Difference: HowToSetupYourAccount (1 vs. 66)

Revision 662019-04-16 - NinaLoktionova

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Changed:
<
<

Creating an AFS CERN Ticket

>
>

Revision 652019-02-28 - NinaLoktionova

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
 

Creating an AFS CERN Ticket

To access the CERN /afs protected dirs ( e.g. your CERN home on AFS ) you'll need to create a ticket from CERN AFS :

Revision 642019-02-28 - NinaLoktionova

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 632019-02-27 - NinaLoktionova

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
 For instance this is the primary and the secondary group of a generic T3 account :
$ id auser
uid=571(auser) gid=532(ethz-higgs) groups=532(ethz-higgs),500(cms)
Added:
>
>
The T3 groups areas: /pnfs/psi.ch/cms/trivcat/store/t3groups
 
Changed:
<
<

User Interfaces ( UI )

Three identical User Interfaces ( UIs ) servers are available to their specific users to both develop their programs and to send their computational jobs to the T3 batch system by the qsub command :
>
>

First Steps on T3 User Interfaces (UI)

Three identical User Interface servers ( UIs ) are available for programs development and T3 batch system job submission:

 

OS UI Hostname users group Notes
SL6 t3ui01 PSI 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui02 ETHZ 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui03 UNIZ 132GB RAM, 72cores, 4TB /scratch

Changed:
<
<
  1. Login into your t3ui0* server by ssh ; use -Y or -X flag for working with X applications; you might also try to connect by NX client, which allows to work efficiently with your graphical applications
    
    
>
>
  1. Login into your t3ui0* server by ssh ; use -Y or -X flag for working with X applications:

 ssh -Y username@t3ui02.psi.ch
Changed:
<
<
  1. If you are an external PSI user ( ETHZ, UniZ, ... ) modify the initial password sent you the first time you'll connect to your UI; use the standard passwd tool.
  2. Copy your grid credentials to their standard places, i.e. to ~/.globus/userkey.pem and ~/.globus/usercert.pem and make sure that their permissions are properly set, like :
    -rw-r--r--  1 feichtinger cms 2961 Mar 17  2008 usercert.pem
    -r--------  1 feichtinger cms 1917 Mar 17  2008 userkey.pem
    
    
>
>
  1. If you are an external PSI user ( ETHZ, UniZ, ... )modify the initial password ASAP you login to your UI with passwd command.
  2. Copy your grid credentials to ~/.globus/userkey.pem and ~/.globus/usercert.pem and make sure that their permissions are properly set like :
    chmod 400 userkey.pem
    chmod 400 usercert.pem
    
    
 
Changed:
<
<
For details about how to extract those .pem files from your CERN User Grid-Certificate ( usually a password protected .p12 file )please read https://gridca.cern.ch/gridca/Help/?kbid=024010.
>
>
For details about how to extract those .pem files from your CERN User Grid-Certificate ( usually a password protected .p12 file ) please follow https://twiki.cern.ch/twiki/bin/view/CMSPublic/PersonalCertificate.
 
  1. Source the grid environment associated to your login shell:
    source /swshare/psit3/etc/profile.d/cms_ui_env.sh   # for bash
    source /swshare/psit3/etc/profile.d/cms_ui_env.csh  # for tcsh
    
  2. ( Optional ) Modify your shell init files in order to automatically load the grid environment ; for BASH that means placing :
    [ `echo $HOSTNAME | grep t3ui` ] && [ -r /swshare/psit3/etc/profile.d/cms_ui_env.sh ] && source /swshare/psit3/etc/profile.d/cms_ui_env.sh && echo "UI features enabled" 
    into your ~/.bash_profile file.
Changed:
<
<
  1. Run env|sort and verify that /swshare/psit3/etc/profile.d/cms_ui_env.{sh,csh} has properly activated the setting
    X509_USER_PROXY=/shome/$(id -un)/.x509up_u$(id -u)"
    ; that setting is crucial to access a CMS Grid SE from your T3 jobs.
  2. You must register to the CMS "Virtual Organization" service or the following command voms-proxy-init -voms cms won't work. CERN details about that, e.g. who is your representative.
>
>
  1. Run env|sort and verify that /swshare/psit3/etc/profile.d/cms_ui_env.{sh,csh} has properly activated the setting
    X509_USER_PROXY=/t3home/$(id -un)/.x509up_u$(id -u)"
    ; that setting is crucial to access a CMS Grid SE from your T3 jobs.
  2. You must be registered to CMS "Virtual Organization" CERN details about that.
 
  1. Create a proxy certificate for CMS by:
    voms-proxy-init -voms cms
    
    
Changed:
<
<
If the command voms-proxy-init -voms cms will fail then run the command with an additional -debug flag, the error message will be usually sufficient for the T3 Admins to troubleshoot the problem.
>
>
If the command voms-proxy-init -voms cms fails then run the command with -debug flag to troubleshoot the problem.
 
  1. Test your basic access to the PSI Storage element using our test-dCacheProtocols command
    $ test-dCacheProtocols
    Test directory: /tmp/dcachetest-20190215-1649-89361
    
    
Line: 155 to 148
 TEST: XROOTD-WAN-read ...... [SKIPPED] (dependencies did not run: XROOTD-WAN-write) TEST: XROOTD-WAN-rm ...... [SKIPPED] (dependencies did not run: XROOTD-WAN-write)
Deleted:
<
<

Backup policies

Your /shome files are backuped :
 
Deleted:
<
<
  • each day
 
Changed:
<
<
recovering a file is as simple as running a cp command from your UI ; further details are here HowToRetrieveBackupFiles.
>
>

Backup policies

Your = /t3home and /work= files are backuped each daily.

Recovering a file details are here HowToRetrieveBackupFiles.

  There are NO backups all the /tmp /scratch /pnfs files instead, so pay attention there !
Line: 248 to 241
 aklog cern.ch The first command will provide you a Kerberos ticket while the second command will use the Kerberos ticket to obtain an authentication token from CERN's AFS service
Changed:
<
<

The T3 Admins Skype Accounts

The Skype accounts are no longer the suggested way of contacting the T3 admins.

Web browsing your /shome files on demand

We don't provide a http{s}:// URL to browse your /shome logs/errors/programs because there was always a modest interest about a such web portal but you can turn on a private website rooted on an arbitrary dir of yours by simply using SSH + Python like in the following example ( replace t3ui02 with your daily t3ui server and the dir with a dir meaningful for your case, for instance ~ ):
>
>

Revision 622019-02-18 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 612019-02-15 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 602018-06-17 - NinaLoktionova

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 592017-03-14 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 582017-02-01 - JoosepPata

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 572016-12-10 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 562016-11-22 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 552016-08-25 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 542016-08-20 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 532016-08-19 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 522016-08-18 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 512016-08-15 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 502016-08-12 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 492016-08-06 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 482016-06-01 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 472016-01-03 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 462015-07-10 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 452015-06-18 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 442015-06-15 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 432015-06-12 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 422015-05-29 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 412015-05-29 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 402015-05-04 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 392015-04-28 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 382015-03-11 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 372015-03-10 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
ssh --> SL6 t3ui12 --> ssh --> SL5 t3ui02 )
>
>
We offer the following SL6 user interfaces ( UIs ) :
 

OS UI Hostname users group Notes
SL6 t3ui01 PSI 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui02 ETHZ 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui03 UNIZ 132GB RAM, 72cores, 4TB /scratch

Line: 118 to 118
 

Changed:
<
<

Changing your account details

>
>
 It's possible to get changed your login shell, e.g. from bash to tcsh, your group, also your account name ; often users requested to change their Grid cert subject:, e.g. because they were moving from a country to an other where they got a new certificate.

