Penguin
Note: You are viewing an old revision of this page. View the current version.

Setting up an AFS server under Debian

A lot of this will translate to other distributions as well, however I cannot guarantee it will work as it reads.

Before you start

This section is almost definately OS/Distro independant.

Kerberos

AFS needs Kerberos installed. See KerberosNotes for notes this.

Filesystems and Partitions

AFS seems to be fairly filesystem independant, so you can basically use any filesystem you like on the server. It really prefers having a seperate partition for your AFS cell, and some notes I've read hint at it requiring a different fsck for magical reasons, so its probably best to follow this. Put your first partition on /vicepa, and your second on /vicepb, and so on.
You can also use the namei backend which is slow, but is FS/OS independant, provided you can do normal filesystem stuff - NathanWard

Hostname

AFS requires that the hostname of your server resolve via DNS correctly. Make sure this is the case before you get too far down the line, or else you'll hit weird problems that occur for no apparent reason.
I've never had this problem... I have used clients and servers with no DNS server. Perhaps this is a Kerberos issue? - NathanWard

Kernel

AFS seems to really dislike linux 2.4.20. I've not tried it on a more recent kernel (not even a pre21 kernel). It does seem to work ok with 2.4.18 however. Make sure you have a kernel that works before continuing, or else things will fail for no good reason!
I'm running 2.4.20 in production now. Works fine. YMMV - NathanWard

Installing AFS

Installing the packages:

In debian, install the following: openafs-dbserver openafs-krb5 openafs-client

Your cellname should be your lower-case DNS name, eg element.tla Your DBServer for AFS should be the dns name of the machine you are installing on currently!

Setting up Kerberos

Run the following commands:
 kadmin.local -e des-cbc-crc:v4
  addprinc -randkey afs
  ktadd -k /tmp/afs.keytab afs
  quit
 kadmin.local
  addprinc root
    (enter passowrds)
  quit
 asetkey add 3 /tmp/afs.keytab afs

I don't think adding a princ for root is a good idea. The "Kerberos Way" is to have user/instance. In my case, nward/admin, which in AFS is known as nward.admin - NathanWard

Partitions

Make sure you have a partition created and mounted at /vicepa. If you cant do this with a real partition, make a loopback one as follows:

 dd if=/dev/zero of=/var/lib/openafs/vicepa bs=1024k count=32
 mke2fs /var/lib/openafs/vicepa
 mkdir /vicepa && mount -oloop /var/lib/openafs/vicepa /vicepa

Never fear! later on you can add /vicepb, /vicepc and so on.. - NathanWard

Set up the cell

In /etc/openafs, edit the following files and make sure they look something like these

/etc/openafs/ThisCell
 element.tla
/etc/openafs/CellServDb
 >element.tla   # cell
 10.66.1.101    # afs.element.tla

At this point, make sure you have compiled the openafs modules for your kernel. If you build a new kernel at the same time, reboot now so you can get these modules installed properly.

You can do this under Debian with make-kpkg(1):

# apt-get source openafs-modules-source
# cd /usr/src
# tar xzf openafs.tar.gz
# cd /path/to/kernel/source
# make-kpkg modules_image
# dpkg -i ../openafs-modules*deb
The DebianPackages?, at least, come with a script to do all this for you
afs-newcell

Set up the root volume:

There is also a script to to this
afs-rootvol

kvno's are key version numbers. Every time you change your password this number is incremented.