[OpenAFS] a noobs question and problems on a new cell
Christopher D. Clausen
Mon, 7 May 2007 02:29:41 -0500
Adnoh <firstname.lastname@example.org> wrote:
> By "Backup" I mean the typical type of backup - one snapshot of the
> data at the weekend and some
> incremental backups every day. i don't think this is posible with
> backup volumes - so i thought about volume dumps.
Backup volumes must reside on the same server and partition as the RW
volume. You could use backup volumes, dump them, and copy the dump
files to a central location, even into a different AFS volume on another
server. That isn't the most efficient backup program though.
> i don't want to have all the volumes in our headquarter. so every
> time a user openes his word-doc or similar it would be completly
> transfered over our VPN - and I can hear the people crying "our
> fileservers are too slow !" so seperate fileservers in every district
> would be a good choice, I think - would'nt they ?
That is an option. There are of course problems with doing either.
Remember that the AFS clients themselves cache read-only data. So if
most of your data is only being read and not written back that often, it
might make sense to have only centrally located AFS servers.
It might also make sense to have AFS DB servers hosed locally at each
district, although I'm not sure what would happen if the network goes
out and quorum is lost. Otherwise certain information will still need
to come from the central DB server in order for AFS to function
> i thought about every district his own fileserver with the special
> volume for them and a readonly volume in our headquarter released
> every night - so i could do the volume dump - i'm not very trusted
> with the "backup" command yet.
By default, the AFS client prefers to use readonly volumes, so if you
create a replica of a volume, the data will immediately become readonly.
You can however manualy force the mount point to be RW (-rw option to fs
mkm) and this way you can have an RW volume in each local district and
still be able to clone the data to other servers using vos release. All
volume rights must go to directly to the RW volume. The AFS client does
not detect when you want to make a write and find the proper RW volume.
You can modify the code to make it behave that way, but there are
reasons for not doing that.
You could also run an AFS cell in each district and vos dump
incrementals from the volumes and copy them to a central fileserver and
restore them there. Volumes do not have to be restored to the cell they
were dumped from.
However, you might simply be better off using a more common network
filesystem like NFS or samba and using something like rsync to backup
the data nightly. You mentioned a VPN. Since the network link is
already encrypted, you don't require filesystem encryption? Or do you?
I've not used the AFS "backup" command. Ever.
> but I don't know how I could set up the "shared" part where every
> user in every district can read/write to it.
You just set ACLs with the fs setacl command. Unless I again am
misunderstanding what you mean by "shared."
> so if you tell me which information you need to know I can provide
You might want to read through:
Those are old, but are short and explain how volumes work. It seems as
though you are trying to use AFS like NFS or samba, creating a single
large share point and allowing everyone to write in it. This is not the
best way to use AFS, although it mostly works. Replicating single large
volumes can take a long time, especially over slow links.
Can you describe a "distrcit office" in more detail? How many users?
Is there technical staff there to diagnose problems with an AFS server,
if they occur? Are the offices always connected to the network? What
type of connection do they have? Bandwidth? Latency? Do users work
out of different offices at different times? How much data do you need
to store at each district? Do you use Kerberos 5 currently within your
organization? A single realm? Or a realm per district? What kind of
budget do you have for hardware and software for this project? How
reliable is the network link? Do you have any off-site backup or
disaster recovery requirements? Any specific features that the project
MUST do? Any features that the project SHOULD do? Anything else that
would be nice to do? How much data are we talking about here? Total
and at each district? What is the "change rate" of your data? How much
data is modified per day or per week as a percentage of the total data?
What are your projected storage requirements for 1 year? 2 years? 3
years? 5 years? 10 years? What are you using right now for file
sharing? What are the current problems that you are experiencing?
Why did you decide to look at AFS in the first place?