Installing OpenAFS

  • Get all of the RedHat 9 OpenAFS RPMs from []
  • Install them using rpm -Uvh

Notes from doing this are:

The AFS cache is configured for 100 MB. Edit the
/usr/vice/etc/cacheinfo file to change this before
running AFS for the first time. You should also
set your home cell in /usr/vice/etc/ThisCell.
Also, you may want to edit /etc/pam.d/login and
possibly others there to get an AFS token on login.
Put the line:
auth sufficient /lib/security/ try_first_pass ignore_root
before the one for pwdb.

Be sure to edit /etc/sysconfig/afs and turn AFS_SERVER on

  • Make sure that the there is an empty ext2 filesystem mounted under /vicepa. This is where all of the AFS data will be held.

  • Add the required Kerberos principal to the KDC, and extract it to a keytab
/usr/kerberos/sbin/kadmin -q "ank -randkey afs"
/usr/kerberos/sbin/kadmin -q "ktadd -e des-cbc-crc:afs3 -k /etc/krb5.keytab.afs afs"

  • Start up the oversseer service. We have to do this now, as it creates links in /usr/etc/afs that we will rely upon later. There's no authentication information configured at this point, so we do this with authentication disabled: /usr/afs/bin/bosserver -noauth

  • Import the key into AFS. At this point we need to know the key version number that the key has been given by Kerberos, so that AFS can use the same one. To find the version, use klist -k -t /etc/krb5.keytab.afs The key version number (kvno) is in the first column To import into AFS, use /usr/sbin/asetkey add kvno /etc/krb5.keytab.afs afs, where kvno is the key version found earlier.

  • Set the cellname with bos setcellname -noauth

  • Let the client side of things know who we are too. Add the following to /usr/vice/etc/CellServDB
>           #Division of Informatics, University of Edinburgh        
and set /usr/vice/etc/ThisCell to

  • Use bos create to set up the protection service 'ptserver', by running
bos create ptserver simple /usr/afs/bin/ptserver -cell -noauth

  • Add the admin user to the AFS super users list, by running
bos adduser admin -cell -noauth

  • Add the admin user to the AFS protection service, and to the system administration group
pts createuser -name admin -cell -noauth
pts adduser admin system:administrators -cell -noauth

  • The paranoid can check that all of the above has worked with
[duffus]root: pts membership admin -cell -noauth
Groups admin (id: 1) is a member of:

  • Restart all of the AFS Server processes
bos restart -all -cell -noauth

  • Start the volume location service with
bos create vlserver simple /usr/afs/bin/vlserver -cell -noauth

  • Start the file server, volume server and salvager processers.
bos create fs fs /usr/afs/bin/fileserver /usr/afs/bin/volserver /usr/afs/bin/salvager -cell -noauth

It looks like all of the above is necessary for any server, but we really need to check that and see how it scales (in particular, ktadd changes the key...)

  • Create the root AFS volume.
/usr/sbin/vos create /vicepa root.afs -cell -noauth

  • Shut down the bosserver, and kill it completely
bos shutdown -wait
killall bosserver

  • Edit /etc/sysconfig/afs and set AFS_SERVER to on

  • Build a kernel module for the current kernel, copy it into the AFS client's directory, and add it to the AFS symbol table.
cd /usr/src/openafs-kernel-1.2.11/src/
cp MODLOAD-2.4.20-30.9_v1_dice_1-MP/ /usr/vice/etc/modload/
cp MODLOAD-2.4.20-30.9_v1_dice_1-SP/libafs-2.4.20-30.9_v1_dice_1.o /usr/vice/etc/modload/
cd /usr/vice/etc/modload/
../afsmodname -f SymTable -g
../afsmodname -f SymTable -g libafs-2.4.20-30.9_v1_dice_1.o

  • Start up AFS
/etc/rc.d/init.d/afs start

  • Login, and get AFS tickets for the admin user
kinit admin && aklog

  • Check if that worked!

  • Set up permissions on the /afs directory
fs setacl /afs system:anyuser rl

  • Create the root volume for the cell
/usr/sbin/vos create /vicepa root.cell
fs mkmount /afs/ root.cell
fs setacl  /afs/ system:anyuser rl
fs mkmount /afs/ root.cell -rw


-- SimonWilkinson - 19 Jul 2004

Topic revision: r2 - 19 Jul 2004 - 19:18:40 - SimonWilkinson
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies