[OpenAFS] Cron, script and keytab on Ubuntu x86

Douglas E. Engert deengert@anl.gov
Thu, 15 Feb 2007 09:34:31 -0600


Jacob Volstrup wrote:
> Hi list,
> 
> For quite some time I have tried to debug a script running from a
> cronjob but I just cannot find my error.
> 
> * The short version *
> I have a keytab which is used from my cronscript. The script is executed
> every 5 minutes and has a local non-AFS lockfile to prevent multiple
> scripts working on data at the same time.
> For convenience we call the running script R and the starting/checking
> script S. The S script exits if the lockfile exists, if not it
> initializes the AFS credentials with kinit and the keytab file and
> becomes R. When S exits R will loose its AFS credentials, which is the
> part I just do not understand as I would expect that the different
> executions of the cronjob have their own running environment.


Ubuntu has a /etc/pam.d/cron file. It calls common-account and
common-session. Do you have any pam routines that could be deleting
the token? It sounds like your job is not run in its own PAG
so it using a shared PAG for the user the job is running under.
Some debug options on the pam routines might show something.

Add some klist and tokens commands to you script might also help.

> 
> 
> * The longer version *
> I use a local script for initialising the AFS credentials and further
> execute a script which resides on AFS:
> 
> #!/usr/bin/perl -w
> #
> # cronscript-initialize.pl
> 
> $lockfile = "/home/cdvwww/tmp/cronscript.lck";
> $execute_script = "/afs/s-et.aau.dk/scripts/cronscript-execute.pl";
> $keytab = "/home/cdvwww/keytab-cdvwww";
> 
> createLockfile($lockfile, 36);
> 
> initAFS();
> 
> system($execute_script);
> 
> sub initAFS {
>     $res_kinit = system("kinit", "-k", "-t", $keytab, "cdvwww");
>     if ($res_kinit == 0) {
>         $res_aklog = system("aklog");
>         if ($res_aklog != 0) {
>             die("Could not establish credentials (error in aklog)\n");
>         }
>     } else {
>         die("Could not establish credentials (error in kinit)\n");
>     }
> }
> 
> # Creates lockfile if it does not exist already
> sub createLockfile {
>     (local $lockfile, local $number) = @_;
> 
>     if (-e $lockfile) {
>         open (FILE, $lockfile);
>         $counter=<FILE>;
>         close(FILE);
>         writeCounter($lockfile, ($counter + 1));
>         if ($counter < $number) {
>             exit;
>         } else {
>             if ($counter % $number == 0) {
>                 die "Lock file " . $lockfile . " exists\n";
>             } else {
>                 exit;
>             }
>         }
>     } else {
>         writeCounter($lockfile, 0);
>         if (!(-e $lockfile)) {
>             die "Could not create lockfile $lockfile! Aborting.";
>         }
>     }
> }
> 
> sub writeCounter {
>     (local $filename, local $counter) = @_;
>     open (WRITE,">$filename");
>     print WRITE "$counter";
>     close(WRITE);
> }
> 
> # EOF
> 
> The rest is like explained in the short version. I am pretty sure that
> the error resides inside my script but I cannot figure out where it is.
> 
> The running system is an AMD-K6 300MHz with Ubuntu 6.06 256MB of ram.
> 
> 
> Any help will be appreciated.
> 
> 
> Sincerely, Jacob Volstrup
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444