OpenAFS on non-CSAIL Linux

AFS on non-CSAIL Ubuntu Linux (and similar distributions)

IMPORTANT: TIG supports AFS on our centrally managed CSAIL Linux systems. We do not support AFS on Linux systems we do not manage; therefore, we do not guarantee that any of the instructions here will work for you. Information on this page is provided as a convenience in case it is useful. That said, if you have suggestions or corrections, feel free to let us know. Please include the URL of this page so we know where to make changes.

OpenAFS

These instructions should work as-is on Ubuntu 16.04 and later (including flavors such as Xubuntu, Kubuntu, and Mate). They may work on recent versions of (non-Ubuntu) Debian and other Debian- and Ubuntu-derived distributions as well, depending whether a repository is available with sufficiently recent versions of OpenAFS packages. Versions 1.8.7 and some patched versions of 1.8.6 and later are recent enough; due to a time-processing bug, earlier versions stopped working in January 2021.

These instructions are not needed and should not be used on CSAIL Ubuntu or other Debian/Ubuntu distributions that are already configured to support Kerberos and AFS, such as Athena workstations.

AuriStor filesystem

AuriStor is a commercial, proprietary implementation of AFS, with some performance improvements. If using both AuriStor’s server software (which we have licensed and use at CSAIL) and AuriStor’s client software, you will see faster performance. Kernel upgrades to your system will also be much faster, since AuriStor distributes precompiled binaries. However, the downside of that is that if you happen to upgrade to a new kernel before AuriStor has packaged their corresponding update, AFS will break (until they release new binaries and you upgrade to them). In practice this hasn’t been a big problem at CSAIL but it has bitten us once or twice.

IMPORTANT: TIG provides support for AFS on centrally managed CSAIL Ubuntu systems only, and we have even less experience with the AuriStor client on Ubuntu or Debian systems we do not ourselves administer than with OpenAFS on them. Follow these instructions at your own risk, and we provide no guarantee they will work. That said, if you have corrections to this documentation, feel free to let us know. Please include the URL of this page so we know where to make changes.

Eventually, AuriStor intends to have an installer available for Ubuntu (and Debian), but for now, configuring their repository and installing packages is manual. Here are lightly tested instructions we’ve gotten from AuriStor for this process:

codename=$(lsb_release -c -s)
echo "deb [arch=amd64] https://client-rpm-repo.auristor.com/filesystem/repo/recommended/$codename/ $codename client" > /tmp/auristor.list
sudo cp /tmp/auristor.list /etc/apt/sources.list.d/auristor.list

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 31B87DD6B9539F3E
sudo apt-get update
sudo apt-get install krb5-user auristorfs-modules-dkms auristorfs-client
sudo apt-get autoremove

The first few lines are to create a new (root-owned) file /etc/apt/sources.list.d/auristor.list with just one line in it saying

deb [arch=amd64] https://client-rpm-repo.auristor.com/filesystem/repo/recommended/CODENAME/ CODENAME client

where CODENAME is the name for your Ubuntu or Debian (or other Debian-derived) release, like focal or jammy or bullseye or sid. (If copying and pasting, the double-quotes are important!)

The sudo apt-key line adds and trusts the signature AuriStor uses to sign their repository. (If they change their key, you can find the new key from the warning message sudo apt-get update gives you; add the new key and rerun sudo apt-get update.)

When you sudo apt-get install, you’ll be asked a few questions. The ones that matter most are:

Default Kerberos version 5 realm: CSAIL.MIT.EDU
Kerberos servers for your realm: kerberos-1.csail.mit.edu kerberos-2.csail.mit.edu
Administrative server for your Kerberos realm: kerberos.csail.mit.edu
AuriStorFS cell this workstation belongs to: csail.mit.edu
Size of AuriStorFS cache in kB: 512000

Note that the default Kerberos realm must be in all capitals, while the AuriStorFS (i.e., AFS) cell must be in all lowercase. You may not be asked all these questions, and for the other questions, you can accept the defaults.

As above for OpenAFS, feel free to allocate more space for the cache if you like.

(DISCLAIMER: These instructions were tested on a system that already had OpenAFS installed following the instructions and with the configuration specified above!)

If you already had OpenAFS running before installing AuriStor, you may have to run

kdestroy
unlog
kinit YOURCSAILUSERNAME@csail.mit.edu
aklog

after installing AuriStor before AFS access will work again. The apt-get autoremove at the end is because installing AuriStor disables OpenAFS, but does not remove the OpenAFS kernel modules, which have to be recompiled on every kernel upgrade. If you don’t either apt-get autoremove or apt-get remove openafs-modules-dkms, you’ll still be recompiling OpenAFS kernel modules you never use on every kernel upgrade, which defeats some of the point of using AuriStor instead.