Presentation is loading. Please wait.

Presentation is loading. Please wait.

AFS AFS general presentation Olivier Le Moigne IT/DIS/DFS 12/1/1999.

Published byMichael Armstrong Modified over 9 years ago

Similar presentations

Presentation on theme: "AFS AFS general presentation Olivier Le Moigne IT/DIS/DFS 12/1/1999."— Presentation transcript:

1 AFS AFS general presentation Olivier Le Moigne IT/DIS/DFS 12/1/1999

2 AFS Overview (1)  What is AFS ? Worldwide network distributed file system Developed at Carnegie-Mellon University AFS = Andrew File System, "Andrew" was the name of the research project at CMU - honoring the founders of the University AFS stands for Andrew File System marketed by Transarc (IBM)  Where is it ? (client point of view) /afs is the root of AFS file tree (on NT : \\hostname-afs\all mapped to drive P:) /afs/cern.ch is the root of CERN cell AFS file tree

3 AFS Overview (2)  AFS Structure Files and directories are stored in volumes Volumes are in partitions Partitions are in servers Servers are in a cell fileservers database servers (replication of database)  volume location servers  authentication servers  protection servers  backup servers A client has just to know database servers. When it needs a file, it contacts a database server to know where it is stored.

4 AFS Overview (3)  AFS advantages caching security Kerberos Access Control Lists location independence everything in /afs a client has just to know AFS database servers scalability optimized for Wide Area Network robustness replication of database servers possibility to replicate volumes on several servers

5 AFS at CERN (1)  What for ? Main network file system for UNIX workstations Common file system for all platforms UNIX/NT (?)  Not for mission critical applications (network dependency) experiments data storage (tapes)  Statistics total disk space: 2TB 10000 users 2000 clients 30 servers (3 database servers)

6 AFS at CERN (2)  AFS Team Rainer Többicke Olivier Le Moigne Tami Kramer (NICE NT client installation) Tim Whibley (operations) Contact Afs.Support@cern.ch

7 AFS documentation  CERN AFS home page available from http://wwwinfo.cern.ch/ AFS user guide  FAQ http://www.angelfire.com/hi/plutonic/afs-faq.html or /afs/transarc.com/public/afs-contrib/doc/faq/afs- faq.html  Transarc http://www.transarc.com

8 AFS Using AFS

9 Authentication (1)  AFS token AFS authentication is based on Kerberos a token is a data object which correlates user’s processes with AFS identity key of mutual authentication mechanism checked with tokens command obtained at login time when enabled or with klog command (need user password) password is changed with kpasswd expires every 25 hours (has to be refreshed) refreshed by xlock specific UNIX replacement tools: rsh, acrontab...

10 Authentication (2)  Process Authentication Group unique number used by operating system to identify which token is associated with user processes new PAG created by pagsh command (new shell)

11 Authentication (3)  Authentication Issues never use klog as root without creating a new PAG pagsh must be used if you want to have several tokens (with different AFS id). Use ksu to obtain a token from a different user (small script using pagsh and klog) clock synchronization between servers and clients is important to be able to acquire tokens (“clock badly skewed” message) tokens expiration is sometimes painful for user but it is important for security. Solutions exists: CERN settings for LSF (batch jobs) acrontab, xlock

12 Protection groups (1)  What is it ? Several AFS ids can be listed in a group useful for rights management  How to manage them create/delete a new group pts createg/delete username:groupname add/remove a user pts adduser/removeuser username group list group members pts mem group

13 Protection Groups (2)  Special groups system:anyuserjust any AFS user in the world system:authuser any AFS user with a valid token for the local cell cern:nodes all machines at CERN (based on IP address) gg AFS space administrators for group gg cern:gg all registered members of group gg

14 Access Control Lists (1)  What is it ? control permissions on directory and file access list of rights defined on per-directory basis seven rights exist in AFS: lookuplist files in a directory insertadd a new file in a directory delete administerchange ACL in a directory readread file contents and status writechange file contents and mode locklock full file

