[OpenAFS] new infrastructure-afs home and backup questions
Sun, 15 May 2005 10:56:00 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Here's the solution I've put in place. Background medium size =20
university 12k+ users.
I have three Linux AFS servers connected to XRaids for 1TB of disk =20
space available for user home directories. The servers are =20
replicated every four hours, backup volumes are generated nightly and =20=
mounted inside the user's home directory, and all data is backed up =20
to tape every two days. AFS was put in place to replace our aging =20
Novell system and to unify our Windows desktop environment and our =20
Unix backend. So I've setup Samba servers to act as a gateway for =20
AFS directories. Most user account data is stored in LDAP, kerberos =20
is used for unix logins, and samba passwords are currently in LDAP =20
(There's a strange magic piece that allows the Samba server to issue =20
AFS tokens so my users have a krb5 password and a SMB password). I'm =20=
hoping Samba 4 will allow me to use kerberos for desktop logins. =20
This setup has been in place and working since December.
The samba environment provides domain management and control and file =20=
and print sharing to Windows clients. Unix and Mac clients run the =20
AFS client and use CUPS. Samba has allowed us to really unify the =20
environment from the users point of view while at the same =20
simplifying our backend environment by eliminating our need for =20
Novell, NFS, and Windows servers.
I currently use a slightly hacked Veritas Netbackup for tape =20
backups. It has some problems, like not backing up ACLs, but at =20
least it gets the file data. My ACLs structure is very simple and =20
very easy to recreate if a restore is needed.
On May 11, 2005, at 7:05 AM, Lars Schimmer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I'm in to setup a complete new infrastructure with new PCs, new =20
> Now I've got two questions.
> I want to setup OpenAFS and krb5 for filesystem and authentication.
> Is it wise to use linux-user-homes on AFS? And how to let all the =20
> PCs know,
> where to find the homes?
> E.g. 40 users and 20 workstations. Every user should be able to =20
> login to every
> workstation and get his home. I thought about NIS, krb5 and =20
> OpenAFS. Any tips
> for me?
> And is it possible to setup Windows-documents&Settings (windows =20
> home) to AFS?
> I want to setup a domain with a win2003 server and clients. Under =20
> NT I can setup
> the windows-homes to a samba drive. If I can do that with win2003 =20
> server, I can
> set windows & linux home in ONE home-volume.
> Any hints, tips, donots?
> 2. Backup - neverending story...
> Til yet we use RO copies of the volumes to do a 1-day-go-back-backup.
> Therefore I will setup the new cell with 160 or 250 GB HDs and =20
> partitions in
> that size, i don't want to backup THIS big partitions to streamer =20
> or else.
> It is a pain in the ass if only a 2 MB file is missing and I have =20
> to get that
> 250 gig backup back and so on...
> Is there a more nicely way to do it?
> I thought about a big fileserver in a different location with RO =20
> copies of all
> volumes I setup, but thats only 1 step back, and I want to get 3 =20
> days up to 1
> I haven't tested the backup volume yet, neither understood it, if I =20=
> find time, I
> have to read on...
> Lars Schimmer
> - --
> - -----------------------------------------------------------------
> Technische Universit=E4t Braunschweig, Institut f=FCr Computergraphik
> Tel.: +49 531 391-2109 E-Mail: email@example.com
> PGP-Key-ID: 0xB87A0E03
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> OpenAFS-info mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----