AFS CERN Ticket

Changed:
<
<
You should use the following sequence of commands at T3:
>
>
In order to access the CERN /afs protected dirs ( e.g. your home ) :
 
kinit ${Your_CERN_Username}@CERN.CH
aklog cern.ch
Changed:
<
<
The first command gets you a kerberos ticket, the second command uses that ticket to obtain an authentication token from CERN's AFS service

t3ui1* SSH pub keys NEW

Hackers on Internet are constantly waiting for a user mistake, even just a misspelled letter like in this example:
>
>
The first command gives you a kerberos ticket, the second command uses that ticket to obtain an authentication token from CERN's AFS service

t3ui1* SSH pub keys

Hackers on Internet are constantly waiting for user mistakes, even just a misspelled letter like in this example:
 
$ ssh t3ui02.psi.sh
The authenticity of host 't3ui02.psi.sh (62.210.217.195)' can't be established.

Line: 138 to 138
 Warning: Permanently added 't3ui02.psi.sh,62.210.217.195' (RSA) to the list of known hosts. at3user@t3ui02.psi.sh's password:
Changed:
<
<
The T3 Admins can't prevent a T3 user from confusing .ch with a .sh so pay attention to these cases ! you might define these aliases instead :
>
>
The T3 Admins can't prevent a T3 user from confusing .ch with a .sh so pay attention to these cases ! To avoid to digit the T3 hostnames you might define these permanent aliases instead :
  More... Close
<--/twistyPlugin twikiMakeVisibleInline-->
$ grep alias ~/.bash_profile | grep t3ui

Line: 185 to 185
 It is also possible that the RSA host key has just been changed. The t3ui1* SSH RSA public and private keys will be never changed, so the case It is also possible that the RSA host key has just been changed will be never true.
Changed:
<
<

Primary T3 Admin Skype Account

>
>

Primary T3 Admin Skype Account NEW

 Both to help you with your T3/T2 errors or misunderstandings and to interactively support your next 'what-if' T3/T2 plans there is a dedicated Skype account to video talk, interactively copy/paste your crashes/logs/links or share your screen

furthermore feel free to invite the Primary T3 Admin ( so far is Fabio Martinelli ) to any future phone call or meeting focused on the T3/T2 CMS computing

Line: 194 to 194
 each T3 user, not only the Institutes representatives, can add him as a contact ; the account will be active during the usual working hours

for all the other ordinary cases the cms-tier3@lists.psi.ch remains the usual 1st line of support

Added:
>
>

VOMS Group /cms/chcms NEW

So far the T3 is not treating differently the CMS VOMS 'Swiss' group /cms/chcms but this might change in the next future, so ask for the /cms/chcms membership ; conversely the T2 located at CSCS Lugano already treats differently the /cms/chcms members by both raising their Jobs priorities and providing additional /pnfs space ; so it's worth to be a member ; by running the usual voms-proxy-init --voms cms you'll automatically get the /cms/chcms attribute.

Revision 362015-03-04 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 352015-03-02 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
ssh --> SL6 t3ui12 --> ssh --> SL5 t3ui02 )
 

OS UI Hostname users group Notes
SL6 t3ui01 PSI 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui02 ETHZ 132GB RAM, 72cores, 4TB /scratch
SL6 t3ui03 UNIZ 132GB RAM, 72cores, 4TB /scratch

Changed:
<
<
  1. Try to log into a t3ui* machine ; -Y or -X flag for working with X applications; you can also try to connect by NX client, which allows to work efficiently with graphical applications
    ssh -Y username@t3ui02.psi.ch
    
    
>
>
  1. Login into a t3ui1* machine by ssh ; use -Y or -X flag for working with X applications; you might also try to connect by NX client, which allows to work efficiently with graphical applications
    ssh -Y username@t3ui12.psi.ch
    
    
 
  1. If you are an external user and you don't have a standard PSI account, you'll have to change your initial password the first time you log in; use the standard passwd utility.
Changed:
<
<
  1. Copy your grid credentials to the standard places, i.e. to ~/.globus/userkey.pem and ~/.globus/usercert.pem and make sure that both files permissions are set correctly:
    
    
>
>
  1. Copy your grid credentials to the standard places, i.e. to ~/.globus/userkey.pem and ~/.globus/usercert.pem and make sure that their files permissions are set correctly:
    
    
 -rw-r--r-- 1 feichtinger cms 2961 Mar 17 2008 usercert.pem -r-------- 1 feichtinger cms 1917 Mar 17 2008 userkey.pem
Line: 88 to 88
 source /swshare/psit3/etc/profile.d/cms_ui_env.csh # for tcsh
  1. You have to complete the CMS "Virtual Organization" subscription or the following command voms-proxy-init -voms cms won't work. CERN details about that, e.g. who is your representative.
Changed:
<
<
  1. Try to create a proxy certificate for CMS
    
    
>
>
  1. Create a proxy certificate for CMS by:
    
    
 voms-proxy-init -voms cms
Changed:
<
<
If this fails, run the command with an additional -debug flag, and the error message will usually be sufficient for us to point out the problem.
  1. Test your access to the PSI Storage element with the test-dCacheProtocols command. You should see output like this (no failed tests):
    
    
>
>
If that fails, run the command with an additional -debug flag, and the error message will usually be sufficient for the T3 Admins to point out the problem.
  1. Test your access to the PSI Storage element with the test-dCacheProtocols command. You should see an output like this (without any failed test):
    
    
 $ test-dCacheProtocols Test directory: /tmp/dcachetest-20150115-1328-23031 TEST: GFTP-write ...... [OK]
Line: 103 to 103
 TEST: SRMv2-read ...... [OK] TEST: SRMv2-rm ...... [OK]
Changed:
<
<
  1. Be aware of the CSCS CMS User Page
  2. The test-dCacheProtocols tool can also be used to test a remote element access (use the -h flag to get more info about it): e.g. to test CSCS:
    
    
>
>
  1. Be aware of the external CSCS CMS User Page
  2. The test-dCacheProtocols tool can also be used to test a remote storage element (use the -h flag to get more info about it): e.g. to test the CSCS storage element:
    
    
 $ test-dCacheProtocols -n storage01.lcg.cscs.ch -p /pnfs/lcg.cscs.ch/cms/trivcat/store/user/YOUR_CMS_ACCOUNT -i "DCAP-read" Test directory: /tmp/dcachetest-20150115-1333-23178 TEST: GFTP-write ...... [OK]
Line: 128 to 128
 aklog cern.ch The first command gets you a kerberos ticket, the second command uses that ticket to obtain an authentication token from CERN's AFS service
Changed:
<
<

t3ui* SSH pub keys NEW

Hackers on Internet are constantly waiting for a user mistake, even a mispelled letter like in this example:
>
>

t3ui1* SSH pub keys NEW

Hackers on Internet are constantly waiting for a user mistake, even just a misspelled letter like in this example:
 
$ ssh t3ui02.psi.sh
The authenticity of host 't3ui02.psi.sh (62.210.217.195)' can't be established.

Line: 138 to 138
 Warning: Permanently added 't3ui02.psi.sh,62.210.217.195' (RSA) to the list of known hosts. at3user@t3ui02.psi.sh's password:
Changed:
<
<
We can't prevent a T3 user from confusing .ch with a .sh so pay attention to these cases ! you can also simply define these aliases:
>
>
The T3 Admins can't prevent a T3 user from confusing .ch with a .sh so pay attention to these cases ! you might define these aliases instead :
  More... Close
<--/twistyPlugin twikiMakeVisibleInline-->
$ grep alias ~/.bash_profile | grep t3ui

Deleted:
<
<
alias ui2='ssh -X at3user@t3ui02.psi.ch' alias ui3='ssh -X at3user@t3ui03.psi.ch' alias ui4='ssh -X at3user@t3ui04.psi.ch' alias ui5='ssh -X at3user@t3ui05.psi.ch' alias ui6='ssh -X at3user@t3ui06.psi.ch' alias ui7='ssh -X at3user@t3ui07.psi.ch' alias ui8='ssh -X at3user@t3ui08.psi.ch' alias ui9='ssh -X at3user@t3ui09.psi.ch'
 alias ui12='ssh -X at3user@t3ui12.psi.ch' alias ui15='ssh -X at3user@t3ui15.psi.ch' alias ui16='ssh -X at3user@t3ui16.psi.ch'
Line: 159 to 151
 
<--/twistyPlugin-->


Changed:
<
<
More subdole attacks are the SSH man in the middle attacks ; to discover them you have to register in /$HOME/.ssh/known_hosts each t3ui* SSH RSA public key by running these steps on each laptop/desktop/server ( also lxplus ) that you'll use to connect at T3:
>
>
More subdole attacks are the SSH man in the middle attacks ; to detect them you have to register in /$HOME/.ssh/known_hosts each t3ui1* SSH RSA public key by running these steps on each laptop/desktop/server ( also lxplus ! ) that you're going use to login at T3:
 
cp -p /$HOME/.ssh/known_hosts /$HOME/.ssh/known_hosts.`date +"%d-%m-%Y"`
mkdir /tmp/t3ssh/

Changed:
<
<
for X in 19 18 17 16 15 12 09 08 07 06 05 04 03 02 ; do TMPFILE=`mktemp /tmp/t3ssh/XXXXXX` && ssh-keyscan -t rsa t3ui$X.psi.ch,t3ui$X,`host t3ui$X.psi.ch| awk '{ print $4}'` | cat - /$HOME/.ssh/known_hosts | grep -v 'psi\.sh' > $TMPFILE && mv $TMPFILE /$HOME/.ssh/known_hosts ; done
>
>
for X in 19 18 17 16 15 12 ; do TMPFILE=`mktemp /tmp/t3ssh/XXXXXX` && ssh-keyscan -t rsa t3ui$X.psi.ch,t3ui$X,`host t3ui$X.psi.ch| awk '{ print $4}'` | cat - /$HOME/.ssh/known_hosts | grep -v 'psi\.sh' > $TMPFILE && mv $TMPFILE /$HOME/.ssh/known_hosts ; done
 rm -rf /tmp/t3ssh
Changed:
<
<
for X in 02 03 04 05 06 07 08 09 12 15 16 17 18 19 ; do echo -n "# entries for t3ui$X = " ; grep -c t3ui$X /$HOME/.ssh/known_hosts ; grep -Hn --color t3ui$X /$HOME/.ssh/known_hosts ; echo ; done
>
>
for X in 12 15 16 17 18 19 ; do echo -n "# entries for t3ui$X = " ; grep -c t3ui$X /$HOME/.ssh/known_hosts ; grep -Hn --color t3ui$X /$HOME/.ssh/known_hosts ; echo ; done
 echo done
Changed:
<
<
last for will report if there are duplicated rows in /$HOME/.ssh/known_hosts for a t3ui* server ; if there are you're suppose to preserve the correct occurrence and delete the others ; to delete you can use sed -i or vim ; once you'll get just one row per t3ui server run this command and carefully compare your output with this output:
>
>
last for reports if there are duplicated rows in /$HOME/.ssh/known_hosts for a t3ui1* server ; if there are you're suppose to preserve the correct occurrence and delete the others ; to delete you can use sed -i or by hands by vim or emacs ; once you'll get just one row per t3ui1* server run this command and carefully compare your output with this output:
  More... Close
<--/twistyPlugin twikiMakeVisibleInline-->
$ ssh-keygen -l -f /$HOME/.ssh/known_hosts | grep t3ui 
Deleted:
<
<
2048 6a:b6:0c:dc:1c:44:3b:4f:e8:da:f5:3c:c6:05:ef:00 t3ui02.psi.ch,t3ui02,192.33.123.29 (RSA)
2048 a5:d1:41:e9:16:d7:42:90:14:ae:48:14:59:f5:a1:12 t3ui03.psi.ch,t3ui03,192.33.123.85 (RSA)
2048 34:c7:fe:09:5c:2c:0b:51:e1:e7:1d:04:93:c6:c3:08 t3ui04.psi.ch,t3ui04,192.33.123.86 (RSA)
2048 7d:78:03:9c:da:e3:ce:83:a4:05:95:84:74:3e:9f:e0 t3ui05.psi.ch,t3ui05,192.33.123.82 (RSA)
2048 ec:f7:8d:f0:64:21:0d:d0:82:40:d4:c0:f1:36:90:99 t3ui06.psi.ch,t3ui06,192.33.123.83 (RSA)
2048 e3:a4:ce:68:a2:6b:4d:cd:88:6b:ec:94:16:eb:6b:e6 t3ui07.psi.ch,t3ui07,192.33.123.84 (RSA)
2048 9e:96:7c:5a:d3:63:96:b2:47:a7:8c:fd:ff:ab:be:2d t3ui08.psi.ch,t3ui08,192.33.123.61 (RSA)
2048 cc:62:86:5e:28:b2:f6:50:7e:d7:66:40:a7:9b:a9:f7 t3ui09.psi.ch,t3ui09,192.33.123.62 (RSA)
 
