AFS Progress Meeting 14th June 2007

Meeting to discuss various issues which have cropped up namely:

• Interim backup solution
• Rewrite of AFS component
• Performance tuning for fileservers
• Tracking OpenAFS releases
• AFS on MDP
• Filedrawers
• Quotas
• Mac OS X installer for config files

And if that lot doesn't take up the hour, we'll talk about something else

Interim backup solution

We only have 3 months to implement this, we don't have any money(?), so we can only consider disaster recovery backups, not undelete facility (beyond /yesterday).

Users removing sysadm rights might deny backups - need to check for this.

Whatever we do, we need to optimise the release of the backup copies. Currently takes about 3 hours.

We probably do want something that will dump/backup volumes to preserve meta data.

Need to rsync the PTS and Volume databases to:

• Simon and Craig - to work on release strategy.
• Bill - to look at mirroring PTS and Volumes DBs

Options: BackupPC, Amanda AFS and Networker AFS.

• Amanda AFS likes to write to tape drives, which would clash with our existing networker so we'd need to get an additional tape drive
• Networker AFS - no longer supported, and about to break when
• BackupPC - is where the action seems to be these days

• Craig - will look at BackupPC

Rewrite AFS component

We need to rewrite the AFS component so that it can hook into the monitoring system, and actually does more of the configuration.

• Craig will take this for now, but will try to reassign.

Performance Tuning

As a first pass, Simon suggests just dump Debian's settings. We're not going to have time to investigate this properly and make incremental tweaks and re-check the performance.

We should also install AFS 1.4.4 on servers.

Craig

Tracking OpenAFS releases

It should be someones job to monitor AFS release notes to see if there are any important fixes, eg data corruption issues with the version we are using.

Craig/Gordon

AFS on MDP

Been quiet recently. Still the glitch of being prompted twice if your MDP and Kerberos are different.

The MDP users must be authenticating against the MDP Active Directory, then using cross realm auth (via EASE?) will then be trusted/authorised.

Simon was drinking with Kenny and getting him excited about Kerberos and AFS. So hopefully he'll just fix this. Kerberos for Windows needs to be configured on MDP. Something needs to be done with "caPaths".

• Roger - will clarify the postition and keep pestering Kenny.
• Lindsey - will move Kenny MacDonald's homedir to AFS so he can test things.

Filedrawers

Should we turn it into a full blown service. We don't think there is much demand for the service specifically, but once people know about it, we think it will be well received. So we will do it.

• Neil - Needs packaging up - PECL, Mfile (the filedraw service), Branding, and patches

Quotas

Should be fairly straight forward. There are credentials on sphinx, that we could use to set the actual quotas.

• Gordon - will look at this (though he should speak to Neil)

Actual quota allocation. Need to think about/get agreement of the next student quotas. Only 4th year and MSc students need varying quotas depending on their project.

MacOS installer for config files

At the moment the MacOS installation instructions for Kerberos and AFS require the user to edit quite a few settings. It should be fairly simple to create a MacOS config file that does all this for the user, and make things simpler for them. We'd not need the Kerberos Extras package if we do this.

• Toby - will do/look at this

Others

Still need to rationalise the ldap afsHomedir and Homedir.

AFS Volumes tracking, for now, keep AFSPartitions up to date. Ultimately this info could go into the LCFG resources for the appropriate server.

When moving users to AFS, we should update the LDAP home partition attribute to being ptn001 (or whatever the create_afs_user script uses)

-- CraigStrachan - 13 Jun 2007