welcome: please sign in

Diff for "RunningUnattendedCommandsWithoutRunInPagsh"

Differences between revisions 5 and 6
Revision 5 as of 2008-05-22 17:02:32
Size: 2036
Editor: netblock-68-183-198-231
Comment: add {{{}}} (thanks to whoever changed "_" to ".")
Revision 6 as of 2008-05-22 17:04:37
Size: 2055
Editor: 68
Comment: list more ways of backgrounding processes
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
This command will run your task ''in the foreground'', but with all the proper token magic you need. Now all you need to do is apply the normal techniques (crontab, etc) to run the command above in the background. However, token management and backgrounding are separate issues; this page only deals with token management. This command will run your task ''in the foreground'', but with all the proper token magic you need. Now all you need to do is apply the normal techniques (crontab, at, nohup, screen, etc) to run the command above in the background. However, token management and backgrounding are separate issues; this page only deals with token management.

The run-in-pagsh script was written with the best intentions, but it tries to do many, many things (process backgrounding, pidfile management, etc), all in one script, and all in a black box. Moreover, it is currently not supported by its author. Lastly, its name does not actually describe what it does (you're already in a pagsh when you ssh in to mire!)

If run-in-pagsh works for you, great. If you encounter problems, please first try running your daemon using "explicit" methods described below before filing a bug against AFS. This is to ensure that the problem you've run into is actually a problem with AFS and not a problem with run-in-pagsh.

Explicit Token Management

This is really simple. You have two userids: your normal userid (we'll call this "fred") and your "daemon" userid (we'll call this "fred.daemon"). The first userid is "high security"; if one of our shellservers is broken into, it's unlikely that this account would be compromised. The second userid is "low security": if there is a security breach on any of our machines, then all daemon accounts are instantly compromised. It is extremely important to understand this before you take the steps outlined below.

First, you must grant your "daemon" userid permissions on any files that the background task needs. For example,

  fsr sa ~/my_daemon_workspace/ fred.daemon all

Second, you need to start your daemon process via k5start. Use the following command:

  k5start -qtUf /etc/keytabs/user.daemon/fred -- XXX YYY ZZZ

Where XXX YYY ZZZ is the command you want to run in the background.

This command will run your task in the foreground, but with all the proper token magic you need. Now all you need to do is apply the normal techniques (crontab, at, nohup, screen, etc) to run the command above in the background. However, token management and backgrounding are separate issues; this page only deals with token management.

That's it! Simple, huh?

RunningUnattendedCommandsWithoutRunInPagsh (last edited 2014-04-29 05:40:01 by c-50-148-186-167)