[OpenAFS] a noobs question and problems on a new cell

Klaas Hagemann kerberos@northsailor.de
Wed, 09 May 2007 13:39:02 +0200

> I tried that this way and didn't get it:
> a volume called software (~1 Gig)
> in our headquarter the rw-volume on the afs server.
> in a district the (nightly) ro-snapshot of that volume.
> mounted into afs like:
> /afs/domain/.software (-rw)
> /afs/domain/software (ro)
> so if I understand that right i should now be able to access the data under
> /afs/domain/.software on both sides.
That is right, but you will always get the rw-instance in your headquarter.
> in the headquarter it should use always the rw-instance and in the district
> it should use the rw-instance (over vpn) on a write,
> and on a read it should prefer the local ro-instance. but that doesn't work
> for me.
> everytime I accessed some software in the district it was transfered
> completly over the vpn from our headquarter.
> did I something missunderstood or have I done something wrong !?
If you choose the rw-path (the "dotted" path) /afs/domain/.software, you 
will always get the rw-path. OpenAFS do not bother about the location of 
the volume at this point.

If you use the "normal" path /afs/domain/softare, you will preferable be 
forwarded to an ro-Instance of that volume. In your case, users in the 
headquarter would use a volume in one of your departments.

The decision, whether to use a RO or a RW instance of a volume is not 
made by the location of the volume. the decision is based on:
- is it an explicit rw-mountpoint (.software)
- are ro instances available

If you do not make a rw-mountpoint, the afs client will contact 
ro-volumes as long as you can access one. Only if no ro volume is 
available, the rw instance is used.

Then there is another point to be aware of:
"Once RW, always RW"
So if you have in your afs path only on rw-volume, all the underlying 
moint-points will be rw too. So if your root.cell volume (which is the 
mount-point for /afs/domain) is only available as a rw-version, you will 
never be able to access ro-volumes.

> the idea of this behaviour (take the lokal ro if available and just get what
> you still need over vpn) was the coolest feature of the afs - i thougt. and
> is the most case why I was looking on the whole afs thing - and not
> something like nfs.
that is basically still true, but the decision is not made by accessing 
a file. the decision is made by choosing the right mount-point for a volume.

Which volume you have access to is a manner of mount-points and ACLs, 
NOT of the location of the volume. In an ideal world a user do not need 
to know on which server his data is stored.