[OpenAFS] batch/cron jobs writing to afs file systems

Andrew Pickford andrew.pickford@glasgow.ac.uk
Tue, 24 Apr 2012 11:21:33 +0100

On 20/04/2012 16:39, Harald Barth wrote:
>> I'm looking for any help and/or advice or better yet an example of a
>> working batch/cron system for writing to an afs file system.
> I think the credentials should be long enough for worst job wall time
> length at job submission time. So the credentials should be "stuffed
> away" during qsub and then when the job is started the job start part
> should forward the credentials into all batch nodes. That's how our
> old and modified (hackish) easy does it. But it is old and modified
> and should be replaced.
>> I did come across a project called AUKS
>> (http://auks.sourceforge.net/) which looks like it could do the job,
>> but it's not clear to me how to actually use it.
> See
> http://workshop.openafs.org/afsbpw10/wed_3_2.html

Thanks, that makes things clearer.

> What I don't like with auksd is actually on slide 14
>>>   Single addressless credential per user
>>>     Stored in Auks Memory Cache
>>>     Provided to requesters without KDC interaction
>>>     Forwarding to thousands of peers without KDC interaction
> I think I want KDC interaction when forwarding tickets and issuing service tickets.

Am I right in thinking that for a batch system each node would need to 
contact the auks server when a job started and request a kerberos TGT 
for the account the job was running under? i.e. the auks server would 
have to trust the requests it was getting from these nodes?


>> For info we use a mixture of scientific linux 5 and 6 machines in
>> the group and use torque/maui for controlling the batch system. The
>> afs servers are all running openafs 1.6.0 on scientific linux 6.2
>> boxes.
> I have looked at torque. Both at the gssapi branch and the cgroups
> branch. I was not happy with what I saw. So I will continue to look at
> slurm instead. Unfortunately other things pop up all the time, so I
> can't say how much time I can spend on this. We mostly run Centos 5
> and some 6 (yet another Redhat recompile like SC, but without the cool
> "scientific" in its name).
> Harald.


Andrew Pickford                    Email: andrew.pickford@glasgow.ac.uk
Rm 473, Kelvin Building            Telephone: +44 141 330 4197
Dept of Physics and Astronomy      Fax: +44 141 330 5881
University of Glasgow              ppewww.physics.gla.ac.uk/~pickford/