2048 d0:9c:a0:e9:8f:9c:3f:b2:f1:88:6c:15:32:07:fc:a0 t3ui12.psi.ch,t3ui12,192.33.123.132 (RSA)
2048 77:1b:27:5e:c8:74:64:86:f8:50:f6:58:e6:6f:41:65 t3ui15.psi.ch,t3ui15,192.33.123.135 (RSA)
2048 35:bb:d6:be:64:86:8d:db:1d:57:43:ef:05:39:72:c8 t3ui16.psi.ch,t3ui16,192.33.123.136 (RSA)
Line: 187 to 171
 
2048 b1:56:06:5b:d3:da:1a:79:60:e9:02:16:be:82:fe:f7 t3ui18.psi.ch,t3ui18,192.33.123.138 (RSA)
2048 73:fe:97:b2:e7:54:df:99:50:dc:19:3d:6f:cd:01:11 t3ui19.psi.ch,t3ui19,192.33.123.139 (RSA)
<--/twistyPlugin-->


Changed:
<
<
eventually force your ssh client to always check if the server you're connecting to is already present in /$HOME/.ssh/known_hosts and request your consensus for servers that are absent by adding this line in /$HOME/.ssh/config :
>
>
force your ssh client to always check if the server you're connecting to is already mentioned in the /$HOME/.ssh/known_hosts file and to request your consensus for servers that are absent by adding this line in /$HOME/.ssh/config :
 
StrictHostKeychecking ask
Changed:
<
<
your /$HOME/.ssh/config can be more complex than just that line, study the ssh_config man page or contact us; ideally you should put StrictHostKeychecking yes but in real life it's impractical.
>
>
your /$HOME/.ssh/config can be more complex than just that line, study the ssh_config man page or contact the T3 Admins; ideally you should put StrictHostKeychecking yes but in real life that's impractical.
 
Changed:
<
<
now your ssh client will be able to discover the SSH man in the middle attacks and if so it will report :
>
>
now your ssh client will be able to detect the SSH man in the middle attacks and if so it will report :
 
  WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
It is also possible that the RSA host key has just been changed.
Deleted:
<
<
we commit to preserve the t3ui SSH RSA public and private keys even when we'll completely reinstall a t3ui server, so the case It is also possible that the RSA host key has just been changed will never be true.
 \ No newline at end of file
Added:
>
>
The t3ui1* SSH RSA public and private keys will be never changed, so the case It is also possible that the RSA host key has just been changed will be never true.

