Part III: AFS—A Secure Distributed Filesystem

Make your single sign-on infrastructure complete using a secure cross-platform distributed filesystem.

The -noauth option is used because this command is run without any credentials for this cell.

Special administrative privileges are necessary to explore the authentication part of AFS, which is standard Kerberos, so I skip it here.

Now, find out where the current directory physically is located:

% fs whereis .

File . is on hosts andrew.e.kth.se VIRTUE.OPENAFS.ORG

This shows that two copies of this directory are available, one from andrew.e.kth.se and one from VIRTUE.OPENAFS.ORG.

The command:

% fs lsmount /afs/openafs.org/software/openafs
↪/v1.2/1.2.10/binary/fedora-1.0
/afs/openafs.org/software/openafs/v1.2/1.2.10/binary/fedora-1.0
↪ is a mount point for volume #openafs.1210.f10

shows that this directory actually is a mount point for an AFS volume named openafs.1210.f10.

Another AFS command allows us to inspect volumes:


% vos examine openafs.1210.f10 -cell openafs.org -noauth

This command examines the read-write version of volume openafs.1210.f10 in AFS cell openafs.org. The output should look like this:

openafs.1210.f10      536871770 RW   25680 K On-line
    VIRTUE.OPENAFS.ORG /vicepb
    RWrite  536871770 ROnly  536871771 Backup      0
    MaxQuota          0 K
    Creation    Fri Nov 21 17:56:28 2003
    Last Update Fri Nov 21 18:05:30 2003
    0 accesses in the past day (i.e., vnode references)

    RWrite: 536871770     ROnly: 536871771
    number of sites -> 3
       server VIRTUE.OPENAFS.ORG partition /vicepb RW Site
       server VIRTUE.OPENAFS.ORG partition /vicepb RO Site
       server andrew.e.kth.se partition /vicepb RO Site

The output shows that this volume is hosted on server VIRTUE.OPENAFS.ORG in disk partition /vicepb. The next line shows the numeric volume IDs for the read-write and the read-only volumes. It also shows some statistics. The last three lines show where the one read-write (RW Site) and the two read-only (RO Site) copies of this volume are located.

To find out how many other AFS disk partitions are on the server VIRTUE.OPENAFS.ORG, use the command:

% vos listpart VIRTUE.OPENAFS.ORG -noauth

We learn that the partitions on the server are:

/vicepa     /vicepb     /vicepc
Total: 3

which show a total of three /vicep partitions. To see what volumes are located in partition /vicepa on this server, execute:

% vos listvol VIRTUE.OPENAFS.ORG /vicepa -noauth

This command takes a while and eventually returns a list of 275 volumes. The first few lines of output look like this:

Total number of volumes on server VIRTUE.OPENAFS.ORG partition /vicepa: 275
openafs.10.src                    536870975 RW      11407 K On-line
openafs.10.src.backup             536870977 BK      11407 K On-line
openafs.10.src.readonly           536870976 RO      11407 K On-line
openafs.101.src                   536870972 RW      11442 K On-line
openafs.101.src.backup            536870974 BK      11442 K On-line
openafs.101.src.readonly          536870973 RO      11442 K On-line

Another command, bos, communicates with a cell's basic overseer server and finds out the status of that cell's AFS server processes. Many more subcommands are available for the fs, pts, vos and bos commands. All of these AFS commands understand the help option (no dash in front of help) to show all available subcommands. Use fs <subcommand> -help (with the dash) to look at the syntax for a specific subcommand.

The Future of AFS

Several enhancement projects for AFS currently are underway. The most important project right now is to make AFS work with the 2.6 Linux kernels. These kernels no longer export their syscall table. Another project is to provide a disconnected mode that allows AFS clients to go off the network and continue to use AFS. Once they reconnect, the content of files in AFS space is re-synchronized.

Conclusion

Although all the different aspects of AFS can be overwhelming at first and the learning curve for setting up your own AFS cell is steep, the reward for using AFS in your infrastructure can be significant. Secure, platform-independent world-wide file sharing is a concept as attractive as serving your /usr/local/ area and all your UNIX home directories. And, all this comes with only minimal long-term administrative costs.

Resources for this article: /article/8079.

Alf Wachsmann, PhD, has been at the Stanford Linear Accelerator Center (SLAC) since 1999. He is responsible for all areas of automated Linux installation, including farm nodes, servers and desktops. His work focuses on AFS support, migration to Kerberos 5, a user registry project and user consultants.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState