[OpenAFS] Questions about afs and osx

[Christopher D. Clausen]

Jonathan Dobbie <jonathan_dobbie@mcad.edu> wrote:
> Here is what I currently have:
> ~200 desktop workstations running OSX 10.4 with home directories
> mounted via AFP.
> Hundreds of apple laptops.
> 4 G5 Xserves and a G4 Xserve (all running server 10.4)
> Two of the G5s are AFP servers for home directories, one is a radmind/
> netboot server and the other, along with the G4 host other AFP shares.
> For storage, I have the internal drives, an XserveRAID (1.5TB on one
> side, 1 TB on the other) and assorted lowly FW drives used for
> backups.
> Here is what I want:
> The ability to load balance without downtime (when everyone is
> working at the end of the semester, the student server is not able to
> keep up)

You can add and remove AFS servers without downtime and without the 
end-users noticing.  Once a new server is up, you can migrate volumes on 
it.  Of course, this uses network bandwidth and disk I/O, so you need to 
monitor load and plan to move things during periods of less activity (at 
night or early morning.)

> To be able to have any one server go down without loss of access to
> data (services on that machine would obviously go down)

AFS supports this.  Only data on a particular fileserver becomes 
inaccessible when a server goes down.  Of course, you do need to follow 
some best practices and have multiple AFS DB servers and multiple 
Kerberos KDCs.  I'd recomend having three AFS DB servers and at least 
two Kerberos KDCs.

> Users would still need to be able to have a personal website (bonus
> if this would survive a server failure)  I'm sure it can do the
> former.

The public_html userdirs (supported by apache) work quite well when 
ACLed appropriately.  You can do some things to minimize outages due to 
server failures.  You should start a sperate thread on this list for 
possible ideas of solving this problem.  I'm sure there are a variety of 
answers.

> No issues with storing OSX files.

Well, I can't say that there are no issues using AFS from OS X, but it 
generally works and is getting better.  In my experience the problems 
are caused by OS X creating dot underscore AppleDouble files and 
.DS_store files everywhere that cause problems for non OS X 
applications.  And of course the fakestat-all option to get the finder 
to work causes problems for programs that use the UNIX mode bits.


> (the ability to work on Photoshop files off the
> server would be a bonus, but not needed.  This doesn't work very well 
> with AFP)

Well, I've never done this, but I believe that some people on this list 
are using the Windows openafs client to edit files with photoshop.

> It will hopefully work as well of better with Linux serving afs to
> osx as osx serving afs to osx.  There are some things I love about
> osx, even on the server (especially xgrid), but....

I would personally recomend Solaris (even on x86) over Linux, but that 
is just my opinion.

> The ability to create a Big Red Button that will let laptop users
> mount their AFP home directory (and class folders, etc).  We control
> the build on the laptops, so installation pain isn't an issue, I just
> need to be able to make an art student resistant final product.

This should be doable with little additional effort.

> Still being able to SFTP into one's home directory

You just need the appropriate SFTP server and PAM configuration and it 
pretty much just works.  There might be occational problems of users not 
getting tokens at login though.  Setting up WebDAV with an AFS backend 
might be useful to you.  There are previous posts to this list on the 
subject.

> Folder quotas would be nice, group quotas would work.

Quotas are set on volumes in AFS.  Volumes are a collection of files and 
folders.  You really need to start using AFS to understand this concept 
more.

> The ability to set quotas through non-interactive command line tools 
> is a must.

fs sq

<<CDC