JackNeely jjneely@pams.ncsu.edu 0.1 30 May 2003 jjn Lots of path fixes in the AFS commands

Or, better known as why on Earth would you want to read this. The aims of this document are to help others become familiar with OpenAFS and Linux in hope that both of these products will become trusted as a viable solution for our AFS needs. I hope to do this by explaining the steps needed to set up the NCSU Realm Kit for Red Hat Linux to run the OpenAFS server as well as requirements needed and some pointers to more information. This document explicitly covers setting up an OpenAFS file server on the NCSU Realm Kit for Red Hat Linux version 7.3 and 9. Hopefully, the procedure for doing the same on other version of the Linux Realm Kit will be, and should be, very similar. This document does not cover setting up an OpenAFS volume database server, update server, or setting up a new AFS cell. In the future, if this information is useful to NC State University that information should be added to this document. A long term goal is to see the NCSU Realm Kit for Red Hat Linux 7.3, 9, or higher stable version to be officially supported as platforms for AFS servers. Please note that as of this writing that the Linux platform is not supported in any way as an AFS server platform.

At this time using an OpenAFS server is not supported. Production OpenAFS servers will not be allowed on the network until more testing has been done. Fortunately, some testing is in progress. Also, at this point in time, we do not have the client software to integrate Linux OpenAFS servers into the Veritas backup system used by ITD. However, the backup tool provided by AFS is available as well as other backup options.

There are a few simple requirements to get an OpenAFS file server up and running here at NC State University. I will try to touch on each and give my thoughts on the matter. The very first thing you need is permission. Please contact your systems administrator and ITD about this. Your server wont go anywhere without their support. You will also need to obtain from ITD the AFS key for the cell that your server will be part of. This is a highly controlled secret server key and is used for server authentication and encryption. Please treat the key as such. So you've got the go ahead to make your server a reality. You will, of course, need the actual server. Again you should probably speak to your systems administrator and ITD about hardware suggestions. The software will run on pretty much any i386 Red Hat Linux box but good hardware is a very important starting point. You will need to think about your partitioning schema and the back end media your data will be stored on. The OpenAFS server needs at least one dedicated partition to store the volumes in. These partitions should probably be on a RAID device for redundancy and fail-over. Finally, you will need to install your server with with NCSU Realm Kit for Red Hat Linux. Please see the Users' Guide for the NCSU Realm Kit for Red Hat Linux for detailed information about installing it.

This section will step you through getting all the software installed, getting the server configured properly, and getting it up and running. We'll take care of this with a few subsections.

Time to actually do the dirty work. The first step is to install the NCSU Realm Kit for Red Hat Linux. For the 7.3 version a standard workstation class install should be what you are looking for. Don't forget about your partition(s) for the OpenAFS server. These partitions should be mounted under mount-points in the form of /vicep??. For example, the first partition should be mounted under /vicepa. Other than that just complete the install as normal. Now that your install is complete you should take care to secure the server. Make sure that Yup or YUM is running to keep your machine up to date will all errata. Take care in your IP filtering setup to allow incoming connections on ports 7000 through 7009 as they are used by the AFS server. Otherwise, this should be a very familiar act for Linux or UNIX system administrators. The next step is to install the openafs-server package. To do this you can run the following command if you are getting updates via Yup: [root@myserver root]# yup install openafs-server If you are using YUM to update your server you should use this command: [root@myserver root]# yum install openafs-server This will install the package on your system.

Most of the configuration files for OpenAFS goes in /etc/openafs. This is a different directory from what the Transarc Server used. The change here is to move toward compliance with the Filesystem Hierarchy Standard. This directory can be changed to something else using the configuration option found in the /etc/sysconfig/afs file. There are many other options in this configuration file, some of which you will be interested in, including an option to start the OpenAFS server on each boot. Also, you will find an option there to turn off the client part of the OpenAFS software. To configure the OpenAFS server you'll need to drop in some files into the server directory of the above mentioned configuration directory. By default this is /etc/openafs/server. Drop in the AFS key obtained from ITD into KeyFile. The full name of the cell needs to be in ThisCell. Finally, the file CellServDB needs to contain entries for the volume database servers for this cell only. Note that these files are different from the files of the same name the the directory above. More information about these files can be found in the AFS documentation.

With configuration of the OpenAFS server complete you are ready to start the BOS server and define the processes it should maintain. To start the BOS server for the first time run the following as root. [root@myserver root]# bosserver -noauth The next step is to define and start the fs process. This is done with the following. [root@myserver root]# bos create <hostname> fs fs \ /usr/libexec/openafs/fileserver /usr/libexec/openafs/volserver \ /usr/libexec/openafs/salvager -cell <cell name> -noauth For readability I have broken the above command into three lines using the backslash character. Next you need to start the update process. This process keeps a list of administrative users in the configuration directory for the server. However, since the Transarc location of this directory is different from our default location we will use a symlink and create some directories. [root@myserver root]# mkdir /usr/afs [root@myserver root]# ln -s /etc/openafs/server /usr/afs/etc [root@myserver root]# bos create upclientetc simple \ "/usr/libexec/openafs/upclient <system control server> \ /usr/afs/etc" -cell <cell name> -noauth Your OpenAFS file server is almost ready to use. The next thing to do is restart the BOS server with authentication enabled. Do the following. [root@myserver root]# bos shutdown <machine name> [root@myserver root]# killall -15 bosserver [root@myserver root]# bosserver At this point you should also check the /etc/sysconfig/afs file and make sure you have the proper options set so the OpenAFS server will start on each boot. Otherwise, you should now have a working OpenAFS server in the cell of your choice at NC State University.

OpenAFS has changed a lot from the product that Transarc shipped. There have been lots of improvements. For example, OpenAFS can use any filesystem for the server partitions. (I recommend ext3.) Also, OpenAFS no longer has its own fsck and doesn't do any funky stuff with inodes. However, the down side of this is that its hard to keep up with what has been changed and what is different from Transarc. Unfortunately, there's no manual of it all, but there are several places to get lots of good information. The Transarc AFS documentation is all online. See http://www.openafs.org/doc/index.htm. This is really out of date as a lot has changed. Fortunately, its pretty easy to figure out what parts of it are still good and what parts are not. The OpenAFS mailing lists are an excellent place for general questions, configuration issues, tracking development, etc. Some lists are pretty busy but its probably the best way to keep informed. See https://lists.openafs.org/mailman/listinfo/. Who could forget Wiki? What's Wiki you say? I'm not really sure. But I do know that it is a web collaboration tool that many sites are beginning to use so that everyone can contribute a little bit of documentation and information about OpenAFS. See http://grand.central.org/twiki/bin/view/AFSLore/WebHome. The OpenAFS web site has links to all the above and is the place to find the latest source code, and old crusty kitchen sinks. See http://www.openafs.org. A surprising place to find information about OpenAFS is from the Gentoo Linux distribution. They have a rather detailed and up to date web page for setting up OpenAFS servers and clients. Well worth a read. See http://www.gentoo.org/doc/en/openafs.xml. Additions or corrections to this document are also welcomed and encouraged.