OpenAFS Status Report AFS & Kerberos Best Practice Workshop 2008
Jan 09, 2016
OpenAFSStatus Report
AFS & KerberosBest Practice Workshop
2008
Starting with Microsoft Windows
1.5.36 is the recommended release• 17 releases since Workshop 2007
Major New Features since Workshop 2007
Vista SP1 and Server 2008 Certification Performance Improvements
• Hash tables, Lock management redesign, Interlocked operations for reference counts
• The client service has been profiled and bottlenecks removed. Up to 63 MB/sec on 64-bit Vista SP1
Failover Improvements• RXKAD errors and Idle Data
Directory Searchs• B+ trees and local directory modifications
More Improvements
Token management improvements • Try home realm first
• No longer destroy token after RXKAD errors
Volume Status Tracking• Volume Notification Plug-in Interface
Rx multi Server Probes Volume Group Management
Even More Improvements
FollowBackupPath registry option .readonly Volume CB Optimizations Data Version optimizations cmdebug –cellservdb Out of Quota error reporting fs –literal Rx Hot Threads
2008-2009 Plans
Internationalization (Unicode) Native File System Client Support for DOS and Extended Attributes New user interfaces
• Explorer Shell Extensions
• Management Console plug-ins
• Control Panel replacement
AFS Servers http://www.secure-endpoints.com/openafs-window
s-roadmap.html
Got Questions About OpenAFS on Windows?
OpenAFS for Windows Status Reports available at • http://www.secure-endpoints.com/
Mailing List• [email protected]
MacOS X
Most of the issues with 10.4 resolved for 10.5 with help from Apple.
However, getting tokens at login is (now) “hard”.
AFSCommander tool available, integration coming.
Linux
iget() is dead.
• Cache manager opens files by path, as in OSX, to deal.
ARM port.
Usual AFS write-on-close semantics restored in 1.4.7, where possible.
ARM Linux
Actually been kicking around for years.
empeg (RioCar) is ARM Linux 2.4.
• AFS in your car is sometimes useful.
Nokia n810 was impetus for updating and integrating changes.
AIX
A LAM plugin for Kerberos 5 based aklog is now available and works with CDE Screenlock.
The client properly supports AFSDB.
Clients
Actually not much exciting on clients.
Numerous interaction issues with GUI environments have been addressed.
When shutting down, the client now tries much harder to deallocate resources.
Fileserver
To constrain clients from tying up too many fileserver resources, a quota is enforced during TellMeAboutYourself/WhoAreYou calls to the client.
The spunky child nature of the fileserver is gone. No more assert()s when a volume is found in an unexpected state.
Other things
The policy which precluded you from having a period (“.”) in your Kerberos v5 principal names when using AFS can be overriden in servers in OpenAFS 1.4.7 and later.
And the code has been cleaned up. A lot.
And who were you, again?
Client tracking turns out to be hard when clients lie (unbeknownst to themselves).
Just because an address is reused, it may not be the same client.
The fileserver now takes client address information with a grain of salt.
And then there’s test releases
We want to issue 1.6. Help us test!
Split cache (dedicated portion for read-write data) has had issues addressed.
Linux NFS translator has received several updates.
Mountpointless volume addressing (/afs/.:mount/cell:volumeid/)
But wait, there’s more
Address any vnode directly. (/afs/.:mountcell:volumeid:vnodeid:uniquifier/)• Logical follow-on will fix the MacOS “Finder cross-
volume drag” issue.
Multiple (more than 2) local realms.
Oh yeah, and you can have large (>2TB) partitions.
Ice cream for your fileserver
Rx modifications to avoid “server meltdowns” in servers, and to avoid hanging waiting for them in clients.
Rx also tweaked to deal better with high latency WANs.
And more pending
Rx connection “bundling” to allow more than 4 in-flight RPCs on a connection.
Cache read-ahead to improve read performance.
Cache bypass when you’ll never read it again.
