Actions

Difference between revisions of "Login to ALICE from Linux"

From ALICE Documentation

(Login to ALICE from Linux)
(Direct login to login nodes)
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Login to ALICE from Linux ==
+
{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}
 +
= Login to ALICE from Linux =
 +
 
 +
==SSH Gateway and login nodes==
 +
The ssh gateway is named:
 +
ssh-gw.alice.universiteitleiden.nl (132.229.92.63)
 +
 
 
The login nodes are named:
 
The login nodes are named:
 
  login1.alice.universiteitleiden.nl (10.161.0.12)
 
  login1.alice.universiteitleiden.nl (10.161.0.12)
 
  login2.alice.universiteitleiden.nl (10.162.0.13)
 
  login2.alice.universiteitleiden.nl (10.162.0.13)
  
The Storage device is named:
+
==Setup ssh connection==
  campusdata20.alice.universiteitleiden.nl (10.161.0.33)
+
Here, we describe how you can configure your ssh connection to connect to ALICE in the easiest possible way. We will use a feature called <code>ProxyJump</code> in OpenSSH which is available in OpenSSH versions 7.3 and higher. If you have an older version of OpenSSH please have a look at [[#SSH tunneling for older versions of OpenSSH|SSH tunneling for older versions of OpenSSH]]. You can find out the version of OpenSSH by typing <code>ssh -V</code> in your terminal.
  
==Setup ssh JUMP==
+
In your Linux system open ~/.ssh/config in your favourite text editor (or create the file if it does not exist). Then add for instance
In your Linux server write in ~/.ssh/config for instance
 
 
  Host hpc1  
 
  Host hpc1  
 
   HostName login1.alice.universiteitleiden.nl
 
   HostName login1.alice.universiteitleiden.nl
Line 19: Line 24:
 
   ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
 
   ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  
Host hpcdata
 
  HostName campusdata20.alice.universiteitleiden.nl
 
  User <USERNAME>
 
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
 
 
(Replace <USERNAME> by your own ULCN account name.)
 
(Replace <USERNAME> by your own ULCN account name.)
  
 +
===Add monitoring tools===
 
If you want to look at the monitoring tools that are running on the management node too, you could add additional tunnelling commands to the config for a specific host. Do not add tunnels to all definitions as they may produce conflicts when you use the same tunnel twice. So add the tunnel commands, for instance, to one host like:
 
If you want to look at the monitoring tools that are running on the management node too, you could add additional tunnelling commands to the config for a specific host. Do not add tunnels to all definitions as they may produce conflicts when you use the same tunnel twice. So add the tunnel commands, for instance, to one host like:
  
Line 34: Line 36:
 
   LocalForward 8080 management.alice.universiteitleiden.nl:443
 
   LocalForward 8080 management.alice.universiteitleiden.nl:443
  
Alternatively, if your OpenSSH server isn't that recent and doesn't recognize the ProxyJump alias, try this:
+
===SSH tunneling for older versions of OpenSSH===
 +
Alternatively, if your OpenSSH server isn't that recent (version 7.2 or earlier) and doesn't recognize the ProxyJump alias, try this:
 
  Host hpc1  
 
  Host hpc1  
 
   HostName login1.alice.universiteitleiden.nl
 
   HostName login1.alice.universiteitleiden.nl
  ForwardX11 yes
 
 
   User <USERNAME>
 
   User <USERNAME>
   ProxyCommand ssh -X <USERNAME>@sshgw.alice.univesiteitleiden.nl -W %h:%p
+
   ProxyCommand ssh -X <USERNAME>@ssh-gw.alice.universiteitleiden.nl -W %h:%p
Login to ssh-gw.alice.unversiteitleiden.nl (<code>ssh <USERNAME>@ssh-gw.alice.universiteitleiden.nl</code> and use your ULCN password for this) and put your public key in
 
~/.ssh/authorized_keys
 
Login through to the HPC login1 node <nowiki>''ssh login1.alice.universiteitleiden.nl'</nowiki> (use your ALICE provided password) and put the same public key in
 
~/.ssh/authorized_keys
 
  
==Direct login to login node 1==
+
===Adding X11 fowarding===
 +
You can even set your ssh connection to automatic X11 forwarding by adding the following setting:
 +
ForwardX11 yes
 +
 
 +
==Direct login to login nodes==
 +
If you completed the above steps you should be able to login to one of the login nodes by simply typing this:
 
   ssh hpc1
 
   ssh hpc1
and you can even forward X11 now.
 
  
==Tunneling to monitors==
+
You will be asked to provide your ALICE user password twice (not your ULCN or LUMC password), once for the ssh gateway and once of the login node. If you do this for the first time, you will also be asked to confirm the identity of the ssh gateway and the login node.
Having set up the ssh tunnelling required to access the monitoring tools on the cluster you are now able to access port 443 (general secure web server on the management node) and port 8081 (specific port in use by the Bright Cluster Manager monitoring tools).
 
