[OpenAFS] using afs for unix config files

John Rudd jrudd@ucsc.edu
Thu, 27 Jul 2006 17:04:10 -0700

We have been doing that (having master copies in AFS and copying them 
down to local systems when they get changed) for certain files (passwd 
file, aliases file, etc.), but we're moving away from using AFS for 
this, and toward using cfengine.  Partially because several of the 
sub-groups in our large group aren't using AFS, and we want one 
solution that goes across the entire large group.

But, it does work.  It's a good strategy if you're widely using AFS.  
It's a much better strategy, in my opinion, than actually having 
critical resources exist _in_ AFS.  When I first got here, there were 
machines that either couldn't boot without having access to AFS, or 
were unusable without access to AFS.  This meant lots of extra hoops 
for simple things like "booting to single user mode".  So my peers and 
I started moving away from "/bin/* and much of /etc/* are symlinks into 
AFS" and toward "master copies are in AFS, and regularly copied down to 
local locations if a change is detected".  Made things MUCH better in 
our environment.

You can also use CVS with auto-updating, and a few other mechanisms.  
But if you've got AFS, might as well leverage it.  And, you might be 
able to "store the master copies in AFS, but use cfengine for managing 
how it gets used locally" ... but I'm not as familiar with cfengine's 
internals so I'm not sure about the details there.

On Jul 27, 2006, at 4:41 PM, Brian Sebby wrote:

> We use AFS to store the "master" copies of various files like that that
> should be the same on all systems, but the systems don't actually look 
> at
> the AFS copies for normal operation.  We have scripts that copy the 
> master
> versions to the local /etc directory and other local directories.  To 
> us, it's
> a good compromise, because you really want the critical files to be 
> local to
> the machine, but you can use AFS to only have to modify the files in 
> one
> place, and then just push out the changed files to each of the 
> machines.
> We do this for files like /etc/pam.conf, sendmail.cf, and ntp.conf.
> Brian
> On Thu, Jul 27, 2006 at 02:11:44PM -0700, David Bear wrote:
>> I am wondering how wise it is to use afs to store config files like
>> /etc/hosts
>> /etc/resolv.conf
>> ...
>> can anyone comment on their experience using afs to store these files
>> and which config files seem to be less well suited to putting in afs?
>> -- 
>> David Bear
>> phone: 	602-496-0424
>> fax: 	602-496-0955
>> College of Public Programs/ASU
>> University Center Rm 622
>> 411 N Central
>> Phoenix, AZ 85007-0685
>>  "Beware the IP portfolio, everyone will be suspect of trespassing"
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
> -- 
> Brian Sebby  (sebby@anl.gov)  |  Unix and Operation Services
> Phone: +1 630.252.9935        |  Computing and Information Systems
> Fax:   +1 630.252.4601        |  Argonne National Laboratory
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info