General

SLAC IT Storage Platform and AFS Migration

Overview
FAQ
Requesting IT Storage Platform group space for existing AFS group space
Related information

Overview

After over a quarter century of use at SLAC, the Andrew File System (AFS) is being retired. AFS is a distributed file system that has been in use at SLAC since the mid 1990’s for a number of purposes including storing scientific data, files storage, home directory storage, as well as serving as the backend to local databases and websites. AFS is being decommissioned and replaced by more modern, secure, and supportable file systems.

AFS is being replaced by two technologies. Scientific data and workloads are being migrated to S3DF on the WEKA file system hosted by TID. Operational Data and workloads, including operational data within the scientific directorates is being transitioned to the SLAC IT Storage Platform that will support NFSv4.

For those people who currently use AFS to store data or manage systems that use AFS for storage, there are a number of things that you need to do.

FAQ

How do I determine if my data belongs on S3DF or the SLAC IT Storage Platform?

Your AFS data belongs in S3DF if you require any scientific computing workloads to access your data. Eg, Slurm batch computing, jupyter notebooks, S3DF kubernetes based services, S3DF web sites or web-based portals/applications, or high performance.

Your AFS data belongs in the IT Storage Platform if your AFS data has no need for high performance access (ie, scientific computing), or if your AFS data has nothing to do with scientific workflows being done in S3DF. When you migrate AFS data to the IT Storage Platform NFSv4, it is not available from any S3DF server or application.

Are there costs associated with requesting or procuring storage space on the IT Storage Platform?

There is no cost associated with using the IT Storage Platform. Sufficient storage has been provisioned for all current AFS data stores (user and group space) plus additional storage for modest future needs.

How do I identify what systems are dependent on AFS?

Knowing if a particular system uses AFS can be determined just by seeing if the /afs directory exists. Knowing if your tools or processes depend on AFS is much more difficult as there can be alternate paths into it.

There can be symbolic links (symlinks) which point to afs space. Eg, /home/username/myfile -> /afs/slac/u/sf/username/myfile. If you have scripts or applications which have symlinks that point to AFS space, then you are using AFS and need to migrate off.

Also, you can use tools like “lsof” to list open files for processes to see if your process/application is using /afs/… space. Eg. “sudo lsof | grep /afs”, or “sudo lsof -p 1234” where 1234 is the process ID of your application.

Is the IT Storage Platform online and available for use?

Yes. The IT Storage Platform is set up and operating on many systems. Contact SLAC IT to have group space created for your group, so then you are able to migrate your AFS group data over to IT Storage Platform group space.

What filesystem is running on the IT Storage Platform?

ZFS over NFSv4 or ZFS over S3

How will access control be managed on the IT Storage Platform?

If the share is available over NFSv4, then NFSv4 supports ACLs designed from AFS ACLs for maximum compatibility. In addition, NFSv4 shares can be locked to specified clients with a strong guarantee of the authenticity of the client requesting access to the data. If the share is available over Amazon Simple Secure Storage (S3), then S3 access grants are used to define access. We recommend using Grouper to manage your own Linux POSIX supplementary groups for more fine-grained access controls. You can request new Grouper Linux POSIX groups from unix-admin, and the memberships of the groups can be delegated to you or your team members.

Will the data be backed up?

Data on the IT Storage Platform will be backed up to Amazon S3. In addition, the internal storage filesystem ZFS offers snapshots, and information will be provided on how to self-restore snapshots of your data.

Which systems are the IT Storage Platform available?

The IT Storage Platform will be available on SLAC IT ssh login bastion hosts:

For example: jump.slac.stanford.edu, rocky9.slac.stanford.edu
SLAC IT NoMachine and FastX home directories

What is the path to migrating web servers currently on AFS?

Web server administrators and website owners have three options:

Migrate the site to the official SLAC web server platform for public content: a hosted Drupal instance (known as “Pantheon”)
1. To request your Drupal website, go to this page: https://drupalguide.slac.stanford.edu/get-started/how-do-i-request-new-site
Migrate the content to a new web server that uses TrueNAS storage as a backend and ensure that the web server is fully documented with ownership in the SLAC CMDB and complies with all SLAC policies and standards for web servers.
1. To request a web server oin the IT Storage Platform, submit a Request form, including the following information:
  1. Owner
  2. Justification for public content
Decommission the website

Note: Security requirements are outlined in the Web Server Security Standards for Public SLAC Websites KB article.

How are home directories managed on the IT Storage Platform to replace AFS Home directories? i.e. Will non-science Linux users get a home directory on the it Storage Platform?

All users will have a NFSv4 network home directory built automatically when they login to a Linux server configured to use the IT Storage Platform. Data in your AFS home directory will not be migrated for you. You can use a variety of tools to migrate your data, such as rsync, scp, or even just a cp from one of the hosts that has both the IT Storage Platform and AFS file systems mounted and available for this purpose (eg, the centos7.slac.stanford.edu cluster). rsync may be the best method since it can be run multiple times and only changes/diffs are copied on subsequent rsyncs.