CoEPP RC
 

UI FAQ

Generate an ssh public key

  • The most secure and effective way to access remote resources is through the use of a public ssh key. If this method is allowed, users are not prompted for their passwords at each login, but they will be prompted for their ssh passphrase, once per session.
  • To generate a private / public ssh key, users should execute the following command in their desktops (the exact command and its syntax may change according to your OS distribution). Please note the following:
    • By default, keys will be stored in $HOME/.ssh directory. Back up that directory if you want to preserve any of its content.
    • The command will ask you for a passphrase. It is VERY IMPORTANT that you introduce a good passphrase. This will be used to encrypt your private key, and will be asked only once per session.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):           ----> IMPORTANT: Insert a GOOD passphrase
Enter same passphrase again:                          ----> IMPORTANT: Insert a GOOD passphrase
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
a8:60:b3:73:aa:ed:7f:bf:88:32:7a:fc:9d:00:1d:1d username@mydesktop
The key's randomart image is:
+--[ RSA 2048]----+
|      E          |
|     . .         |
|    . .          |
|   . . .         |
|  = . . S        |
| . = .           |
| .o +            |
| .=+ +.o         |
|o=+=+.+.o.       |
+-----------------+
$ ls -l ~username/.ssh/
total 8
-rw------- 1 username group 1743 Feb 19 10:52 id_rsa
-rw-r--r-- 1 username group  404 Feb 19 10:52 id_rsa.pub
  • NEVER SHARE your private key (~username/.ssh/d_rsa)!!! Be sure that the permissions of your private key only accesses from you.
  • You public key can be shared and installed in the remote hosts you would like to access. As an example, imagine you would like to login in sydui1.syd.coepp.org.au using your ssh public key. You would have to:
    1. Copy the content of your Desktop:$HOME/.ssh/id_rsa.pub to sydui1.syd.coepp.org.au$HOME/.ssh/authorized_keys.
    2. If the $HOME/.ssh directory does not exist in sydui1.syd.coepp.org.au, you may need to create it before, as well as the .ssh/authorized_keys file.
    3. Be sure that the permissions in sydui1.syd.coepp.org.au:$HOME/.ssh and sydui1.syd.coepp.org.au$HOME/.ssh/authorized_keys are correct
$ ls -la $HOME | grep .ssh
drwx------  2 goncalo ui_syd       46 May 12 01:40 .ssh

$ ls -la $HOME/.ssh/
total 16
drwx------  2 goncalo ui_syd   46 May 12 01:40 .
drwxr-xr-x 46 goncalo ui_syd 4096 Sep 18 05:35 ..
-rw-------  1 goncalo people  389 May 12 01:39 authorized_keys

Bad Credentials

Problem

  • certain tools (ie. grix when creating your grid certificate request) creates a superfluous ~/.globus/certificates directory which prevents grid tools such as dq2 from working.
[snitesh@adlui mc_WtaunuJets]$  dq2-get user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2/
Using ROAMING profile
Querying DQ2 central catalogues to resolve datasetname user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2/
Datasets found: 1
user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050: Querying DQ2 central catalogues for replicas...
Querying DQ2 central catalogues for files in dataset...
user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050: Using site DESY-ZN_SCRATCHDISK
user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050: Querying local file catalogue of site DESY-ZN_SCRATCHDISK...
send2nsd: NS002 - send error : Bad credentials
LFC exception [Cannot connect to LFC [lfc://prod-lfc-atlas.cern.ch:/grid/atlas-128.142.196.43]]
No download attempts made
Finished
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Solution

  • Delete your ~/.globus/certificates directory, for example:
    rm -r ~/.globus/certificates

setupSW fails

Problem

You run setupSW and get errors like below: (This will most likely only effect people who have previously run setupSW with older versions)

[melui4:~ master] $ setupSW
lsetup               lsetup <tool1> [ <tool2> ...] (see lsetup -h):
 lsetup agis          (or localSetupAGIS) to use AGIS
 lsetup asetup        (or asetup) to use an Athena release
Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
       file -C [-m magicfiles]
       file [--help]
/tmp/lucien/.alrb/localSetup/ls.l2EFYU/client.sh: line 1: is: command not found
Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
       file -C [-m magicfiles]
       file [--help]
 lsetup atlantis      (or localSetupAtlantis) to use Atlantis
 lsetup dq2           (or localSetupDQ2Client) to use DQ2Client
 lsetup eiclient      (or localSetupEIClient) to use EIClient
 lsetup emi           (or localSetupEmi) to use  emi
 lsetup fax           (or localSetupFAX) to use FAX
 lsetup ganga         (or localSetupGanga) to use Ganga
 lsetup lcgenv        to use lcgenv
 lsetup panda         (or localSetupPandaClient) to use Panda Client
 lsetup pod           (or localSetupPoD) to use Proof-on-Demand
 lsetup pyami         (or localSetupPyAMI) to use pyAMI
 lsetup rcsetup       (or rcSetup) to setup an ASG release
Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
       file -C [-m magicfiles]
       file [--help]
/tmp/lucien/.alrb/localSetup/ls.Hez1nt/client.sh: line 1: is: command not found
Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
       file -C [-m magicfiles]
       file [--help]
 lsetup root          (or localSetupROOT) to use ROOT
 lsetup rucio         (or localSetupRucioClients) to use rucio-clients
 lsetup sft           (or localSetupSFT) to use SFT packages
 lsetup xrootd        (or localSetupXRootD) to use XRootD
advancedTools        for advanced tools
diagnostics          for diagnostic tools
helpMe               more help
printMenu            show this menu
showVersions         show versions of installed software

Solution

Remove the old temporary alrb (ATLAS local root base) directory and rerun setupSW.

rm -r /tmp/lucien

Installing packages as a regular user

Jailed User Nest

JuNest (or JuJu) is the answer to the questions:

  • Why is it needed to be root inside a GNU/Linux environment for installing packages?
  • Can I have a sandbox for doing whatever I want without messing up the rest of the system?

Allows non superusers to install packages without worrying about dependencies (or annoying Sean Crosby).

Installation

Fairly straightforward with all the important information contained in there README file. Simply type the following into the UI or cloud:

git clone git://github.com/fsquillace/junest ~/junest
export PATH=~/junest/bin:$PATH

It may be worth adding the second line to your ~/.bashrc file.

Use

Same deal. All instructions are on the github page. Type

junest -f

to use it as fake root. After this command you can enter any valid pacman command to install packages. For pacman commands, see the pacman Rosetta page

Notes

All the important packages are installed within ~/.juju/. Simply deleting this folder should remove all the packages you have installed.

tier3/faq/ui.txt · Last modified: 2015/12/03 10:12 by scrosby
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki