Hello, I've been building a test environment to run the AFS client that's part of the Linux kernel. This has been mostly my side project that hasn't got a lot of testing, but I feel like it'd be great if others could give it a test. I've been able to run a full Fedora desktop with my $HOME in /afs, although I have run into some problems that could use some extra testing (I'm not certain if it's my cell or a bug in the client). Please disregard this email if you're not interested in the in-kernel Linux client.
Thanks go to David Howells for doing all the work on the linux kernel and userspace code! I'm just a sysadmin, he's been very patient with my efforts to package up this software. I want to start by saying that this post is in no way a slight against the OpenAFS developers, particularly those working hard on getting the OpenAFS Client working on Linux systems. As of the 4.18 prereleases, all the code needed to run a client is in the upstream kernel. I'm a Fedora Linux user, so I built packages with the kAFS features for Fedora 28. I just took the rawhide kernel, enabled the following features and built the package for f28: CONFIG_AF_RXRPC_IPV6=y CONFIG_AF_RXRPC_DEBUG=y CONFIG_AF_RXRPC=m CONFIG_AFS_DEBUG=y CONFIG_AFS_FSCACHE=y CONFIG_AFS_FS=m Along with the kernel, I built packages for kafs-utils[1] (so you can run 'afs vos ...' commands) and kafs-client, which sets up the /afs mountpoint and a service to get you tokens for systemd. I've also included a kafs-aklog package that works with the in-kernel RXRPC module.[2] The COPR repo also includes an updated keyutils package which supports AFSDB records.[3] On a fedora 28 system, you can get these packages by running 'dnf copr enable jsbillings/kafs' and then 'dnf upgrade' to get the new kernel and keyutils. You can install kafs-aklog, kafs-client, and kafs-utils from there too. You'll need to have Kerberos set up for your realm. I use pam_krb5 in my tests since it's super simple. Since there's no working pam module for getting AFS tokens with kafs, I have a really hackish PAM solution that just has this at the end of /etc/pam.d/password-auth: session optional pam_exec.so seteuid quiet /usr/bin/aklog umich.edu (obviously, replace umich.edu with your cell) So far, I'm impressed with the client. Once I built a kernel with all the correct features, it is quite fast. (note: don't turn on CONFIG_AF_RXRPC_INJECT_LOSS. :) One of the neat things is the way the mounts appear: $ df -t afs Filesystem 1K-blocks Used Available Use% Mounted on none 1 1 0 100% /afs #umich.edu:root.cell 5000 17 4983 1% /afs/umich.edu #umich.edu:user 1000 38 962 4% /afs/umich.edu/user #umich.edu:user.j 20000 13496 6504 68% /afs/umich.edu/user/j %umich.edu:user.jsbillin 10485760 8231929 2253831 79% /afs/umich.edu/user/j/s/jsbillin You can see my home directory has every separate volume in the path mounted. They all show up with the correct percentage used in df. Also, you can directly mount volumes in paths outside of /afs. I've got some of our software volumes mounted directly in /usr/caen so I can test some of our engineering software, and it just is like any other kind of network mount. AFS tokens are stored in the keyring, which you can see with this: $ keyctl show @s Keyring 855773135 --alswrv 263726 1000 keyring: _ses 393094001 --alswrv 263726 65534 \_ keyring: _uid.263726 320980772 --als-rv 0 0 \_ rxrpc: [email protected] The kafs-utils are still a work in progress, but I love that it's all python3 code. There's no 'fs' commands yet, but I can see this as a potential client for a non-administrative AFS client. There's more documentation the kafs utils page about the progress with those commands. It's not quite ready for prime time, but I am hoping that once we've worked out all the kinks, we can start convincing the distro makers to enable the kafs module in default kernels, bringing AFS clients to major distros out-of-the-box. Keep an eye on my fedora repo[4] for any new packages I might build. Please let me know if anything looks wrong (not an OpenAFS developer) or if I've made any mistakes in the above information. 1. https://www.infradead.org/~dhowells/kafs/kafs_utils.html 2. https://wiki.openafs.org/devel/LinuxKAFSNotes/ 3. http://people.redhat.com/~dhowells/keyutils/ 4. https://copr.fedorainfracloud.org/coprs/jsbillings/kafs/ -- Jonathan Billings <[email protected]>