  
So in a browser, you could type:
+
===Password-less login using SSH keys===
 +
If you do not wish to enter you password everytime you login you can use ssh keys. If you have not yet used ssh keys before, please have a look at this page: [[Ssh_keys#Linux:_setup_ssh_for_key_based_login|Public key authentication from Linux]]
  
<nowiki>https://localhost:8080</nowiki>
+
If you have an ssh key, you need to deposite it first on the ssh gateway and then on the login node. You can use <code>ssh-copy-id</code> to copy your public key from your local machine to the ssh gateway, e.g.,
 +
ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@ssh-gw.alice.universiteitleiden.nl
 +
(use your ALICE password for this). This will put your public key in ~/.ssh/authorized_keys on the ssh gateway. Then login to the ssh gateway (<code>ssh <USERNAME>@ssh-gw.alice.universiteitleiden.nl</code>) to test it. If it works log out again and use ssh-copy-id to deposite the key on a login node using the ssh tunnel defined above.
 +
ssh-copy-id -i ~/.ssh/id_rsa.pub hpc1
 +
This will put your public key in <code>~/.ssh/authorized_keys</code> in your HOME directory on the login node. Verify that this step has worked by logging in to the login node (<code>ssh hpc1</code>). It is sufficient to do this for only one login node. You will also be able to login to the other login node without entering your password now.
  
to gain access to the management main web server, or you could type:
+
If all was setup correctly, you should be logged in to one of the login nodes without typing your password.
  
<nowiki>https://localhost:8081/userportal</nowiki>
+
==Accessing monitoring tools==
 +
Having set up the ssh tunneling required to access the monitoring tools on the cluster you are now able to access port 443 (general secure web server on the management node) and port 8081 (specific port in use by the Bright Cluster Manager monitoring tools).
  
 +
So in a browser, you could type:
 +
<nowiki>https://localhost:8080</nowiki>
 +
to gain access to the management main web server, or you could type:
 +
<nowiki>https://localhost:8081/userportal</nowiki>
 
to gain access to the Bright Cluster Manager User Portal.
 
to gain access to the Bright Cluster Manager User Portal.

Revision as of 15:59, 20 January 2021

Login to ALICE from Linux

SSH Gateway and login nodes

The ssh gateway is named:

ssh-gw.alice.universiteitleiden.nl (132.229.92.63)

The login nodes are named:

login1.alice.universiteitleiden.nl (10.161.0.12)
login2.alice.universiteitleiden.nl (10.162.0.13)

Setup ssh connection

Here, we describe how you can configure your ssh connection to connect to ALICE in the easiest possible way. We will use a feature called ProxyJump in OpenSSH which is available in OpenSSH versions 7.3 and higher. If you have an older version of OpenSSH please have a look at SSH tunneling for older versions of OpenSSH. You can find out the version of OpenSSH by typing ssh -V in your terminal.

In your Linux system open ~/.ssh/config in your favourite text editor (or create the file if it does not exist). Then add for instance

Host hpc1 
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  
Host hpc2
  HostName login2.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22

(Replace <USERNAME> by your own ULCN account name.)

Add monitoring tools

If you want to look at the monitoring tools that are running on the management node too, you could add additional tunnelling commands to the config for a specific host. Do not add tunnels to all definitions as they may produce conflicts when you use the same tunnel twice. So add the tunnel commands, for instance, to one host like:

Host hpc1tunnel
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22
  LocalForward 8081 management.alice.universiteitleiden.nl:8081
  LocalForward 8080 management.alice.universiteitleiden.nl:443

SSH tunneling for older versions of OpenSSH

Alternatively, if your OpenSSH server isn't that recent (version 7.2 or earlier) and doesn't recognize the ProxyJump alias, try this:

Host hpc1 
  HostName login1.alice.universiteitleiden.nl
  User <USERNAME>
  ProxyCommand ssh -X <USERNAME>@ssh-gw.alice.universiteitleiden.nl -W %h:%p

Adding X11 fowarding

You can even set your ssh connection to automatic X11 forwarding by adding the following setting:

ForwardX11 yes

Direct login to login nodes

If you completed the above steps you should be able to login to one of the login nodes by simply typing this:

 ssh hpc1

You will be asked to provide your ALICE user password twice (not your ULCN or LUMC password), once for the ssh gateway and once of the login node. If you do this for the first time, you will also be asked to confirm the identity of the ssh gateway and the login node.

Password-less login using SSH keys

If you do not wish to enter you password everytime you login you can use ssh keys. If you have not yet used ssh keys before, please have a look at this page: Public key authentication from Linux

If you have an ssh key, you need to deposite it first on the ssh gateway and then on the login node. You can use ssh-copy-id to copy your public key from your local machine to the ssh gateway, e.g.,

ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@ssh-gw.alice.universiteitleiden.nl

(use your ALICE password for this). This will put your public key in ~/.ssh/authorized_keys on the ssh gateway. Then login to the ssh gateway (ssh <USERNAME>@ssh-gw.alice.universiteitleiden.nl) to test it. If it works log out again and use ssh-copy-id to deposite the key on a login node using the ssh tunnel defined above.

ssh-copy-id -i ~/.ssh/id_rsa.pub hpc1

This will put your public key in ~/.ssh/authorized_keys in your HOME directory on the login node. Verify that this step has worked by logging in to the login node (ssh hpc1). It is sufficient to do this for only one login node. You will also be able to login to the other login node without entering your password now.

If all was setup correctly, you should be logged in to one of the login nodes without typing your password.

Accessing monitoring tools

Having set up the ssh tunneling required to access the monitoring tools on the cluster you are now able to access port 443 (general secure web server on the management node) and port 8081 (specific port in use by the Bright Cluster Manager monitoring tools).

So in a browser, you could type:

https://localhost:8080

to gain access to the management main web server, or you could type:

https://localhost:8081/userportal

to gain access to the Bright Cluster Manager User Portal.