15 ACL (2)  Mnemonic rights allr+w+k+l+i+d+a none entry deleted from access list. This does not mean that the user has no rights, since other ACL entries may still apply read r+l write r+w+k+l+i+d, i.e. everything except 'a'

16 ACL (3)  ACL manipulation examine an ACL fs listacl directory $ fs la /afs/cern.ch/user/o/olm Access list for /afs/cern.ch/user/o/olm is Normal rights system:anyuser l olm rlidwka olivier rlidwka change ACL fs setacl directory afsid right $ fs sa. huon read $ fs sa. huon rl

17 ACL (4)  ACL issues confusion between UNIX mode bits and AFS ACLs only meaningful owner mode bits are significant it is not because a directory has rwx UNIX mode that you can read and write in it if you want to give someone access to a file, use fs setacl, not (only) chmod be careful of token expiration  Other remarks about UNIX and AFS not possible to have executable only file (no read) no cross directory hard links no setuid/setgid bit (at least at CERN)

18 Volumes (1)  Features can be moved transparently from one server to another backup replication (only read only) quota  Mount point directory where root of the volume is mounted /afs/cern.ch/user/o/olm is a mount point: volume user.olm managed with fs mkm and fs lsm

19 Volumes (2)  Aaaah ! I’ve lost my files ! Do not panic, there is a backup every day (if your files are not in a scratch volume q.*) file from yesterday are online (backup volume) For user: /afs/cern.ch/ubackup/o/olm a command is being developed to automate restore after this, we have to use tapes. Contact Afs.Support and ask to restore the volume you are interested in (or just the full path of your files) and precise the date. We keep backups during 1 year but there are gaps after 1 months (we recycle tapes)

20 Volumes (3)  I have no more space in my home directory available space is shown by fs listquota. $ fs lq /afs/cern.ch/user/o/olm Volume Name Quota Used %Used Partition user.olm 50000 35586 71% 81% to increase space, usually ask your AFS space administrator (found in xwho) typical user home directory is 50MB partition can also be full (to save disks space, total of volume quota is usually bigger that partition size). Contact Afs.Support. The balancing script did not its job...

21 Volumes (4)  I can not access my home directory check token there is a “lost contact” message fs checkserver to see if a server is down fs exa directory to see on which server it is is there a network problem ? Try ping on a afs3 client configuration (CellServDB) there is a “volume busy” message AFS management scripts manage used space and move volumes. When a volume is moved, it is not available for a short period (normally).

22 Miscellaneous  @sys AFS permits to have a platform dependent directory In AFS home directory, bin is a symbolic link to.@sys/bin This can be a problem when a central service nodes have a different operating system (directory no longer exists) @sys is replaced by the value of fs sys

23 Installing AFS  UNIX need to be root with afs SUE feature  NT need to have administrator privileges In Start Menu : More Applications\System Configuration\AFS Client for NT

24 NT GUI (1)

25 NT GUI (2)

26 NT GUI (3)

27 The Thing...  Check user token with tokens command $ tokens Tokens held by the Cache Manager: User's (AFS ID 4968) tokens for afs@cern.ch [Expires Jan 12 12:11]  Refresh token with klog command $ klog olm Password: $ tokens Tokens held by the Cache Manager: User's (AFS ID 4968) tokens for afs@cern.ch [Expires Jan 13 12:56] --End of list--

Download ppt "AFS AFS general presentation Olivier Le Moigne IT/DIS/DFS 12/1/1999."

Similar presentations

File-System Interface

File-System Interface
Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.

Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.

1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
Other File Systems: AFS, Napster. 2 Recap NFS: –Server exposes one or more directories Client accesses them by mounting the directories –Stateless server.

Other File Systems: AFS, Napster. 2 Recap NFS: –Server exposes one or more directories Client accesses them by mounting the directories –Stateless server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Resource Sharing Over a Network

Resource Sharing Over a Network
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID: 105820.

Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID:
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
A crash course in njit’s Afs

A crash course in njit’s Afs
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.

Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
Test Review. What is the main advantage to using shadow copies?

Test Review. What is the main advantage to using shadow copies?
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Similar presentations

Ads by Google