Actions

Linux-Getting started

From ALICE Documentation

Revision as of 14:30, 8 April 2020 by Dijkbvan (talk | contribs) (Created page with "{{:Best Practices - Login Nodes}} {{:Getting an account}} {{:Login to ALICE from Linux}}")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Best Practices

Know when you are on a login node.  You can use your Linux prompt or the command hostname.  This will tell you the name of the login node that you are currently on. Note that the ssh gateway host itself is a secure portal from the outside and serves no compute function.

  • Appropriate activities on the login nodes:
    1. Compile code, Developing applications,
    2. Defining and submitting your job,
    3. Post-processing and managing data,
    4. Monitoring running applications.
    5. Change your user password.
  • Avoid computationally intensive activity on the login nodes.
    1. Don't run research applications.  Use an interactive session if running a job is not appropriate.
    2. Don't launch too many simultaneous processes.  While it is fine to compile on a login node, avoid using all of the resources. For example "make -j 14" will use half of the cores.
    3. That script you run to monitor job status several times a second should probably run every few minutes.
    4. I/O activity can slow the login node for everyone, like multiple copies or "ls -l" on directories with 000's of files.
  • Hyperthreading is turned off.  Running multiple threads per core is generally not productive.  MKL is an exception to that if it is relevant to you.

Getting a user account for ALICE

To get a user account on ALICE, mail a request to helpdesk@alice.leidenuniv.nl (mail request) and provide the following information

  • your name
  • your ULCN or LUMC account name
  • your university or institute e-mail address.
  • What do you plan to do on ALICE (1 or 2 sentences are sufficient)?
  • Do you plan to process sensitive data (related to persons) or other data that must be treated confidentially?


At ALICE, we will create local ALICE accounts with the same account name.

If you are a student, we need confirmation from your supervisor that you require access to ALICE.

Once we have created your account, you will receive an e-mail from admin@alice.leidenuniv.nl providing you with an initial password to log in

IMPORTANT: Make sure to change the password in our e-mail when you log in to ALICE for the first time. You can use the command passwd for this.

IMPORTANT: Please read the section on Acceptable Use before requesting an account.


Acceptable use policy

Compliance with University policy

Users of ALICE must comply with all University ICT policies, including Acceptable Use of Computers.

Resource policy

ALICE represents a unique resource for the research community. The computers have special characteristics that are not found, or are of limited availability, on other central computers. Characteristics include parallel processing, large memory, and a Linux operating system.  The allocation of High Performance Computing (HPC) resources requires close supervision by those charged with management of these resources.  

The login nodes can be used for small, short interactive jobs and for submitting batch jobs, but are not meant for running compute jobs.

Data Storage Policy

ALICE does not provide support for any type of controlled data. No controlled data (GDPR, HIPAA, EAR, FERPA, PII, CUI, ITAR, etc.) can be analysed or stored on any HPC storage. Users must not transfer sensitive data (data related to people) to ALICE. Data must be anonymized before it can be transferred to ALICE. In case you are unsure about the contents/classification of the data, please contact the helpdesk.

ALICE is not a datamanagement system where research data can be stored for longer periods of time. All data that is transferred to ALICE must be copies of data. Users must make sure that data that is transferred to ALICE remains available somewhere else. All data with value that is generated on ALICE must be moved off ALICE as soon as this is possible after the job completed.

Data in the user’s home directory is backed up (see Backup & Restore). The home directory is intended to store scripts, software, executables etc, but is not meant to store large or temporary data sets.

Login to ALICE from Linux

SSH Gateway and login nodes

ALICE has its own ssh gateway which you have to go through first. You can only use to tunnel through to the actual login nodes. The gateway is named:

ssh-gw.alice.universiteitleiden.nl (132.229.92.133)

Important: For security reasons, the gateway allows only three consecutive login attempts from the current IP. If you enter the wrong login credentials three times, the IP that you used to connect to the gateway will be blocked for one hour. You will have to wait until the hour has passed before you can try to login again. If you do not remember your password, please contact the ALICE Helpdesk.

The login nodes are named:

login1.alice.universiteitleiden.nl (10.161.0.12)
login2.alice.universiteitleiden.nl (10.162.0.13)

Setup ssh connection

Here, we describe how you can configure your ssh connection to connect to ALICE in the easiest possible way. We will use a feature called ProxyJump in OpenSSH which is available in OpenSSH versions 7.3 and higher. If you have an older version of OpenSSH please have a look at SSH tunneling for older versions of OpenSSH. You can find out the version of OpenSSH by typing ssh -V in your terminal.

In your Linux system open ~/.ssh/config in your favourite text editor (or create the file if it does not exist). Then add for instance

Host hpc1 
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  ServerAliveInterval 60
  
Host hpc2
  HostName login2.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  ServerAliveInterval 60

(Replace <USERNAME> by your own ULCN account name.)

Add monitoring tools

If you want to look at the monitoring tools that are running on the management node too, you could add additional tunnelling commands to the config for a specific host. Do not add tunnels to all definitions as they may produce conflicts when you use the same tunnel twice. So add the tunnel commands, for instance, to one host like:

Host hpc1tunnel
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  ServerAliveInterval 60
  LocalForward 8081 management.alice.universiteitleiden.nl:8081
  LocalForward 8080 management.alice.universiteitleiden.nl:443

SSH tunneling for older versions of OpenSSH

Alternatively, if your OpenSSH server isn't that recent (version 7.2 or earlier) and doesn't recognize the ProxyJump alias, try this:

Host hpc1 
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyCommand ssh -X <USERNAME>@ssh-gw.alice.universiteitleiden.nl -W %h:%p

Adding X11 fowarding

You can even set your ssh connection to automatic X11 forwarding by adding the following setting:

ForwardX11 yes

Direct login to login nodes

If you completed the above steps you should be able to login to one of the login nodes by simply typing this:

 ssh hpc1

You will be asked to provide your ALICE user password twice (not your ULCN or LUMC password), once for the ssh gateway and once of the login node. If you do this for the first time, you will also be asked to confirm the identity of the ssh gateway and the login node.

Password-less login using SSH keys

If you do not wish to enter you password everytime you login you can use ssh keys. If you have not yet used ssh keys before, please have a look at this page: Public key authentication from Linux

If you have an ssh key, you need to deposite it first on the ssh gateway and then on the login node. You can use ssh-copy-id to copy your public key from your local machine to the ssh gateway, e.g.,

ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@ssh-gw.alice.universiteitleiden.nl

(use your ALICE password for this). This will put your public key in ~/.ssh/authorized_keys on the ssh gateway. Then login to the ssh gateway (ssh <USERNAME>@ssh-gw.alice.universiteitleiden.nl) to test it. If it works log out again and use ssh-copy-id to deposite the key on a login node using the ssh tunnel defined above.

ssh-copy-id -i ~/.ssh/id_rsa.pub hpc1

This will put your public key in ~/.ssh/authorized_keys in your HOME directory on the login node. Verify that this step has worked by logging in to the login node (ssh hpc1). It is sufficient to do this for only one login node. You will also be able to login to the other login node without entering your password now.

If all was setup correctly, you should be logged in to one of the login nodes without typing your password.

Accessing monitoring tools

Having set up the ssh tunneling required to access the monitoring tools on the cluster you are now able to access port 443 (general secure web server on the management node) and port 8081 (specific port in use by the Bright Cluster Manager monitoring tools).

So in a browser, you could type:

https://localhost:8080

to gain access to the management main web server, or you could type:

https://localhost:8081/userportal

to gain access to the Bright Cluster Manager User Portal.