[Infrastructures] AFS in an infrastructure

[Steve Traugott]

--DrWhICOqskFTAXiy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 16, 2005 at 05:35:34PM -0600, Sean Kelly wrote:
> While looking at various sources, technologies, and solutions,  I came
> across AFS/OpenAFS. Is anybody using this in an
> infrastructure now, and if so how do you properly generalize it since it
> requires so many services (bosserver, fileserver, kaserver, etc).
> Presumably in a good infrastructure, it should be fairly simple to move
> these around or redeploy them in case of failures. I'm not seeing how it
> would be easily done or even if AFS is the right direction to be looking
> for distributing information.

AFS is a total pain in the tail end, but it's worth it.  Every time you
run into another shocking AFS misfeature, just keep reminding yourself
"I like the end result, I like the end result". =20

As far as manageability, I'm learning the hard way; after a decade of
working with AFS environments other people started, I've been rolling it
out in my own shop.  I've got all of my AFS clients under ISconf4; the
first server was hand-hacked (horrors), mostly because I was playing
around with OpenAFS for the first time.  Over the next few weeks I'm
going to be rolling out more servers, this time under ISconf.  I'll keep
this list posted.

As far as how to manage bosserver, fileserver, kaserver, etc., the rule
of thumb that usually works (for almost anything, not just AFS) is to
install everything everywhere possible, start daemons everywhere you
safely can, even if it's overkill, and script things like the promotion
of a slave to a master, even if you expect a human to run the script. =20

If you're doing this right, there will be no executable differences
between one server and another -- the choice of whether a machine is a
primary or secondary is controlled by environmental data fetched
(probably during boot) from some well-known place. =20

I expect this to be hard; I don't expect it to be impossible.  The
closest comparison I can think of is setting up AIX HA clusters -- loads
of environmental data like hardcoded IP addresses and ODM objects,
barrier problems requiring sync between nodes during the build, poor
documentation, incomplete vendor tools, days to do it manually.  It took
over a month to work out the code, but using ISconf2 I was able to start
punching clusters out cookie-cutter, using an XML file to specify the
hardcodings, a simple daemon to handle the barrier syncs, and even
regression tests to beat the cluster to death afterwards to make sure it
all worked.  Using all this it takes about two hours to build an HACMP
cluster, unattended -- if you're a glutton for punishment, it's all
there in the isconf2i tarball.

> Any insight on sharing data across machines besides NFS and cfengine is
> welcomed.

Anonymous rsync, SUP, not much else, unless you want to wait for ISFS.

Steve

--=20
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@TerraLuna.Org=20
http://www.stevegt.com -- http://Infrastructures.Org

--DrWhICOqskFTAXiy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCLUzZ8rKIxO1Fc9MRAhN4AJ9TNmOqdPUCQ3+Ysl1spEuV3fk93wCgkP1M
aoGhZazk4JkLZbJbSRqHVT0=
=cBOU
-----END PGP SIGNATURE-----

--DrWhICOqskFTAXiy--