You will need to set "set_token_cmd", "token_extend_time", etc in sge_conf(5):
http://gridscheduler.sourceforge.net/htmlman/htmlman5/sge_conf.html Rayson On Mon, Oct 3, 2011 at 7:42 PM, Alex Chekholko <[email protected]> wrote: > Thanks, Mark, are there also any AFS-specific SGE config variable that you > set? > > E.g. in the installer script, I see: > > 812 if [ "$AFS" = true ]; then > 813 $ECHO "set_token_cmd /path_to_token_cmd/set_token_cmd" > 814 $ECHO "pag_cmd /usr/afsws/bin/pagsh" > 815 $ECHO "token_extend_time 24:0:0" > > https://arc.liv.ac.uk/trac/SGE/browser/sge/source/dist/util/install_modules/inst_qmaster.sh#L812 > > Or else how does GE know to use those scripts? > > Regards, > Alex > > On 10/01/2011 05:15 AM, Mark Suhovecky wrote: >> >> Alex- >> >> We use Kerberos 5 and OpenAFS 1.4.14 with RHEL 5.5 and GE 6.2u5p2. Here >> are the pag, get_token_cmd, and set_token_cmd scripts we use: >> >> cat pag >> >> #!/bin/sh >> export KRB5CCNAME=FILE:$PWD/token.afs >> exec /usr/bin/pagsh -c "$2" >> >> >> cat get_token_cmd >> >> #!/bin/bash >> cat `echo $KRB5CCNAME | cut -f 2 -d :` | /usr/bin/base64 >> >> >> cat set_token_cmd >> >> #!/bin/bash >> ticketname=$PWD/ticket.encoded >> touch $ticketname >> chmod 600 $ticketname >> while read line >> do >> echo $line>> $ticketname >> done >> >> #KRB5CCNAME is set by $SGEROOT/util/pag script >> cat $ticketname | /usr/bin/base64 -d --ignore-garbage> `echo $KRB5CCNAME >> | cut -f 2 -d :` >> rm $ticketname >> >> #Get token and change permissions to SGE_USER ($1), and campus group >> (1313) >> aklog >> chmod 600 `echo $KRB5CCNAME | cut -f 2 -d :` >> chown $1:1313 `echo $KRB5CCNAME | cut -f 2 -d :` >> >> >> >> We've had these in place for almost 3 years, and they work. >> >> You need an AFS token lifetime that's longer than a job's maximum lifetime >> + the length of time a job may be queued- if >> not, it's possible for a running job's token to expire. If that happens, >> you'll get an SGE error about 'AFS zero token length' >> when the job tries to access a file in AFS. >> >> I didn't write these, but I can try to answer any questions you might >> have. >> >> Good Luck, >> >> Mark >> >> Mark Suhovecky >> HPC System Administrator >> Center for Research Computing >> University of Notre Dame >> [email protected] >> ________________________________________ >> From: [email protected] [[email protected]] On >> Behalf Of Alex Chekholko [[email protected]] >> Sent: Friday, September 30, 2011 5:33 PM >> To: [email protected] >> Subject: [gridengine users] current status of Kerberos support (and maybe >> AFS)? >> >> Hey all, >> >> I'm a somewhat experienced GE admin trying to get Grid Engine up and >> running on some systems that have Kerberos and AFS but not SSH pubkey >> auth or SSH password auth. >> >> Regular users have an AFS global homedir. >> >> Where can I look for the status of Kerberos and/or AFS support in >> current versions of GE? >> >> I'm using the Debian Squeeze packages, but I can switch to a custom >> install from any current fork. >> >> This link seems most promising, but more complicated than I like: >> http://markmail.org/message/3vakrcunuyyw5euf >> >> Anyone have an opinion about whether the scripts in the link above will >> work with modern GE 6.2u5+? >> >> Regards, >> -- >> Alex Chekholko [email protected] > > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
