[linux-2.6-block.git] / Documentation / filesystems / afs.txt

			     ====================
			     kAFS: AFS FILESYSTEM
			     ====================

Contents:

 - Overview.
 - Usage.
 - Mountpoints.
 - Proc filesystem.
 - The cell database.
 - Security.
 - Examples.


========
OVERVIEW
========

This filesystem provides a fairly simple secure AFS filesystem driver. It is
under development and does not yet provide the full feature set.  The features
it does support include:

 (*) Security (currently only AFS kaserver and KerberosIV tickets).

 (*) File reading and writing.

 (*) Automounting.

 (*) Local caching (via fscache).

It does not yet support the following AFS features:

 (*) pioctl() system call.


===========
COMPILATION
===========

The filesystem should be enabled by turning on the kernel configuration
options:

	CONFIG_AF_RXRPC		- The RxRPC protocol transport
	CONFIG_RXKAD		- The RxRPC Kerberos security handler
	CONFIG_AFS		- The AFS filesystem

Additionally, the following can be turned on to aid debugging:

	CONFIG_AF_RXRPC_DEBUG	- Permit AF_RXRPC debugging to be enabled
	CONFIG_AFS_DEBUG	- Permit AFS debugging to be enabled

They permit the debugging messages to be turned on dynamically by manipulating
the masks in the following files:

	/sys/module/af_rxrpc/parameters/debug
	/sys/module/kafs/parameters/debug


=====
USAGE
=====

When inserting the driver modules the root cell must be specified along with a
list of volume location server IP addresses:

	modprobe rxrpc
	modprobe kafs rootcell=cambridge.redhat.com:172.16.18.73:172.16.18.91

The first module is the AF_RXRPC network protocol driver.  This provides the
RxRPC remote operation protocol and may also be accessed from userspace.  See:

	Documentation/networking/rxrpc.txt

The second module is the kerberos RxRPC security driver, and the third module
is the actual filesystem driver for the AFS filesystem.

Once the module has been loaded, more modules can be added by the following
procedure:

	echo add grand.central.org 18.9.48.14:128.2.203.61:130.237.48.87 >/proc/fs/afs/cells

Where the parameters to the "add" command are the name of a cell and a list of
volume location servers within that cell, with the latter separated by colons.

Filesystems can be mounted anywhere by commands similar to the following:

	mount -t afs "%cambridge.redhat.com:root.afs." /afs
	mount -t afs "#cambridge.redhat.com:root.cell." /afs/cambridge
	mount -t afs "#root.afs." /afs
	mount -t afs "#root.cell." /afs/cambridge

Where the initial character is either a hash or a percent symbol depending on
whether you definitely want a R/W volume (hash) or whether you'd prefer a R/O
volume, but are willing to use a R/W volume instead (percent).

The name of the volume can be suffixes with ".backup" or ".readonly" to
specify connection to only volumes of those types.

The name of the cell is optional, and if not given during a mount, then the
named volume will be looked up in the cell specified during modprobe.

Additional cells can be added through /proc (see later section).


===========
MOUNTPOINTS
===========

AFS has a concept of mountpoints. In AFS terms, these are specially formatted
symbolic links (of the same form as the "device name" passed to mount).  kAFS
presents these to the user as directories that have a follow-link capability
(ie: symbolic link semantics).  If anyone attempts to access them, they will
automatically cause the target volume to be mounted (if possible) on that site.

Automatically mounted filesystems will be automatically unmounted approximately
twenty minutes after they were last used.  Alternatively they can be unmounted
directly with the umount() system call.

Manually unmounting an AFS volume will cause any idle submounts upon it to be
culled first.  If all are culled, then the requested volume will also be
unmounted, otherwise error EBUSY will be returned.

This can be used by the administrator to attempt to unmount the whole AFS tree
mounted on /afs in one go by doing:

	umount /afs


===============
PROC FILESYSTEM
===============

The AFS modules creates a "/proc/fs/afs/" directory and populates it:

  (*) A "cells" file that lists cells currently known to the afs module and
      their usage counts:

	[root@andromeda ~]# cat /proc/fs/afs/cells
	USE NAME
	  3 cambridge.redhat.com

  (*) A directory per cell that contains files that list volume location
      servers, volumes, and active servers known within that cell.

	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/servers
	USE ADDR            STATE
	  4 172.16.18.91        0
	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/vlservers
	ADDRESS
	172.16.18.91
	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/volumes
	USE STT VLID[0]  VLID[1]  VLID[2]  NAME
	  1 Val 20000000 20000001 20000002 root.afs


=================
THE CELL DATABASE
=================

The filesystem maintains an internal database of all the cells it knows and the
IP addresses of the volume location servers for those cells.  The cell to which
the system belongs is added to the database when modprobe is performed by the
"rootcell=" argument or, if compiled in, using a "kafs.rootcell=" argument on
the kernel command line.

Further cells can be added by commands similar to the following:

	echo add CELLNAME VLADDR[:VLADDR][:VLADDR]... >/proc/fs/afs/cells
	echo add grand.central.org 18.9.48.14:128.2.203.61:130.237.48.87 >/proc/fs/afs/cells

No other cell database operations are available at this time.


========
SECURITY
========

Secure operations are initiated by acquiring a key using the klog program.  A
very primitive klog program is available at:

	http://people.redhat.com/~dhowells/rxrpc/klog.c

This should be compiled by:

	make klog LDLIBS="-lcrypto -lcrypt -lkrb4 -lkeyutils"

And then run as:

	./klog

Assuming it's successful, this adds a key of type RxRPC, named for the service
and cell, eg: "afs@<cellname>".  This can be viewed with the keyctl program or
by cat'ing /proc/keys:

	[root@andromeda ~]# keyctl show
	Session Keyring
	       -3 --alswrv      0     0  keyring: _ses.3268
		2 --alswrv      0     0   \_ keyring: _uid.0
	111416553 --als--v      0     0   \_ rxrpc: afs@CAMBRIDGE.REDHAT.COM

Currently the username, realm, password and proposed ticket lifetime are
compiled in to the program.

It is not required to acquire a key before using AFS facilities, but if one is
not acquired then all operations will be governed by the anonymous user parts
of the ACLs.

If a key is acquired, then all AFS operations, including mounts and automounts,
made by a possessor of that key will be secured with that key.

If a file is opened with a particular key and then the file descriptor is
passed to a process that doesn't have that key (perhaps over an AF_UNIX
socket), then the operations on the file will be made with key that was used to
open the file.
Commit	Line	Data
0795e7c0	1	====================
1da177e4 LT	2	kAFS: AFS FILESYSTEM
	3	====================
	4
0795e7c0 DH	5	Contents:
	6
	7	- Overview.
	8	- Usage.
	9	- Mountpoints.
	10	- Proc filesystem.
	11	- The cell database.
	12	- Security.
	13	- Examples.
	14
	15
	16	========
	17	OVERVIEW
	18	========
1da177e4	19
0795e7c0 DH	20	This filesystem provides a fairly simple secure AFS filesystem driver. It is
	21	under development and does not yet provide the full feature set. The features
	22	it does support include:
1da177e4	23
0795e7c0	24	(*) Security (currently only AFS kaserver and KerberosIV tickets).
1da177e4	25
0dc9aa84	26	(*) File reading and writing.
1da177e4	27
0795e7c0 DH	28	(*) Automounting.
0795e7c0 DH	29
0dc9aa84	30	(*) Local caching (via fscache).
0795e7c0	31
0dc9aa84	32	It does not yet support the following AFS features:
0795e7c0 DH	33
	34	(*) pioctl() system call.
	35
	36
	37	===========
	38	COMPILATION
	39	===========
	40
	41	The filesystem should be enabled by turning on the kernel configuration
	42	options:
	43
	44	CONFIG_AF_RXRPC - The RxRPC protocol transport
	45	CONFIG_RXKAD - The RxRPC Kerberos security handler
	46	CONFIG_AFS - The AFS filesystem
	47
	48	Additionally, the following can be turned on to aid debugging:
	49
	50	CONFIG_AF_RXRPC_DEBUG - Permit AF_RXRPC debugging to be enabled
	51	CONFIG_AFS_DEBUG - Permit AFS debugging to be enabled
	52
	53	They permit the debugging messages to be turned on dynamically by manipulating
	54	the masks in the following files:
	55
	56	/sys/module/af_rxrpc/parameters/debug
0dc9aa84	57	/sys/module/kafs/parameters/debug
0795e7c0 DH	58
	59
	60	=====
1da177e4 LT	61	USAGE
	62	=====
	63
	64	When inserting the driver modules the root cell must be specified along with a
	65	list of volume location server IP addresses:
	66
88c4845d	67	modprobe rxrpc
0dc9aa84	68	modprobe kafs rootcell=cambridge.redhat.com:172.16.18.73:172.16.18.91
1da177e4	69
0795e7c0 DH	70	The first module is the AF_RXRPC network protocol driver. This provides the
	71	RxRPC remote operation protocol and may also be accessed from userspace. See:
	72
	73	Documentation/networking/rxrpc.txt
	74
	75	The second module is the kerberos RxRPC security driver, and the third module
	76	is the actual filesystem driver for the AFS filesystem.
1da177e4 LT	77
	78	Once the module has been loaded, more modules can be added by the following
	79	procedure:
	80
0dc9aa84	81	echo add grand.central.org 18.9.48.14:128.2.203.61:130.237.48.87 >/proc/fs/afs/cells
1da177e4 LT	82
1da177e4 LT	83	Where the parameters to the "add" command are the name of a cell and a list of
0795e7c0	84	volume location servers within that cell, with the latter separated by colons.
1da177e4 LT	85
	86	Filesystems can be mounted anywhere by commands similar to the following:
	87
	88	mount -t afs "%cambridge.redhat.com:root.afs." /afs
	89	mount -t afs "#cambridge.redhat.com:root.cell." /afs/cambridge
	90	mount -t afs "#root.afs." /afs
	91	mount -t afs "#root.cell." /afs/cambridge
	92
1da177e4 LT	93	Where the initial character is either a hash or a percent symbol depending on
	94	whether you definitely want a R/W volume (hash) or whether you'd prefer a R/O
	95	volume, but are willing to use a R/W volume instead (percent).
	96
	97	The name of the volume can be suffixes with ".backup" or ".readonly" to
	98	specify connection to only volumes of those types.
	99
	100	The name of the cell is optional, and if not given during a mount, then the
0dc9aa84	101	named volume will be looked up in the cell specified during modprobe.
1da177e4 LT	102
	103	Additional cells can be added through /proc (see later section).
	104
	105
0795e7c0	106	===========
1da177e4 LT	107	MOUNTPOINTS
	108	===========
	109
0795e7c0 DH	110	AFS has a concept of mountpoints. In AFS terms, these are specially formatted
	111	symbolic links (of the same form as the "device name" passed to mount). kAFS
	112	presents these to the user as directories that have a follow-link capability
	113	(ie: symbolic link semantics). If anyone attempts to access them, they will
	114	automatically cause the target volume to be mounted (if possible) on that site.
1da177e4	115
0795e7c0 DH	116	Automatically mounted filesystems will be automatically unmounted approximately
	117	twenty minutes after they were last used. Alternatively they can be unmounted
	118	directly with the umount() system call.
1da177e4	119
0795e7c0 DH	120	Manually unmounting an AFS volume will cause any idle submounts upon it to be
	121	culled first. If all are culled, then the requested volume will also be
	122	unmounted, otherwise error EBUSY will be returned.
1da177e4	123
0795e7c0 DH	124	This can be used by the administrator to attempt to unmount the whole AFS tree
0795e7c0 DH	125	mounted on /afs in one go by doing:
1da177e4	126
0795e7c0	127	umount /afs
1da177e4 LT	128
1da177e4 LT	129
0795e7c0	130	===============
1da177e4 LT	131	PROC FILESYSTEM
	132	===============
	133
1da177e4 LT	134	The AFS modules creates a "/proc/fs/afs/" directory and populates it:
1da177e4 LT	135
0795e7c0 DH	136	(*) A "cells" file that lists cells currently known to the afs module and
	137	their usage counts:
	138
	139	[root@andromeda ~]# cat /proc/fs/afs/cells
	140	USE NAME
	141	3 cambridge.redhat.com
1da177e4 LT	142
	143	(*) A directory per cell that contains files that list volume location
	144	servers, volumes, and active servers known within that cell.
	145
0795e7c0 DH	146	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/servers
	147	USE ADDR STATE
	148	4 172.16.18.91 0
	149	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/vlservers
	150	ADDRESS
	151	172.16.18.91
	152	[root@andromeda ~]# cat /proc/fs/afs/cambridge.redhat.com/volumes
	153	USE STT VLID[0] VLID[1] VLID[2] NAME
	154	1 Val 20000000 20000001 20000002 root.afs
1da177e4	155
0795e7c0 DH	156
0795e7c0 DH	157	=================
1da177e4 LT	158	THE CELL DATABASE
	159	=================
	160
0795e7c0 DH	161	The filesystem maintains an internal database of all the cells it knows and the
0795e7c0 DH	162	IP addresses of the volume location servers for those cells. The cell to which
0dc9aa84	163	the system belongs is added to the database when modprobe is performed by the
0795e7c0 DH	164	"rootcell=" argument or, if compiled in, using a "kafs.rootcell=" argument on
0795e7c0 DH	165	the kernel command line.
1da177e4 LT	166
	167	Further cells can be added by commands similar to the following:
	168
	169	echo add CELLNAME VLADDR[:VLADDR][:VLADDR]... >/proc/fs/afs/cells
0dc9aa84	170	echo add grand.central.org 18.9.48.14:128.2.203.61:130.237.48.87 >/proc/fs/afs/cells
1da177e4 LT	171
	172	No other cell database operations are available at this time.
	173
	174
0795e7c0 DH	175	========
	176	SECURITY
	177	========
	178
	179	Secure operations are initiated by acquiring a key using the klog program. A
	180	very primitive klog program is available at:
	181
	182	http://people.redhat.com/~dhowells/rxrpc/klog.c
	183
	184	This should be compiled by:
	185
	186	make klog LDLIBS="-lcrypto -lcrypt -lkrb4 -lkeyutils"
	187
	188	And then run as:
	189
	190	./klog
	191
	192	Assuming it's successful, this adds a key of type RxRPC, named for the service
	193	and cell, eg: "afs@<cellname>". This can be viewed with the keyctl program or
	194	by cat'ing /proc/keys:
	195
	196	[root@andromeda ~]# keyctl show
	197	Session Keyring
	198	-3 --alswrv 0 0 keyring: _ses.3268
	199	2 --alswrv 0 0 \_ keyring: _uid.0
	200	111416553 --als--v 0 0 \_ rxrpc: afs@CAMBRIDGE.REDHAT.COM
	201
	202	Currently the username, realm, password and proposed ticket lifetime are
	203	compiled in to the program.
	204
	205	It is not required to acquire a key before using AFS facilities, but if one is
	206	not acquired then all operations will be governed by the anonymous user parts
	207	of the ACLs.
	208
	209	If a key is acquired, then all AFS operations, including mounts and automounts,
	210	made by a possessor of that key will be secured with that key.
	211
	212	If a file is opened with a particular key and then the file descriptor is
	213	passed to a process that doesn't have that key (perhaps over an AF_UNIX
	214	socket), then the operations on the file will be made with key that was used to
	215	open the file.