Configuring the Top Levels of the AFS Filespace

If you have not previously run AFS in your cell, you now configure the top levels of your cell's AFS filespace. If you have run a previous version of AFS, the filespace is already configured. Proceed to Storing AFS Binaries in AFS.

You created the root.afs volume in Starting the File Server, Volume Server, and Salvager, and the Cache Manager mounted it automatically on the local /afs directory when you ran the AFS initialization script in Verifying the AFS Initialization Script. You now set the access control list (ACL) on the /afs directory; creating, mounting, and setting the ACL are the three steps required when creating any volume.

After setting the ACL on the root.afs volume, you create your cell's root.cell volume, mount it as a subdirectory of the /afs directory, and set the ACL. Create both a read/write and a regular mount point for the root.cell volume. The read/write mount point enables you to access the read/write version of replicated volumes when necessary. Creating both mount points essentially creates separate read-only and read-write copies of your filespace, and enables the Cache Manager to traverse the filespace on a read-only path or read/write path as appropriate. For further discussion of these concepts, see the chapter in the OpenAFS Administration Guide about administering volumes.

Then replicate both the root.afs and root.cell volumes. This is required if you want to replicate any other volumes in your cell, because all volumes mounted above a replicated volume must themselves be replicated in order for the Cache Manager to access the replica.

When the root.afs volume is replicated, the Cache Manager is programmed to access its read-only version (root.afs.readonly) whenever possible. To make changes to the contents of the root.afs volume (when, for example, you mount another cell's root.cell volume at the second level in your filespace), you must mount the root.afs volume temporarily, make the changes, release the volume and remove the temporary mount point. For instructions, see Enabling Access to Foreign Cells.

  1. Issue the fs setacl command to edit the ACL on the /afs directory. Add an entry that grants the l (lookup) and r (read) permissions to the system:anyuser group, to enable all AFS users who can reach your cell to traverse through the directory. If you prefer to enable access only to locally authenticated users, substitute the system:authuser group.

    Note that there is already an ACL entry that grants all seven access rights to the system:administrators group. It is a default entry that AFS places on every new volume's root directory.

    The top-level AFS directory, typically /afs, is a special case: when the client is configured to run in dynroot mode (e.g. afsd -dynroot, attempts to set the ACL on this directory will return Connection timed out. This is because the dynamically- generated root directory is not a part of the global AFS space, and cannot have an access control list set on it.

       # /usr/afs/bin/fs setacl /afs system:anyuser rl
    
  2. Issue the vos create command to create the root.cell volume. Then issue the fs mkmount command to mount it as a subdirectory of the /afs directory, where it serves as the root of your cell's local AFS filespace. Finally, issue the fs setacl command to create an ACL entry for the system:anyuser group (or system:authuser group).

    For the partition name argument, substitute the name of one of the machine's AFS server partitions (such as /vicepa). For the cellname argument, substitute your cell's fully-qualified Internet domain name (such as example.com).

       # /usr/afs/bin/vos create  <machine name> <partition name> root.cell 
       # /usr/afs/bin/fs mkmount /afs/cellname  root.cell
       # /usr/afs/bin/fs setacl /afs/cellname  system:anyuser rl
    
  3. (Optional) Create a symbolic link to a shortened cell name, to reduce the length of pathnames for users in the local cell. For example, in the example.com cell, /afs/example is a link to /afs/example.com.

       # cd /afs
       # ln -s  full_cellname  short_cellname
    

  4. Issue the fs mkmount command to create a read/write mount point for the root.cell volume (you created a regular mount point in Step 2).

    By convention, the name of a read/write mount point begins with a period, both to distinguish it from the regular mount point and to make it visible only when the -a flag is used on the ls command.

    Change directory to /usr/afs/bin to make it easier to access the command binaries.

       # cd /usr/afs/bin
       # ./fs mkmount   /afs/.cellname   root.cell -rw
    
  5. Issue the vos addsite command to define a replication site for both the root.afs and root.cell volumes. In each case, substitute for the partition name argument the partition where the volume's read/write version resides. When you install additional file server machines, it is a good idea to create replication sites on them as well.

       # ./vos addsite <machine name> <partition name> root.afs
       # ./vos addsite <machine name> <partition name> root.cell
    

  6. Issue the fs examine command to verify that the Cache Manager can access both the root.afs and root.cell volumes, before you attempt to replicate them. The output lists each volume's name, volumeID number, quota, size, and the size of the partition that houses them. If you get an error message instead, do not continue before taking corrective action.

       # ./fs examine /afs
       # ./fs examine /afs/cellname
    

  7. Issue the vos release command to release a replica of the root.afs and root.cell volumes to the sites you defined in Step 5.

       # ./vos release root.afs
       # ./vos release root.cell
    

  8. Issue the fs checkvolumes to force the Cache Manager to notice that you have released read-only versions of the volumes, then issue the fs examine command again. This time its output mentions the read-only version of the volumes (root.afs.readonly and root.cell.readonly) instead of the read/write versions, because of the Cache Manager's bias to access the read-only version of the root.afs volume if it exists.

       # ./fs checkvolumes
       # ./fs examine /afs
       # ./fs examine /afs/cellname