Distributed Filesystems for Linux?

zoneball asks: "What would you use for a distributed file system for Linux? I have several GNU/Linix machines running at home, and wanted to be able to see more or less the same file tree (especially all the ~user directories) regardless of which machine I'm connected to, and where the traversal into the distributed file system space is largely transparent for the end-user. Are there any URLs or documents that compare the features, bugs, road map, stability of these and other distributed filesystems? Which offers the best stability and protection from future obsolescence?"

Zoneball looked at 3 distributed filesystems, here are his thoughts:

" Open AFS was the solution I chose because I have the experience with it from college. For performance, AFS was built with an intelligent client-side cache, but did not support network disconnects nicely. But there are other alternatives out there.

Coda appears to be a research fork from an earlier version of AFS. Coda supports disconnected operations. But, the consensus on the Usenet (when I looked into filesystems a while ago) was that Coda was still too 'experimental.'

Intermezzo looks like it was started with the lessons learned from Coda, but (again from Usenet) people have said that it is still too unstable and it crashes their servers. The last 'news' on their site is dated almost a year ago, so I don't even know if it's being developed or not"

So if you were to recommend a distributed filesystem for Linux machines, would you choose one of the three filesystems listed here, or something else entirely?

NFS

[mao+che+minh]

I know that this is going to be the most common answer, but just go with NFS. It's not the most secure option around, but obviously the simplest to implement and the best documented.

NFS Linux FAQ
Howto #1
Howto #2

If you find yourself needing help, try asking people at Just Linux forums, or trying the NFS mailing list.

Re:NFS

[vandan]

I have to agree.
It takes about 5 minutes to get an understanding of what you need. After setting it up it just works.
NFS is a great ... Network File System. No need to re-invent the wheel here.

Re:NFS

[gallir]

Naaaaaaaaaa.....

NFS is not distributed, it's only "networked" or "remote". I t doesn't support any: replication, disconnection, sharing, distribution. It is centralised, requires the same user names|numberpace and security.

In one word, it's far away of the requirements, at least if you compare them with the listed FS in the question.

Re:NFS

NFS alone does not handle this, but you can do (or at least adequately simulate) much of these features with additional software.

Handling connection/disconnection is your automounter daemon "autofs".

Given that you distribute each user to one host's disk, you can combine them all to a common /home directory (or wherever you like to mount them) using autofs. You will often create a auto.home configuration file in autofs that contains a mount point for each user. These all then appear in the common /home directory.

In order to help you maintain your auto.home file you might use an administration aid such as NIS (or NYS or NIS+). This helps you keep your configuration files on several machines common to one another.

Replication is handled by mirroring the disks and possibly providing dual servers.

While the discreteness of your distribution of files is in user account chunks, this does make for a distributed file system.

Yes, it is all kluged together, and something better needs to be created.

Re:NFS

[gallir]

Handling connection/disconnection is your automounter daemon "autofs".

Disconnection in a DFS means a certain degree of replication: you still are able to work on your files even you you have no access to you repository, or you are off-line. Autofs doesn't do that, altough you can have some rsync's scripts to partially solve the problem, it's not a scalable or viable workaround for several users.

NIS on the other hand is not a good solution for WAN connections or different networks. Should you use this kind of soultion, I'd take a look to openldap instead.

Re:NFS

[_fuzz_]

Handling connection/disconnection is your automounter daemon "autofs".

He was talking about disconnected operation, not automounting. Disconnected or offline operation means you can still access the data without connecting to the server (or a peer as the case may be). Totally different from automounting. As far as I know you can't do this with NFS.

Re:NFS

[rmdyer]

Nope, NFS is -not- a distributed file system. NFS is a point to point file system. And, unless you are using kerberized NFS, it is not secure.

The only file system that is truely distributed, has a global namespace, replication, and fault tolerance is AFS.

NFS is pretty much the same as CIFS for Windows. And, version 4 still doesn't have global namespace and volume location.

So, NFS can't be a common answer because it isn't even allowed to be in the game.

+4 cents.

Re:NFS

...just go with NFS. It's not the most secure option around...

Well, you could do what people have been doing for well over a decade and use Secure NFS. It should come by default with any decent Unix system, and it supports a variety of cryptosystems (Kerberos, Diffie-Helman, etc.)

I'm not sure if it's fully-supported in Linux, though. A check of recent Usenet articles seems to indicate that Linux doesn't support it all that well (perhaps things have changed?). But that doesn't mean NFS itself isn't a secure option.

Re:NFS

[nosferatu-man]

"For every complex problem, there is an answer that is clear, simple, and wrong." -- HL Mencken

'jfb

Re:NFS

[tuxlove]

I know that this is going to be the most common answer, but just go with NFS.

This is what immediately came to mind for me too. Except for one thing. NFS is not a distributed filesystem. It's merely a network filesystem. The data itself actually resides only in one central place, and is not distributed in any way. Storage is not shared across machines, and therefore NFS is limited, in performance and redundancy, to the levels that single storage point represents. If it's an infinitely scalable, fault-tolerant machine, then the difference approaches academic. Otherwise, the fact that NFS is not really a distributed filesystem is an important distinction.

Re:NFS

[g4dget]

NFS is not distributed,

Of course it is. It gives you a single, unified view of a file system tree that can span many machines.

It doesn't support any: replication, disconnection, sharing, distribution.

Sure it does. Some of that functionality requires more than a vanilla NFS server, but that can be transparent to clients.

It is centralised, requires the same user names|numberpace and security.

Older versions did, current versions don't.

Don't get me wrong, NFS has lots of problems in many environments. But for networking a handful of machines in a home environment, it is nearly perfect. In fact, NFS version 2 is probably the best choice (the old one without all the security stuff). Furthermore, the alternatives (AFS, SMB, CODA, etc.) are harder to administer, perform worse, and have lots of problems with UNIX file system semantics.

Re:NFS

[DeVilla]

Nobody said common answers needed to be correct. It doesn't get quite as far, but it gets there in half the time.

Dan

Re:NFS

[cduffy]

[NFS] gives you a single, unified view of a file system tree that can span many machines.

Only if your mount tables are the same everywhere, and they need to be kept in sync on the client side. By contrast, in AFS, change where a volume is mounted anywhere -- and it's changed everywhere. Add a new volume on a different server on one client, and it's there in that same place on all of them. No mucking with the automounter, no distributing config files to all your machines, none of that mess.

AFS makes administration tremendously easier after one's scaled the initial learning curve. It performs far, far better than NFS on large networks (and merely somewhat better on smaller ones). It makes security policy easier to impliment and maintain -- even if someone roots one of your boxen.

AFS is just plain Good Stuff.

Re:NFS

[krogoth]

The filesystems listed are overkill. As far as I can tell, he wants two things: access to the same files and transparent integration with the local filesystem; NFS does both of these.

Re:NFS

[g4dget]

Only if your mount tables are the same everywhere,

That's what NIS is for. Furthermore, the flexibility of being able to set up machines with different views of the network is crucial in many applications. None of my workstations or servers actually have the same mount tables: they all get some stuff via NIS, and some stuff is modified locally. The restrictions AFS imposes are just unacceptable.

AFS makes administration tremendously easier after one's scaled the initial learning curve.

AFS is an administrative nightmare. Apart from the mess that ACLs cause and the problems of trying to fit real-world file sharing semantics into AFS's straightjacket, just the number of wedged machines due to overfull caches and its complete disregard for UNIX file system semantics cause no end of support hassles. Then, there is the poor support for Windows clients. We started out using AFS because it sounded good on paper, but it was a disaster in terms of support, and we got rid of it again after several years of suffering.

It performs far, far better than NFS on large networks (and merely somewhat better on smaller ones).

AFS's caching scheme works better than what NFS is doing for small files, but that case is fast and easy anyway. AFS's approach falls apart for just the kind of usage where it would matter most: huge files accessed from many machines.

Both NFS and AFS have very serious problems. But between the two, NFS is far simpler than AFS, is easier to administer in complex real-world environments, respects UNIX file system semantics better, and works better with large files. I can guardedly recommend NFS or SMB ("there is nothing better around, so you might as well use it"), but I can't imagine any environment for which AFS is a reasonable choice anymore. The only thing AFS had ever going for it as far as I'm concerned is that it was fairly secure at a time when NFS had no security whatsoever, but that is not an issue anymore.

Re:NFS

[cduffy]

The restrictions AFS imposes are just unacceptable.

Really, now? Tell me what you're trying to do that AFS won't allow you (not *how* you're trying to do it, but *what* you're trying to do), and I'll tell you how to do it with AFS.

Apart from the mess that ACLs cause and the problems of trying to fit real-world file sharing semantics into AFS's straightjacket

WHAT?! I could say the same thing about UNIX's user/group/world semantics, and far more defensibly. ACLs allow all sorts of useful things; I can have a log directory that's append-only except to sysadmins, for instance; or have a mail spool directory writable to only its owner and processes on the mailserver; or lots of useful things that standard UNIX semantics don't support. Who's wearing the straitjacket, again?

AFS's approach falls apart for just the kind of usage where it would matter most: huge files accessed from many machines.

That's a fairly rare case (for me, maybe not for you) -- just about all my huge (multi-gig) files are things like databases accessed by only one machine.

...I can't imagine any environment for which AFS is a reasonable choice anymore...

It's a reasonable choice for mine (a fairly small [approx 40-user] software company with lots of servers and few Windows clients -- and lots of potential for need to scale). On the high end, it's also a reasonable choice for IBM, who uses it internally (incidentally, the friend who introduced me to AFS used to be a sysadmin there). NFS may be capable of scaling up to my network -- but it sure as hell couldn't scale up to IBM's.

Re:NFS

[Baki]

WHAT?! I could say the same thing about UNIX's user/group/world semantics, and far more defensibly. ACLs allow all sorts of useful things; I can have a log directory that's append-only except to sysadmins, for instance; or have a mail spool directory writable to only its owner and processes on the mailserver; or lots of useful things that standard UNIX semantics don't support. Who's wearing the straitjacket, again? Fact is, like it or not (I love it) that while using UNIX you have to live with user/group/world semantics.

It may not allow the ad-hoc fine-tuning that ACL's allow, but IMO that is a good thing.

Really, ACL's may quickly become a mess. Yes you can set some special permissions and exceptions fast, without too much planning or thinking (as groups require) but after a while it is unmanageable. Why do you think that many larger sites running large Windows implementations have a policy of not allowing ACL?!?

Re:NFS

[g4dget]

WHAT?! I could say the same thing about UNIX's user/group/world semantics, and far more defensibly. ACLs allow all sorts of useful things; I can have a log directory that's append-only except to sysadmins, for instance

Yes, and that is one of the problems with AFS. A network file system for UNIX should foremost try to be as compatible as possible with UNIX, not to invent a completely different set of behaviors.

It's a reasonable choice for mine (a fairly small [approx 40-user] software company with lots of servers and few Windows clients -- and lots of potential for need to scale).

Sounds like your needs are really modest--just about anything would probably work for you.

NFS may be capable of scaling up to my network -- but it sure as hell couldn't scale up to IBM's.

What is "scaling up to IBM's network" supposed to mean? Sure, unlike NFSv2, AFS has reasonable support for security and user ids, but that's been fixed in current versions of NFS, and it doesn't really work all that well in practice in AFS either anyway. In terms of performance, AFS is usually worse. And the much touted global name space for AFS amounts to little more than "/net/host/..." under NFS. What kills AFS is that it has a steep learning curve, is inflexible, and, most of all, doesn't even try to support UNIX semantics.

Re:NFS

We used to use NFS for some (10.000 users and we run a cluster of 200 machines plus hundreds of workstations spread out over two campuses.

The only problem is that I can not mount it from home as I use a NAT firewall between me and the cable modem, so I do not have access to ~user at home.

Re:NFS

[PurpleFloyd]

ACLs are extremely useful. The ability to fine-tune permissions when necessary should not be dismissed because it can be misused; if you can drop a hammer on your foot, that doesn't make it a less useful tool. ACLs, properly managed, leave UNIX's user/group/all security settings in the dust. While they can be difficult to keep under control in some situations, this is the situation with almost all useful tools.

Wouldn't it be simpler and easier to manage if users had to sign up for computer time on a mainframe? Just think: you would only have to support one system! The benefits to security and maintinence would be enormous. Letting users have their own computers seems nice, but since it requires less planning and thinking (as a mainframe timeshare system requires) it will always become unmanageable. After all, there's no way to plan for the use of advanced tools. Why do you think many larger 1970s corporations running large computer implementations have a policy of not allowing any employee to access the mainframe without signing up first?!?

(Note for the humour impaired: I'm parodying the above author's style.)

Re:NFS

[the-dude-man]

There are one or two Secure Ways of securing NFS, Its one othe more simple things to set up. By doing a little hacking to your ip_conntrak module to watch your nfs ports, and some tunneling with ssh, you can actually have NFS running over a SSH tunnel.

I've implemented this between linux servers before, you simple place in the nfs startup script (/etc/init.d/nfs on gentoo and /etc/rc3/nfs on redhat) a sshd command giving the correct forwarding info. Set up some key-based authentication...and BOOM NFS is mysteriously locked down :)

Re:NFS

[LynXmaN]

NFS would be a good answer for a distributed filesystem if it implemented some kind of solution for server failures like.

- Synched disconnection
- Secondary NFS replica
- Transparent failover

I've succeeded in NFS doing all of this except on the synched disconnection, NFS is a pain in the ass when you lose the backend when accessing a file, the problem indeed is that every single distributed filesystem fails on that ocasion (even AFS and DRBD on my tests).
It would be really nice to have a filesystem that could have a total failure recovery when a secondary backend server is available, indeed :)

Re:NFS

[cduffy]

Sounds like your needs are really modest--just about anything would probably work for you.

Pretty much.

Except I forgot to mention that we're getting a new building RSN, and we need to have our servers be both accessible and *fast* from both. NFS doesn't have a good way to support server repliation, transparent volume migration, and such. AFS does.

What is "scaling up to IBM's network" supposed to mean? Sure, unlike NFSv2, AFS has reasonable support for security and user ids, but that's been fixed in current versions of NFS, and it doesn't really work all that well in practice in AFS either anyway. In terms of performance, AFS is usually worse. And the much touted global name space for AFS amounts to little more than "/net/host/..." under NFS. What kills AFS is that it has a steep learning curve, is inflexible, and, most of all, doesn't even try to support UNIX semantics.

AFS's performance is worse only for a subset of cases -- and those cases don't involve really massive numbers of users to a server cluster, or having a very large WAN where replication is required, or being able to snapshot filesystem volumes systematically for backup purposes, or making very large atomic changesets to filesystem contents (so the state at any given time is always valid), or such. In situations with very large numbers of client machines -- such as IBM -- NFS is simply unable to scale.

AFS's global namespace is not at *all* like /net/host, because even writable volumes can be moved from host to host completely transparently, even when in use! Try moving half your users' home directories from one server to another during the day with them logged in on NFS, and then you'll see part of why AFS is so much more useful.

Re:NFS

[g4dget]

Except I forgot to mention that we're getting a new building RSN, and we need to have our servers be both accessible and *fast* from both. [...] AFS's global namespace is not at *all* like /net/host, because even writable volumes can be moved from host to host completely transparently, even when in use!

NFS is just a protocol for clients accessing servers. Many forms of replication and migration can be supported even with just NFSv2, purely on the server side. And NFSv4 has direct support for these features (and I'm not at all convinced that adding all that junk to NFS was a good idea either).

Overall, basically, you are so excited about a bunch of gimmicks that you completely overlook the day-to-day reality of AFS: poor large file support, poor large volume support, exceptionally poor implementation of UNIX file system semantics, and poor handling of error conditions.

(And migrating users duing the day is just silly, even if your network file system nominally supports it.)

Re:NFS

[cduffy]

Overall, basically, you are so excited about a bunch of gimmicks that you completely overlook the day-to-day reality of AFS: poor large file support, poor large volume support, exceptionally poor implementation of UNIX file system semantics, and poor handling of error conditions.

The provided large file support is sufficient; any large volume bugs that still exist have yet to get in my way; and the remaining issues with regard to unix semantics are something it's worth putting up with for the security, central managability, ACLs, and other "gimmicks" -- and the payoff gets even better in an environment requiring massive scalability (such as the aforementioned, IBM).

(And migrating users duing the day is just silly, even if your network file system nominally supports it.)

Why is it silly, if my storage management system supports it? I'd rather go home at 5:00 and work nights only when I have to, thank you very much. (And if I *do* work nights, I'd rather not disrupt the work of the other folks who are working nights with me). Frankly, I think I detect a hint of sour grapes.

Re:NFS

[IAR80]

NFS still needs some cleaning up.

Re:NFS

[xdroop]

Only if your mount tables are the same everywhere, and they need to be kept in sync on the client side.

NIS meets this need handilly -- while simultaneously giving you a single point for managing your user accounts.

re: NFS

[niker]

Starsky asks for a "distributed" file system, not just a "network" file system :) For such a thing, the only project I can finger out, is:

www.globus.org In Grid Computing, there is also the concept of Data Grid (which is being used, for instance, in a few med schools in the USA) which could be relevant to what he asked for.

Check it out! :)

Re:NFS

[Daniel+Phillips]

I know that this is going to be the most common answer, but just go with NFS. It's not the most secure option around, but obviously the simplest to implement and the best documented.

NFS has a lot of problems, the worst of which you can summarize as: it doesn't act the same as a local filesystem. For example, mmap just doesn't work over NFS. Anyway, NFS is properly called a network filesystem, not a distributed filesystem. It lacks a lot of features you'd expect in a distributed filesystem, such as disconnected operation.

Have you ever worked in a shop where the home directories are mounted on NFS? The server stops and everybody freezes. This is not nice. NFS has horrible security holes too. The best thing about NFS is, it's commonly available, and you can also say that it's a lot better than no network filesystem at all.

As far as I can see, GFS, the Global Filesystem by Sistina is better than NFS in every way. It actually provides POSIX semantics, including mmap, over the network, which is a pretty nice trick. It's considerably faster than NFS. It acts just like a local filesystem, even though it's not. You can even use it as a local filesystem, like Ext2/3.

Caveat: I recently joined Sistina as a kernel developer, though at the moment I'm working in the logical volume manager group ratjer than GFS. While GFS is a commercial product, we also have OpenGFS, a sourceforge project forked from the most recent GPLed release of GFS from Sistina. Developers on the OpenGFS project include Alan Cox and Christoph Hellwig, i.e., its supported by core Linux developers.

I believe we'd all be better off in the long run if GFS takes over and NFS gradually dies out. I'll make an analogy betweedn NFS and rsh: rsh filled a need at one time, but it's broken by design (plaintext passwords). These days, nobody uses rsh and everybody uses ssh, which by the way, is also available in both commercial and open versions. (Note that while the OpenGFS project may not be strictly compatible with Sistina GFS, it shares the same goals in terms of POSIX compliance, performance characteristics, etc.)

Re:NFS

[iabervon]

NFS isn't a distributed filesystem. However, the original poster doesn't need a distributed filesystem. It's not secure, but the poster (presumably) has a physically-secured network with no untrusted local root users. It doesn't support replicated, but the poster doesn't require that level of reliability.

In short, NFS isn't an answer to the poster's question, but it's a perfectly good solution to the poster's problem. A proper distributed filesystem is a solution to a significantly harder problem than the one at hand.

Re:NFS

[non-poster]

localhost # cat mmap_nfs.c
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>

int main()
{
void *ptr;
int fd;
char stuff[128];

fd = open( "/mnt/axp/var/log/syslog", O_RDONLY );

if ( fd &lt; 0 )
{
perror ("uhoh: ");
return -1;
}

ptr = mmap( 0, 64, PROT_READ, MAP_SHARED, fd, 0 );

if ( ptr == MAP_FAILED )
{
perror ("bad: ");
return -1;
}

memcpy(stuff,ptr, 32);
stuff[32]='\0';

printf("%s\n", stuff );

close(fd);

exit(0);
}

localhost # gcc -o mmap_nfs mmap_nfs.c
localhost # ./mmap_nfs
May 10 18:00:03 axp syslogd 1.4.
localhost # mount | grep mnt/axp
axp:/ on /mnt/axp type nfs (rw,addr=192.168.48.92)

So, you're wrong: MMAP does work over NFS.

/me shakes head

Re:NFS

[Daniel+Phillips]

So, you're wrong: MMAP does work over NFS.

I meant shared mmap, i.e., multi-host. Pardon me for not being specific.

Try this: mmap the same file on two different hosts, then write the same file location on each host via the mmap with different data. Result: two different versions of the file, and it's random which one is finally written to disk. Also, write one host's mmap, read on the other. Result: it's random whether one host sees what the other wrote.

A clustered filesystem that fails as above is not worthy of the name. It's also important to do the shared mmap efficiently, and GFS does.

Re:NFS

[cduffy]

You can't change your mount tables on-the-fly with NIS -- sure you can make changes to your automounter tables, but your machines will need rebooting before changes can take place on active partitions (and will need to unmount and remount less actively used partitions before they reflect the new tree). Personally, I'm just not entirely fond of the whole rebooting thing -- particularly not on that kind of scale.

Contrast to AFS, where as soon as the update to a read-only volume is released, it's immediately active on *all* machines.

Yes, there are a few Linux-only workarounds right now (such as lazy unmounting) -- but AFS's behaviour is the same on *every* supported platform.

Re:NFS

[cduffy]

A network file system for UNIX should foremost try to be as compatible as possible with UNIX, not to invent a completely different set of behaviors.

Oh, I'm sorry. So XFS shouldn't support ACLs either, then, I take it?

AFS is not just a network file system for UNIX. AFS is a cross-platform distributed file management system. If some of the OSen it supports can't express its semantics without extensions... well, dumbing down cross-platform software to the lowest common denominator has been done again, more recently. Look at the design decisions behind the POSIX threading API (and its lack of a simple thread_fork() call), or even more infamously, Java's AWT (lacking even such basics as a tree view because not all Sun's target platforms have such a widget natively).

I agree that deviations should not be done gratuitously -- but if nobody ever broke standards to get things done, things would get done a whooole lot slower. See "worse is better" philosophy, and why it's a Good Thing -- perhaps even part of why UNIX won. Making the design decisions that are right in theory isn't *always* more appropriate than making those decisions that are practical, even if theory argues against it.

And in practice, AFS works -- work well, even. Would it be nice if its ACLs were generally available and not an extension (or a non-network-storage-specific extension)? Sure! But this is what we've got right at this moment, and it works pretty darned well.

Re:NFS

[arkane1234]

Nobody said common answers needed to be correct. It doesn't get quite as far, but it gets there in half the time.

Distributed filesystem, distributed....

NFS is not distributed, so it doesn't answer it.
This isn't an analog answer, it's a digital answer we are looking for... there's no "hey, it holds files, and puts them across the network" to this. Anyone can do that with Samba, NFS, or other choices.

Distributed is much harder to come across. I wish DFS was more mature on Linux.

Re:NFS

[g4dget]

ACLs, properly managed, leave UNIX's user/group/all security settings in the dust.

Having spent a lot of time dealing with the mess that ACLs cause in a real-world environment, I would dispute that. But that isn't even the issue. The issue is that AFS does not even come close to implementing UNIX or Windows file system semantics. That makes AFS a poor choice as a network file system for UNIX or Windows.

And, despite the appearance of having more security, the failure of AFS to implement UNIX file system semantics actually creates gaping security holes as well, so all that AFS ACL stuff doesn't even accomplish what it is intended to accomplish.

Letting users have their own computers seems nice, but since it requires less planning and thinking (as a mainframe timeshare system requires) it will always become unmanageable. [...] (Note for the humour impaired: I'm parodying the above author's style.)

I fail to see the parody. Have you spent any time supporting PCs? They are almost unmanageable and soak up support time and resources like there is no tomorrow. Sometimes, it is worth paying that cost, but most businesses are trying so hard to lock down, secure, and standardize their PCs that they really would be better off with central compute resources. The only reason why that isn't a choice is because companies are also stuck in the Microsoft world, where centralizing compute resources is very expensive compared to buying individual machines.

Re:NFS

[g4dget]

The only file system that is truely distributed, has a global namespace, replication, and fault tolerance is AFS.

Too bad that it also creates gaping security holes, has horrible performance for big files, and doesn't handle error conditions well.

Yes, AFS has a long feature list. That alone should be a warning to people to stick with something simpler. Like NFS, for example.

NFS is a point to point file system.

And that is what makes NFS superior to AFS: it concentrates on doing something simple that's already hard enough by itself. You can build replication, distribution, caching, global name spaces, and other features on top of NFS, and people have.

Re:NFS

[op00to]

What kind of garbage are you spouting? How about you back up your claims instead of just posting a one-liner that means nothing.

Re:NFS

[darcwyrm]

rsync

Yup NFS

[laugau]

NFS + Automounter plus NIS and you get everything you ever wanted. NFS is fast, well known and documented and transparent.

Re:Yup NFS

[Kaz+Riprock]

This is all good, but what happens when your NIS/NFS server goes down? In our lab, it means most people can't login at all anywhere in lab and all login requests take ages to error and die.

Any idea how to help this problem?

Re:Yup NFS

[roro_parnucious]

You can rsync your passwd/shadow files from the master periodically, and use /etc/nisswitch.conf to say that you want to try NIS first, local login second.

Hell, if you're going to go to the trouble, you can just use the rsync method and not NIS! But I digress...

Re:Yup NFS

[warrior_on_the_edge_]

Any idea how to help this problem?

Use a cluster of nis/nfs servers.

Re:Yup NFS

[karlbowden]

Or better still
Kerberos + OpenLDAP + AFS or CODA
I found OpenLDAP the hardest to setup. So if you can get your head arround that, then you can setup any of the others.

BTW... ALL YOU NFS+NIS IS GOOD POSTERS - NFS+NIS IS NOT A DISTRIBUTED FILESYSTEM!!!!!
It just simply does not compaire.

Re:Yup NFS

[rmdyer]

Nope, sorry, NFS is -not a distributed file system. No amount of automounter pain will bring you even close to AFS. NFS is just the traditional de-facto point-to-point client-mounts-server share file system. It is just like CIFS for Windows.

AFS on the other hand has volume location independence, client-side-cache, token based ACL security, global namespace, yata, yata, yata. If you think NFS is distributed, you are still in your crib compared to real enterprise filesystem administrators.

Go get another job.

+5 cents.

Re:Yup NFS

As are you, being that you're unable to think of a way to use NFS in such a way. Everyone knows out of the box solutions are the worst. NFS CAN be used as a distributed FS if you know what you're doing.

Re:Yup NFS

[wik]

AFS uses kerberos. Kerberos is the three-headed dog that guards the gates of hell (in Greek mythology). When the kerberos server dies, all hell breaks loose. Same problem, much uglier beast.

As far as dead NIS goes, you might be able to set up a slave NIS server. I have not tried this on our NIS/NFS compute cluster yet, and I'm not sure how well Linux NIS servers handle it (we only trust Solaris to serve NIS/NFS).

Re:Yup NFS

[mac-diddy]

When the kerberos server dies? A sysadmin who runs a service with a single point of failure like should expect hell to break loose.

Re:Yup NFS

[ColdGrits]

xactly.

That is ALL he needs -

NFS
autofs
NIS (or NIS+)

Oh, and use netgroups to secure access to your mountpoints to authorised machines only.

And there you have it. Everything he needs, nice and secure and extremely easy to do.

Re:Yup NFS

[laugau]

Didn't you freakin read the post? He/she/it wanted something to use at home, moron. If he/she/it was asking about something for work, then the suggestion changes.... but at home, use something reliable, easily implemented and widely supported.

Before you start throwing rocks, step outside of your glass house. (Or rather, sound out the big words).

Opinions are like assholes. Everyone has one, but yours REALLY stinks.

Self Certifying File System

[nescafe]

I would use SFS, the Self Certifying File System. Assuming all the systems you are using are supported, it offers global, secure access to anything you care to export.

Re:Self Certifying File System

Thx for this link, I have been finding more and more interesting DARPA (and other) projects most recently that one never easily locates.

This one looks worth testing.

Anyone using this in a production setting?

Any comments on security?

NFS has never thrilled me, 'specially those proprietary SAN boxes....

Re:Self Certifying File System

[angio]

I'm from the same lab from which SFS comes, so I'm a bit biased, but I've been using it in a production setting for the last two years. My major use is to work from home and access my MIT filesystem remotely. I also maintain a network of ~40 machines distributed around the world, and I use SFS to provide access to centralized home directories on them. Very, very convenient. The software is stable, and the support is good. It works on *BSD and Linux. It also works on some versions of MacOS X, but may require an upgraded gcc on the latest (see the fs.net mail archives).

Highly recommend cheking it out. Mega convenient.

Re:Self Certifying File System

[oneself]

How does it handle disconnects?
Are the files available off-line?

Well it depends...

[Tsugumi]

For my money, nfs in a LAN, afs over a WAN, it really depends on the size of the network your trying to play with.

Since openafs forked from the old transarc/IBM codebase, it looks as if it has a real future. It's used by a load of educational and research institutions (notably CERN), as well as Wall Street firms.

Re:Well it depends...

[porky_pig_jr]

It is correct that normally you run nfs over LAN, but nfs *can* run over WAN, albeit you would want to run NFS over TCP rather than over UDP. Just to deal with delay and potential losses over WAN.

Re:Well it depends...

[Crispy+Critters]

It's used by a load of educational and research institutions (notably CERN), as well as Wall Street firms.

No kidding. I had an account where I could "cd /afs" and get into at least twenty universities. (I was trying to use some software that a student put on the web, and I needed to recompile it but he refused to put up the source. So I cd'ed into his home directory at his school and copied it. For my personal use only, not to distribute.)

One nasty glitch is that (at least in some installations) AFS file permissions are maintained separately from standard *nix file permissions. In other words, "chmod o-r *" does nothing to stop other people from reading your files (as I found out when my entire home directory was made available over the web).

Re:Well it depends...

I wouldn't be too sure about it's commercial future. We are looking at it as a distributed filesystem for my workplace. Our IBM rep indicated there is some real heated controversy about it being an ongoing concern within the company. He seemed to think it would be killed off (which doesn't mean much since an open version has already forked).

Re:Well it depends...

(I was trying to use some software that a student put on the web, and I needed to recompile it but he refused to put up the source. So I cd'ed into his home directory at his school and copied it. For my personal use only, not to distribute.)

Well done. The FBI will be arriving soon; please remain in your seat.

Re:Well it depends...

[db74]

Sure, IBM is killing IBM AFS. What does that have to do with OpenAFS?

Re:Well it depends...

" One nasty glitch is that (at least in some installations) AFS file permissions are maintained separately from standard *nix file permissions. In other words, "chmod o-r *" does nothing to stop other people from reading your files"

That is not a glitch, that is a feature. You use the "fs setacl" AFS command to set an ACL (Access Control List). AFS supports seven different permission bits, r(ead), l(ist), i(nsert), d(elete), w(rite), (loc)k and a(dminister).

Re:Well it depends...

[autocracy]

Maybe a better "feature" would make it respect normal permissions unless told otherwise.

Re:Well it depends...

[Crispy+Critters]

That is not a glitch, that is a feature.

I should have called it a "gotcha", meaning it doesn't work in the way a reasonable person might assume. Sometimes called violating the Principle of Least Surprise. This is not to say that a program should be dumbed down to the point that it is instantly usable by any luser who can pilot a mouse. But if AFS transparently acts like the normal *nix FS when I use cp, mv, ls and so on, it is reasonable to assume that the protections also work as in a normal *nix FS.

I agree that "glitch" can imply "bug" which is not correct here. I am not sure how it is a "feature", though. I can see that it would be useful to enable stronger restrictions for file access via AFS, but not weaker.

Security

Just make sure to secure it well if it'll be connected/accicable through the internet.

I have NFS and I'm very happy about it.

Re: Oop

[Black+Parrot]

> I can't think of anything funny or intelligent to say...

Unsubscribe, so you'll see the "new article coming up" warning and have a little lead time to think about it.

NFS/BOOTP

[rf0]

I'm sure other ehere will suggest NFS but why not just go whole hog and setup you clients to boot off a server then mount the same NFS filesystem. That way total transparency without having to make sure that n FS is always mounted

Just my $00.2

Rus

Re:NFS/BOOTP

[Blaine+Hilton]

Or just use LTSP

Re:NFS/BOOTP

[BJH]

I'm doing this, but one thing that annoys me about Linux is that it can't do swap over NFS, which means I'm stuck with just installed RAM on my diskless clients.

Sure, there's patches around for it, but they're not exactly reliable. Come on, guys, Solaris has been doing this for years now - how hard can it be?

and now the hard part...

explain dfs...

rsync?

[vadim_t]

If some latency is acceptable, you could just setup cron to run rsync, or some other synchronization tool every 5 minutes. Just don't forget to run a NTP server on your network, and synchronize the time on every computer that runs rsync. Otherwise you might lose data due to clocks out of sync.

Re:rsync?

*SOME* latency!!! rsync every 5 minutes?!?!?
What's the point of this kludge when you could use NFS, and guarenteed consitancy & transparency.

Re:rsync?

[vadim_t]

Hmm, perhaps I misunderstood the question there. I thought what zoneball wanted was some system that replicated the same data on all the machines and kept it up to date, so that when you change a file on one computer it gets sent to the other 5 automatically.

Re:rsync?

[Fembot]

strikes me that perhaps this doesnt have the best file locking mechanisim in the world...

Re:rsync?

[brer_rabbit]

Hmm, perhaps I misunderstood the question there.

And here I thought you were going for "+5 funny". rsync as a DFS? Man, that's scary. Someone get this guy a job at Microsoft!

Re:rsync?

[vadim_t]

Hey, everything depends on what it's going to be used for. rsync is of course a really bad idea in most cases (I wasn't being completely serious), but if the idea is to make sure that every computer has a copy of your MP3 files, then why not?

Re:rsync?

[Parsec]

This may work, but only if a user doesn't login to more than one machine at a time. On login: rsync the user's directory off the server. And on logout: rsync the user's directory up to the server. But again, that's not very distributed.

(Also this seems to be what happens in our Win2k configuration where I work.)

Background on DFS

[El+Pollo+Loco]

Check here for a good background on DFS. It also has a quick table comparison of the popular programs, and a walkthrough to set up Intermezzo.

PVFS

[Kraken137]

We use PVFS at work to give us a high-performance network filesystem for use with our clusters.

http://parlweb.parl.clemson.edu/pvfs/

Re:PVFS

[Wolfier]

Perverted File System? Good for pr0ns I guess!!
No offense here, it's just the first thing I had in mind. LOL

Re:PVFS

[sffubs]

I have tested PVFS with a few machines I had lying around, and found it to perform well.

Re:PVFS

Probably the ONLY thing on your mind.

Re:PVFS

[Wolfier]

Nope, but probably played word games a bit TOO much nowadays

Re:N/T, OT: $00.2 -- That's 20 cents, actually.

[El_Servas]

NT

openmosix

[joeldg]

I run an openmosix cluster with the openmosix filesystem here at work. Three computers.. no problems...
If you want to take a look..
http://lucifer.intercosmos.net/index.php
linkage and I am going to be placing some tutorials up. -joeldg

Re:openmosix

[joeldg]

As an addition, if you are interested in the MFS (mosix file system) here is a link to the FAQ

http://howto.ipng.be/openMosix-HOWTO/x1614.html

which mentions things like.. adding /mfs to the prune list for updatedb (locate) etc..

Having used this for quite some time I have to say that it is well worth it.. just keep your mp3's and such off on /mfs and save your space :).

-joeldg

Re:openmosix

[Kz]

Right!! OpenMosix is the solution.

Using MFS, you can just have one pool of disks, memory, cpu's and the processes will migrate to the data; instead of copying the data around.

Great system, once you settle on one version of the kernel (have to be the same on all machines)

Re:openmosix

[fille]

a bit off-topic maybe: can openmosix be used for desktop users? suppose for instance that I use a cluster of four 600 mhz pc's instead of one pc with a (say) 2 Ghz cpu. would performance be comparable? I suppose that the 2Ghz pc would be faster because desktop users use less threads and the overhead of openmosix deteriorates the performance of the cluster. Is this right? Anyone has tried this?
PS: no, I don't want to try this, it's not worth the effort I suppose. Just wondering..

Re:Format, Install Windows Server 2000 or 2003

[sneakybilly]

DFS is just replication. DFS works in a number of ways in simplest form you could use rsync to achieve the same thing. Combination of NFS and RSYNC could be used to achieve its more complex form.

Ye olde Samba

Samba works fine. I personally have approximately 5 samba mounts in my filesystem totally transparent for anybody who was to walk up and use my computer.

No need to unnecessarily complicate things here, samba is simple to set up and functions great.

Re:Ye olde Samba

[DarkOx]

Yes, but samba being a windows file system does not do permissions and the like. I love samba it is my PDC for all the windows boxen on the networks I maintain. It porvides excelent integration between winders and *NIX. Samba is fast and solid, but If I was going to export a share from one *NIX to another I would use anything else because as a *NIX network FS SMB is not exactly robust.

Re:Ye olde Samba

...except that samba doesn't support permissions correctly, and is not designed with Unix clients installed.

Re:Ye olde Samba

no, samba is not simple, and it is not transparent. Permissions are screwy, and smb is an incredibly complex protocol. The Samba guys admit that smb is insecure.

It isn't even a replacement for NFS, let alone a *DISTRIBUTED* filesystem. NFS isn't distributed, and smb/Samba isn't either.

Don't get me wrong... Samba is great when you have to interface with the evil empire, but for what has been asked, it isn't even in the ballpark.

Re:Ye olde Samba

[pasde]

Samba is NO good at sharing homes. Lots of applications perform file locking in the user's home directory, which, as one may know, requires the system to perform a syslink (go on, try 'strace lockfile foo.txt'). It turns out that Samba do not perform symlink and hence resulting in an incapability to perform file locking. And by the way, it is definitely not distributed:-)

permissions?

[SHEENmaster]

does NFS have trouble with user permissions such as a user having different numbers on different system? Is it secure enough to share a common passwd file?

Re:permissions?

[phorm]

That's what NIS is for. You can schedule regular downloads of group/passwd files, which are updated in a NIS database stored on a master server, and passed down to "slave" servers.

Re:permissions?

use NIS (or LDAP or SMB authentication or any other centralized authentication method)

Re:permissions?

[Dysan2k]

To be honest, big time, but a lot of people forget the other side of life with NFS, and that's NIS/NIS+. The yp-tools include pretty good NIS support, but not sure of NIS+. Would use niether in a production environment personally, but a common Auth system which is easy to manage would solve that issue.

Could also look into LDAP (VERY complex, no good starting point that I've been able to find) and Kerbreos auth methods as well.

Should give you a central point for uids/usernames. But NFS does not have transparent mounting that I'm aware of so that you could mount, say the /home directory of 5 computers onto / on a central system and it display all the mounts simultaneously. For example:

<ECODE>
CPU1 contains: /home/foo
/home/baz

CPU2 contains: /home/tic
/home/tac

CPU3 contains: /home/toe

on CPU4, you'd do the following:
mount CPU1:/home /home
mount CPU2:/home /home
mount CPU3:/home /home

And you'd end up with on CPU4:
/home/tic
/tac
/toe
/foo
/baz
</ECODE>

If there is a way to do this, please lemme know. I've heard people talk about it in the past, but haven't seen anything come of it yet.

Re:permissions?

[afidel]

NIS and NIS+ are in production in some of the largest enterprises out there. In fact back before linux 2.4 was commonly available I actually used a tech preview from Caldera because it was the easiest way to get 32bit UID support, our user ID's had grown beyond 16bits and getting it to work on 2.2 was a pain (you not only needed a kernal recompile but basically the whole toolchain and glibc).

Re:permissions?

[J053]

I've been using NIS+ in a mixed Solaris/Linux environment since RedHat 6.1 - had to get the nisplus tools and secure-RPC PAM modules from the SuSE folks, of course (look for nistools or nisplus and pam_unix2). I've used NIS+ on Solaris since it came out - yes, it can be a bit of a pain to set up, and I'd advise against trying to do any kind of deep hierarchical/replicated tree, but it does work very well (of course, Sun have announced end-of-life for NIS+ after Solaris 9, so I guess it'll be LDAP).

And, autofs does exactly what you're looking for. You will have to hack the autofs startup script (unles you get SuSE's) to recognize NIS+ automount maps, and AFAIK "direct" automount points don't work, but it's still cool - I use it for over 200 users every day.

Re:permissions?

[mokeyboy]

I second the comments on NIS - insecure and "noisy" too. I have found some success using LDAP (openLDAP and eDir) to share information that is usually handled via NIS and it is way more secure. As suggested by other posters, NFS and automount works well, especially if you have a central file server and just have the logged in /home/$USER directory mounted on login (user info in LDAP with PAM authentication against LDAP/Active Directory/SAMBA). You might also look at the oMFS filesystem that comes with openMosix. I haven't tried it yet but it seems to allow the sharing of filesystems to all cluster node members when set up. Shared memory/CPU resources and file access.

Non-obvious google

[rf0]

You might have luck googling for "clusted filesystems" as well. things like HP's CFS (no idea how good it is though)

Rus

Re:Non-obvious google

You might have even better luck googling for "clustered filesystems".

Re:Non-obvious google

Ummm, first, I'd prefer to stick to a file system that Linus has at least looked at, and blessed in some fashion or another, at least in terms of properly interoperating with the kernel. After all, this is a non-trivial part of the overall operating system, and you're betting your data on it.

Second, I wasn't aware that HP had released CFS to the open source community. Having worked in the group from whence it came, for a number of years, it would be very surprising if it had been opened up, since it's based on a lot of code purchased from other entities (some of which might actually still be in business). Also, it's not clear to me if or how the file system would behave on other architectures - it was created on Alpha, and has probably been ported with a fair amount of work to Itanium2, but was never designed to be architecture-portable as such, particularly to dinky 32-bit architectures. I know there was some discussion a few years ago about possibly "donating" the Advanced File System (AdvFS) to the open source community, and the general concensus back then was that it wasn't a real good idea from a technical standpoint, due to some known hacks that Tru64 could (barely) tolerate, but which shouldn't be inflicted on innocent victims :-)

However, that was then, and this is now, and it's possible that work has progressed on both AdvFS and CFS to where it could be ported to Linux. I hope so, because it's a kick-ass filesystem, and capable of doing stuff that no one else does now. Like any filesystem, though, it would need a lot of thorough testing to make sure it's ready for prime time on Linux. But if HP did donate it, it might even make HP look like it really does give a damn about Linux, which you don't see today if you want to buy an HP or Compaq brand laptop that's been certified to work with major distributions, such as SuSE, without paying the Microsoft Tax.

Re:Non-obvious google

Yeah, 'clusted' is definitely non-obvious.

Re:Format, Install Windows Server 2000 or 2003

[JustAGuyNamedStu]

Sounds like my ex-girlfriend.

I'll go with NFS too...

[Rooktoven]

...just to keep things simple. If you need redundancy, try changedfiles, it's a lot less of a hassle than intermezzo (IMO).

not for linux but still interesting

http://www.bebits.com/app/2304
it can be interfaced to a linux machine

Mirroring file system

[antarctican]

This actually brings up a question I've been wondering about for a while. Does anyone have any solutions for a mirroring file system? Basically RAID 1 over a network.

What is a good stable solution for this? Currently I'm just using a tar over ssh once a night to do an incremental backup.

Re:Mirroring file system

[CatOne]

True mirroring as in really RAID 1? You won't get any kind of speed out of that unless you implement a SAN. And that's big $$$ (as an example Apple is on the LOWEST end there with a sub $10K solution).

Re:Mirroring file system

[dlakelan]

Whoa, you definitely need Unison.

Unison will synchronize any two file trees in The Right Way (TM).

Get the gtk version for interactive conflict resolution.

Re:Mirroring file system

[mikeage]

I know this isn't quite what you asked for, but check out http://www.mikerubel.org/computers/rsync_snapshots / for advice on using rsync to create "snapshot" like backups.

Re:Mirroring file system

[antarctican]

No not REAL RAID 1, I was using RAID 1 as an example of the type of mirroring I was looking for.

Basically I have two servers, one is the active server one is the fall over backup. Now my nightly tar backup is good enough, but I was wondering if there was a better solution. A way to sync the two /home every so often, or even on an on-going basis so my clients can be sure their data is backed up fairly frequently in case a server fallover is needed.

Re:Mirroring file system

[Arethan]

I usually use rsync for one way backups, and unison where I need 2 way synchronization.
Rsync is nice because you can update lots of files very quickly, as it only moves binary diff's between files. Also, if it is a costly network link, you have the option to specify max transfer rates, so you don't kill your pipe when it runs from your cron job.
Unison is nice because it is pretty smart about determining which files should be moved, and can correctly handle new and deleted files on either end of the link. Plus it supports doing all of it's comm via ssh, so it's secure.

rsync

unison

The downside to both of these being that neither of them are instantaneous. However, I've had much success running both of these as often as every 5 minutes. Just make sure that you launch them from a script that is smart enough to check for already running instances before it starts trying to move data.

Re:Mirroring file system

[antarctican]

Whoa, you definitely need Unison [upenn.edu].

Unison will synchronize any two file trees in The Right Way (TM).

Well luckily it's not two way mirroring, it's purely one way. My clients all update their website on the primary server only, and any changes are then backuped up nightly to the live backup server. However a better solution is definately desirable.

Re:Mirroring file system

Try drbd or enbd

both do true RAID 1 over the network

Re:Mirroring file system

[antarctican]

I usually use rsync for one way backups, and unison where I need 2 way synchronization.
Rsync is nice because you can update lots of files very quickly, as it only moves binary diff's between files. Also, if it is a costly network link, you have the option to specify max transfer rates, so you don't kill your pipe when it runs from your cron job.
Unison is nice because it is pretty smart about determining which files should be moved, and can correctly handle new and deleted files on either end of the link. Plus it supports doing all of it's comm via ssh, so it's secure.

[too lazy to look it up myself]
Can rsync run over ssh? I thought I'd once heard that rsync is a huge security hole. But I could be wrong....

Re:Mirroring file system

[Azi+Dahaka]

rsync generally runs through ssh. This details setting up an rsync push server on Debian.

Re:Mirroring file system

[Fembot]

network block devices and softraid are the way forward

Re:Mirroring file system

[DanielJH]

From the rsync man pages:

You can also specify an alternative to rsh, either by using the -e command line option, or by setting the RSYNC_RSH environment variable.

One common substitute is to use ssh, which offers a high degree of security.

Re:Mirroring file system

it is two way mirroring. Read the docs.

-Myron

Re:Mirroring file system

You should take a look at drbd, which is in production at several large sites, and does true network mirroring. Take a look at http://www.complang.tuwien.ac.at/reisner/drbd/

Re:Mirroring file system

do RAID over NBD (network block device).

You create first an NBD device (http://www.it.uc3m.es/~ptb/nbd/), then using tools like mdadm or good old raidtools you create a RAID1 device, or even better a RAID5. The limit is your imagination.

Hope that answers your question

Regards

Pascal

Re:Mirroring file system

Use a NBD (Network block system) filesystem, there is a couple of different options (but can't remember them) the one actually called NBD is in the standard kernel.

Re:Mirroring file system

[bencc99]

Does anyone have any solutions for a mirroring file system? Basically RAID 1 over a network.

Yes, drbd. RAID style redundancy is not an alternative to good backups though.

Re:Mirroring file system

[broody]

Does anyone have any solutions for a mirroring file system?

I have not used it in the enterprise but rdist seems more than capable for home use.

Re:Mirroring file system

[archen]

rsync isn't really that big of a security hole. You can control a lot of parameters if you run it under xinetd. It's also pretty easy to restrict with chroot. rsync passes passwords using MD4 encryption, and the rest of the data is not encrypted. If all that isn't enough for you, all you have to do to use ssh is use '-e ssh'. I've found that passing options to ssh (non standard ports, different users, etc) is sort of tricky though.

Re:Mirroring file system

[stor]

> Can rsync run over ssh?

Yes. Works very well. I used it at my last company to sychronize trees between linux, solaris and NT machines. (I used networksymplicity's port of OpenSSH for windows)

Automating syncs in cron + a few lines of shell script is trivial.

Cheers
Stor

Intermezzo does appear to be a current project

[Dr.Zap]

While there is no new news posted on the site, ther are current tarballs on the ftp server, as recent as 5.9.03. (but that file appears to be a redux, last update to code seems to be 3.13.03)

The sourceforge page for the project (http://sourceforge.net/projects/intermezzo) shows status as production/stable but the info there looks stale too.

Re:Intermezzo does appear to be a current project

[Mesozoic44]

I believe that Peter Braam (one of the authors of InterMezzo) has been working on a new file system named Lustre that builds on top of it's ideas. It's out in beta There is a detailed document here. Braam gave a nice talk on it at LinuxWorld this last January. I haven't tried it yet.

Re:Intermezzo does appear to be a current project

[lucas_gonze]

What's the difference between Lustre and InterMezzo? Any idea?

Re:Intermezzo does appear to be a current project

[Mesozoic44]

I only have sketchy knowledge of this - but Intermezzo is designed as a distributed file system whereas Braam described Lustre as a cluster file system. The main difference between them is that Lustre was designed to be much more scalable in the following ways: the distributed lock manager is more sophisticated and the I/O load balancing is done very cleverly.

25 cents - $ (octal) 0.2

[coyote-san]

... and about 15 Karma points once the moderators are done with you.

Future obsolescence ?

[Rosco+P.+Coltrane]

Which offers the best stability and protection from future obsolescence?

This guy must have installed too many versions of the same Microsoft products.
In the GNU/Linux world, BSD world, and to some extend in the entire Unix world, good designs do not become obsolete. Even not-so-good designs often stick around, for the sake of backward compatibility. In the newest greatest Linux kernel, you can still have a.out support, NFS, Minix, FAT16 filesystem support ... You can still configure you networking using scripts for 2.0- or 2.2-based distros. You can often use 20 year old programs under Unix, albeit sometimes with some effort.

Only in the M$ world is obsolescence such a big issue, because that obsolescence is planned. In short, don't worry that much about obsolescence : if Coda is as good as it looks, it'll be there for a long time. If SomeCrappyDistributedFS FileSystem is used by enough users, it'll stay around for compatibility's sake anyway, even if it sucks.

Re:Future obsolescence ?

[nostriluu]

That's an interesting fantasy, but except for the simplest programs, things tend to morph around them and eventually they just stop working, regardless of what platform they're for.

Re:Future obsolescence ?

You obviously have no clue whatsoever.

Here's the deal. You can run the same 16bit BINARY IMAGES on XP you were running on DOS two decades ago. In fact, I can compile on XP today and run the resulting binary on Win95, which has been around for almost ten years. Not so good designs have stuck around in MSFT land for twenty years for exactly the same reason you state!

Complete BS about the Linux obsolence...case in point - I needed to upgrade RPM for some reason. Hmmmm, need a new version of db. Hmmmm, can't install it 'cause it conflicts with other stuff. Hmmmm, different db file formats. Hmmmm, I'm screwed. That's fine for simple stuff, but for a distributed FS? Riiiiiiiight.

Re:Future obsolescence ?

[gl4ss]

i dunno about you but i sure have tried running old dos programs under recent windows versions, and it ain't pretty, if you like mysteriously vanishing icons and random effects then it's fun. the thing is also that the more modern dos stuff runs more poorly than older, but not always (the more simplistic the programs approach the better). running win95 games and other stuff that except to be in 'chigago' world often will result into problems, or just cease to work because they don't find themselfs in win95/98/me world. i'm not saying that such problems wouldnt exist on other systems, just saying that YOU CAN'T TRUST MODERN WINDOWS MACHINES TO RUN OLD PROGRAMS MADE FOR MICROSOFT OS'S that are supposedly compatible. ah well.. at least dosbox is shaping out nicely(dosbox.sourceforge.net) the thing is that open source projects that mature enough usually get enough momentum behind them to stay alive and kicking, and they don't get just shutdown because of company politics. also, rpm sucks. big time. using it as an example on how things work on linux side of the world is like using some idiotic windows installer that never asked where it should have installed and insists on that windows is at c:\windows\ as example of how things work in windows. as to say a bit on on-topic, i wouldnt bother with a really distributed setting in a home environment.. rather just use nfs/samba/whatever.

Re:Future obsolescence ?

[Knightmare]

I honestly find this far from Insightful, we need a +5 Blinders option. You my friend I believe have been drinking too freely from the Linux cool-aid. If there has ever been an OS that had less backwards compatability support I would have to say it would be linux. Let's pick what IMHO is the largest supported (commercially) distro, RedHat for example. If backwards compatability exists, why can't I take a RedHat 9 package and run it on a RedHat 5.2 box? Would that be because they revamed the compiler and dependant libraries several times over the years, changed the paths to where dependant files reside, totally reworked the package management, etc...

As another poster mentioned there are PLENTY of executables that will run from XP all the way back to 95, and hell who knows maybe even 3.1... The argument of Linux is great because even the crappy concepts will run forever seems a bit flawed to me. I don't know about you but I don't crappy depricated options taking up space in the kernel when they are probably not being properly maintained or used.

Re:Future obsolescence ?

[cduffy]

If backwards compatability exists, why can't I take a RedHat 9 package and run it on a RedHat 5.2 box?

Err, that's forwards compatibility. Backwards compatibility would be running a Red Hat 5.2 package on a Red Hat 9 box (if that runs, then Red Hat 9 is backwards compatible with Red Hat 5.2).

That said, though, you're discussing a different thing. The Linux kernel has a very good track record on backwards compatibility, as he stated. The Linux userland (as provided by Red Hat and such) has a really fsckin' crappy track record. (Not bad if binaries are compiled static, but who does that?)

Distributed filesystems are quite certainly kernel territory, not userspace; hence, your argument regarding the userspace environment's track record is out of place.

Re:Future obsolescence ?

[hankaholic]

why can't I take a RedHat 9 package and run it on a RedHat 5.2 box?

For the same reasons that a program intended for Windows 2000 probably won't run under Windows 3.1, or even 95 for that matter. I'm honestly not sure whether you're a troll or just an idiot.

Many DOS apps won't run under 2000, or even XP. If you think a modern 32-bit application will run "way back to 95, and hell who knows maybe even 3.1", I invite you to try to run Microsoft's own Wordpad under Windows 3.1, let alone Office XP.

How about IE6? Will that run under Windows 95?

NIS + NFS

I'll agree with the majority here, and say NIS+NFS is the way to go. But I'll deviate a bit and say use FreeBSD as your NIS/NFS server. It's dead simple to set up, and FreeBSD is rock solid. I have an NIS+NFS server here running FreeBSD, with Slackware boxes mounting from it. Works like a charm.

Re:NIS + NFS

How would BSD be a choice if its... dead?

Re:NIS + NFS

Oh shut the hell up!!! BSD is NOT dead you fucking troll! BSD is about the most cutting edge free Unix out there. It has everything that you could ever need in a desktop OS, with the total security and stability of an operating system with roots that go back further than 30 years. The installers blow away anything that MS or RedHat/SuSE have come up with. On the latest version of FreeBSD, I was VERY impressed with the GUI based installer that actually has a CG helper that makes the install incredible easy. They also have automatic hardware detection for EVERY piece of hardware out there. It found my SB Live card immediately and actually was able to use the sound DURING the install to play beckground music, and sounds for the SameGnome game that they put there as a time killer. Now THAT is advanced. BSD is DEFINIETLY not dying you stupid fuck!

Re:Format, Install Windows Server 2000 or 2003

[donkeyboy]

That should have read...

Format, Install Windows Server 2000 or 2003, Repeat

NFS & autofs

[Greg@RageNet]

What you are looking for is 'autofs', which has been used extensively in solaris and linux for years (forever). You can set up an NFS share and then have autofs mount/unmount it on demand. The advantage is that if the share is not in use it's unmounted and the machine will be less vulnerable to hanging if the NFS server goes down. See the AutoFS Howto for more information on setting it up.

-- Greg

Re:NFS & autofs

[Isomer]

NFS was designed to handle the NFS server going away, it's completely stateless.

If you mount it with the options "hard,intr" then it will allow you to recover nicely if an NFS server goes away.

See the Waikato Linux Users Group page on NFS for more information.

Re:NFS & autofs

[LynXmaN]

Unless you're accesing a file when the server fails.
NFS handles well server disconnection when no files are open or in use, unfortunately, that does not cover high performance systems that rely on NFS (kind of ironic indeed)

Andrew File system

[parkanoid]

This seems to be a good choice

Re:Andrew File system

[rmdyer]

Excellent choice! Sir! You win the prize for astute systems administrator!

AFS is the only enterpise ready, cross platform, secure, global namespace file system that is worth the money. In fact, OpenAFS is free...that's right...as in "beer".

+10 cents.

Re:Andrew File system

[parkanoid]

It took me a minute or two of browsing your other replies to decide that you weren't being sarcastic. Then again, I probably posted my comment long after your AFS suggestions as I apparently searched the page for 'AFS' at 3 threshold :|

Re:N/T, OT: $00.2 -- That's 20 cents, actually.

[Trolling4Dollars]

NT

Not Today

None of the above

[SlightlyMadman]

It seems like a distributed filesystem might be overkill for your needs. If what you really want is the appearance of a single common machine, why not just pick one as a server, and set up your other boxes as X clients. You can even pull out most of their memory and storage, and stick it in the server, thus turning them all into pretty powerful machines.

NFS is not a DFS

[purplebear]

Just so you all know. NFS is a network accessible FS. A DFS can also be network accessible from clients, but it physically resides on multiple systems.

Re:NFS is not a DFS

Any NFS-based system I have ever used had its file systems reside on many hosts. Automounters and NIS handle the distribution and global mappings.

Distributed Filesystems?

[Tailhook]

You limited the possible set of answers to "for Linux." I'll ask the larger question; are there any good distributed filesystems? Good meaning; mature, stable, works on at least one platform well, and is as transparent as possible to that platforms software, within reason.

Truth is the only thing that resembles a distributed filesystem I have ever used is Domino. It does what I need quietly, efficiently and consistently. You can't open(...) the content you have stored from a C program (others APIs exist if you must) but maybe that expectation is what makes the existing DFSs on Linux suck...

Distributed Filesystems are attempts distribute things that most software assumes is only a couple microseconds away, exists atomically, is not accessed concurrently and is permanently available. Clearly a tough problem domain! :)

Re:Distributed Filesystems?

[placiBo]

Most of thats not true. GFS is Posix compliant (so you can open() as much as you like) and stable.

CIFS with SAMBA

Samba is free and it will work with your M$ garbage if you need it to.

Re:Format, Install Windows Server 2000 or 2003

Ummmm... no.
Both DFS and dfs (depending on whether you're unix or windows) are more of a distributed hierarchy.

You see the same file system wherever you are regardless of what systems happen to hold the data. You can choose to replicate data between said systems and if you're doing things right the dfs system will direct clients to the "copy" of the data that is closest.

Oh, and NFS can lick my swalls :-)

Re:permissions? Automounter

[Greg@RageNet]

autofs will do this.. for example, you would have an auto.master like:

/home auto.home

and auto.home like:

foo cpu1:/home/foo
baz cpu1:/home/baz
tic cpu2:/home/tic
tac cpu2:/home/tac
....

The result would be all the right /home/* directories.

Obsolete ?

[CmdrTostado]

Which offers the best stability and protection from future obsolescence?

The best protection from future obsolescence is to use something that is already obsolete.

AFS is great but a pain in the butt

If you have a lot of time to invest in setting everything up, training all your users in AFS, and administering a complex system, then AFS is a great choice. It provides more flexible ACL's and is generally more secure than NFS (if a user hacks root on your system, they can't comprimise the AFS volumes without obtaining a token).

OTOH, having administered AFS installations in the past, I would steer clear of AFS unless you really understand it and are willing to make the investment in time and personnel to make it work for you.

NFS (optionally +NIS) is a tried-and-true solution; it's dirt-simple to set up if security is not paramount and there's a pleathora of documentation for it on the Web (i.e., for free). Every UNIX I've ever used had some sort of NFS client, if not a server, built in. Most Linux distro's come with NFS clients and servers prepackaged and ready to go -- if you go with AFS, you'll have to install stuff on every box and handle patches, upgrades, etc., through a separate process. And there are nice Windows clients that talk to NFS (or you can run Samba to go the other way) (or both, if you're a masochist).

Plus, most of your fellow slashdotters agree that NFS is the way to go. :)

Re:AFS is great but a pain in the butt

It looks like you never really got the point of AFS. At my previous employer we started out with NFS because it was "already included", "enough for our needs", "easy to setup" and so on. Over time the environment grew and we ran into nightmares of hanging machines because of cross mounts, downtimes because of server maintenance, NIS trouble (machines were broadcasting for NIS servers and bound to whoever answered first), security problems (for instance, one day somebody decided to clean up some "unused" directories on his NFS client machine but these directories were in fact autofs mountpoints and he happily removed several GB of data on our NFS servers), and so on. There were 3 people trying to keep that stuff running. Then we decided, enough is enough, and switched the whole environment over to AFS. With AFS I could manage the whole thing (9 servers, 3000+ users, 300 GB, several hundred clients) in half of my time alone, I could replace old servers or relocate servers in the computer room without any downtime by simply moving the stuff to other servers transparently. And we had a much more secure environment (nobody could simply plug in to the network, masquerade as a machine which is currently down and assume some UID and read or write whatever data he wanted, let alone stealing NIS tables with passwords in it). And another big advantage of AFS was the quota system. The quota goes with the volume, so if I moved user volumes from one partition to another one the quota went with it, unlike the braindead NFS-BSD-quotas which are per partition! And we also ran the famous AFS balancer which automatically and transparently moved user volumes around each night in order to fill all the partitions on all servers evenly.

The only drawback with AFS is that you have to educate your users. At the beginning they were screaming and crying because of the 24h token lifetime and the ACL stuff but over time they got used to it and they also learned the advantages, for instance, that they could create their own groups and put them on ACL's. And we also provided some tools, for instance screensavers which automatically refresh the token on screen unlock and some stuff for batch and cron jobs.

AFS vs NFS

[runderwo]

It takes more time to set up an AFS cell than a NFS server, but the rewards are pretty tremendous IMO.

It's become such a part of my day to day life that I can't really describe the things I was missing before. The best things about it are probably the strong, flexible security and ease of administration. It also gives you everything you need from a small shop all the way up to a globally available decentralized data store.

There seems to be a good comparison here. I would strongly recommend AFS for all of your distributed filesystem needs. (The OpenAFS developers are cool too!)

Re:AFS vs NFS

[pHDNgell]

I'm disturbed at the number of people who are recommending NFS as a distributed filesystem solution. While it might be easy to get going initially, I've had more long-term problems with my NFS server and client interactions than my AFS. To get my NFS clients to behave anything like AFS clients, I had to build and install an automounter that could use NIS config.

You only have to wait for the first day you want to reboot a fileserver without breaking every system on your network or waiting for startup dependencies, etc... One day, I moved all of the volumes off of an active fileserver (i.e. volumes being written) and shut the thing down and moved it to another machine room, brought it back up, and moved the volumes back. The reads and writes continued uninterrupted, no clients had to be restarted, no hung filesystems anywhere, etc...

Re:AFS vs NFS

[rmdyer]

Yes, I too am disturbed. It goes to show how little people really know about enterprise scale file systems.

Mod this guy up!

Re:AFS vs NFS

What!? Fuck off!! Who the fuck cares about scaling when these systems are for use at home? We're not talking enterprise stuff here for god's sake, we're talking REAL usage at home!! For REAL use home applications like Ogg Vorbis and DivX encoding clusters, home automation systems and render farms. I don't care about the fucking enterprise. Businesses can rot for all I care, just give me a fast and powerful data center and number cruncher for home use!

Re:AFS vs NFS

I am disturbed by your mindless "me-too"ism. It shows how little /.ers have to say in a conversation.

"Mod parent up" is precariously close to karma whoring... A helps B... B helps A...

Re:AFS vs NFS

[quantum+bit]

There seems to be a good comparison here [tu-chemnitz.de]. I would strongly recommend AFS for all of your distributed filesystem needs. (The OpenAFS developers are cool too!)

So when will OpenAFS be available for FreeBSD?

Rumor has it that the server portion works, but I've never managed to even get it to compile.

Re:AFS vs NFS

[rmdyer]

Nobody needs a distributed filesystem at home. That is complete insane overkill. Get you a big drive and export the whole thing NFS, or CIFS if you use Windows.

The end.

Re:AFS vs NFS

[Trolling4Dollars]

Yes... Nobody needed more than 640K or RAM at one time either. :P

Note to the humor impaired: This is a joke.

Re:AFS vs NFS

[db74]

Crap. I better go turn mine off then. Wouldn't want to accidentally be able to get at my files when I travel, or go to work.

Re:AFS vs NFS

[db74]

Try a nightly snapshot? Post actual problems (not "it didn't work") to openafs-info, and you'll probably even get useful feedback.

Re:AFS vs NFS

the clientside is basically working now.
I believe that there might be some cache
corruption issues with a disk cache, but
the memory cache works fine. I am not to
sure if it works under 5.x yet, but I have
systems that are running 4.x and AFS and
they are all quite happy with it.

Re:AFS vs NFS

"So when will OpenAFS be available for FreeBSD?"

If you are just looking for an AFS client, then try Arla:

ftp://ftp.stacken.kth.se/pub/arla/

Back when OpenAFS was not around, the Arla project was started by a group of developers at the Royal Institute of Technology in Stockholm, Sweden, with the main goal of providing AFS to the platforms that Transarc did not support. Even though OpenAFS now exists, Arla is still in development.

Re:AFS vs NFS

[quantum+bit]

If you are just looking for an AFS client, then try Arla:

ftp://ftp.stacken.kth.se/pub/arla/

Actually, I need both client and server.

I've looked at arla before, but from what I can tell arla seems to still be limited to Kerberos 4. I run krb5 (and only krb5, with no 524 cruft) for security reasons since krb4 has quite a history there.

However, I'm unable to verify that since arla's web page seems to not be working at the moment.

Re:AFS vs NFS

[quantum+bit]

Try a nightly snapshot? Post actual problems (not "it didn't work") to openafs-info, and you'll probably even get useful feedback.

Snapshot? No thanks. I need stability, not something that's still untested. If I didn't care about it being stable I'd just use Linux.

Tutorial

[TheFlu]

I just went through this process a few weeks ago and I must say I'm really glad I went through the trouble of setting it up...it's very cool. I actually wrote a tutorial about how to accomplish this by using NIS and NFS. I hope you find it helpful.

The only trouble you might run into with the setup I used is some file-locking issues with programs wanting to share the same preference files.

Re:Oop

[}InFuZeD{]

So, you know who I am. You forgot to close the bold tag.

Re:another distro? noooo!

Informative? What the hell?

NFS - With Automounts & NIS

I run a large 70+ machine mixed network. We run NIS and automount everything everwhere.

It has to be one of the simplest configurations, and most transparent to the users.

Things you want to read up on is "NIS" and "ypmake" and stuff like that.

Some may say it is insecure, I don't think so. I don't know your environment. Mine is a business - we employ professionals - we fire jackasses. All access to our network is firewalled from the rest of the world.

-Duane.

What about good old GFS?

[placiBo]

I'm amazed to see no mention of the widely used and rock solid GFS, brought to you by the same people who did LVM. GFS was written for Linux and is Posix compliant. It was available under the GPL license once upon a time, unfortunately thats changed. Doesn't cost too much though.

Re:What about good old GFS?

After beta-testing the company forked GFS into a into a not free for commercial use license. The GPL version is not longer maintained AFAIK.

One can only hope they won't do the same thing with LVM but there's no guarantee. Vinum or RAIDFrame on BSD with NFS is the only way to remain free ...

Re:What about good old GFS?

NFS4 is better

Re:What about good old GFS?

How is nfs4 better?

Re:What about good old GFS?

Doesn't cost too much, on what planet? :)
The GPL'ed version is carried on in opengfs

Unison file syncronizer

I have exactly the same problem here at home, except I've thrown a couple of laptops into the mix. The solution that I've come up with us to use Unison to syncronize directories between machines. The big advangage is that Unison is as simple as it gets. It just plain works. It doesn't matter what the filesystem, network reliabilty, or even operating system is (it works on Win32 too).

Setup a cron job to unison the home directories over an SSH link at a regular interval. Not only do you have a distributed filesystem, but every client has a complete copy also.

Re:Format, Install Windows Server 2000 or 2003

DFS is just replication. DFS works in a number of ways in simplest form you could use rsync to achieve the same thing. Combination of NFS and RSYNC could be used to achieve its more complex form.

You should be flogged for suggesting N'SYNC!

unison, anyone?

[gooofy]

The problem with these distributed files systems seems to be that they're either pretty old and lacking features like disconnected operation (AFS) or seem to be unstable or, even worse, unmaintained (Intermezzo, Coda).
For many simple purposes backups can be done quite nicely using rsync or something like bacular. For laptop/notebook support unison is definitely worth a look. It syncs directories like rsync does, but in both directions. Works nicely for me.

Re:unison, anyone?

[Zeut]

Agreed. I just setup unison to sychronize all the files between file servers in multiple offices. Works well, very easy to setup, no kernel hacking required.

Unison

[brer_rabbit]

Anyone with a desktop and a laptop they want to maintain in sync definetely needs Unison. This is one of the coolest tools I found after I picked up a laptop.

Remote Synchronised filesystems

[danpat]

I've spent quite some time researching this issue for here at work. We have two primary offices, separated by a 256k of network topology. Too slow for most users to find acceptable (large files, several 10s of seconds to copy). A bit of a culture problem but oh well.

I looked into a whole pile of options for having a "live" filesystem, a-la NFS, but the bandwidth killed interactivity (this is for users who've never used 100mbit network filesystems before).

I found the following:

1. Windows 2000 Server includes a thing called "File Replication Service". Basically, it's a synchronisation service. You replicate the content to many servers, and the service watches transactions on the filesystem, and replicates them to the rest of the mirrors as soon as it can. You can write to all mirrors, but I never quite worked out how it handled conflict resolution.
A chapter from the Windows 2000 Resource kit that describes how it works: http://www.microsoft.com/windows2000/techinfo/resk it/samplechapters/dsdh/dsdh_frs_tkae.asp

2. Some people have done similar work for Unix systems, but they mostly involve kernel tweaks to capture filesystem events. Can't remember any URLS, but some Googling should find it.

3. Some people are using Unison to support multi-write file replication. So long as you sync regularly, you shouldn't have too many problems.

4. The multi-write problem is a hard one, so most people tend to say "don't do it, just make the bandwidth enough". This is the way to go if bandwidth isn't an issue.

A guy by the name of Yasushi Saito has done quite a bit of research into data replication. Some papers (search for them on google in quotes). He also put together a project called "Pangaea" which tries to do as described above. It wasn't great last time I looked. Some paper titles:

- Optimistic Replication for Internet Data Services
- Consistency Management in Optimistic Replication Algorithms
- Pangaea: a symbiotic wide-area file system
- Taming aggressive replication in the Pangaea wide-area file system

There is also a bunch of other research work:

- Studying Dynamic Grid Optimisation Algorithms for File Replication
- Challenges Involved in Multimaster Replication (note: this talks about Oracle database replication)
- Chapter 18 of the Windows 2000 Server manual describes the File Replication Service in detail
- How to avoid directory service headaches (talks about not having multi-master-write replication and why)

Re:Remote Synchronised filesystems

[danpat]

Oh, and, of course, GFS, but it's no longer free, so not an option if you don't want to spend any money. It works a treat.

Re:Remote Synchronised filesystems

Try OpenGFS.

AFS good on linux, good luck on FreeBSD

[(startx)]

My university uses AFS as well. From a user standpoint, once everything is set up it works great. They've got it seemlessly integrated into all the Windows, Linux, and Solaris boxen on campus using OpenAFS and Kerberos.

I had no complaints with it at all, until I tried to get a FreeBSD machine working with AFS. For starters, OpenAFS doesn't have a FreeBSD port. I've heard rumors of one in the works, but I haven't seen anything useful in the last year. I did stumble across a project called arla however, which allowed me to at least mount /afs. Unfortunately, AFS uses kerberosIV authentication. This would be fine, accept my schools kerberos server only hands out v5 tickets. I have yet to find a kerberos implimentation that correctly finds my schools 524 server and actually get user permissions on AFS space. That's where I'm stuck right now any.

Like I said, works great in Linux, Solaris and Windows, but beware if you try with a BSD.

Re:AFS good on linux, good luck on FreeBSD

[fsmunoz]

Try Heimdal . It uses it's own lib to convert kerberos v5 tickets to AFS tockens. In my setup with a simgle kinit I get v5 tickets and v4 tickets.

Anyway, AFS *can* use Kerberos v5. The initial configuration can be a bloody nightmare though...

Re:AFS good on linux, good luck on FreeBSD

BSD is dying :-P

Re:AFS good on linux, good luck on FreeBSD

[db74]

Actually, there's been a FreeBSD port in CVS for a while, it just hasn't made it into a release yet.

Re:AFS good on linux, good luck on FreeBSD

OpenAFS does work on FreeBSD 4.x. The port
is not in the ports tree because it doesn't
quite work in 5.x yet.

Re:AFS good on linux, good luck on FreeBSD

-bash-2.05b$ cd /usr/ports/net/arla/
-bash-2.05b$ cat pkg-descr
Arla is a free AFS client implementation.

The main goal of the Arla project is to make a fully functional client with all
capabilities of commercial AFS. Other planned and implemented things are
all the normal management tools and a server.

Version 0.35.5 status:

* Read/write support
* Authentication (with kth-krb4)
* Working filesystem on OpenBSD, FreeBSD, NetBSD, Linux and Solaris
* Some administration programs (fs, vos and pts)

WWW: http://www.stacken.kth.se/projekt/arla/

This port requires kerberos

Re:AFS good on linux, good luck on FreeBSD

[runderwo]

Hey :) Fellow UMR student here, I access my AFS account from off campus on Linux machines. The key is to put the following in your /etc/krb5.conf:

UMR.EDU = {
kdc = kdc.umr.edu
kdc = krb524.umr.edu
admin_server = kdc.umr.edu
default_domain = umr.edu
krb524_server = krb524.umr.edu
}

[login]
krb4_convert = true
krb4_get_tickets = true

I stole that config off one of the Ultras in 213.. it's been working great for me ever since.

(I'm AFS ID rcuca4 if you want to email me about it)

Re:AFS good on linux, good luck on FreeBSD

Oh I dunno, it works pretty well as a Mac OS X networked home directory for me.

jwelch@mit.edu for details ;-)

john

Re:AFS good on linux, good luck on FreeBSD

[m_frankie_h]

frankie@kyblik$ fgrep BROKEN /usr/ports/net/arla/Makefile
BROKEN= "Does not build"

ouch

[marcushnk]

security wise this would be a nightmare to watch over..

Plan 9

Plan 9 gives you a different perspective and it is interesting.

Re:Plan 9

[porttikivi]

There exists v9fs for Linux. See Google! Secure and high performace file sharing the Plan 9 way!

Re:Plan 9

[porttikivi]

And see Venti and Fossil for clever archiving solutions and distribution of the back end of a disk server system. These run on Plan 9, but can be used with v9fs from Linux.

"UNIX is obviously the mother of Linux in that sense, in that we stole all the basics. But a lot of ideas come from a small operating system called Plan 9 that was done by a lot of the same guys who did UNIX in the first place." -- Linus

"I don't follow other operating system development too much, except Plan 9 and Inferno.." -- Linus

NFS is not even close to secure

[SuperBanana]

It's not the most secure option around

That's like saying "jumping off a cliff is not the most intelligent thing to do." NFS is easily the LEAST secure option of ANY filesharing system.

NFS is only appropriate on a 100% secured(physical and network-level) network. If anyone/someone can plug in, forget it. If anyone has root on ANY system or there are ANY non-unix systems, forget it. If ANY system is physically accessible and can be booted off, say, a CDROM, forget it. The only major security tool at your disposal is access by IP, which is pathetic. Oh, and you can block root access.

Even though you can block root access for some/all clients, it's still massively insecure, and this remains NFS's greatest problem. You have zero way of authenticating a system. NFS is like a store where you could walk in, pick up any item you wanted, and say "I'm Joe Shmoe, bill me for this!" and they'd say "Right-o!" without even looking at you. All systems with the right IPs are explicitly trusted, and their user/permissions setups are also explicitly trusted.

NFS is a pretty good performer, especially when tuned right and on a non-broken client(which linux is VERY far from.) However, its entire security model is in dire need of a complete overhaul. There needs to be a way to authenticate hosts, for one, more similar to WinNT's domain setup, which is actually incredibly intelligent(aside from the weak LANMAN encryption.) The administrative functionality in NFS can't compare to the features that have been available to MacOS and Windows administrators for over a decade, and it's purely embarassing.

Either that, or AFS/Coda need to get a lot more documentation and (for Coda)implementation fixes. The unix world desperately needs a good filesharing system...

Re:NFS is not even close to secure

[tzanger]

I use a very simple script to help keep NFS secure:

IPTABLES=/usr/sbin/iptables
RPCINFO=/usr/sbin/rpc info
GREP=/usr/bin/grep
AWK=/usr/bin/awk

$IPT ABLES -F nfs
$IPTABLES -N nfs &> /dev/null
$RPCINFO -p localhost | $AWK '/portmap|mount|nfs|lock|stat/ \
{ print "iptables -A nfs -p " $3 " --dport " $4 " -j DROP" }' | \
/bin/bash

$IPTABLES -L INPUT -vn | $GREP -q 'nfs all -- !ipsec0+'
if [ $? -ne 0 ]; then
$IPTABLES -I INPUT 1 -i eth0 -j nfs
fi

Basically it only allows incoming NFS-related connections over ipsec, dropping anything that is not. NFS port allocation is dynamic by default and I know you can force ports, but this seemed far easier to scale.

One thing I have noticed (and perhaps it's common knowledge to NFS experts) is that in order to get locking to work at all, my NFS clients had to be running statd and lockd. Without 'em everything worked but locking would fail every time.

Re:NFS is not even close to secure

[HuguesT]

> If anyone has root on ANY system or there are ANY > non-unix systems, forget it.

By that you mean that it's easy to read stuff off people's directory if you can spoof their UID. Sure. I think you'll find the same is true on a SMB network.

> The administrative functionality in NFS can't
> compare to the features that have been available
> to MacOS and Windows administrators for over a
> decade,

Given that 10 years ago Windows for Workgroup had hardly been released and didn't even have TCP/IP by default I think you are exagerating a little bit. At the same time MacOS version 7 was the norm, and we all know how secure that one was, right?

Maybe NFS4 is your answer?

Re:NFS is not even close to secure

[rneches]

And if you're lazy and/or adventurous, you can turn on NFS over TCP in your kernel and tunnel it over ssh or ppp/ssh. I've never tried it, but it ought to work. I understand that NFS over TCP is relatively untested, but is reputed to work rather well. Doing weird things like this would be a pretty good way to test the NFS over TCP code, and I'm sure the developers would be interested to hear how it goes. Particularly if you run a lot of data over it for a long time, and have a good way of verifying that all is well. Or, better still - if all is not well, and you have a good way of articulating what went wrong.

Of course, that doesn't mean it's a good idea. I think your solution with IPSec is much more elegant. Unfortunately, I happen to need to get through a heavily packet-shaped network that massively favors port 80, and drops random packets everywhere else. Not IPSec friendly at all. I avoid this by running multiple ppp/ssh tunnels through the retarded parts of the network and letting my gateway balance between them. Unfortunately, this requires privileged accounts on many, many boxes in odd places.

By the way, 10 points to any Northeastern University students who send polite, well considered complaints to Network Services. Not RESNet - they exist only to prevent you from talking to Network Services. Don't bother yelling at them - they exist specifically for that purpose. RESNet has no authority whatsoever to, for instance, allow CVS to work when Network Services decides to to drop 90 percent of packets on port 2401. This is for your benifit - I'm perfectly happy with my tunnels.

Re:NFS is not even close to secure

[bfields]

"Maybe NFS4 is your answer?"

More up-to-date NFSv4 links:

• NFSv4 home page
• NFS Version 4 Open Source Reference Implementation, for Linux and OpenBSD

As part of University of Michigan/CITI's work on NFSv4, we're implementing rpcsec_gss on Linux, which uses kerberos to authenticate every NFS request and reply. This applies equally well to earlier versions of NFS, and interoperates with other vendor's NFS implementations. While it's still not sufficiently tested for production use, the code is going in to the 2.5 kernel series (thank-you, Mr. Torvalds, for accepting crypto into 2.5...) and is being actively developed.

--Bruce Fields

Re:NFS is not even close to secure

[Aardpig]

If anyone has root on ANY system or there are ANY non-unix systems, forget it.

Actually, there are two sides to this problem:

1. I mount someone else's disk
2. Someone else mounts my disk

Problems caused by case 1 can be handled using the root squash functionality: basically, making all root-UID files on a filesystem which I mount lose their root ownership. This stops Joe Sixpack (who is root on a machine which hosts a remote disk) from copying a SUID-root program onto the remote disk, and then logging into my machine as a normal user, and running the program as a means to get root priv.

Case 2 can be handled by a sensible security policy: only export disks via NFS to machines where you are root. Otherwise, Joe Sixpack can mount your disk, and with his root priv look at anything he wants. However, he still won't be able to compromise your machine (although he may get information which leads to a compromise).

Problems with NFS are at more of a nuts and bolts level - portmap is legendary for having all manner of holes in it, and it remains vulnerable to packet sniffing. Tunneling NFS through an SSH link helps with the sniffing problem, but it creates security problems of its own (see the NFS HOWTO for details).

Re:NFS is not even close to secure

There is plenty more that you can do to secure NFS than you suggest. Kerberos, secure rpc, DES / DH authentication, and IPSEC are all available tools. Unfortunately Linux NFS had tended to lag in security.

http://docs.sun.com/db/doc/816-7125/6md5dsnvv?a= vi ew
http://nscp.upenn.edu/aix4.3html/aixbman/comma dmn/ nfs_secure.htm
http://docs.sun.com/db/doc/805-722 9/6j6q8sve1?q=de s+nfs&a=view

Re:NFS is not even close to secure

[db74]

Everyone wants more OpenAFS documentation, and no one seems to be actively working on it. The volunteers don't seem to be tripping over each other to do it.

Re:NFS is not even close to secure

[Agthorr]

I run NFS over IPSec. That solves many of the security issues.

-- Agthorr

Re:NFS is not even close to secure

Ugh, what the hell is it with Kerberos being in everything? Keberos sucks.

Re:NFS is not even close to secure

[tzanger]

I know about NFS over TCP, but decided against it as it is relatively untested and further, the networks I deal with are all on the same provider so the connection set-up and tear-downs and other TCP overhead just wasn't worth it for me.

Interesting workaround for the routing damage though... Honest, it's HTTP traffic. :-)

Re:NFS is not even close to secure

[tzanger]

Dammit I hate replying to myself.

A few stats on the box: just under 2 weeks' uptime and 92G of traffic later, 36G (120M packets) is NFS. The loadavg hovers at around 0.25 but heavy NFS/IPSec stuff will peg it at 1.0 easily (P4/1700). This would indeed be a good test bed for NFS over TCP. Sadly the box is in production now. :-/

Server nfs v3:
null getattr setattr lookup access readlink
0 0% 25089659 34% 1295616 1% 13475557 18% 11307631 15% 6 0%
read write create mkdir symlink mknod
8283791 11% 7565705 10% 889166 1% 5939 0% 2 0% 0 0%
remove rmdir rename link readdir readdirplus
1225349 1% 36 0% 788797 1% 646085 0% 1002143 1% 0 0%
fsstat fsinfo pathconf commit
85 0% 85 0% 0 0% 1946755 2%

Re:NFS is not even close to secure

[chiasmus1]

My computer science lab in college was setup with machines all running NFS. I thought it worked great until I ended up becoming the system admin. It was then that I realized that I could su into any user account if I was root on any machine. I knew that not only I, but many students knew how to reboot a machine and become root. There was even a sign in the room that said, "Do not reboot the computers." I realized that there was no way to really protect the machines with NFS.

A little bit later I discovered the trick with ypcat to collect all of the passwords from the NIS server. I was interested in this article because, while I am not the system admin, I have always wondered how I could have prevented a cracker from rooting a machine, su'ing to another account and copying homework assignments, or other things.

NIS == "Hack me please"

[Kunta+Kinte]

Don't use NIS, unless you have absolutely no other option.

Other options like LDAPS and Kerberos offer at least some form of security.

ypcat, then brute force attack on the resulting passwd file is as old as dirt, and sadly still works. I was a bit dissappointed when I saw NIS as a required service on the Redhat cert syllabus.

This may sound harsh, but I don't think there is much excuse for run NIS in this day and age. Anyone who does this in an environment where security is a concerns deserves what they get.

Re:NIS == "Hack me please"

[Benley]

I've got other options, but I use NIS. The catch (there is always a catch) is that my NIS does not contain ANY password hashes, because I use Kerberos to contain those. It works well, and it's nice and simple. The future plan is to migrate to LDAP of course, and get rid of all my NFS mounts all over everywhere and implement AFS, but for now, NIS + Krb5 works great.

Re:NIS == "Hack me please"

What are you smoking?
NIS+ has DES encryption as its minimum.
All major unices have NIS+ clients and servers and Linux has at least clients....

Re:NIS == "Hack me please"

[HuguesT]

It's not all rosy like `use LDAP'

NIS is simple and easy to maintain. LDAP is harder. From memory (10 years ago) Kerberos was geared towards as single user on a single machine, is that still the case?

Lots of big organizations still use NIS because its flaws, while real, are well understood.

Re:NIS == "Hack me please"

[Morrig]

NIS supports shadow, so there's no need to distribute an unshadowed passwd map like your example.

Anyway a lot of unix systems that have been around for a long time use NIS still. This is probably why it's still on the RedHat certs (people wanting to put a redhat workstation on their existing network, or to upgrade their existing NIS server to something newer).

Besides, it can be a pain to get rid of using NIS, especially on older networks. So it will probably be around, and will need to be supported, for many many years.

Re:NIS == "Hack me please"

[cduffy]

Kerberos is not at all geared towards one-user-one-box -- it was created for large multiuser computing environments, initially MIT. Certainly not one-box -- heck, you need at least one dedicated, secured, guarded system to run the thing.

It *does* have flaws (I'd prefer it did something similar to AFS's PAG-based authentication, such that tokens are per process group rather than for all instances of a given UID on a box -- and a malicious root can trivially steal tickets for all users who have valid ones on that box), but Kerberos is used effectively in a great many large multiuser environments, and is a vast improvement on most of the other schemes out there.

Re:NIS == "Hack me please"

[Lumpy]

if you have people hacking you on your own internal network you have more problems than kerberos will solve.

NFS is perfectly fin on a protected network, Hell I run Xterminals and serve X sessions... I'm not getting hacked every 6 seconds because I designed the network correctly and have good firewalls.

I understand security, but it must be coupled with common sense.

Re:NIS == "Hack me please"

Log on to a box using NIS, type this:

ypcat passwd > ./passwd

Now run crack, or john or whatever other brute force crackers you feel like using on your passwd file.

Yay DES rules!

Re:NIS == "Hack me please"

[phorm]

ypcat

Ummm... first of all, this requires terminal access.
Set up your local groups/etc right then...
chmod 750 /usr/bin/ypcat
jdoe@mypc:/$ ypcat
bash: /usr/bin/ypcat: Permission denied
Suddenly you need "root" or a valid yp user.

If somebody already has such access, I've got more problems than any that come along with the YP tools or NIS.

Re:NIS == "Hack me please"

[alangmead]

OK, so your users can't run that particular executable. Do they have access to compilers? Can they copy files to the machine? (which they may have compiled elsewhere.) Can they paste uuencoded versions of programs into their terminal emulators and create executables? Do they have access to interpreters like perl or python that they could run a reimplementation of what ypcat does? (ypcat only does unauthenticated connections on high numbered ports.)

Maybe you make steps to prevent all of these things. If so, the permissions on ypcat are only a small portion of what you are doing to create a secure NIS environment.

Re:NIS == "Hack me please"

[phorm]

"No terminal accsess"

Not a complete solution, there are always other exploits... but it helps.

Re:NIS == "Hack me please"

[darcwyrm]

Yes, I agree it will be around for many years because the benefits greatly out weigh the flaw of NIS. Also, the problem is managable. If you enforce halfway strong password requirements and aging, brute force cracks don't work well.

Re:NIS == "Hack me please"

[HuguesT]

Hi,

What I remember (from my MIT days), with kerberos you could only have one user on one machine by default. Sure the whole environment was multiuser but not every machine was a peer as it is with NFS.

Only some servers allowed multiple people to physically or remotely log in but it made a distinction between `workstation' on the one hand where only one person could be at any one time, and it had to be a physical person ; and servers on the other hand. It seemed incredibly wasteful.

Re:NIS == "Hack me please"

[cduffy]

Kerberos versions 4 and 5 (the only ones I've worked with) most certainly don't have that issue -- they quite decisively permits multiple users to be logged onto a single machine at a given time.

I can't speak with regard to older versions.

Re:Format, Install Windows Server 2000 or 2003

its FUNNY cause it BASHES MICRO$OFT .......... hahahahahahahahahahahahahahaha!!!!!

OpenAFS all the way

[fsmunoz]

I had more or less the same basic requirements and I opted for AFS.

My needs were a little more demanding (had to be implemented in GNU/Linux, Solaris, AIX, HP-UX and as an extra Windows 2000) and grocking AFS can be difficult at first but it was the best choice by far. Stable across all the Unices, very secure (this was another requirement) and integrates perfectly with our Kerberos Domain and LDAP accounting info. It provides a unique namespace that can span multiple servers transparently, does replication, automatic backups and read-only copies, client-side cache with callbacks, has a backup (to tape) system that can be used stand-alone or integrated with existing backup structures (Amanda, Legato, TSM) AND was the basis for the DCE filesystem, DFS (as a side note I find it interesting - and sad - that most things people try to emulate this days are present in DCE , and Windows 2000 got many of the "new features" from a technology initially made for Unix :DFS, DCOM, Directory Services, SSO, DCE-RPC, etc.)

