CoEPP RC
 

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tier3:faq:ui [2015/12/03 10:12] (current)
scrosby created
Line 1: Line 1:
 +====== UI FAQ ======
 +===== Generate an ssh public key =====
  
 +  * The most secure and effective way to access remote resources is through the use of a public ssh key. If this method is allowed, users are not prompted for their passwords at each login, but they will be prompted for their ssh passphrase, once per session.
 +
 +  * To generate a private / public ssh key, users should execute the following command in their desktops (the exact command and its syntax may change according to your OS distribution). Please note the following:
 +    * By default, keys will be stored in $HOME/.ssh directory. Back up that directory if you want to preserve any of its content.
 +    * The command will ask you for a passphrase. It is **VERY IMPORTANT** that you introduce a good passphrase. This will be used to encrypt your private key, and will be asked only **once** per session.
 +<​code>​
 +$ ssh-keygen ​
 +Generating public/​private rsa key pair.
 +Enter file in which to save the key (/​home/​username/​.ssh/​id_rsa): ​
 +Created directory '/​home/​username/​.ssh'​.
 +Enter passphrase (empty for no passphrase): ​          ​---->​ IMPORTANT: Insert a GOOD passphrase
 +Enter same passphrase again: ​                         ----> IMPORTANT: Insert a GOOD passphrase
 +Your identification has been saved in /​home/​username/​.ssh/​id_rsa.
 +Your public key has been saved in /​home/​username/​.ssh/​id_rsa.pub.
 +The key fingerprint is:
 +a8:​60:​b3:​73:​aa:​ed:​7f:​bf:​88:​32:​7a:​fc:​9d:​00:​1d:​1d username@mydesktop
 +The key's randomart image is:
 ++--[ RSA 2048]----+
 +|      E          |
 +|     . .         |
 +|    . .          |
 +|   . . .         |
 +|  = . . S        |
 +| . = .           |
 +| .o +            |
 +| .=+ +.o         |
 +|o=+=+.+.o. ​      |
 ++-----------------+
 +</​code>​
 +<​code>​
 +$ ls -l ~username/​.ssh/​
 +total 8
 +-rw------- 1 username group 1743 Feb 19 10:52 id_rsa
 +-rw-r--r-- 1 username group  404 Feb 19 10:52 id_rsa.pub
 +</​code>​
 +
 +  * **NEVER SHARE your private key (~username/​.ssh/​d_rsa)**!!! Be sure that the permissions of your private key only accesses from you. 
 +
 +  * You public key can be shared and installed in the remote hosts you would like to access. As an example, imagine you would like to login in sydui1.syd.coepp.org.au using your ssh public key. You would have to:
 +    - Copy the content of your Desktop:​$HOME/​.ssh/​id_rsa.pub to sydui1.syd.coepp.org.au$HOME/​.ssh/​authorized_keys. ​
 +    - If the $HOME/.ssh directory does not exist in sydui1.syd.coepp.org.au,​ you may need to create it before, as well as the .ssh/​authorized_keys file.
 +    - Be sure that the permissions in sydui1.syd.coepp.org.au:​$HOME/​.ssh and sydui1.syd.coepp.org.au$HOME/​.ssh/​authorized_keys are correct
 +<​code>​
 +$ ls -la $HOME | grep .ssh
 +drwx------ ​ 2 goncalo ui_syd ​      46 May 12 01:40 .ssh
 +
 +$ ls -la $HOME/.ssh/
 +total 16
 +drwx------ ​ 2 goncalo ui_syd ​  46 May 12 01:40 .
 +drwxr-xr-x 46 goncalo ui_syd 4096 Sep 18 05:35 ..
 +-rw------- ​ 1 goncalo people ​ 389 May 12 01:39 authorized_keys
 +</​code>​
 +===== Bad Credentials =====
 +==== Problem ====
 +  * certain tools (ie. grix when creating your grid certificate request) creates a superfluous ~/​.globus/​certificates directory which prevents grid tools such as dq2 from working.
 +<​code>​
 +[snitesh@adlui mc_WtaunuJets]$ ​ dq2-get user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2/​
 +Using ROAMING profile
 +Querying DQ2 central catalogues to resolve datasetname user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2/​
 +Datasets found: 1
 +user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050:​ Querying DQ2 central catalogues for replicas...
 +Querying DQ2 central catalogues for files in dataset...
 +user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050:​ Using site DESY-ZN_SCRATCHDISK
 +user.nsoni.mc12_8TeV.126854.Sherpa_CT10_tautaugammaPt10.merge.NTUP_SUSY.e1434_s1499_s1504_r3658_r3549_p1328.FFSV2.130213043050:​ Querying local file catalogue of site DESY-ZN_SCRATCHDISK...
