can't get a token.
> Am I interpreting this correctly?

Yes and no.  Rob's statement was probably a little overbroad.
The pioctl() ("path ioctl") system call is used to perform a variety of 
special operations on files in AFS, and for other interactions with the 
cache manager including token management and configuration.

Some pioctl operations operate on specific files, and will only work on 
files in AFS.  Files accessed via a loopback mount look like they belong to 
the loopback filesystem, not to AFS, and so pioctl() won't work on them.

Other pioctl operations, including token management, operate on the system 
as a whole.  These ignore the pathname argument passed to them, and I would 
expect them to operate correctly in any zone.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA