AFS
From FarmShare
(→commands) |
|||
| Line 37: | Line 37: | ||
To display the issuer's tokens: | To display the issuer's tokens: | ||
<pre style="margin-left: 40px;">tokens</pre> | <pre style="margin-left: 40px;">tokens</pre> | ||
| - | Then you can just submit jobs to the resource manager, and the jobs will be able to read/write to/from your AFS directories. | + | Then you can just submit jobs to the resource manager, and the jobs will be able to read/write to/from your AFS directories, assuming your kerberos ticket is renewable and forwardable. |
To submit a batch job to Grid Engine: | To submit a batch job to Grid Engine: | ||
<pre style="margin-left: 40px;">echo "sleep 3600" | qsub</pre> | <pre style="margin-left: 40px;">echo "sleep 3600" | qsub</pre> | ||
A simple, complete example: | A simple, complete example: | ||
| - | <pre style="margin-left: 40px;">ssh corn | + | <pre style="margin-left: 40px;">ssh corn |
kinit | kinit | ||
aklog | aklog | ||
| Line 48: | Line 48: | ||
Use "klist -f" and "tokens" for any troubleshooting. | Use "klist -f" and "tokens" for any troubleshooting. | ||
| - | |||
==keeping your tokens for more than 24hrs== | ==keeping your tokens for more than 24hrs== | ||
Revision as of 14:53, 22 January 2012
Contents |
Links
- https://itservices.stanford.edu/service/afs/intro
- https://itservices.stanford.edu/service/kerberos/user_guide/how
- http://fnal.gov/docs/strongauth/user.html
automated status
You may want to add something like these lines to your .login (or the equivalent for your preferred shell)
echo " === === === Your Kerberos ticket and AFS token status: === === ===" klist -5 -f | grep -2 krbtgt | grep Flags | xargs echo 'Kerberos:' tokens | grep AFS | xargs -0 echo 'AFS: '
You'll get output like this is you don't have the right ticket/token:
=== === === Your Kerberos ticket and AFS token status: === === === klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_45787_8xDfEP) Kerberos: AFS:
You'll get output like this if you do have the right credentials:
=== === === Your Kerberos ticket and AFS token status: === === === Kerberos: renew until 01/27/12 15:11:17, Flags: FRIA AFS: User's (AFS ID 45787) tokens for afs@ir.stanford.edu [Expires Jan 21 16:11]
commands
To obtain and cache Kerberos ticket-granting ticket:
kinit
To list cached Kerberos tickets:
klist
Next, you'll want to ensure you have a valid AFS token.
To obtain tokens for authentication to AFS:
aklog
To display the issuer's tokens:
tokens
Then you can just submit jobs to the resource manager, and the jobs will be able to read/write to/from your AFS directories, assuming your kerberos ticket is renewable and forwardable.
To submit a batch job to Grid Engine:
echo "sleep 3600" | qsub
A simple, complete example:
ssh corn kinit aklog echo "sleep 3600" | qsub
Use "klist -f" and "tokens" for any troubleshooting.
keeping your tokens for more than 24hrs
If you're using cardinal/corn, you should use "keeptoken" per https://itservices.stanford.edu/service/afs/learningmore/tokens
'keeptoken' uses the 'krenew' command, you can read the script directly, it's /usr/local/bin/keeptoken on any corn
If you're submitting to the barleys (from the corns), you should _not_ use keeptokens, as the AUKS/SGE integration will handle the krenew/aklog process for you. You should see something like "Auks API request succeeded." when you run qsub.
If you have have Kerberos credentials when you submit your job, the queuing system should:
- Store your credentials on a remote server at submission time
- Renew those stored credentials while your job is waiting to run
- Retrieve your credentials on the execution host before your job starts there
- Renew your credentials on the execution host while the job is running
