[OpenAFS-devel] Re: [OpenAFS] 2020 AFS Technologies Workshop Cancelled.. kafs update

Giovanni Bracco giovanni.bracco@enea.it
Tue, 7 Apr 2020 21:05:33 +0200

A reply only to the question I can answer to!

 > Which functionality from "pts" do your users require?

the functionalities that do not require for the user to be in the 
system:administrators group


On 07/04/20 04:41, Jeffrey Altman wrote:
> On 4/6/2020 8:59 AM, David Howells wrote:
>> Giovanni Bracco <giovanni.bracco@enea.it> wrote:
>>> My feeling is that to  put it really in production the main missing points
>>> are:
>>> 1) pam module
>> Yep.  But the systemd folks are doing their best to make this tricky, I
>> believe...
> When "systemd --user" services its not safe to use session keyrings.
> Network credentials must be stored in user keyrings so that the user
> services have access to the credentials.
>>> 2) user commands, essentially "fs" first of all and also "pts"
>> And there's another issue with implementing the fs tools - and that's that I'm
>> not allowed to implement pioctl(2) or afs(2), so I have to find other ways of
>> doing things:
>> 	https://www.infradead.org/~dhowells/kafs/user_interface.html
>> But the main issue is that, for the most part, I'm the only one working on
>> them - and that's in addition to my normal job.
> The "fs" command suite does not talk to the fileserver directly.  For
> kafs the "fs" command should be implemented as a front-end to the
> interfaces that are described by the above URL.  OpenAFS should consider
> implementing those interfaces as well; at least on Linux.
> The vos and pts commands from OpenAFS currently have a dependency on the
> existence of a cache manager.  If that dependency was removed there
> would be no need for kafs to provide its own implementation of these
> tools that are somewhat specific to the administration of OpenAFS cells.
> Which functionality from "pts" do your users require?
>>> 3) inotify
>> Implementing inotify/dnotify/fanotify is hard because I can't tell from a
>> callback what changed - only that something has.  By examining the data
>> version I can tell whether the contents of the object changed or whether it
>> was an attribute/ACL change, but then I have to compare the attributes or, if
>> a directory, the contents, to see which event to generate.
> One of the benefits of the Extended Callback protocol is to provide this
> level of detail
>    https://tools.ietf.org/html/draft-benjamin-extendedcallbackinfo-02
>>> The bos, vos and backup command can be run on server nodes, which can be
>>> standard OpenAFS systems, am I right?
>> The OpenAFS bos, vos and backup commands can be run from the client too, I
>> think, since they don't require any interaction with the afs kernel module.
> The OpenAFS version of these tools requires an OpenAFS cache manager.
> The AuriStorFS version does not.

Giovanni Bracco
phone  +39 351 8804788
E-mail  giovanni.bracco@enea.it
WWW http://www.afs.enea.it/bracco