AutoSys Workload Automation

 View Only
  • 1.  Autosys Job failed to encrypt file using PGP while success by all other means

    Posted Oct 17, 2017 10:42 AM

    A job migrated from meastro to autosys 11.3.5, its work is to use PGP to encrypt files.

    Meastro job definition:-

    CWA#MeastroJ
           SCRIPTNAME "/opt/prod/sci/bin/sci_stg_tbl_extract.ksh"
           STREAMLOGON ownerid
           DESCRIPTION "Extract SCI Staging table & encrypt files using SHNpgp key"
           TASKTYPE UNIX
          RECOVERY STOP

     

    Autosys job definition:-

    insert_job: AutosysJ.s         job_type: CMD
    command: /opt/prod/sci/bin/sci_stg_tbl_extract.ksh
    machine: xyz
    owner: ownerid
    permission:
    date_conditions: 0
    description: "Extract SCI Staging table & encrypt files using SHNpgp key, sev=3"
    std_out_file: "$${GLB_LOGDIRR11U}/${AUTO_JOB_NAME}_${AUTORUN}"
    std_err_file: "$${GLB_LOGDIRR11U}/${AUTO_JOB_NAME}_${AUTORUN}"
    max_run_alarm: 120
    alarm_if_fail: 1

    Job is running as success from meastro and manual run, but failing from AutoSys with below error.

    We believe Warning below is the cause - Kindly assist.

     

    INFO: 2017/10/13 02:31:05 - Encrypting Files SDM_STG_ACCOUNT.DAT
    /opt/pgp/bin/pgp --encrypt '/var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT' --recipient 'SHN' --output '/var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT.pgp'
    Warning: PGPsdk running in local mode.
    /var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT:encrypt (3124:permission denied)
    INFO: 2017/10/13 02:31:06 - Removing Directory and it content /var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547/
    INFO: 2017/10/13 02:31:06 - Process Completed with the following exit code 162
    INFO: 2017/10/13 02:31:06 - Message:
    INFO: 2017/10/13 02:31:06 - Error Encrypting with PGP

     

    Analysis:-

    1) When we run PGP command job with “owner: root” and do su – scibatch in the script file.

             -- we see, PGP is working as expected (marked in Green color)

    2) However, we run the same PGP job with “owner: ABC"

            --  We saw , PGP is failing with error message :- encrypt (312:permission denied)  {marked in yellow below}

     

    autosyslog -J <jobname> -tO

    + echo \n File Encryption started \n

    File Encryption started

    + su - scibatch -c /opt/pgp/bin/pgp --encrypt "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT" --recipient "SHN" --output "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp"

    stty: : Not a typewriter

    Warning: PGPsdk running in local mode.

    /tmp/SDM_STG_CONTACT_ACCOUNT.DAT:encrypt (0:output file /tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp)

    logout

    + echo \n File Encryption Completed successfully \n

     File Encryption Completed successfully

     

    autosyslog -J <job_name> -tO

    + echo \n File Encryption started \n

      File Encryption started

     + whoami

    ABC

    + /opt/pgp/bin/pgp --encrypt /tmp/SDM_STG_CONTACT_ACCOUNT.DAT --recipient SHN --output /tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp

    Warning: PGPsdk running in local mode.

    /tmp/SDM_STG_CONTACT_ACCOUNT.DAT:encrypt (3124:permission denied)

    + echo \n File Encryption Completed successfully \n

     

     File Encryption Completed successfully

     

    __________________________________________________________________________________________________

    Environment file comparison  - o/p of  env command by manual login by job owner id VS. output of env command by autosys test job.

     

    Env Compare



  • 2.  Re: Autosys Job failed to encrypt file using PGP while success by all other means

    Posted Oct 17, 2017 12:00 PM

    I believe the issue is you did a direct copy. CMD jobs need a user defined profile. do not ASSUME that you have all the paths and libraries setup just so on the agent. 



  • 3.  Re: Autosys Job failed to encrypt file using PGP while success by all other means

    Posted Oct 17, 2017 12:29 PM

    Below 2 trials also failed with same error.

    1) profile: /home/ownerid/.profile  in autosys job

    2) command: "cd /home/ownerid/;/opt/prod/sci/bin/sci_stg_tbl_extract.ksh"

     

    Also noticed below error while loading profile.

    stty: : Not a typewriter
    mail: permission denied!
    Not a terminal
    stty: : Not a typewriter
    stty: : Not a typewriter

    @[3g
    @H @H @H @H @H @H @H @H @H @H @H @H @H @H @H
    No tty, so must be NQS
    Not a terminal
    stty: : Not a typewriter
    stty: : Not a typewriter



  • 4.  Re: Autosys Job failed to encrypt file using PGP while success by all other means

    Posted Oct 17, 2017 01:30 PM
      |   view attached

    DO NOT use .profile

    Because you will get interactive stuff that could fail the job.

    Review profile attribute.

     

    This is a common mistake

     

     

    Steve C.

    Batch System Engineer

    Batch Innovation Team

    steven.carrobis@gm.com

    T (313)553-1727|  C (770)502-5519

     

     



  • 5.  Re: Autosys Job failed to encrypt file using PGP while success by all other means
    Best Answer

    Posted Oct 18, 2017 10:06 PM

    Hi Utkarsh,

     

    If you are still figuring this out, the following might be worth a try....

     

    Snip from your post:

    /var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT:encrypt (3124:permission denied)

     

    As per the PGP user guide, pgp command line uses the current working directory by default. It may be creating temporary files when encrypting and if the current working directory (PWD) doesn't have write permissions it results in (3124:permission denied).

     

    Now, comparing the environment between the manual and AutoSys run, I see the PWD is different.

    Manual: PWD=/home/scibatch

    AutoSys: PWD=/base_app/autosys/WA_Agent_11_3

     

    It appears your agentparm.txt is missing the "oscomponent.initialworkingdirectory=USER" parameter which causes the WA System Agent to change directory to the user's home (cd $HOME). The default is the Agent install path.

     

    Try setting up "oscomponent.initialworkingdirectory=USER" in the /base_app/autosys/WA_Agent_11_3/agentparm.txt file, restart the CA WA System Agent and re-run the job to see if it makes any difference.

     

    If you do not want to set up the abovementioned agent parameter, try the PGP command line option --temp-dir, like so:

    /opt/pgp/bin/pgp --encrypt "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT" --recipient "SHN" --output "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp" --temp-dir /tmp

     

    That, at the least, should rule out the current working directory hypothesis.

     

    I hope this helps.

     

    Cheers,

    Chandru