- Architecture Support
Before you install AFS on your machine, please check the supported architectures table. If your operating system is not supported, we recommend upgrading to a supported version. If you are using a PC or a Mac and want to access AFS directly, you should install the Stanford Desktop Tools provided for Windows or Macs and use the native AFS clients that are included.
If you are installing AFS on Linux, do not follow the instructions below (which are for installing AFS kits). Instead, see one of the following pages:
If you have another distribution not listed and your distribution does not come with OpenAFS packages, go to the OpenAFS web site and download the source. You can then build the client and kernel modules from source, install them, and then follow the the Red Hat configuration instructions (starting with point two).
- Firewall Ports
If you are using a firewall, make sure that it allows UDP packets to ports 7000 through 7010. The AFS protocol uses UDP for communication with the server and the server has to be able to respond to client requests. (All of the ports in that range are not used by tools that we use at Stanford, but the above range will avoid any problems.)
- Current AFS Version
To check the version of AFS you are currently running (assuming you already have AFS installed), use this command:
/usr/afsws/etc/rxdebug <hostname> 7001 -version
- Getting AFS Software
The AFS client software is packaged in gzipped tar files which are available via webauthed pages. You'll need your SUNet ID and password to access the software.
On your local system, create the /usr/vice/etc directory.
mkdir -p /usr/vice/etc
Download the software by pointing your browser to the AFS Client Distribution Area and picking the tarball that corresponds to your architecture.
Untar the distribution in the /usr/vice/etc directory, delete the tar file, and copy "aklog" to /usr/local/bin/aklog:
tar -xvzf openafs-<version>-<sysname>.tar.gz
rm -f openafs-[version]-[sysname].tar.gz
cp aklog /usr/local/bin/aklog
Unix has a slightly different method for installing the AFS kernel module. Please click on the link that corresponds to your operating system, and return here when you have completed the instructions on that page.
AFS Cache Setup
Every AFS client must have a cache in which to store local copies of files brought over from the AFS server machines. The AFS daemon (afsd) consults /usr/vice/etc/cacheinfo at startup to learn the defaults for cache size and location and where to mount AFS locally. To set up your AFS cache:
- Decide the size of your local AFS cache
Although AFS caches can be as large as 1 Gigabyte, a local cache of between 50 Megabytes and 200 Megabytes should be sufficient for most systems' needs.
- Decide which partition to use
You need to select a disk partition where you'll have the amount of space you specified for your cache above.
It is easiest to do this by making a separate disk partition dedicated to your AFS cache. If you choose to have the cache share a partition, be sure that the partition you choose is not likely to grow full from other things (e.g., incoming mail, log files, tmp files, etc.). If you cannot find a partition with enough free space to accommodate your AFS cache size, you will need to make your cache smaller.
If you choose not to have a dedicated AFS cache partition, you will need to create a directory for your local cache on the partition you selected. For example, if you chose to locate your cache on the /usr partition under the /usr/vice directory (near the AFS client software and configuration files), you would need to make a cache/ directory there:
chmod 0700 /usr/vice/cache
- Create your /usr/vice/etc/cacheinfo file
The cacheinfo line has one line with three colon-separated fields, like this:
The first field specifies where to mount AFS on your local machine. The standard choice is "/afs". If you choose to mount AFS elsewhere in your local filesystem, be sure to provide a symbolic link for "/afs" pointing to the actual mount point.
The second field defines the location of your local AFS cache directory. If you have a dedicated partition for your AFS cache, this will be the path of that partition's mount point. If your AFS cache is sharing a partition, this will be the cache directory you created.
The third field defines the size of your AFS cache in number of kilobyte (1024 byte) blocks. The number you actually specify here is only 80% of your total available cache space because of the overhead requirements of the cache manager; the "missing" 20% space is used by the AFS cache implementation.
- Create a directory at your AFS mounpoint
If AFS is not the first field in your cacheinfo file, create a symbolic link from your desired location to /afs. For example
ln -s /chroot/afs /afs
Finishing AFS Installation
- Set Encryption for AFS
The AFS Kits that Stanford publishes come with encryption turned on by default. To make sure that you are encrypting your AFS network traffic, look for this line:
/usr/afsws/bin/fs setcrypt on
in your AFS init script (/etc/init.d/afs on Solaris, etc., etc.)
To turn on encryption to the prebuilt Debian or Red Hat packages add: 'fs setcrypt on' to AFS_POST_INIT at the bottom of /etc/afs/afs.conf.
- Set nosuid
The AFS kits that Stanford publishes comes with nosuid set. Please make sure your init script has this set, look for this line:
/usr/afsws/bin/fs setcell -cell ir.stanford.edu -nosuid
in your AFS init script (/etc/init.d/afs). To prebuilt Debian or Red Hat packages, add "/usr/bin/fs setcell -cell ir.stanford.edu -nosuid" to AFS_POST_INIT at the bottom of /etc/openafs/afs.conf.
- Create Local AFS Links
There are several symlinks needed to take advantage of AFS. For these links, type "@sys" and for <version>, use the OpenAFS release version of the kit you've downloaded, without any spaces or periods. For example, if you're installing OpenAFS 1.2.10, the <version> is openafs1210.
ln -s /afs/ir/systems/@sys/usr/<version> /usr/afsws
ln -s /afs/ir/systems/@sys/pubsw /usr/pubsw
ln -s /afs/ir/systems/@sys/newsw /usr/newsw
- Crontab Cleanup
Disable entries in your root crontab file which do a "find" on / without excluding the /afs tree. If you don't exclude /afs, these entries will try to contact every AFS server all over the world, resulting in excessive network traffic and system load, and your jobs will likely not finish. To exclude /afs from your "find" jobs, use the "-fstype ufs" flag:
find / -fstype ufs -name <filename>
- Reboot Your Machine
Once you have made root's crontab file AFS-safe, you should reboot your machine:
Since this is the first time that AFS is starting on your machine, the AFS Cache Manager will need to construct the files it needs to be able to manage your local AFS cache. If you have a large AFS cache, this could take about 20 minutes. Subsequent reboots will not take this long (unless you deliberately destroy and rebuild your cache).