K5start: best startup strategy?

Russ Allbery rra at stanford.edu
Wed Jan 13 20:58:52 EST 2010


Jaap Winius <jwinius at umrk.nl> writes:

> After a experimenting with k5start v3.15 for a while, I've noticed that 
> it usually starts up for me during the boot process, but not always 
> (perhaps due to a flaky Kerberos server). My simple startup script looks 
> like this:

>    #!/bin/sh
>    /usr/local/bin/k5start -U -f /etc/krb5.keytab -b -K 10 -l 24h \
>            -k /tmp/krb5cc_105 -o openldap
>    exit 0

> I use Debian lenny and created a symlink for it, /etc/rc2.d/S18k5start, 
> that is supposed to start it up just before /etc/rc2.d/S19slapd.

Unfortuntely, kstart doesn't currently give you enough information to
debug the problem since it doesn't have a way of logging to syslog.  This
will be added in the next version.  My guess is that it's failing to
contact the KDC for some reason, perhaps because the network isn't fully
initialized when it starts or something along those lines or, as you say,
a flaky Kerberos server.

> Of course, it's possible to write another script to perform a check
> later on (or perhaps even periodically), to see if k5start is actually
> (still) running, and if not, attempt to start it up again, but I'm
> hoping to avoid such a workaround.

Yeah, I haven't fixed this already since we always run k5start under
supervise, so we don't notice problems like this.  :/

The really quick way to work around this for now is to run k5start from
inittab in run level 2 via something like:

KS:2345:respawn:/usr/local/bin/k5start -Uf /etc/krb5.keytab -K 10 -l 24h -k /tmp/krb5cc_105 -o openldap

and then init will respawn it for you if it dies (unless it dies a whole
lot).

I think that k5start when told to run as a daemon should probably not exit
for most problems and instead just keep trying.  I may take a look at that
for the next release, although I'm not sure I'll get to it.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list