Cron

From UGCS

(Difference between revisions)

Revision as of 06:43, 19 January 2010

Getting cron services available to users is a work in progress. Presently, cron is being architected with two sides:

Permission details

The tricky part of cron on UGCS is to make some way so the daemon can get tokens for the user. Currently, the procedure looks like this:

The daemon runs with kerberos tokens for ugcs_cron on the server. It uses a remctl to "call" the appropriate line of the user's crontab
The remctl, as one of its arguments, is given the user's /cron keytab. The remctl script decodes this, puts it in a temp file, and calls kinit
The remctl then calls "ksu user -e cron_command"
The remctl script also watches to make sure the command doesn't go on for too long
If necessarily, the remctl script

@@ Line 1: / Line 1: @@
 Getting cron services available to users is a work in progress.  Presently, cron is being architected with two sides:
-* Users update their crontabs using a modified crontab program in their path which notifies a central server on updates.  The central server (currently hephaestus for testing) parses their file and stores well-formatted commands into our database (currently MySQL).
-* The central cron server runs its own (real) cron command every minute to check the database for commands to run.  It then uses a keytab to load username_cron principals (currently only ckennelly_cron exists), logs into a shellserver, and runs the command.
-== Parsing ==
-The modified crontab program lives at ~ckennelly/cron/crontab.  It stores the user's crontab at ~/.cron/crontab.  When the directory is created, crontab gives the _cron principal read permission on the directory's ACL.
-It fires a notification to hephaestus via remctl to parse the crontab.  It loads up its keytab using a bash-based wrapper (/usr/local/lib/remctl/cron/cronparser_wrapper) and then fires the python-based parser (/usr/local/lib/remctl/cron/cronparser).
+==Permission details==
+The tricky part of cron on UGCS is to make some way so the daemon can get tokens for the user.  Currently, the procedure looks like this:
-The parser has some features, but is still lacking in others:
+* The daemon runs with kerberos tokens for ugcs_cron on the server.  It uses a remctl to "call" the appropriate line of the user's crontab
-* More testing!
+* The remctl, as one of its arguments, is given the user's /cron keytab.  The remctl script decodes this, puts it in a temp file, and calls kinit
-* Comma-separated lists (ranges work, along with non-default increments)
+* The remctl then calls "ksu user -e cron_command"
-* Comma-separated lists with ranges
+* The remctl script also watches to make sure the command doesn't go on for too long
-* Shortcuts (like @hourly)
+* If necessarily, the remctl script
-* Three-letter names for months and days of week
-* Standard environment variables (like the real crontab specification), SHELL and MAILTO.  Additionally, I haven't checked support for HOME at runtime.
-* Support UGCS-specific environment variables in the crontab.  Alex suggested having RUNAT so a user could specify a specific shellserver to run the command at.
-== Execution ==
-A development version is configured on hephaestus (see: /usr/local/lib/cron/cronmanager) to run every minute via cron.  Based on results from my own crontab setup, it seems to be working.
-The manager still needs:
-* More testing!
-* A threaded producer-consumer style queue to avoid forking too many processes.
-* Error handling (errors are currently dropped on the floor)
-== Installation ==
-Hephaestus required:
-* sqlobject for python
-* mysqldb for python (python-mysqldb)
-My (ckennelly) user account required:
-* ~/.k5login to be created with my full principal as well as my cron principal.
 [[Category:Sysadmin_Documentation]]

Cron

Revision as of 06:43, 19 January 2010

Permission details

Views

Personal tools

Navigation

Search

Toolbox