AFS is amazing and much more robust than any distributed filesystem I know of; it has shortcomings when servers time out, but apart from that it's really an excellent solution; an example I generally use to give an idea of some of the good features of AFS is a relocation of a home directory to another server. The user doesn't even notice that his home directory was moved to another server *even if he was using it and was writing stuff to disk*; at most all writing calls to his home dir have a small delay (a couple of seconds) even if his/her home dir was 5 Gb worth.

Kerberos integration is an added bonus, if you can you can use this as an excuse to kerberize your systems and form a Kerberos Domain. If you don't want to just stick with the standard AFS KA server.

In my setup I have Windows users accessing their home dirs in AFS using the Kerberos tickets they have from the Windows login and the fact that a cross-realm trust was made between the Unix DOmain and the AD; the can edit all the files they are entitled to with that ticket, and the system is so secure that Transarc used to put the source code in it's public AFS share and added the customers that bought the source to the ACL of the directory that contained it.

With all this features it would be hard not to vivedly recommend OpenAFS as the best solution for a unified, distributed filesystem. Bandwidth utilization is, in my experience, at least half of what NFS uses, which is an added bonus.

cheers,

fsmunoz

Re:OpenAFS all the way

[MilliAtAcme]

I second this "all the way" thought. I've been running OpenAFS for almost 2 years now on Debian GNU/Linux (many Thanks to Sam Hartman, the maintainer) and have never been disappointed. It's been pretty darn solid and, most importantly, has never lost any of my data through various upgrade cycles. It's a bit of a change in thinking, however, for those coming from an NFS background.

There were three big wins for me...

(1) Global file namespace managed server-side and accessible from anywhere... LAN, WAN, whatever. All clients see files in the same location.

Unlike NFS, where you have to "mount" volumes within the file system on each client, the AFS file system is globally the same, living under "/afs", so every client accesses the same information via the same file system path. A notion of "cells" makes this possible... information under a single administrative authority lives in a "cell", e.g., "/afs/athena.mit.edu" is the top-most "mount point" for a well-known cell at MIT. Volumes, in AFS parlence, also aren't tied to any particular server or even location in the name space as far as the clients know. A client doesn't have to know explicitly in it's configuration which server a given bit of information lives on, and that data can be moved around behind the scenes as necessary (increase the volume space, increase the redundancy, taken offline, etc...) All volume mounts are handled server-side. The clients only have to know about the cell database server, and that can be determined via AFSDB records in DNS. (I.e., your AFS "cell" name matches up with your domain name, e.g., /afs/athena.mit.edu matches up with "athena.mit.edu" in DNS.) So almost all management aspects are handled server-side.

(2) Client side implementations.

All my Linux and Windows machines can access the same AFS file space. An OS X client is available too, but I've not needed that to date, but might someday. I thus have all home directory information, as well as a lot of binaries, living in the AFS file space, in one place. And behind the scenes, that info is on multiple AFS servers that have RAID-5 disk arrays and weekly tape backups going on.

(3) The file system "snapshot" feature, for backups.

You can take a snapshot of volume(s) at a particular point in time and roll them onto tape without needing to take them offline. You don't have to worry about inconsistencies in the files. Folks can continue to update files but the backup snapshot doesn't change. Very much the same as the snapshot feature on Netapps. These snapshots, called backup volumes, can even be mounted in the file space so folks can get access to the old view of the volume, e.g., accidentally deleted a critical file and need it back.

And security via Kerberos is nice, especially if you already have an infrastructure. But it's not too hard to setup a single KDC to get started. In the Debian distribution docs for OpenAFS, there's a setup and configuration transcript that makes things relatively easy and clears up a lot of questions.

In summary, OpenAFS is a very good solution here.

Re:OpenAFS all the way

[LynXmaN]

AFS is really a plus when you have to connect multiple platforms, but I find that it have too many features from the big mainframes of the past, and the development right now is stabilised only on doing a "workable" version of it for every platform and not trying to improve it, as far as I have seen.
BTW, IBM have really a problem distributing their AFS sources, it's not really clear and the lack of online forums or mailing list support is really disturbing, I felt kind of alone in the jungle :)

Re:OpenAFS all the way

[fsmunoz]

IBM bought AFS from Transarc and later released the code (GPL IIRC); thus the mailing lists, foruns, etc, are now part of OpenAFS, since OpenAFS is the successor of Transarc's AFS; the code base is the same and the documentation at the openAFS site is verbatim the IBM one (and it's quite complete). In a way you lost the contratual backing of IBM, but what was gained was the development of a community dedicated to improve AFS.

NFS is not a reasonable choice for the problem

[perry]

The guy wants to be able to do things like disconnected operation and file sharing over a WAN. NFS is totally unsuitable for either of those as it provides neither distributed file service (if the server you are getting a file from goes down you lose) or disconnected operation.

NFS is also not a distributed/global file system. It is a pretty primitive way to handle global namespace management compared to stuff like AFS. At best what an automounter lets you do is avoid a few of NFSes problems. Ideally, I'd say this guy should try to see if he can get the U. Michigan disconnected AFS stuff out of Honeyman and company and see if he can port it to OpenAFS.

Re:NFS is not a reasonable choice for the problem

[db74]

Someone at Michigan's already porting it.

Something more than this...

[dargaud]

May I suggest something more than this ? If you have static IPs and you are running linux, why not install OpenMosix ? It's a cluster patch to the kernel, very easy to install and use. Not only does it turn your pile of hardware into one giant SMP system, it also comes with a special filesystem on top of ext3, so that you can see all drives from all nodes. I have it running on 24 processors, but I don't know how well it would perform through the Internet.

It's been featured on slashdot before.

Re:Something more than this...

oMosix is great - however no security at all...
generally considered not suitable for exposing the servers to any external network (unless you like sharing your toys :)
jen

Re:Something more than this...

Ugh,

yes its nice and easy but a huge security risk. If you are root on one Machine in an MOSIX cluster you can modify/erase/read !ALL! files on all Machines that are exporting their filesystem. Maybe I missed something but afaik you dont have a choice from where to export your fs in an mosix cluster. Means you cant restrict it to eg. /export/mosix.

Yeah

[mindstrm]

But nothing the guy asked about requires "distributed". His post really sounds like he means "networked"

Re:Yeah

[mark_lybarger]

What would you use for a distributed file system for Linux?

that's good enough for me.

often a client says they need a web site to maintain database data. you listen very closely to the business need and requirements and then say, "well, there's nothing that requires a web site to maintain the data, in fact it might be more secure to have a standalone applciation to maintain the data."

the client responds, "we need a web site to maintain our data."

OCFS--oracle clustering file system

Oracle published this for free use on Linux a few months ago, I believe. Without a SAN it will only work for two servers though. Still, it is a true dfs unlike NFS, CIFS, or AFS (btw, if all you are looking for is a network file system, AFS rocks).

Check www.oracle.com for info and a good tutorial on OCFS.

Re:OCFS--oracle clustering file system

[Kashif+Shaikh]

I looked into OCFS a while ago -- unfortunately it only works with shared-storage. Therefore it doesn't have to worry about mirroring data and keeping it in sync, as that's the hardware's job.

How about...

[Tafs]

making it really secure?

Or just take your disk around with you.

Re:Mirroring file system - example w/ssh

[draziw]

rsync -e ssh -azu --bwlimit=500 --stats --exclude='/proc' --exclude='/dev' / targetsystem:/targetdir/

-e is how to go - so -e ssh means use ssh
-a (archive mode - see docs)
-z compression - if you have more CPU vs pipe, use it. but if you are on a lan, you probably want to leave it off unless you don't mind the cpu hog (fat pipes will use more cpu time for compression)
-u update only (dont overwrite newer files)
--stats show you what it did when it is done
--exclude leave off paths/files you want to skip
--bwlimit in KBps - from my exp, put half of what you want your max to be.

Ryan

Well

[mindstrm]

I think you should clarify what you mean by "distributed"... becuase that word is going to cause a lot of confusion.

IF you want a few linux boxes to all basically share a lot of files, so you can log into any one, do whatever, only install stuff once... nfs is fine. If it's just on a private network just for you.

NFS is not considered a "distributed" filesystem... but I'm not sure that's what yo want anyway.

Freenet

So if you were to recommend a distributed filesystem for Linux machines, would you choose one of the three filesystems listed here, or something else entirely?

Most of people will probably talk about your ideas and also NFS, SMB etc. but you may also take a look at the The Freenet Project. You can make your own private network, with everything transparently distributed and redundant, with crypto, digital signatures, etc. on a buch of connected PCs.

Re:Freenet

[42forty-two42]

That's not a distributed fs - it's certainly too slow, and files can't be updated. Also, they can vanish without warning. And you don't get any communication between nodes besides its internal protocol, so don't think of tunneling.

Nope, not NFS...yes AFS...

[rmdyer]

We use NFS every day, but just for very special circumstances. If you really understand how NFS works, then you will understand why NFS is just not a viable solution for anything large scale, or small scale for that matter.

NFS is not secure. At most sites, NFS is exported read-only and limited to the domain, or to a given set of machine(s). If you export NFS as read/write then the client had better be secured, or you better use kerberos, and for damn sure better be behind a firewall. NFS has no client side cache, no volume location service, no ACL's, no authentication (unless kerberized), no replication, yata, yata, yata. We've used NFS sparingly for over 15 years because we -know how it works, and know its limitations.

On the other hand, we set an AFS cell for enterprise scale application and data sharing. It currently uses Kerberos V authentication, has volume replication, global namespace, client cache, fault tolerance. User's can setup their own groups, set their own ACL permissions. Did I say quota? AFS has per-user/per-volume quota. Hey, guess what, symbolic links work from any volume to any volume on AFS. And, AFS is just a simple daemon. You crank it up, mount the top of your cell and poof, you are done.

Another positive is the fact that once you setup an AFS cell you automatically become part of a larger community. Any AFS cell can mount the entire file system of another AFS cell within the same tree. I can for example mount many large university and government cells and share files. AFS allows Internet-wide file sharing with full security. On most versions of the client you can even enable encryption on the connection so your files won't be snooped easily.

All of our Solaris, Windows, Linux, and Mac boxes can use the same AFS tree without blinking an eye. We use AFS for many things. Before LDAP was really worth anything, we used AFS for simply exchanging read-only data. It -is- a replcated and global file system! Just put your config files in the tree and you are done.

If you are one of those people who are blinded by "always doing things one way", then I'd suggest you wake up and smell another technology, I did, and I liked what I got in return. Look into OpenAFS, you'll be glad you did.

+10,000 karma points! :)

Re:Nope, not NFS...yes AFS...

[tzanger]

I looked at AFS when I was doing research into this very topic but I could not get anywhere with the documentation. I'm sorry, but openafs.org sucked ass when it came to a simple HOWTO or anything other than "AFS is from IBM, thanks IBM!"

Re:Nope, not NFS...yes AFS...

[LiquidCoooled]

Thats me sold!
I didnt even know I was looking for a DFS until I read that - I'm going to have a play with this and see where it gets me.
I especially like the inter-operability.

if i had mod points I would gladly pass them on :)

Re:Nope, not NFS...yes AFS...

[laugau]

Yu should have read the article. The word that caught my eye was 'home' as in 'I'm doing this at home' as in, I don't have a friggin clue as to how to do this, so tell me. As in, I need a solution that can get my windows, mac and linux box to talk. As in, I am too stupid to make a choice and have no clue how to do it so I am going to do whatever people tell me and whine about how it doesn't work later.

NFS will avoid all of that heartache at home and get the orignal poster up and running.

When they save their friggin allowance long enough, they can but that EMC Symmetrix we've all been eying.

Until then, read the friggin posts with both eyes.

Re:Oop

I've never met you. But I want to hurt you.

NIS!????

[rmdyer]

Oh my god! People still use that antique technology? Just say no! Even Sun long ago gave up on NIS. Poor scaling, poor security. No way man, no how.

Gawd

[The+Bungi]

I have several GNU/Linix machines

I'm vaguely sure this is a brand new affront to RMS, but I just can't put my finger on it.

Linux is fun

Linux is the best. I like it a lot. I think that everyone should use Linux.

UnOfficial

I was told by a very reliable source that Veritas will have a DFS solution for linux before first quarter of 2004. This is very good news.

Re:UnOfficial

[hankaholic]

Is anyone else slightly wary of the fact that someone claiming to know of a "very reliable source" expects us to believe someone posting as AC?

Eh. Maybe it's just me.

samba!

[thinkliberty]

smbmount /home/user/shared_shit /remote_computer/home/shared_shit Wow they now share the same mount point and it works with windows to.

Re:If you Debian numbnuts...

[vandan]

1) Your post doesn't seem relevant to mine at all
2) I AM using Gentoo.
3) WTF?

Only true of big, widely deployed things

[Craig+Ringer]

This is only really true of things that were widely used before being superceded. Something like an _experimental_ distributed FS could be dropped from the kernel because nobody could be stuffed updating it to track changes in 2.5 that had broken the code. Unless you had the skills to fix it and add it yourself, or could afford to pay somebody to do it, you'd be stuffed.

WebDAV

You can use it as a distributed file system. I think you'd need a bit of glue logic to make it look like one, though.

SECURITY

[Craig+Ringer]

... and the gaping wide security hole that is NFS.

"Hello, I'm user ID 500 and I'd like my home directoy ... thanks ... my accounting data now!".

NFS doesn't actually have security anymore, never has since IP-capable machines became physically portable but more importantly since the assumption that every box would have a trusted admin became invalid ... about 15 years ago.

KILL NFS, we need something that doesn't suck.

A potted review of several distributed filesystems

[elronxenu]

Why not stick with NFS for the time being?

I went through the "is coda right for me?" phase, and also "is intermezzo right for me?" and also spent tens of hours researching distributed filesystems and cluster filesystems online ... my conclusion is that the area is still immature, I will let the pot simmer for a few more years (hopefully not many), and use NFS in the meantime.

My situation: desire for scalable and fault-tolerant distributed filesystem for home use with minimal maintenance or balancing effort. Emphasis on scalable, I want to be able to grow the filesystem essentially without limit. I also don't want to spend much time moving data between partitions. And last but not least, the bigger the filesystem grows, the less able I will be to back it up properly. I want redundancy so that if a disk dies the data is mirrored onto another disk, or if a server dies then the clients can continue to access the filesystem through another server.

All that seems to be quite a tall order. I checked out coda, afs, PVCS, sgi's xfs, frangipani, petal, nfs, intermezzo, berkeley's xfs, jfs, Sistina's gfs and some project Microsoft is doing to build a serverless filesystem based on a no-trust paradigm (that's quite unusual for Microsoft!).

Berkeley's xFS (now.cs.berkeley.edu) sounded the most promising but it appears to be a defunct project, as their website has been dead ever since I learned of it, and I expect the team never took it beyond the "research" stage into "let's GPL this and transform it into a robust production environment". Frangipani sounds interesting also, and maybe a little more alive than xFS.

On the other hand coda, afs and intermezzo are all in active development. afs IMHO suffered from kerberitis, i.e. once you start using kerberos it invades everything and it has lots of problems (which I read about on the openAFS list every day). AFS doesn't support live replication (replication is done in a batch sense) either.

CODA doesn't scale and doesn't have expected filesystem functionality: for 80 gigs of server space I would require 3.2 gigs of virtual memory, and there's a limit to the size of a CODA directory (256k) which isn't seen in ordinary filesystems. There's also the full-file-download "feature". CODA is good for serving small filesystems to frequently disconnected clients but it is not good for serving the gigabyte AVIs which I want to share with my family.

Intermezzo is a lot more lightweight than CODA and will scale a lot better, but it's still a mirroring system rather than a network filesystem. I might use that to mirror my remote server where I just want to keep the data replicated and have write access on both the server and the client, but it's again not a solution for my situation.

The best thing about intermezzo is that it sits on top of a regular filesystem, so if you lose intermezzo the data is still safe in the underlying filesystem. CODA creates its own filesystem within files on a regular filesystem, and if you lose CODA then the data is trapped.

Frangipani is based on sharing data blocks, so like NFS it should be suitable for distributing files of arbitrary size. I need to look at it in a lot more detail; this is probably the right way to build a cluster filesystem for the long haul. For the short term, Intermezzo is probably the right way for a lot of people: it copies files from place to place on top of existing filesystems.

What I did in the end:

• new server (Celeron 1.3 GHz, 512 meg RAM)
• 2 x 80 gig IDE disks
• Each IDE drive has 2 partitions (one small, one huge)
• Each partition is RAID-1 mirrored with its partner on the other disk
• The huge RAID partition is defined to Linux LVM (logical volume manager)
• Logical volumes are created within that for root, /home, etc...
• All logical volumes are of type ext3 for recoverability.

The way it works is tha

Samba and permissions

[Craig+Ringer]

Samba DOES support UNIX permissions. Use the "cifs" client module not the "smbfs" one, and enable UNIX extensions on smbd. Its not hard, and works well.

That said, I haven't tried it in real production yet. I do find it scary that a reverse-engineered MS protocol is now an option for UNIX<->UNIX network file access because NFS is so obsolete and crap that anything looks good in comparison.

Linix?

[CaptainSuperBoy]

Um.. Linix? Learn the name of your fucking operating system, to start off with. It's spelled L-U-N-I-X.

Re:Linix?

Please do not confuse Linus' Minix (Linux) with Little Unix (LUnix), a multi-tasking operating system for 6502-based computers, such as the Commodore 64.

Re:Linix?

[jeremiask]

nope. It's called G-N-U / L-U-N-I-X, got it?

cvs? subversion?

Linux Journal (I think) had a story by a guy who was using cvs to sync his home directory between work and home. I think he said he did commits and updates every few days, or when he got tired of things being out of sync. For what he wanted, consistent config files and so on with little hassle, and the ability to intelligently merge differences if necessary, it worked well enough for him.

WebDAV

[g4dget]

Right now, I think the answer is to run NFS: it's by far the easiest to set up and the best in a UNIX environment. AFS, CODA, Intermezzo, and SMB are pretty iffy in comparison.

In the medium term, however, I think WebDAV will become a better option, because it can be served and accessed with standard web servers and clients, in addition to being mappable onto the file system.

The Linux kernel already has WebDAV support (CODA hooks plus some user-mode process), although I'm not sure how well it works.

kernel dependency

[thomasa]

I wish there was one that would work with any
or all Linux kernels. I.e., you would not have
to compile for your particular kernel. E.g.,
version x.y of the so-and-so distributed file system will work with Linux kernel 2.4.23 only is what I see. I'd like to see a distributed file system that would still work after upgrading the kernel on my system.

E.g., create a file/block that you mount as a EXT2 file system and that file/block would really be updated by the distributed file system software.

Re:kernel dependency

You could potentially gain improvements in speed and portability by moving the filesystem drivers to userspace, but the loss of reliability and data integrity would most likely not be worth it.

Re:Format, Install Windows Server tsarkon reports

"ex girlfriend": because you are a fat oreo eating fucking slob that has no money and lives at home. you stupid fat fuck.

Re:If you Debian numbnuts...

YHBT. YHL. HAND.

Symlinks are your friend!

[billstewart]

Yes, there are applications where you want a real, heavy-duty, full-scale Distributed File System. The last time I looked at AFS it had too much Transarc commerciality in the way of using it, but that was a Decade Ago. If the OpenAFS works, it's probably a great choice.

But for a lot of applications, you simply don't need that much, and you've got some way to contain the security risks, and NFS can be enough. It's easy enough to set up, and if all you're *really* trying to do is make sure that everybody sees their home directory as /home/~user, and sees the operating system in the usual places and the couple of important project directories as /projecta and /projectb, NFS with an automounter and a bunch of symlinks for your home directories is really just fine. They hide the fact that users ~aaron through ~azimuth are on boxa and ~beowulf through ~czucky are on boxbc etc. And yes, there are times you really want more than that, and letting your users go log onto the boxes where their disk drives really are to run their big Makes can be critical help. But for a lot of day-to-day applications, it really doesn't matter so much.

NFS also works on BSD which is dying but ...

it will take a while ... sadly so will NFS.

There seems to be no decent replacement for NFS on BSD ... at least linux has all these "research" FS'es

Re:NFS also works on BSD which is dying but ...

[markalanj]

Long Live BSD

Watch for NFSv4 in the future!

[Sri+Ramkrishna]

Watch for the new version of NFSv4. There are already a sample implementation in the linux 2.5 tree. NFSv4 will address most of the problems that NFSv3 and others have. Including plugin security models, namespace, and revamped ACL handling.

It's also WAN friendly, letting several operations be done at the same time with a single directive. (COMPOUND directive) It also allows you to migrate one filesystem to another with no stale filehandles. Basically, it's trying to be an AFS killer.

For more information, take a look at
http://www.nfsv4.org/

Lots of good info including the IETF spec. It's a interesting read.

The spec is not quite complete. Currently, I believe there are discussions with how NFSv4 will work with IPsec.

Cheers,
sri

Re:Watch for NFSv4 in the future!

[ishmalius]

I followed the link, and glanced over the RFC's, but I could not find any explanation of what would make it run more efficiently over the Internet. It still uses RPCs! And TCP is available in the current version of NFS (I use TCP through an SSH tunnel).

What an Internet - capable FS needs, of course, is a way to handle unreliable connections and bad latencies. I don't see that in the RFC's.

I'm sick of stale NFS cookies! They go badly with coffee. ;-)

More distributed filesystems

I've been partial to GPFS (general parallel files system) on AIX, IBM's also got a version for Linux...Probably RH specific. There's also JFS, works alright...a bit more development there would be a plus. GPFS works great on Linux clusters!

Re:More distributed filesystems

[Junta]

I can tell you right now that anything IBM releases is tested on *at least* RH and SuSE, and that GPFS *should* work independent of your distribution, only certain glibc and kernel revisions are strongly suggested.

And, btw, though GPFS is a neat option, it is kind of overkill for most home networks. The two things it really facilitates is sharing the same SCSI attached storage between different physically connected hosts and making separate storage on different hosts appear as one device to any member node. Presumably in a home network you only have the resources for one host with one set of storage. In the situation of a competent administrator, I would say exported a filesystem through nfs and samba provides the ideal configuration, easy to setup, and so long as you firewall it right and have no untrusted people living in your residence, it is secure. If someone breaks into your residence, chances are you have bigger problems than network infiltration at that point. Other options are, again, unnecessarily overkill for a *home* network.

Re:More distributed filesystems

[dlapine]

GPFS? are you nuts? Only an anonymous coward would claim that "GPFS works great on Linux clusters!" Is this Lyle, from the gpfs development team?

GPFS requires:

1) specific OS version
2) specific kernel version
3) 4 300page manuals to setup
4) doesn't shutdown cleanly
5) doesn't bring a computer back into the nodeset easily
6) Did he mention the load of 4 that top & uptime report? (don't even think about running iozone on this puppy
7) how about the two daemons that must be in /etc/inittab so they always respawn?
8) who knows what licensing requirements

GPFS provides:

1) one common mount
2) fs size up to 9 TB
3) failover, if you have a SAN
This is SO not for a home user or small office, it's not funny. Consider running this if you have a cluster in the top 100 of the top500.org list, maybe. We have 2 clusters on the list and GPFS deployed on one of them, so we have personal experience with this.

Use SAMBA if you have windows boxes in the mix, nfs otherwise.

Re:Mirroring file system - example w/ssh

[Earlybird]

To do a true backup, you must copy permissions. To copy permissions, the target system needs to have the same UIDs and GIDs as the source system. This is hard to do on Windows and OS X. Typical tools such as rsync, Unison and rdiff-backup make no effort to solve this problem. Suggestions?

Re:A potted review of several distributed filesyst

PVFS, you fucktard ... there's no PVCS

Samba 3 Virtual File System

Doesn't samba-tng support a true DFS, exporting a virtual file system (combination of shares from multiple systems)?

Anyone using it?

Re:Samba 3 Virtual File System

Samba 3 does not even work for sending winpopup messages...

SHFS

[TimCrider]

http://shfs.sourceforge.net/

This has some potential.

Re:SHFS

[Cyuonut]

This has some potential.

As the web page states:
"To say the truth, it is our work for Operating Systems course at Charles University. It is just hack, but works, at least for me :-)."

Obviously LuFS has still more potential.

CVS

[vlm]

CVS.

It's got powerful replication services, although manually run.

Disconnected operation is no big deal with CVS.

As for distributed file systems, make one system the CVS server. Make sure all your systems "cvs update" by a cron job that runs often. If the main server explodes, your next task is to set up a new server. Set up your DNS so cvs.whatever.com points to your current CVS server, and keep a hot standby ready. Change the DNS to point to the new CVS, CVS commit from any of the slave servers that were doing "cvs update" every 5 minutes, and you're up and running again. Could automate it, if I had enough problems to make it worthwhile.

Re:CVS

Good job. Give him an example of a revision control system when he's looking for a distributed file system.... Perhaps you should research the difference between the two? (here's a small starter: revision history is *not* important to a distributed file system)

gah.

google for nbd

[moogla]

the enhanced network block device...

divvy up the SCSI disk on a fast machine (preferably not your NFS server), and export the partition with this. The server portion of nbd is a user-space daemon.
Then make sure nbd (client portion) is enabled in your netboot kernel, and right before you swapon (but after you use BOOTP and bring up the net) attach your swap device from the server. Then you can swapon /dev/ndb0 or whatever it calls itself.

Magic.

Re:google for nbd

[BJH]

I've already looked at this - the enbd patches were what I was referring to. Unfortunately, even the author doesn't consider them stable for swapping over.

Re:google for nbd

[moogla]

have you tried it?

Re:google for nbd

[BJH]

Nah, not yet - the kernel I have on the client is fairly heavily patched already, and I haven't succeeded in getting enbd to apply properly.

I got round it for the time being by increasing the client's memory, but if I start getting OOM problems, I'll probably try looking at it again.

Perfect timing

After banging my head on the wall and doing a lot of research into various options for creating a single cross platform distributed file system, I stumbled onto OpenAFS. I'm getting ready to set up a test cell on a spare Linux box (the requirement in the documentation to dedicate an entire partition just to AFS initially gave me serious pause, especially for my production server).

In the meantime I'm left with Samba and NFS, and I'm not happy with either. Samba seems to lack a lot of the features that I want. NFS provides most of what I want (I don't want much), but has strange issues. I really want something that can work on Windows, Linux and OS X so that I can have one method across all platforms and eliminate a few services.

Has anybody else experienced connection delays when connecting a Linux box to an NFS share on an OS X machine? I get a mysterious 3 minute delay every single time on every Linux box, and no amount of Googleing seems to yield any answers.

Re:Perfect timing

[hankaholic]

Has anybody else experienced connection delays when connecting a Linux box to an NFS share on an OS X machine? I get a mysterious 3 minute delay every single time on every Linux box, and no amount of Googleing seems to yield any answers.

Make sure the OS X machine isn't trying to do reverse DNS lookups on the Linux box. I've seen many programs (including NFS stuff) delay initial connection considerably because one end or the other wasn't entirely happy with the information available (or unavailable) through DNS.

Re:Perfect timing

Reverse DNS lookups shouldn't be a problem for me in this case. I'm running BIND on the OS X machine that is exporting the share, and reverse lookups happen with no noticable delay (I have reverse lookup entries for all the IP addresses in question). The OS X box points to itself for DNS resolution. Other OS X machines connect to it without any noticable delay at all using NFS, but all my Red Hat 8/9 machines have a delay that varies from 3 to 3.5 minutes (after connecting finally it works fine).

Thanks for the suggestion! I've already gone insane trying to come up with creative ways to search for it on Google, but it would appear that I am the only person to ever encounter it. I've tweaked my mount options about as far as I can with the documentation that I can find. I can sort of live with it if I only have to mount once a day or once a week, but I still hate it. I'm hoping that my eventual move to AFS will stamp it out completely.

Re:Perfect timing

The issue could also have to do with RPC and portmap. My Zaurus does the same thing.

Coda

[ansible]

Hmph, I guess because there is continual talk of re-implementing Coda, the codebase must not be too hot.

Every time I want to switch to a better network file system, I read about problems with corrupted files or mysterious crashes and get scared.

Then I come slinking back to NFS, which hasn't done something like that to me in at least 5 years or more. The only real problems I've had are when so-and-so's V3 implementation doesn't want to talk to this other V3 implementation, or read/write sizes. Been rock-solid when it is actually moving bits.

Of course, now that I think about it, NFS has been rock-solid because the fileservers have been rock-solid. If they crash, then everybody's sorry.

Wish I was using a DFS that supported disconnected operation...

Re:Format, Install Windows Server tsarkon resorts

[AlphaSys]

Hey, stop that! You're only supposed to trollhound me! I'm jealous... my wife won't fsck me anymore.

NFS is probably best for small networks

[HidingMyName]

The consistency semantics of NFS more closely match Unix System semantics, and NFS holds up well with less than say 100 nodes per server. At my grad school we used AFS, while our dept. internally used NFS. I think the fundamental questions you might want to ask are:

• Do I need changes to open files to be visible to other users prior to closing them. If your not sharing a database or some other large file, AFS or its descendents are probably reasonable choice.
• Di I need to handle frequent disconnetion and reconnection (then you probably need Coda or Intermezzo, although Coda is proabably more mature).
• Is my real goal to learn distributed file systems administration or have something that works? NFS setup is quick. Put behind a firewall, much of the risk of packet sniffing is reduced. Some versions of NFS encrypt all traffic, and NIS+ offers some security improvements over vanilla NIS (although NIS is easier to administer).

Re:Mirroring file system - disconnected network

[yellowpunk]

I have a filesystem that I need to keep synced between two servers.

For security reasons, the servers cannot route to each other. Is there an off the shelf system that will do something like rsync in a disconnected mode.

e.g.:
1) On one side generate a filesystem listing with checksums
2) Transfer listing to the other machine (floppy, cd, etc)
3) Use listing and filesystem to generate an archive of files to upload, plus a sync script
4) Transfer these two files to the original machine
5) run the sync script. This will extra the tar, and delete files and folders not existing on the the other server.

What about CXFS?

[haeger]

Granted, this is not something for Your home network, but CXFS looks like a good product. AFAIR the server is SGI only, but there should be clients for almost every OS out there.

Yes, I know, it's not a distributed FS, but since so many people suggested NFS, I thought I'd point at another solution.

.haeger

Reasons why

[photon317]

There's some reasoning behind the lack of big interest in distributed filesystems.

1) Obviously, NFS continues to be a passable solution where you dont really need "distributed" so much as "universally network accessible in a simple way".

2) For things where you truly want "distributed" access from multiple machines that are local to each other, there's a somewhat less complicated solution, which is to use shared storage. The idea is to attach all the machines to a SAN-style network (fiber channel, or hey even firewire these days) and use a sharing-aware filesystem that allows simultaneous access to the storage/filesystem from multiple hosts with sane locking and whatnot. One of the better places to look for this is otn.oracle.com - they've released a cluster-filesystem *and* drivers for firewire shared storage (which is cheaper than fiberchannel) for linux.

Of course, that leaves out the case of a distributed filesystem for machines that can't be on a SAN together for distance or economical reasons. In that case you could of course hack something up using cluster-filesystem type of filesystem and SCSI-over-IP or something like that I guess, or use one of the experimental distributed filesystems you mention... but the market just isn't big enough for this yet to drive much.

Check out Freeshell.org

[spamania]

The Freeshell.org Unix shell/email provider uses a distributed filesystem to provide transparency across their various machines. After a few minutes of searching, I was not able to determine what their method is, but it's worth asking them about it, as Freeshell has over 10,000 users and high traffic.

Re:Oop

I don't think they did.

Linux FailSafe

Why don't you try Linux FailSafe, It's GPL and available on SGI's web site. It can cluster applications as well as filesystems.

Re:Mirroring file system - example w/ssh

[lars_stefan_axelsson]

To do a true backup, you must copy permissions. To copy permissions, the target system needs to have the same UIDs and GIDs as the source system.

Use rsync. Default is to map user and group names at both ends of the connection, unless you specify --numeric-ids. Of course you have to have at least the names right, otherwise there's nothing to work with. And you need rooteness on the receiving end, but that's also to be expected.

I've been using rsync for some time now to manage moving research data between home and school and I'm thoroughly impressed. Great piece of software.

ugidd!

[laa]

I use ugidd which automatically translates between numbers and userid:s, thus solving the problem with users having different numbers on different machines. Again this is not the most secure option around, but in your own secured sandbox it's easy to understand, install and maintain.

7000+ users on CMU's OpenAFS installation

I'm attending Carnegie Mellon University right now. The campus network stores all the user /home's, course webpages, homework submission folders, etc., on OpenAFS servers running some ancient, completely reworked version of Redhat. The servers are rock solid, 99.999% uptime as far as I've seen. I can only recall two one hour incidents the last two years when they went down for a bit. Tells you a bit about how stable OpenAFS is. That, and I've come to admire the usefulness of ACLs. The documentation could be better though.

Maybe the knowledge at this page is transferrable, somewhat, to other people trying to set up OpenAFS. At the least, it gives you an idea of what you'll be needing.

Re:If you Debian numbnuts...

[vandan]

I see why you remain anonymous now

Not For Security

[fjin]

It would be very good to remember that NFS comes from:
Not
For
Security

Re:Not For Security

Since it doesn't require security, it's also fast: Need For Speed.

Distributed Filesystems for Linux?

What about CFS , OceanStore or Ivy for a really distributed file system ? :)

Re:Format, Install Windows Server 2000 or 2003

but at least with windows, i could do this on my own without a)having to install anything new and only abuto 5 minutes of configuration and b)having to ask a few thousand people the best way to do it. point-and-click it may be, but sometimes i just want something done without spending hours (or days) on it.

OpenAFS

OpenAFS is a learning curve, but for a Distributed FS, it rules.

At my office I have deployed OpenAFS + krb5 + LDAP. This allows me to have a network of kernel developers (read - need root access on thier workstations) and have no access to each others files.

I have several sites, so they each sit under thier own name-space. /afs/..com. They all share a top level AFS namespace of course, so every site can see every other sites files.

I have LDAP distibuting UID's and so on around the network, and providing multiple levels of access per person per machine (or groups of machines / people)

I have windows 2000 and XP users authenticating to my KRB5 KDC. They have seamless access to thier AFS space also, using "wake" from rose-hulman.

User's home directories follow them around.
Users must authenticate every 12hrs, but that it. We have full single sign on over the network.

NFS is no use. All users need root.
NFSv4 is no use. Authentication is done at mount time iirc, so if 2 users log onto one server...
Oh, and it in alpha stage, if that.
Coda is experimental.
I know little about intermezzo.
OpenAFS is scalable.
OpenAFS is secure.
OpenAFS is easy to manage for large (huge) sites.
OpenAFS looks after your backups for you.
OpenAFS has user managable groups....!
OpenAFS is just the most amazing FS I have ever used.

OpenAFS needs a way to store its PTS in LDAP along with my other per-user data.
This is the only fault I can find in OpenAFS.

Re:OpenAFS

[OpCode42]

Sorry, I missed the name of the filesystem, could you say it again please? ;)

Take a look at the CHENDO project

The CHENDO project is an attempt to get distributed file systems to work on any platform.

It is a good thing to look at.

AFS has the answers

http://www.openafs.org/

security
scalability
replication of data
reliability
location independence
tools to manage your AFS data

The ability to move live data between
AFS fileservers without breaking service
to users on clients still blows me away.

Granted the AFS administrator has to learn more
than the NFS administrator but it is worth it.

For a small (~5) group of machines,
NFS may suffice but you want a distributed
filesystem that will grow to meet your
future demands across your enterprise
consider OpenAFS.

What I did....

[EmagGeek]

I have one server that is a dual Athlon machine with three 40GB hard disks arranged in a raid-5 array for a total capacity of 80GB.

Then, I bought a bunch of 10/100 Ethernet cards that had EEPROM sockets and used EtherBoot to create a boot image for it. You can also make a boot image on the web here, here, or here .

You'll need a way to program the EEPROM, but there are lots of places to get info about that.

The only directories that are not identical across the virtual machines are /etc, /var, along with the obvious /dev, /boot, /proc, and so on. /usr and /home are the same mount on each "machine."

IBM GPFS

[LynXmaN]

IBM deployed a new distributed filesystem that goes beyond AFS, it's called GPFS and it's part of the xCAT package. You can find it here.

Unfortunately, documentation is really poor at this moment... but I think it could be a really good solution.

