[OpenAFS] OpenAFS client in LXC containers

Chaskiel Grundman cg2v@andrew.cmu.edu
Mon, 29 Jun 2015 12:31:09 -0400


> afsd is a userspace process, and
Not quite true... afsd used to provide a process context for kernel
threads to run in, but doesn't even do that anymore. The only userspace
part of afsd is the DNS lookup mechanism.

> containers are namespaced.
If only that were completely true....


In any event, depending on your actual end goal, there's an easy answer to
this: run openafs on the host, and put an afs entry in lxc.mount.entry:

lxc.mount.entry = /afs /var/lib/lxc/<name>/rootfs/afs none defaults,bind 0 0

Then install openafs-client in your container, but *don't* enable or
run the startup script. fs commands and authentication will work
transparently.

The only disadvantage to this that I can see is that the the host and the
host's networking will be used to make afs requests, and so if the host
is not on the network, or you need to be able to identify which guest is
making which requests, then this won't work.