Revision 342015-01-15 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 332014-12-06 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 322014-12-01 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 312014-11-25 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 302014-10-28 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 292014-10-24 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 282014-10-24 - DanielMeister

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 272014-10-22 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 262014-10-22 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 252014-07-31 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 242014-02-19 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 232014-02-19 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 222014-02-19 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 212014-02-13 - DanielMeister

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 202014-01-19 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 192013-11-18 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 182013-02-12 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 172013-02-10 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 162013-01-31 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 152012-10-06 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 142012-03-27 - FabioMartinelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 132012-01-13 - LeonardoSala

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 122011-10-06 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 112011-03-30 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 102011-03-03 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 92010-12-01 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 82010-04-13 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 72010-02-16 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Changed:
<
<

How to access, set up, and test your account

>
>

How to access, set up, and test your account

 
Added:
>
>

Basic setup

 NOTE: we currently have SL4 and SL5 user interfaces.
  • SL4: t3ui01
  • SL5: t3ui02
Line: 45 to 48
 TEST: SRMv2-rm ...... [OK] Note: This tool can also be used to test remote element access (use the -h flag to get information on it)

Added:
>
>

Changing your login shell

 
Changed:
<
<
>
>
Write a request to the t3 admin list.
  -- DerekFeichtinger - 05 Nov 2008 \ No newline at end of file

Revision 62010-01-27 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 52010-01-21 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 42009-02-19 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 32009-01-22 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 22008-12-05 - DerekFeichtinger

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Revision 12008-11-05 - DerekFeichtinger

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebHome"
<-- keep this as a security measure:
   #uncomment if the subject should only be modifiable by the listed groups 
   # * Set ALLOWTOPICCHANGE = TWikiAdminGroup,Main.CMSAdminGroup
   # * Set ALLOWTOPICRENAME = TWikiAdminGroup,Main.CMSAdminGroup
   #uncomment this if you want the page only be viewable by the listed groups
   # * Set ALLOWTOPICVIEW = TWikiAdminGroup,Main.CMSAdminGroup,Main.CMSAdminReaderGroup
-->

How to access, set up, and test your account

  1. Try to log in to the User Interface machine (-Y or -X flag for working with X applications)
    ssh -Y username@t3ui01
    
  2. If you are an external user and do not have a PSI AFS account to log in, you need to change your password using the standard passwd utility.
  3. Copy your grid credentials to the standard places, i.e. to ~/.globus/userkey.pem and ~/.globus/usercert.pem and make sure that the permissions are set correctly like in this output:
    -rw-r--r--  1 feichtinger cms 2961 Mar 17  2008 usercert.pem
    -rw-------  1 feichtinger cms 1917 Mar 17  2008 userkey.pem
    
  4. Try to create a proxy certificate for CMS
    voms-proxy-init -voms cms
    
  5. Test your access to the PSI Storage element with the test-dCacheProtocols command. You should see output like this (no failed tests):
    $> test-dCacheProtocols
    Test directory: /tmp/dcachetest-20081105-1632-8387
    TEST: GSIDCAP-write ......  [IGNORE]
    TEST: SRMv1-adv-del ......  [SKIPPED] (dependencies did not run:  GSIDCAP-write)
    TEST: GFTP-write ......  [OK]
    TEST: GFTP-ls ......  [OK]
    TEST: GFTP-read ......  [OK]
    TEST: DCAP-read ......  [OK]
    TEST: SRMv1-adv-del1 ......  [OK]
    TEST: SRMv1-write ......  [OK]
    TEST: SRMv1-get-meta ......  [OK]
    TEST: SRMv1-read ......  [OK]
    TEST: SRMv1-adv-del2 ......  [OK]
    TEST: SRMv2-write ......  [OK]
    TEST: SRMv2-ls ......  [OK]
    TEST: SRMv2-read ......  [OK]
    TEST: SRMv2-rm ......  [OK]
    
    Note: This tool can also be used to test remote element access (use the -h flag to get information on it)

-- DerekFeichtinger - 05 Nov 2008

 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback