Skip navigation



Installing AFS on Red Hat Linux

The following instructions are for Red Hat Enterprise Linux 4 and 5, but should work on other versions of Red Hat as well. These are generic instructions for any Red Hat system. (See Linux Service page for information on adding other repositories)

  1. Visit from an on campus IP address to determine the latest release of OpenAFS (EG: 1.4.7 at the time this document was written).

    As root, run the following command to import the Stanford package signing GPG pubkey:

        rpm --import 

    For RHEL4: Using the OpenAFS release number (EG 1.4.7) in the place of "X.Y.Z", as root edit your /etc/sysconfig/rhn/sources file and add the following line:

        yum openafs-X.Y.Z$ARCH/RPMS.updates

    To install OpenAFS for single and smp CPUs (along with the latest kernel available), as root run:

        up2date -f openafs openafs-client openafs-krb5 kmod-openafs-smp kmod-openafs

    For RHEL5: Using the OpenAFS release number (EG 1.4.7) in the place of "X.Y.Z", as root create and edit a new file /etc/yum.repos.d/openafs.conf and add the following:

    pre[ [openafs-X.Y.Z] name = OpenAFS X.Y.Z packages baseurl =$basearch/RPMS.updates enabled = 1 protect = 0 gpgkey = gpgcheck = 1 ]

    To install OpenAFS for single and smp CPUs, as root run:

        yum install openafs openafs-client openafs-krb5 kmod-openafs-smp kmod-openafs

    For RHEL4 and RHEL5: To enable openafs-client to start at boot time, execute as root:

        chkconfig --enable openafs-client

    * Note that for Fedora Core systems, you will need to Obtain the packages from the OpenAFS web site. There are RPMs available there for a variety of different versions of Red Hat and Fedora. You need the openafs, openafs-kernel, openafs-krb5, and openafs-client RPMs. (You may need to get openafs-kernel-source and build the modules yourself if you build your own kernel.)

    Install manually downloaded packages using rpm -i in the above order. The packages will create the /afs mount point and install an init script to start the client on boot.

  2. Edit /usr/vice/etc/ThisCell. It should contain: 

    You can replace it with the copy found in /afs/ir/systems/@sys/pubsw/package/Local/config/share/etc/conf/ThisCell on a system that mounts AFS, but the content is just the above single line. If you have an older installation, please check your ThisCell file. Older versions provided a ThisCell which is now incorrect. You should make sure it only has what is listed above.

  3. Edit /usr/vice/etc/CellAlias. It should contain: ir 

    Alternately, you can replace it with the copy found in /afs/ir/systems/@sys/pubsw/package/Local/config/share/etc/conf/CellAlias on a system that mounts AFS, but the content is just the above single line.

  4. Edit /usr/vice/etc/cacheinfo if you want to change the size of the AFS cache. The default in the AFS RPMs (as of December 2004) is 100MB, which is fine for light to moderate AFS usage.

  5. If you are using iptables or a firewall, make sure that it allows UDP packets to ports 7000 through 7010. The AFS protocol uses UDP for communication with the server and the server has to be able to respond to client requests. All of the ports in that range are not used by tools that we use at Stanford, but the above range will avoid any problems.

  6. Restart the openafs-client service to make the changes take effect.

If the installation is successful, AFS should show up in the output of the df command, and you should be able to cd to /afs/ir and see Stanford's AFS cell. If this doesn't work, make sure that the afsd process is running with:

    ps -ef | grep afs

Watch the boot process for any error messages. You can also try restarting the AFS client by hand with:

    /etc/init.d/openafs-client restart

or if openafs-client isn't already running, just:

    /etc/init.d/openafs-client start

and see if it produces any helpful error messages. Note that starting the AFS client again if, according to the above ps command it's already running, can sometimes produce unstable behavior and system crashes. You should only start the AFS client again if it failed to start the first time.

If AFS fails to start or if AFS is not accessible after starting, the most common problems are firewall restrictions preventing your system from contacting the AFS servers, bad configuration in ThisCell, bad characters or bad configuration in cacheinfo, or a mismatch between the kernel for which the AFS client was compiled and the kernel that you're running.

The above instructions only set up AFS, not Kerberos. After installing AFS, you should be able to authenticate to it with:

    klog username

where username is your SUNet ID. This may be sufficient for many users. If you want to be able to authenticate with kinit and obtain Kerberos tickets, or if you want to be able to log on to your system with Kerberos or use AFS for user home directories, you will also want to see the Kerberos installation instructions.

The openafs-krb5 package has the aklog binary which you need to authenticate to kerberos.

Last modified Tuesday, 15-Jul-2008 02:46:10 PM

Stanford University Home Page