Re: AFS on Linux?

Fri, 07 Oct 2005 14:27:45 -0700 

Carl Lowenstein wrote:


Has anyone done something more recently than a FAQ that is 5 years
old, which mentions a partially completed AFS server for Linux that
was 3 years old at that time?


Try openafs:
http://www.openafs.org/


As an AFS user and administrator from *waaaaay* back, allow me to 
pontificate.  Be forewarned that a lot of this may be *very* old 
information; however, some of it almost certainly still applies.


Back in my day, sonny ... <cough> err ... sorry about that.

AFS is a pain to use.  There are two sides to this equation.


From a user point of view, the fact that AFS ACLs have a strange type 
of interaction with Unix permission is annoying.  There were times when 
the UNIX permission stopped you from doing something but the AFS 
permission prevented you from seeing that it was the UNIX permission 
that was at fault.  There are whole new classes of commands required to 
use AFS ACLs.  Not horrendous, but definitely not user friendly.  I 
would rather that AFS ACLs just completely replace the UNIX permissions.



Also, as a user the fact that AFS keys would expire out from under you 
and crash your programs horribly was a big pain.  Think about how you 
would like a UNIX machine that decided every 10 days to kill all your 
programs and log you out.



From an administrator point of view, there is the whole Kerberos dance 
problem.  Also, the fact that an AFS cluster used to take 3 separate 
machines to bring online was annoying (file server, key server, and some 
form of broker).  Not such a big deal now given how cheap computers are, 
but it can be annoying to maintain.  Maintaining PKI is as annoying as 
always.



From a philosophical point of view, AFS just doesn't really fit into a 
good niche.  AFS was good for sharing files between far flung sites over 
low bandwidth connections.  The problems that happened which kind of 
pushed AFS aside:


1) Disks got big


It makes more sense just to replicate the entire file *trees* and send 
deltas rather than always access some central file server hundreds of 
miles away and get individual files.


2) Bandwidth got big


It makes more sense to actually move the file when you need it.  Either 
send the file by mail, put it on a web server, scp, or even NFS can move 
the entire file most times.  Otherwise, you see 1) and move the entire 
file tree with deltas.


3) Latency didn't get much better


AFS was a fairly chatty protocol with respect to verification, key 
checks, key revocation, etc.  For small files (and most files are 
small), the time required to move the file is far smaller than the time 
to do cryptographic exchange.  For big files, the time to move the file 
is so excessive that the abstraction of remote file access breaks down 
anyhow.



Personally, if you are looking at a distributed file system, I would 
look much more strongly at one of the more modern SAN, NAS, or 
distributed, highly parallel replicating systems rather than AFS.


My $.02 ... sonny.

-a



--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list






















					Reply via email to