OpenAFS System Administration
About This Course
The objective of this course is to teach students OpenAFS system administration in a Linux environment. AFS is a distributed file system product, pioneered at Carnegie Mellon University and supported and developed as a product by Transarc Corporation (now IBM Pittsburgh Lab). It offers a client-server architecture for file sharing, providing location independence, scalability and transparent migration capabilities for data. OpenAFS is a version of the AFS product which IBM branched and made available for community development and maintenance.Who Should Attend
IT professionals who are responsible for the configuration, customization and administration of OpenAFS; users of OpenAFS-deploying applications; system administrators who are evaluating OpenAFS.Learning Objectives
- Understand the Concepts of distributed file systems in general and Open AFS in particular
- Learn to configure an AFS cell
- Learn to manage an AFS cell
Prerequisites
Unix Systems AdministrationCourse Duration
Five (5) days, 9 am - 5 pmCourse Dates
This course is offered based on demand. Check the calendar for updates. Call (734) 761-4689 to schedule a class. Course will be held with a minimum of four (4) students. For the optimal class experience, class size should not exceed eight (8) students.Course Price
E-mail for current price list
Course Instructors
Marcus WattsSample Course Outline
A. History-
- Carnegie Mellon University
- Transarc
- IBM
- Open source
- AFS3
- AFS4 a.k.a DCE/DFS
-
- NFS, NIS, CIFS, NDS, OpenLDAP perspective
-
- cells
- volumes
- mount points
- authentication
- tokens
- access control lists (ACL)
- quotas
- server machines
- client machines
- cache managers
- translators
-
- AFS authentication
- file/directory protection basics
- home directories and basic survival
- AFS directory structure
-
- identification, authentication, authorization, billing
-
- bos
- vos
- fs
- kas/kadmin
- pts
H. Protection groups
-
- Protect OpenAFS data using ACLs and protection groups, manage basic security issues
-
- symmetric keys vs. asymmetric
- authentication
- authorization
- mallet
- attacks
- denial of service
- entropy
- cryptographic checksum
- pwhash
-
- principles
- keys, keytypes, keytabs
- differences from UFS
- suid
- link ACL & file permissions
- pags
- acls, suid, link acl & file permissions, pags, acls ubik, rx
-
- scaling issues
- distributed authority
-
- Configure and administer AFS clients (Linux, Windows NT, Mac) and servers (Linux), installing:
- a new cell
- a cache manager
- a new top-level pts group
- Configure and administer AFS clients (Linux, Windows NT, Mac) and servers (Linux), installing:
-
- Kerberos
- file server
-
- making volumes
- mount point
- moving volumes
- replicating volumes
- bos, backups and restores, db: vl, ka (backup) (up)
- fs: salvager, fileserver, volserver, security on trusted machines
- Accounts: create and administer OpenAFS accounts
- creating a user: pt, ka, home dir
- Management tools
- tickets and tokens
- keyfile
- key of afs
- cellservdb
- root.afs
- root.cell
- dns
- Troubleshooting methodology
- status and debugging
- monitoring activity
- rxdebug
- ubikdebug
- fs checks
- Change control topics
- Release upgrades
- Program applications in the OpenAFS environment
- application design
- file sharing
- cell architecture
Course Labs
- Interactive simulation: Kerberos/KDC exchange
- Interactive simulation: AFS db, file server, and cache manager interchange
- Make a drop folder, set permissions right
- Debug a permissions problem with an existing directory — (perhaps fs sa -negative someuser all)
- Install AFS on a client workstation
- Install a new cell on an existing workstation — make sure it comes back after a reboot; make a mount point for an existing volume in another cell
- Make a new fileserver for an existing cell
- Make a new cell — db servers file service
- Volume load management — figure out which fileserver is overloaded; move volumes to make them more balanced
- Volume replication — make a replicated volume; populate it; do a vos release; fs flushv from a separate workstation
- Make a user account — volume; contents; acl, mount point, pts entityid, kerberos principal, /etc/passwd line; vos release on any replicated volumes (mount point, ?pw file?)
- Set up pts groups including prefixless group-- for a new group membership hierarchy
- Backups: make a volume backup, restore it
- Performance and debugging — learn how to use: rxdebug; udebug, distribute attacks. One person runs the attack. Everyone else tries to figure out what happened, and how to fix it. Attacks: pts script to add lots & lots of people to lots & lots of groups; something that writes a *lot* to AFS, from a bunch of machines all at once
- Shut down a random service (vl, pt)
- Fill up disk on a db server; make ubik try to use non-available disk; botch time on a client workstation, botch time on a db server, fill up disk on a file server. quota management - set quota down on something
- Delete root.cell: Make a recursive mount point; fill ("screw") up cache on workstation; also tcpdump; introduce some sort of network data dependency. (need a firewall between a file server or db server?). use tcpdump to show normal vs. non-normal data
- Find an error message in AFS source code
- translate_et - number to error message
- find *.et files - contain error message; locate error code
- take error code, do a search for all occurrences of that code
- use logic to deduce actual cause of error
- Write a small RX based client & server; give stubs for server, client code
- Set up a small replicated web site in AFS, configure apache server to serve files
- Make an "active" cgi-bin that modifies files in AFS using srvtab on apache server
- Install kx509 on client workstation, kct on kdc, mod_kct on apache
- Make an "active" application on web server that uses kerberos authentication to modify files as user.