AFS Progress Meeting 14th June 2007
Meeting to discuss various issues which have cropped up namely:
- Interim backup solution
- Rewrite of AFS component
- Performance tuning for fileservers
- Tracking OpenAFS releases
- AFS on MDP
- Filedrawers
- Quotas
- Mac OS X installer for config files
And if that lot doesn't take up the hour, we'll talk about something else
Interim backup solution
We only have 3 months to implement this, we don't have any money(?), so we can only consider disaster recovery backups, not undelete facility (beyond /yesterday).
Users removing sysadm rights might deny backups - need to check for this.
Whatever we do, we need to optimise the release of the backup copies. Currently takes about 3 hours.
We probably do want something that will dump/backup volumes to preserve meta data.
Need to rsync the PTS and Volume databases to:
- Simon and Craig - to work on release strategy.
- Bill - to look at mirroring PTS and Volumes DBs
Options:
BackupPC, Amanda AFS and Networker AFS.
- Amanda AFS likes to write to tape drives, which would clash with our existing networker so we'd need to get an additional tape drive
- Networker AFS - no longer supported, and about to break when
- BackupPC - is where the action seems to be these days
Rewrite AFS component
We need to rewrite the AFS component so that it can hook into the monitoring system, and actually does more of the configuration.
- Craig will take this for now, but will try to reassign.
Performance Tuning
As a first pass, Simon suggests just dump Debian's settings. We're not going to have time to investigate this properly and make incremental tweaks and re-check the performance.
We should also install AFS 1.4.4 on servers.
Craig
Tracking OpenAFS releases
It should be someones job to monitor AFS release notes to see if there are any important fixes, eg data corruption issues with the version we are using.
Craig/Gordon
AFS on MDP
Been quiet recently. Still the glitch of being prompted twice if your MDP and Kerberos are different.
The MDP users
must be authenticating against the MDP Active Directory, then using cross realm auth (via EASE?) will then be trusted/authorised.
Simon was drinking with Kenny and getting him excited about Kerberos and AFS. So hopefully he'll just fix this. Kerberos for Windows needs to be configured on MDP. Something needs to be done with "caPaths".
- Roger - will clarify the postition and keep pestering Kenny.
- Lindsey - will move Kenny MacDonald's homedir to AFS so he can test things.
Filedrawers
Should we turn it into a full blown service. We don't think there is much demand for the service specifically, but once people know about it, we think it will be well received. So we will do it.
- Neil - Needs packaging up - PECL, Mfile (the filedraw service), Branding, and patches
Quotas
Should be fairly straight forward. There are credentials on sphinx, that we could use to set the actual quotas.
- Gordon - will look at this (though he should speak to Neil)
Actual quota allocation. Need to think about/get agreement of the next student quotas. Only 4th year and MSc students need varying quotas depending on their project.
MacOS installer for config files
At the moment the
MacOS installation instructions for Kerberos and AFS require the user to edit quite a few settings. It should be fairly simple to create a
MacOS config file that does all this for the user, and make things simpler for them. We'd not need the Kerberos Extras package if we do this.
- Toby - will do/look at this
Others
Still need to rationalise the ldap afsHomedir and Homedir.
AFS Volumes tracking, for now, keep AFSPartitions up to date. Ultimately this info could go into the LCFG resources for the appropriate server.
When moving users to AFS, we should update the LDAP home partition attribute to being
ptn001
(or whatever the
create_afs_user
script uses)
--
CraigStrachan - 13 Jun 2007