Using AFS

From BrainImagingCenter
Jump to: navigation, search

The Dartmouth Brain Imaging Center uses AFS (formerly the Andrew File System) as a distributed file system to store applications and data associated with our imaging facility. All center systems have the AFS client installed and you can easily install the client to your own desktop or laptop computer.

Our "cell" is named dbic.dartmouth.edu and you can either browse (through the dynamic root configuration) or set this to be your cell (as your "LocalCell").

Clients from OpenAFS.org exist for many platforms including Linux, Solaris, Windows, and Mac OS X.


When you login to any Linux or UNIX systems you will automatically obtain an AFS token. A token grants you access to the file system for a set period of time, by default 25 hours for our configuration. You can view your token lifetime with the tokens command:

[jed@dexter ~]$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 10167) tokens for afs@dbic.dartmouth.edu [Expires Jul 14 20:28]
   --End of list--

To obtain a new token, good for another 25 hours, you can execute the klog command and enter your password when prompted:

[jed@dexter ~]$ klog
Password:
[jed@dexter ~]$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 10167) tokens for afs@dbic.dartmouth.edu [Expires Jul 14 21:19]
   --End of list--

If you want to start a long running application, you might consider running the reauth command to automatically obtain a new token at a set interval (for example, every five hours). Please be careful to set a long sleep time when using reauth as it might consume many resources if not enough time is set between authentication attempts.

AFS Terminology

There are a number of technology-specific terms used by the AFS system that you should familiarize yourself with. These will be used throughout the Wiki and in AFS documentation.

  • Volume: The smallest unit of disk space managed by AFS. Disk quotas are assigned to a volume, not to directories. By convention your home directory is one large volume and you are placed into the root of this directory when you login.
  • Partition: The name of the directory, or back-end filesystem, on the server where your volume resides. Once the partition your volume is located on is full you will not be able to write to your AFS volume, no matter how much of your quota is available.
  • Server: AFS servers run one or more AFS services and contain both partitions and volumes. Volumes are located within a partition, which in turn is attached to a server. For the most part AFS servers are invisible in normal operations. You should be able to treat the entire AFS system as a large storage "cloud."
  • Quota: Your quota is a set amount of disk space, defined as the maximum that you can use. These are used to ensure fair-use to DBIC system resources.
  • Token: A virtual resource which provides limited time access to the file system. Tokens are assigned at login and are by default good for 25 hours.
  • ACL: Access Control Lists. These define AFS "permissions" on directories and are set for either groups or individual users.

How Much Disk Space am I using?

The listquota sub-command to the fs command will show you how much of your AFS volume quota you are currently using (short form of listquota is lq):

[jed@dexter ~]$ fs lq 
Volume Name                   Quota      Used %Used   Partition
usr.jed                    no limit  45210254    0%         33%

In this example the volume "usr.jed" is using around 43Gbytes. The volume is on a partition that is 33% full. Since there is no quota on this volume it should be able to grow to the partition's limit. Here is a volume with a quota on a partition that is near full:

[jed@dexter chynes]$ fs lq .
Volume Name                   Quota      Used %Used   Partition
usr.chynes.grafton         62914560  61693899   98%<<       80%    <<WARNING

In order to continue to use this volume the owner will need to remove files, request a larger quota, and maybe have it moved to another partition. The "<<WARNING" marker on the far right indicates that this partition is in danger of being filled to capacity (after which it becomes more difficult to move data from the partition).

Access Control Lists

The most important sub-commands for fs dealing with ACLs are "listacl" and "setacl" (short forms are la and sa). Rights are assigned by directories not files, as in the UNIX File System. There are number of individual rights that can be assigned to a directory object. Here is an example of listing the ACL for the current directory:

[jed@dexter ~]$ fs la
Access list for . is
Normal rights:
  system:anyuser l
  jed rlidwka

The directory object "." has two ACLs assigned; the first for all users gives the list (l) right and the user jed has all rights.

Here is an example of adding a new ACL to this directory object:

[jed@dexter ~]$ fs sa . thetodd all
[jed@dexter ~]$ fs la .
Access list for . is
Normal rights:
  system:anyuser l
  jed rlidwka
  the_todd rlidwka

To remove, or clear, an ACL you can assign the right "none":

[jed@dexter ~]$ fs sa . the_todd none
[jed@dexter ~]$ fs la .
Access list for . is
Normal rights:
  system:anyuser l
  jed rlidwka

To recursively change an entire directory structure you will need to make use of the find command. This will set the ACL only on directories (since files access is controlled by the parent directory's ACL).

[jed@dexter ~]$ find . -type d -exec fs sa {} the_todd all \;