SFS (Self-certifying File System)

I would use SFS, the Self-certifying File System.

• "SFS is a secure, global network file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities."

Typical distributed file-systems are notoriously insecure, but SFS is designed with security foremost. This is research-level code, but I'd prefer a buggy program with firm theoretical foundations than a "tested" program built on shaky logic.

• Several of the SFS authors use SFS for their home directories without any problems. SFS has been in use for several years and we have never lost a file. That said, SFS should still be considered alpha software."

Distributing NFS

[Nagilum23]

I have never tried this, I doubt it's possible but maybe I'm too pessimistic.. Have small pool of unix boxes, have each export a portion of the filesystem to one server. Then combine a hand full via softraid(5) to one logical disk (create a huge file on the filesystem and convice softraid it's your disk) and finally link all raid disks together using LVM. This way you have distribution, redundancy and extendibility ;) . You can then re-export the new volume via NFS/AFS or whatever. The drawback is of course that the data flows twice through the ether if you access it from the same clients that provide the storage and the other drawback is that it probably will not work because softraid is too picky what to accept as disk.;)

more efficient use of resources?

[thomas_klopf]

I think it would be great if more effort were put into "user-friendly" distributed file systems and processing so that a lot of wasted resources could be reclaimed at businesses. When I was an administrator at an unnamed company, I thought it was a shame that everyone had a fancy, 2Ghz. machine with a 60 gig drive that was only used for basically surfing the net and reading email. The result was an almost complete waste of machine - about 3 gigs of drive space used, and almost no CPU utilization. So.. why not make all of these machines into collective distributed servers? Obviously, a lot of redundancy would have to be built in - what happens if John accidentally turns off his machine at the end of the day? Anyway, just one possible use for distributed filesystems...

SAMBA is the way to go for a home network

[internet-redstar]

Being confronted with this in my home with my main Linux server, a MacOS X workstation, a single purpose Windows XP download machine (Kazaa Lite), a single purpose Linux mplayer and mp3 box (connected to stereo and TV) and a Linux development machine,... SAMBA is the only valid option.

NFS really can't stand machines being switched on and off, NFS is great in a production environment if setup correctly, but not for home usage.

MacOS X and M$ can handle SAMBA just fine (although MacOS X still can improve with handling filenames wich contain characters such as [ and ] and some other small caveats).

I know it's the M$ protocol, but Linux has the best implementation of it. It works just great!

The 'shares' of shut down machines disappear as soon as you try to access them on other machines. If you don't access them while they were off they stay in place. For ease, you can put a 'mount -a' in the crontab to automagically remount these unmounted filesystems.

It just works. 3 times 'HURRAY' for SAMBA!

Re:SAMBA is the way to go for a home network

It sounds like you wanted a NETWORKED filesystem, not a DISTRIBUTED filesystem.

A distributed filesystem might have a single mount point on all machines, and some built in redundancy so that any one of the three machines could go down all the stuff was there, and the down machine was re-synched on re-connection, kind of like a RAID over a network. Or more fancy things.

Re:SAMBA is the way to go for a home network

[internet-redstar]

You're 100% correct.
SAMBA on MacOS X allows for the cross-exporting of other mounted filesystems by the use of symbolic links.
No RAID-5 redundancy, but mostly quiet useful in a 'home setup' as the one being talked about in the example.
Fact is a RAID-5 like distributed filesystem just isn't there yet, with hundreds of nodes, freenet might just work for the most popular files, but feasability currently just says: NO FURTHER THAN SAMBA.

Of course, I hope it will become better, but a 100Mbit network can not serve the load of a RAID interconnect bus. Choosing for it in a home setup just doesn't seem to be too smart.

Re:If you Debian numbnuts...

That wasn't me. It was some other guy, trying to horn in on my schtick.

NFS doesn't scale.

[Moderation+abuser]

It's definitely the easy option and it's fine for smallish self contained sites, but when you try to run your entire business off it, it gets very expensive.

You end up with a big server or two for redundancy at each site with the associated support costs, your information is not globally addressable or available which means you have to have separate information repositories at the sites further increasing the support requirements and reducing the coherence of your business.

Basically, though not ideal, AFS is the best that's available at the moment.

If you're just a single site or a couple of sites, stick to NFS, AFS is a pain to set up on a small scale, it definitely likes to be a big world spanning architecture.

File system facilities

[BobDowling]

Something that is not being mentioned by the proponents of the various networked file systems is the set of file system facilities provided to the client.

I currently use a GNU/Linux system with home directories provided by NCPFS (Novell Netware) because I have no choice. We've done a fair amount of work but the loss of some semantics really bites. Hard links are used for locking by quite a few apps. Open Office uses shared memory mmap() calls for internal communication via a file in the home directory. These aren't supported either. We have had to do a fair amount of work working around these (and other) short-comings.

I know that NFS provides me with the file system semantics I need for most of what I do. Could the proponents of AFS, SMB, Coda, etc. let us know how close to local file system semantics we get with home directories mounted via their various file systems?

Call me crazy

[haplo21112]

All my machines are connected together in my house with SAMBA. Gives all my machines, UNIX and Windows a common user space file system....

HOWTOs for Linux Solutions and Helping Back

A lot of useful information can be found at The Linux Documentation Project in the list of HOWTOs and Guides.

More specifically you will find a number of links to projects not discussed in the threads I have seen so far, at the Multi Disk HOTWO where you can see how for instance Yoke and RAID can give you a fast reliable networked sharable file system. Someof these are research projects while others have been used for a few years. For even more fun you can stack file systems, like RAID0 with RAID1 where some of the drives are Yoke-connected over the net. Put inhertied fs on top and you have enormous flexibility, speed and reliability. OK so it is more complex but I am sure you can handle that.

And here comes the part I would like to stress: when you come to a conclusion, please contact the relevant HOWTO authors and give them your input. Only by your inputs can the Linux Documenttion Project improve.

You want rdiff for "offline rsync"

[Tv]

You may want to use rdiff, from librsync at sourceforge, for that.

Try SFS

Not sure what you mean by ``distributed''. you should be a little more specific about what you want. However, SFS (self-certifying file system) is a good replacement for NFS, featuring privacy and authentication. Works on Linux, *BSD, MacOS X....

see http://www.fs.net

Re:openmosix is good till one of the nodes reboot!

[Great+Malinko]

MFS is pretty cool but you get a nasty error when you reboot one of the nodes, nasty meaning kernel panic:). At last time I checked it was pretty flakey.

AFS MacOSX for morons

[goatbar]

Okay, I've been so wanting to us AFS since the good old days when I first started using it back at Stanford in the early 90's. But, I've got Solaris (shoot me now), Linux, and MacOSX boxes and limited brain power available. Does anyone have a tutorial for morons that goes through everything I'd need to do to setup AFS ( + kerb/ldap, right?) served off over either Linux or MacOSX? I tried to setup kerberos in 1999, but had a time of it... I know it rocks, but it can get confusing. Pointers anyone? -k (One of these days, I'm going to go to the end of the pier and throw our sun blades in the ocean)

None of the above

[StyXman]

Instead, I would use mine. But is not working yet. It's in a development stage. And as is my thesis, I can't release it yet. But I can tell what it'll do.

Essentially, it'll distribute the files in some machines. But any distributed filesystem does that. What's so good about mine? Well, suppose you have a lab with a NFS server and 28 clients. These 28 clients have, say, 8Gb disks, 2 of which are used to store the local instalation and the remaining 6 are unused. Doing some math, you reallize you have 168 of useless space, more than the space the server has. So, all you need to do is put a distrib fs and make use of it.

Now suppose you're one of the students using thhe lab. You sit front a 'client' and start using your files. But the files are in another machine, so the access is done thru the net. And it feels slow. Ok, all you neeed to do is to guess in what machine the files are located and use that one... or, have a distrib fs that will migrate your files to the local machine as you use them. That's what I'm after.

You can also read a draft (in spanish) here. Please be patient with the site, 'cause the uni has very saturated lines. If you want to contact me about it, use this e-mail address, as the other ones are down.

What troubles me about AFS/OpenAFS...

[Sloppy]

..is that apparently it doesn't use unix-style file permissions. "ACLs are better" you might say, but still, it's different. It sounds like using it would not be transparent -- not just for the admin who has to learn how to set it up but also for users and existing software and scripts, which assume the chmod way of doing things.

I mean, if I use AFS, does that mean from now on, every time I run an install script for some random package that chmods something, I have to realize that the script doesn't really work, and then I have to analyze its intent and then do some ACL thing that accomplishes the same intent? Ugh, I am not interested in things that create more work for humans.

Another annoying-looking thing is that it's really a filesystem, even from the servers' point of view. Unlike sharing/exporting services such as NFS and Samba, which you can run on top of your choice of filesystem (ext3, Reiserfs, xfs, etc), it appears that AFS/OpenAFS combines both the disk and the network topics. That means you don't get the advantages of all the great work the filesystem geeks have been doing in the last few years.

It almost strikes me as inelegant design or something, that a single project concerns itself with both the details of how things are laid out on a disk, and also how to do network-related things such as replication. Somebody made their black box too big for my tastes.

Am I wrong about all this?

You totally left out...

[Karcaw]

Lustre which grew out of the Intermezzo/Coda projects. It was designed from the ground up as a scaleable ditributed filesystem. I would give a single mount point for a set of aggregated storage. In our clustered system it has been show to be able to write greater than 2 GB/s to disk. Lustre may be a little overkill for a home system, but for clusters, it works great.

TNC

[jc42]

Y'know; I'm really disappointed that nobody here has yet mentioned what is probably the granddaddy of distributed unix systems: TNC (The Newcastle Connection). It was publicly announced in SP&E back in '82.

It does something the writer requested that NFS doesn't: It provides a consistent directory tree on all systems. They were the folks who invented the rather elegant "/../" notation for getting out on the Net and accessing another computer's files, after all.

Also, unlike NFS, TNC hasn't ever required centralized security. Their scheme was to have a plugin module that mapped the id info (address, hostname, userid, etc.) into local ids. It was easy enough to just map all outsiders to "nobody/nogroup", thus blocking all access from outside while letting you see out. One of the useful features of this distributed system is that each machine's owner can control outside access independently, without being beholden to the whims of some network administrator

I worked with instances of TNC at several big corporations back in the 80's, and it was fairly slick. You literally had one network-wide tree that looked the same from everywhere. It was a real disappointment to see NFS get adopted as "standard", since one of its major problems all along has been the inability to pass file names around within distributed applications. You just get ENOENT on most of the machines, because the people setting up NFS never consider consistent directory trees to be anything important.

I also worked on one project where we decided to reverse engineer TNC's approach. "How difficult can it be?" It wasn't difficult. It took me about two weeks to get to the point that I could type "make" in a directory whose Makefile used source scattered across a collection of machines, and it worked. This included machines whose clocks weren't synchronized; solving this problem took me a morning, and didn't require any time servers or root permission anywhere.

As I said; I've been disappointed ...

Re:TNC

[divbyzero]

TNC sounds very academically interesting, but I can't find any info on it. It doesn't look like it ever became an RFC, for example. Can you provide any pointers?

Re:TNC

[jc42]

Google for "Newcastle Connection". It turns up "about 544" matches, including the original SP&E paper from back in Dec '82. Make sure you use the quotes, or you'll get 128,000 matches for "Newcastle" and/or "Connection". Nice if you're related to the Altrincham Balshaws, but not of much use if you're looking for distributed computer systems.

There were never any RFCs, of course, because it wasn't any sort of official Internet project. And it ran on networks that used several different protocols, not just IP. All the instances that I saw used IP, though.

It was sorta interesting that outside of UK academia, TNC was mostly seen inside corporations. For instance, it was in use at a number of Motorola sites, and there was a floating TNC system inside Digital as an easy way of linking multi-site projects together. But management never seemed to see it as anything that customers would be interested in. "People seem to want NFS or SMB, not a general-purpose distributed OS."

In academia, I think the usual reaction was "Cool; let's build something like that ourselves. How hard can it be?" So we saw lots of similar developments. Some, like Andrew, got a bit of publicity, though the public reaction seems to have lent support to the idea that customers didn't want any such thing, but preferred to use floppies to copy files around.

As I said, I was one who reverse engineered TNC on one project. Funny thing was, there was another fellow down the hall who did the same thing. We compared notes a lot, and had a friendly competition going. (Hi, Dave, if you're listening!) As with TNC, neither of our packages got any reaction at all from management, who didn't understand why we wasted our time with something so worthless.

AFS?

Isn't AFS the group that sells pizzas in high schools?

AFS

Don't use the enhanced one...

[moogla]

Use the stock nbd... afaik it works fine (I think the issue is that it's not as fast as it could be; that's what enbd is trying to accomplish...)

It won't hurt. Compile it as a module.

I use CXFS at work

[leeet]

I guess this doesn't really apply to "home usage" but I have to manage a lot of machines over a SAN and if you don't want people screwing up your SAN, you better use something like CXFS.
CXFS uses a sort of token technique and allows multiple file accesses. That way, we get the same files on all the machines but w/o the NFS overhead and network congestion. File read/write are done over the fiber channel switch and the "metadata" is done over a private network. This is WAY much faster than NFS over Gigabit Ethernet. One good thing about CXFS is the redundency possibility. You can have failover servers and other neat things.

The only drawback, is that you need an SGI server but then, you can use Windows and Solaris clients. Very stable but probable not for home use :)

That's a networked FS, not a distributed FS

s/Domain/Realm/

There is no such thing as a Kerberos Domain. They're called realms.

Re:Format, Install Windows Server 2000 or 2003

Don't forget the work offline functionality. That's basically what he really wants.

FLAME ON Linix punks.

Re:Format, Install Windows Server 2000 or 2003

[arkane1234]

The last time I did a Redhat install, it took me 45 minutes.

I don't know what decade you live in, but damn...

Re:Mirroring file system - example w/ssh

[Earlybird]

I have been using rsync quite a lot myself. There are a few problems with it, as a backup tool.

The permission thing. Having to map the user and group names is inconvenient. For one, you have to maintain those users and groups.

Change sets. There is no sense of history: I can't go back to a certain date and get a snapshot of the data as it was then. This is absolutely required in certain scenarios. Of course, you could rotate among several different target directories, just like you would rotate tapes, but that wastes disk space that you might not possess.

Interestingly, rdiff-backup solves this problem; rdiff-backup uses librsync for the file transfer and has a simple backup increment system, with rudimentary support for file obsolescence by age (in other words, if you delete a file in the source location, it won't be deleted in the backup until a certain date).

The root issue. It would be much nicer if there was a server component running as root, which permitted specific users to connect and backup files.

Incidentally, rsync seems to not care about file name character encoding, which is a big minus. The port of rsync to Mac OS X will not transfer files containing 8-bit characters (eg., accented characters, Scandinavian letters), barfing with an "operation not permitted"-style I/O error. It seems that the Mac OS X APIs want UTF-8 file names. A simple internal translation should work.

Re:Format, Install Windows Server Hi, Mitch!

How are you today? How does it feel to be sucking off of other people off of society? You are a fucking charity case, loser. You said in a post "I'm serious." HAHAHAHAHA. You better seriously DO SOMETHING, code some shit up, or become an implementation specialist because from what I see from you, PFY, is that you are anecdotal, full of shit and hot air and you are a poster child for the IT loser who has never done anything but put out fires and do other people's bidding. You are a fat gay poor sexless live at home mediocritomaton loser bitch. You: a scrawny, inept, impotent little man-bitch. A good name for you, MITCH. - Man bitch.

Tah tah sweetheart. Nice life you have living vicariously through a screen and keyboard. Make sure you put saran wrap on the keyboard BEFORE you jack off to k1d pr0n.

AFS docs

[Cajal]

OpenAFS does seriously need documentation on their site. There is only one book on AFS admin that I've been able to find, and it's a little dated: Managing AFS by Richard Cambell (1998). Amazon has it.

I also recommend getting this short read on Kerberos.

Re:Mirroring file system - example w/ssh

[lars_stefan_axelsson]

The permission thing. Having to map the user and group names is inconvenient. For one, you have to maintain those users and groups.

Well, as I said you can use numeric id's if that's more convenient. Doing that they may (or may not) make sense no the target system, but there's really no other way to do it besided using a specific backup solution (that maintains its own internal mapping/whatever). A bit much to ask from a file syncronisation program IMHO.

Change sets. There is no sense of history: I can't go back to a certain date and get a snapshot of the data as it was then. This is absolutely required in certain scenarios. Of course, you could rotate among several different target directories, just like you would rotate tapes, but that wastes disk space that you might not possess.

That's supported by rsync, and quite nicely I might add. You can do differential backups, with your last backup being the full backup, and earlier ones being saved. Granted it won't do diffs of the contents of files, but rdiff-backup doesn't do that either, does it?

The root issue. It would be much nicer if there was a server component running as root, which permitted specific users to connect and backup files.

Oh, but there is. You can run an rsync daemon as root on your backup machine. It ever supports authentication. But you lose the 'ssh' capabilities so you'd better run it on an internal trusted network.

Incidentally, rsync seems to not care about file name character encoding, which is a big minus. The port of rsync to Mac OS X will not transfer files containing 8-bit characters (eg., accented characters, Scandinavian letters), barfing with an "operation not permitted"-style I/O error. It seems that the Mac OS X APIs want UTF-8 file names. A simple internal translation should work.

Never came accross that one as I only sync between linux and linux (and I'm Swedish so the odd LATIN-1 char has slipped in from time to time). IMHO, converting filenames as text to and from different binary formats having to consider differing locales and whatnot is fraught with peril, and a gargantuan task. I'm happy with the current "just copy the binary" strategy. And UTF-8 should die BTW... ;-)

Offtopic: rsync and ssh

[odie_q]

Specifying a different username is really simple, just specify it in the address as usual, eg:

rsync -auzessh bgates@rsync.microsoft.com:/usr/src/windows /usr/src/

Also, you can of course pass any options you like to ssh by quoting the command:

rsync -auze 'ssh -p65 -lbgates' rsync.microsoft.com:/usr/src/windows /usr/src/

Re:A potted review of several distributed filesyst

I am suprised that no one has suggested openGFS with iSCSI. This setup looks right and doesn't require any special hardware.
opengfs with iSCSI
iSCSI is a new IETF standard (RFC 3347)
that looks very prommising.