[OpenAFS] new infrastructure-afs home and backup questions

Derek Harkness dharknes@umd.umich.edu
Sun, 15 May 2005 10:56:00 -0400 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's the solution I've put in place.  Background medium size =20
university 12k+ users.

I have three Linux AFS servers connected to XRaids for 1TB of disk =20
space available for user home directories.  The servers are =20
replicated every four hours, backup volumes are generated nightly and =20=

mounted inside the user's home directory, and all data is backed up =20
to tape every two days.  AFS was put in place to replace our aging =20
Novell system and to unify our Windows desktop environment and our =20
Unix backend.  So I've setup Samba servers to act as a gateway for =20
AFS directories.  Most user account data is stored in LDAP, kerberos =20
is used for unix logins, and samba passwords are currently in LDAP =20
(There's a strange magic piece that allows the Samba server to issue =20
AFS tokens so my users have a krb5 password and a SMB password).  I'm =20=

hoping Samba 4 will allow me to use kerberos for desktop logins.  =20
This setup has been in place and working since December.

The samba environment provides domain management and control and file =20=

and print sharing to Windows clients.  Unix and Mac clients run the =20
AFS client and use CUPS.  Samba has allowed us to really unify the =20
environment from the users point of view while at the same =20
simplifying our backend environment by eliminating our need for =20
Novell, NFS, and Windows servers.

I currently use a slightly hacked Veritas Netbackup for tape =20
backups.  It has some problems, like not backing up ACLs, but at =20
least it gets the file data.  My ACLs structure is very simple and =20
very easy to recreate if a restore is needed.

Derek

On May 11, 2005, at 7:05 AM, Lars Schimmer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> I'm in to setup a complete new infrastructure with new PCs, new =20
> users,etc.pp.
>
> Now I've got two questions.
> 1.
> I want to setup OpenAFS and krb5 for filesystem and authentication.
> Is it wise to use linux-user-homes on AFS? And how to let all the =20
> PCs know,
> where to find the homes?
> E.g. 40 users and 20 workstations. Every user should be able to =20
> login to every
> workstation and get his home. I thought about NIS, krb5 and =20
> OpenAFS. Any tips
> for me?
> And is it possible to setup Windows-documents&Settings (windows =20
> home) to AFS?
> I want to setup a domain with a win2003 server and clients. Under =20
> NT I can setup
> the windows-homes to a samba drive. If I can do that with win2003 =20
> server, I can
> set windows & linux home in ONE home-volume.
> Any hints, tips, donots?
>
> 2. Backup - neverending story...
> Til yet we use RO copies of the volumes to do a 1-day-go-back-backup.
> Therefore I will setup the new cell with 160 or 250 GB HDs and =20
> partitions in
> that size, i don't want to backup THIS big partitions to streamer =20
> or else.
> It is a pain in the ass if only a 2 MB file is missing and I have =20
> to get that
> 250 gig backup back and so on...
> Is there a more nicely way to do it?
> I thought about a big fileserver in a different location with RO =20
> copies of all
> volumes I setup, but thats only 1 step back, and I want to get 3 =20
> days up to 1
> week...
> I haven't tested the backup volume yet, neither understood it, if I =20=

> find time, I
> have to read on...
>
>
> Cya
> Lars Schimmer
> - --
> - -----------------------------------------------------------------
> Technische Universit=E4t Braunschweig, Institut f=FCr Computergraphik
> Tel.: +49 531 391-2109            E-Mail: schimmer@cg.cs.tu-bs.de
> PGP-Key-ID: 0xB87A0E03
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCgeb4VguzrLh6DgMRAsUqAKDSJlD4UlcJNIdnTdUvtRNXyIn5SACgrBJ1
> JNQEpuYT+A9GcjJ4hblmWZo=3D
> =3DtdLA
> -----END PGP SIGNATURE-----
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCh2MBsUNgsBVjM+0RAvlDAJ9aisY4L9d4g6sKuOf1jssmRGUBvQCeOn2F
SWCXLWjZZQaKxhMDtEpnjtI=3D
=3DwBin
-----END PGP SIGNATURE-----