And more coming
Extended callback messages to optimize away unneeded traffic.
• Both change “ranges” when data is stored, and metadata bundling when other things cause the callback.
Locking enhancements for Unix clients (finally).
Placeholder slide
In the unlikely event the git repository is online by the time I’m talking to you I’ll replace this with a slide about it.
Otherwise, hey, we’re migrating OpenAFS CVS to Git! If you want to use third-party distributed branches for development, you’ll be happy. Otherwise, you don’t care.
Issues of source code management
CVS doesn’t support distributed branches.• I had a plan to add it but it’s not worth the effort.
OpenAFS deltas are mostly analogous to Transarc (IBM) deltas but I wrote most of the tools myself.
cvsps (“Patchsets for CVS”) is used by many tools for conversion to other repositories, but its assumptions didn’t hold for us.
Migrating to git
git cvsimport uses discrete file revisions.
OpenAFS deltas assume patches.
tailor only converts one branch, the head.
OpenAFS uses branches heavily.
When it’s all done
It should be much easier to track upstream while you’re waiting for us to integrate your changes.
And it should be easier for us to merge them.
Stop me if you’ve heard this one before
Other performance optimization (though much of this is coming fairly near-term).
RxTCP.
Directory object changes (Unicode, typed streams, more files).
Kerberos 5.
(No) excuses
This would normally be where I tell you we have no resources, I can’t help you, etc., etc.
This year it’s a little different.
Fresh blood
Google Summer of Code accepted us.• And we got more projects than usual for first-timers.
• More on that shortly.
Rebuilding to serve you better
Many of you have probably seen the Elders’ open letter regarding a foundation.
There will be NO CHANGES that affect our code. What’s free today will be free tomorrow.
The goal is to incorporate the Elders such that the project can have assets.
Equity minus liabilities
Among these would be:• Being able to have an independent bank account
• Being able to hold intellectual property, like trademarks
We’re working on some of this now.
Please grab an elder to share your comments and concerns.
Documentation
Thanks to Jason Edgecombe for all the work on the man pages
All man pages are written in POD format• Simple to edit
• http://www.openafs.org/manpages/ Other documentation is in DocBook
• Still needs a lot of work
• All contributions are welcome, please dive in
Introducing...
Our New Mascot
Andy, the OpenAFS Orca
In other news
A lot of other exciting things going on.
Stick around for the roadmap and futures discussions on Friday.
Google Summer of Code Projects
Mentors
Asanka Herath Christopher Clausen David Howells Derrick Brashear Jeffrey Altman Luke Howard
Matt Benjamin Neill Jordan Simon Wilkinson Tom Keiser Tracy Di Marco White
Students and Projects
Andreas Matsikaris• Project: Per-File Access Control List Extensions• Mentor: Matt Benjamin
Dragos Tatulea • Project: OpenAFS Disconnected Operation Improvements• Mentor: Simon Wilkinson
Jacob Thebault-Spieker• Project: kAFS Enhancements • Mentor: David Howells
Matam Kiran Kumar • Project: OpenAFS Server Manager and OpenAFS Server Installer on Windows• Mentors: Jeffrey Altman & Asanka Herath
Students and Projects
Sheung Hei Joseph Yeung • Project: Microsoft Management Console for OpenAFS Cache
Manager • Mentors: Asanka Herath & Jeffrey Altman
Vamshi Velagapuri• Project: Readying OpenAFS Servers for Production Use on
Windows• Mentors: Jeffrey Altman & Christopher Clausen
Vishal Powar • Project: Read/Write Volume Replication for OpenAFS • Mentors: Derrick Brashear & Tom Keiser
Yatin Deshpande• Project: Explorer Shell Extension Improvements for OpenAFS• Mentors: Asanka Herath & Jeffrey Altman
OpenAFS Status
If your cell phone rang,you owe me a beer.
Fermented bubbly rice-water doesn’t count.