[OpenAFS] bos cron jobs and tokens

Marcus Watts mdw@umich.edu
Fri, 13 Apr 2007 02:32:33 -0400

Juha =?UTF-8?B?SsOkeWtrw6Q=?= <juhaj@iki.fi> writes:
> I think you misunderstood me. I wanted to do "bos create -server a -type
> cron -instance b -cmd /afs/path/script", which does not seem possible
> without opening up the ACLs since bos does not seem to forge any tickets

Ah!  You should have said that!  Um, you probably don't want to
do that.  This means you have to mount /afs on that afs server,
which is quite possible, but dangerous.  The danger is that now
you can create recursive service dependencies.

Here's a slightly contrived example: let us suppose you want to
do automatic volume dumps, and you had somewhat limited filespace
outside of your AFS fileserver.  So, you could write a script
that does vos dumps into and out of filespace that happens to be mounted
in AFS.  This *will* work.  vos dump just writes to standard output.
As long as that can keep up, it doesn't really care if that's a local
file, tape, pipe, or a file that happens to be out in AFS.  More
precisely, it will work until the day that you use this script
to dump the volume in which you're storing the dumps.

Another more twisted example: sure, bos can run commands in afs (that
are appropriately permitted.)  So you can then point /usr/afs/bin out
to /afs/.... with the right binaries.  Assuming the cache manager is
running before you start bos, all will be well.  Now, you can move the
volume that contains the binaries that are being served onto the server
that's running this way.  Even this will most probably work.  You can
keep files open on a server and move the underlying volume, and
probably your fileserver has paged in all the appropriate data it needs
from the file already.  Now, just try & restart bosserver on that

More inocent examples include vos moves, bos stop/start, vos release,

Now, it really depends in what's in your script as to whether it will
break.  But in general - if it does anything intrusive to volumes or
servers that contain any files that might be used by the script, you
have the potential for scary behavior.  You need to be particularly
careful about things like PATH, LD_LIBRARY_PATH, etc., -- things that
might find or depend on files out in afs that you didn't anticipate.
You also have to be very careful about later maintenance or changes
letting these problems sneak in.

And, no, there's no way for bos to get tokens before running
programs.  I suppose you could run bos using "k5start".
You'll be sorry if you run ptserver on that machine -- see
"recursive service dependency" above.

				-Marcus Watts