AFS Basics

Understanding AFS

Some general information regarding AFS.

Separation of data and metadata

In AFS, the information where the data are stored is stored on different servers than the data itself.
The servers storing the data are called fileserver. The servers storing the information are called volume-location-server (database-server).

A client connects to AFS for the first time after a reboot

When a client wants to find a file in an afs-cell it has not connected before, it first asks the database-server, which fileserver serves the volume it is asking for. Then it goes to that server and tries to retrieve the data.

Required Firewall rules

In order for AFS to work correctly, you must allow connections from outside on the UDP port 7001 coming from the UDP ports 7000-7012.

Structure of the /afs - filesystem

On the highest level, AFS is split into Cells. An AFS-cell is an administrative unit.

The MPCDF administers the cell “ipp-garching.mpg.de” and e.g. CERN’s cell is reachable under /afs/cern.ch/.

Within one AFS-Cell, the filesystem itself is build out of volumes, which are connected by mountpoints.

Volumes are comparable to disc-partitions with a few extension :

  • A volume may be moved from one disc to another or even from one server to another.

  • A volume may have a read-only (RO) snapshot spread on different servers.

Thus, /afs/ipp-garching.mpg.de is a mountpoint to the volume “root.cell” within the AFS-cell “ipp-garching.mpg.de”

See a simple diagram (taken from a talk) about the structure afs structure

Security within AFS

Authentication (who are you ?)
To prove AFS-Servers who you are you need to present an AFS-token, which can be derived from a Kerberos-Ticket.
Read more about this here.

Authorisation (what are you allowed to do ?)
The access rights to a directory in AFS are controlled by so-called Access Control Lists (ACLs).
Read more about them here.

Further documentation:

Manpages are installed under /afs/ipp-garching.mpg.de/common/man/.
When your MANPATH environment variable is containing that path (like it should, e.g. on the MPCDF login node), then you can use those for most AFS-Commands.

Modern linux distributions also ship the man-pages with the client packages.

Also consider the official documentation at openafs.org.