 +send2nsd: NS002 - send error : Bad credentials
 +LFC exception [Cannot connect to LFC [lfc://​prod-lfc-atlas.cern.ch:/​grid/​atlas-128.142.196.43]]
 +No download attempts made
 +Finished
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 +</​code>​
 +
 +==== Solution ====
 +
 +  * Delete your ''​~/​.globus/​certificates''​ directory, for example: <​code>​
 +rm -r ~/​.globus/​certificates
 +</​code>​
 +
 +===== setupSW fails =====
 +==== Problem ====
 +You run setupSW and get errors like below: (This will most likely only effect people who have previously run setupSW with older versions)
 +
 +<​code>​
 +[melui4:~ master] $ setupSW
 +lsetup ​              ​lsetup <​tool1>​ [ <​tool2>​ ...] (see lsetup -h):
 + ​lsetup agis          (or localSetupAGIS) to use AGIS
 + ​lsetup asetup ​       (or asetup) to use an Athena release
 +Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
 +            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
 +       file -C [-m magicfiles]
 +       file [--help]
 +/​tmp/​lucien/​.alrb/​localSetup/​ls.l2EFYU/​client.sh:​ line 1: is: command not found
 +Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
 +            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
 +       file -C [-m magicfiles]
 +       file [--help]
 + ​lsetup atlantis ​     (or localSetupAtlantis) to use Atlantis
 + ​lsetup dq2           (or localSetupDQ2Client) to use DQ2Client
 + ​lsetup eiclient ​     (or localSetupEIClient) to use EIClient
 + ​lsetup emi           (or localSetupEmi) to use  emi
 + ​lsetup fax           (or localSetupFAX) to use FAX
 + ​lsetup ganga         (or localSetupGanga) to use Ganga
 + ​lsetup lcgenv ​       to use lcgenv
 + ​lsetup panda         (or localSetupPandaClient) to use Panda Client
 + ​lsetup pod           (or localSetupPoD) to use Proof-on-Demand
 + ​lsetup pyami         (or localSetupPyAMI) to use pyAMI
 + ​lsetup rcsetup ​      (or rcSetup) to setup an ASG release
 +Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
 +            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
 +       file -C [-m magicfiles]
 +       file [--help]
 +/​tmp/​lucien/​.alrb/​localSetup/​ls.Hez1nt/​client.sh:​ line 1: is: command not found
 +Usage: file [-bchikLNnprsvz0] [--apple] [--mime-encoding] [--mime-type]
 +            [-e testname] [-F separator] [-f namefile] [-m magicfiles] file ...
 +       file -C [-m magicfiles]
 +       file [--help]
 + ​lsetup root          (or localSetupROOT) to use ROOT
 + ​lsetup rucio         (or localSetupRucioClients) to use rucio-clients
 + ​lsetup sft           (or localSetupSFT) to use SFT packages
 + ​lsetup xrootd ​       (or localSetupXRootD) to use XRootD
 +advancedTools ​       for advanced tools
 +diagnostics ​         for diagnostic tools
 +helpMe ​              more help
 +printMenu ​           show this menu
 +showVersions ​        show versions of installed software
 +
 +</​code>​
 +
 +==== Solution ====
 +
 +Remove the old temporary alrb (ATLAS local root base) directory and rerun setupSW.
 + 
 +<​code>​
 +rm -r /tmp/lucien
 +</​code>​
 +
 +===== Installing packages as a regular user =====
 +
 +==== Jailed User Nest ====
 +
 +[[http://​fsquillace.github.io/​junest-site/​index.html|JuNest]] (or JuJu) is the answer to the questions:
 +  * Why is it needed to be root inside a GNU/Linux environment for installing packages?
 +  * Can I have a sandbox for doing whatever I want without messing up the rest of the system?
 +
 +Allows non superusers to install packages without worrying about dependencies (or annoying Sean Crosby).
 +
 +==== Installation ====
 +
 +Fairly straightforward with all the important information contained in there [[https://​github.com/​fsquillace/​junest|README]] file. Simply type the following into the UI or cloud:
 +<​code>​
 +git clone git://​github.com/​fsquillace/​junest ~/junest
 +export PATH=~/​junest/​bin:​$PATH
 +</​code>​
 +
 +It may be worth adding the second line to your ~/.bashrc file.
 +
 +==== Use ====
 +Same deal. All instructions are on the github page. Type <​code>​junest -f</​code>​ to use it as fake root. After this command you can enter any valid pacman command to install packages. For pacman commands, see the [[https://​wiki.archlinux.org/​index.php/​Pacman/​Rosetta|pacman Rosetta page]]
 +
 +==== Notes ====
 +
 +All the important packages are installed within ~/.juju/. Simply deleting this folder should remove all the packages you have installed.
 +
 +==== External Links ====
 +  * [[https://​github.com/​fsquillace/​junest|GitHub Page]]
 +  * [[http://​fsquillace.github.io/​junest-site/​index.html|Project Page]]
 +  * [[http://​nixos.org/​nix/​|The Nix Package Manager]] - Similar idea but I haven'​t used it before.
tier3/faq/ui.txt · Last modified: 2015/12/03 10:12 by scrosby
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki