What is AFS?
Fermilab uses a distributed networked file system, the
Andrew File System (AFS),
to share disk space among many computers both at Fermilab and off-site; these
disks are even mounted at CERN and in Asia.
The short description is that AFS works much like NFS but it is optimized under the
assumption that computers may be connected by a slow network: so timeouts are longer
and there is a different optimization of the local caching policy.
- Files in AFS space appear to you as if they were local files on
the computer on which you are working. Their paths start with /afs/fnal.gov.
- Access to files in
AFS space is controlled by Access Control Lists (ACL) that are based on
your kerberos principal. See the discussion below.
- To have your kerberos principal added to an ACL send email
to Rob Kutschke, email@example.com and
Lynn Garren, firstname.lastname@example.org.
- Additional information:
Mu2e AFS Spaces
|| Your home area on GPCF
but not on
|| Obsolete: an old Mu2e code area.
|| Obsolete: an old Mu2e data area. Not backed up!
Normally you should not use the data and code areas mentioned above. Instead you should use
blue-arc disk resources.
Both the home areas and the code areas are backed up nightly. The
reason for the many d* areas is that each is limited to a maximum capacity
of 8 GB ( this value was originally limited by the size of available backup media; it now
In AFS space the usual unix file permissions are ignored. Instead
control is governed by Access Control Lists (ACLS).
The following command will show the list of users and user groups
who are allowed to access the AFS space at the given path:
> fs listacl /afs/fnal.gov/files/code/mu2e/d1
One of the allowed user groups is rhbob:mu2e. To see who is in
> pts members rhbob:mu2e
For additional information follow the links above to the AFS documentation.
To be added to the ACLs that grant access to the Mu2e data and code disks,
send email to email@example.com.
AFS Can be Slow
AFS is tuned to share disk space among nodes that are connected by a
wide area network, not just by a local area network;
that is, it is able to deal with response times
between nodes that are on different continents.
A side effect of this is that sometimes AFS has a slow response, even
if you are accessing disk that is actually on a local network.
Sometimes it can take a few seconds to get the output of an ls command
or to open or close a file. For this reason, afs is not mounted on
Mounting AFS on your Desktop or Laptop
One handy way to get access to Mu2e code and data files is to mount
the Mu2e AFS space on your desktop, laptop or on
a cluster of computers at your home institution.
However, because AFS can be slow, and because disk space is relatively cheap,
it will often make more sense to make a copy of the material in AFS space
on your machine(s).
Still to come:
- Describe how to do this for different platforms: SLF, Mac, Windows.
- Describe how to use a synchronization tool (rsync?) to make sure
your local image stays up to date with afs space.
The Mu2e code and data afs spaces are owned by the user rhbob
(Bob Bernstein) who is the only administrator with full powers.
Access to these disk spaces is controlled via two user groups:
All members of the Mu2e collaboration should be members of this ACL
group. All members of this group have full read/write access, but not
administrator access to the afs space.
This group is the owner of the group rhbob:mu2e. Members of
rhbob:mu2eadm may add or delete users to the group rhbob:mu2e.
The group rhbob:mu2eadm does not have ACL access to any files.
Only rhbob may add and remove users from rhbob:mu2eadm. As of
April 14, 2008, the members of this group are: anorman, kutschke, rhbob,
To Do List
- data/d3 is not visible to rhbob:mu2e. I do not know why.
- code/d1/rhbob is not visible to rhbob:mu2e. I do not know why.
This file last modified Friday, 20-Nov-2015 15:02:49 CST