Setting up an AFS server under Debian
A lot of this should translate to other distributions as well, but YMMV.
Before you start
This section is almost definately OS/Distro independant.
AFS depends on a working Kerberos installation. Refer to KerberosNotes.
Filesystems and Partitions
Though AFS seems fairly filesystem independant, it really prefers having a seperate partition for your AFS cell. Apparently it requires a different fsck(8) for magical reasons too, so its probably best to follow this. Put your first partition on /vicepa, and your second on /vicepb, and so on. You can also use the namei backend which is slow, but is FS/OS independant, provided you can do normal filesystem stuff.
Some people report AFS required their server's hostname to resolve properly via DNS, or they'd get weird problems for no apparent reason. This does not seem to be consistent and might be Kerberos issue.
Make sure AFS likes your kernel before continuing, or else things may fail for no good reason. Some people report problems with AFS on kernel versions others have no trouble with, so check your own setup.
Installing the packages:
The pertinent Debian packages are
Your cellname should be your lower-case DNS name, eg element.tla. Your DBServer for AFS should be the DNS name of the machine you are installing on currently.
Setting up Kerberos
- Run the following commands (but see below first)
kadmin.local -e des-cbc-crc:v4
addprinc -randkey afs
ktadd -k /tmp/afs.keytab afs
asetkey add 3 /tmp/afs.keytab afs
Adding a princ for root is probaby a bad idea. The "Kerberos Way" is to have user/instance, eg joeshmoe/admin, known to AFS as joeshmoe.admin.
- Make sure you have a partition created and mounted at /vicepa. If you cant do this with a real partition, make a loopback one as follows
- dd if=/dev/zero of=/var/lib/openafs/vicepa bs=1024k count=32
mkdir /vicepa && mount -oloop /var/lib/openafs/vicepa /vicepa
You can later add /vicepb, /vicepc etc.
Set up the cell
Make sure /etc/openafs/!ThisCell? looks something like
and /etc/openafs/!CellServDb? resembles
element.tla # cell
10.66.1.101 # afs.element.tla
At this point, make sure you have compiled the OpenAFS modules for your kernel. If you build a new kernel at the same time, reboot now so you can get these modules installed properly.
- You can do this under Debian with make-kpkg(1)
- apt-get source openafs-modules-source
- cd /usr/src
- tar xzf openafs.tar.gz
- cd /path/to/kernel/source
- make-kpkg modules_image
- dpkg -i ../openafs-modules*deb
- The Debian Packages, at least, come with a script to do all this for you
Set up the root volume:
- There is also a script to to this