620 likes | 898 Views
AFS. -- Andrew File System. 中科院高能物理研究所计算中心 范 勇 2002.11.11. 内容安排. AFS 概述 AFS 的组成与功能 AFS 管理 AFS 应用. ===================. AFS 概述. AFS is an enterprise file system designed for use in a distributed environment on multiple computing platforms. AFS 的发展历史. AFS 分布式文件系统计算环境.
E N D
AFS -- Andrew File System 中科院高能物理研究所计算中心 范 勇 2002.11.11
内容安排 • AFS概述 • AFS的组成与功能 • AFS管理 • AFS应用
AFS概述 • AFS is an enterprise file system designed for use in a distributed environment on multiple computing platforms.
AFS的特性 • A single, shared name space for all users, from all machines. • Location-independent file sharing. • Client caching and efficient wide-area protocols for excellent performance • Extended security through Kerberos authentication and Access Control Lists • Replication techniques for file system reliability
AFS中的几个基本概念 • Cell • Volumes • Mount Points • Replication • Caching and Callbacks • Tokens • Access Control List
Cell • A cell is an independently administered site running AFS. • A machine can only belong to one cell at a time. • Users also belong to a cell in the sense of having an account in it, but unlike machines can belong to (have an account in) multiple cells. • /usr/vice/etc/CellDB • /usr/afs/etc/CellDB
Volumes • An AFS volume is a logical unit of disk space that functions like a container for the files in an AFS directory, keeping them all together on one partition of a file server machine. • Make administrative tasks easier and help improve overall system performance. • Three types of volumes in AFS: • single read/write version • read-only volume • backup volume
Mount Points • Mechanism that associates the directory and volume is called a mount point. • Mount Points < ========== > Volumes
Replication • Replication refers to making a copy, or clone, of a source read/write volume and then placing the copy on one or more additional file server machines in a cell. • Increases the availability of the contents. • Most appropriate for volumes that contain popular files that do not change very often.
Caching& Callbacks • The problem of maintaining consistency among the many cached copies of a file and the source version of a file. • A callback is a promise by a File Server to a Cache Manager to inform the latter when a change is made to any of the data delivered by the File Server. • Two types of Callbacks: • a callback with a writable copy of file. • a callback associated with the entire read-only volume
Tokens • The token is a small collection of data that certifies that the user has correctly provided the password associated with a particular AFS identity. • When a user successfully authenticates, the AFS authentication service passes a token to the user’s Cache Manager. • The Cache Manager presents the token to AFS server processes along with service requests, as proof that the user is genuine. • The Cache Manager stores tokens in the user’s credential structure in kernel memory. • A user can have only one token per cell
ACL (Access Control List) • AFS ACLs provide more refined access control on a directory and all of the files in it. • seven access permissions: • a (administer) • d (delete) • i (insert) • k (lock) • l (lookup) • r (read) • w (write) • Three system groups: • system: anyuser • system: authuser • system:administrators
AFS vs. NFS (I) • AFS,Andrew File System; Fermilab Final Evaluation Report and Implementation Recommendations, Farhad Abar, Gary Roedigers, Joseph Stith2, Matt Wicks. May 12, 1992.
AFS vs. NFS: Architecture • Transarc Corporation, The AFS File System in Distributed Computing Environment, 1996
AFS的组成 • File Server • BOS Server • Protection Server • Volume Server • Volume Location Server • Update Server • Backup Server • Salvager • Cache Manager • NTPD
File Server • Provides the same services across the network that the UNIX file system provides on the local disk. • Delivering programs and data files to client workstations as requested and storing them again when the client workstation finishes with them. • Maintaining the hierarchical directory structure that users create to organize their files. • Handling requests for copying, moving, creating, and deleting files and directories. • Keeping track of status information about each file and directory • Making sure that users are authorized to perform the actions they request on particular files or directories. • Creating symbolic links between files.
Bos (Basic OverSeer Server) • Constantly monitors the other server processes (local) to make sure they are running correctly. • Automatically restarts failed processes. • Accepts requests from the system administrator. • Helps system administrators to manage system configuration information.
Authentication Server • Verifying the identity of users as they log into the system by requiring that they provide a password. • Providing the means through which server and client processes prove their identities to each other. • Maintains the Authentication Database, stores user passwords converted into encryption key form as well as the AFS server encryption key.
Protection Server • The Protection Server’s main duty is to help the File Server determine if a user is authorized to access a file in the requested manner. • Defining seven access permissions with access control list (ACL) for each directory. • Enabling users to grant permissions to numerous individual users. • Enabling users to define their own groups of users, recorded in the Protection Database maintained by the Protection Server. • Enabling system administrators to create groups containing client machine IP addresses to permit access.
Volume Server • The Volume Server provides the interface through which you create, delete, move, and replicate volumes, as well as prepare them for archiving to tape or other media (backing up).
Volume Location Server • The VL Server maintains a complete list of volume locations in the Volume Location Database (VLDB). • The VLDB and VL Server make it possible for AFS to take advantage of the increased system availability gained by using multiple file server machines, because the Cache Manager knows where to find a particular file.
Update Server • The Update Server helps guarantee that all file server machines are running the same version of a server process. • In cells that run the United States edition of AFS, the Update Server also distributes configuration files that all file server machines need to store on their local disks.
Backup Server • The Backup Server maintains the information in the Backup Database. • Enable administrators to back up data from AFS volumes to tape and restore it from tape to the file system if necessary.
Salvager • The Salvager attempts to repair disk corruption that can result from a failure. • The BOS Server invokes the Salvager when the File Server, Volume Server, or both fail.
Cache Manager • A set of extensions or modifications in the client machine’s kernel that enable communication with the server processes running on server machines. • Translate file requests into remote procedure calls (RPCs) to the File Server. • Tracks the state of files in its cache.
File Server、Cache Manager和Volume Location Server之间的关系
Network Time Protocol Daemon • It helps guarantee that all of the file server machines agree on the time. • Keeping clocks synchronized coordinates the copies of the Authentication, Backup, Protection, and Volume Location Databases.
AFS的管理 • Monitoring and Controlling Server Processes • Managing Volumes • Administering User Accounts • uss Command Suite • AFS Security Management • Managing Server Encryption Keys • Managing Access Control Lists • Managing Administrative Privilege • AFS Backup System • Configuring the AFS Backup System • Backing Up and Restoring AFS Data • Administering Client Machines and the Cache Manager • Monitoring and Auditing AFS Performance