BwUniCluster 2.0 User Access New: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 252: Line 252:
After the connection has been initiated, a successful login process will go through the following three steps:
After the connection has been initiated, a successful login process will go through the following three steps:


1. The system asks for a '''One-Time Password'''. Generate one using the Software or Hardware Token registered on the bwIDM system (see [[bwUniCluster 2.0 User Access 2FA Tokens]]) and enter it after the '''Your OTP:''' prompt.
1. The system asks for a '''One-Time Password'''. Generate one using the Software or Hardware Token registered on the bwIDM system (see [[bwUniCluster 2.0 User Access/2FA Tokens]]) and enter it after the '''Your OTP:''' prompt.


2. The systems asks for your service password. Enter it after the '''Password:''' prompt.
2. The systems asks for your service password. Enter it after the '''Password:''' prompt.

Revision as of 12:25, 6 August 2020

bwUniCluster 2.0 is Baden-Württemberg's general purpose tier 3 high performance computing (HPC) cluster co-financed by Baden-Württemberg's ministry of science, research and arts and the shareholders:

  • Albert Ludwig University of Freiburg
  • Eberhard Karls University, Tübingen
  • Karlsruhe Institute of Technology (KIT)
  • Heidelberg University (Ruprecht-Karls-Universität Heidelberg)
  • Ulm University
  • University of Hohenheim
  • University of Konstanz
  • University of Mannheim
  • University of Stuttgart
  • HAW BW e.V. (an association of university of applied sciences in Baden-Württemberg)


To log on bwUniCluster 2.0 a user account is required. All members of the shareholder universities can apply for an account.




bwUniCluster wiring by Holger Obermaier, copyright: KIT (SCC)
bwUniCluster wiring © KIT (SCC)

Registration

Granting access and issuing a user account for bwUniCluster 2.0 requires the registration at the KIT service website https://bwidm.scc.kit.edu (step B). However, this registration depends on the bwUniCluster entitlement issued by your university (step A).

Step A: bwUniCluster entitlement for registration

The entitlement is called bwUniCluster (not bwUniCluster 2.0) and each university issues the bwUniCluster entitlement only for their own respective members. Some have established on-line processes or provide downloads of the entitlement application forms. If there is no link behind the name of an institution in the following list, please contact the local IT support services:


Step B: Web Registration, service password and 2-factor authentication

After completing step A, i.e., after successfull issueing of the bwUniCluster entitlement, you have to register yourself for the service. To do so please visit https://bwidm.scc.kit.edu and complete the following steps.

1. Select your home organization from the list on the main page and click Proceed or Fortfahren.

BwUniCluster 2.0 access login bwidm select institution.png


2. You will be directed to the Identity Provider of your home organisation. Enter the user ID / username and password of your home organisation - this is usually the same password used for your e-mail account and other services - and click on Login, Einloggen or something similar.

3. You will be redirected back to the registration website https://bwidm.scc.kit.edu/. If you are logging into bwIDM for the first time, there will be a summary screen which shows the account details your home institution is providing to the central system. Please check that all data is valid and then click on Continue or Weiter.

4. Once you have successfully logged into the bwIDM system, you will be greeted by a home screen showing all state-wide services you have access to. There will be a box labelled "bwUniCluster". Click on Register or Registrieren to start the registration process.

BwUniCluster 2.0 access login bwidm service list.png


5. Since August 13, 2020 a 2-factor authentication mechanism (2FA) is being enforced to improve security. If you have never registered a 2FA token on bwIDM before, the following error message will appear:

BwUniCluster 2.0 access login bwidm registration requirements 2fa.png

Click on the Link or on the My Tokens link in the main menu. The instructions for registering a new 2FA token can be found on the following page: bwUniCluster 2.0 User Access/2FA Tokens. Please complete them before proceeding.

6. Make sure all requirements are met by checking the Requirements box at the top. If the requirements are not met you might be able to correct the issure by following the instructions. In all other cases please contact your local hotline.

BwUniCluster 2.0 access login bwidm registration requirements.png


7. Read the Terms of Use (Nutzungsbedingungen und -richtlinien), check the box besides I have read and accepted the terms of use and click on Register or Registrieren.

8. Set a service password for the bwUniCluster and click on Save or Speichern. Logging in with the password of your home organisation, like on the former bwUniCluster 1, is no longer possible. Please make sure to use a strong password which is different from any other password you are currently using or have used on other systems. You will also be asked to change the service password regularly.

BwUniCluster 2.0 access login bwidm service password.png



Step C: Fill out the bwUniCluster questionnaire

Filling out the bwUniCluster questionaire on

  https://zas.bwhpc.de/shib/en/bwunicluster_survey.php

is mandatory for all users. The input is solely used to improve our support activities and for capacity planning of future HPC resources. If the questionaire is not filled out, access to bwUniCluster 2.0 is blocked 14 days after the registration.

Changing the Service Password

Your bwUniCluster 2.0 password is the service password you set during the web registration (compare step 7 of chapter 1.2). At any time, you can set a new bwUniCluster 2.0 password via the registration website https://bwidm.scc.kit.edu by carrying out the following steps:

  1. Go to https://bwidm.scc.kit.edu and select your home organization
  2. Authenticate yourself via the user id / username and password provided by your home institution
  3. Find the entry bwUniCluster and select Set Service Password
  4. Enter the new password, repeat it and click Save button.
  5. If the change was successfull the message"Das Passwort wurde bei dem Dienst geändert" ("Password has been changed") will be shown
  6. Proceed to log in using the new password



Contact / Support

If you have questions or problems concerning the bwUniCluster (2.0) registration, please contact your local hotline.

Establishing network access

Access to bwUniCluster 2.0 is limited to IP addresses from the so-called BelWue networks. All home institutions of our current users are connected to BelWue, so if you are on your campus network (e.g. in your office or on the Campus WiFi) you should be able to connect to bwUniCluster 2.0 without restrictions. If you are outside of one of the BelWue networks (e.g. in your home office instead of in your campus office), a VPN connection to your home institution has to be established first (see e.g. [1] for the KIT).

Login

After finishing the web registration and making sure that you are on a network from which you have access to bwUniCluster 2.0 (e.g. by establishing a VPN connection), the HPC cluster is ready for your SSH based login. Recommended SSH clients applications are:

  • built-in command under Linux and macOS using the application terminal
  • MobaXterm under Windows


Hostnames

The main hostname required to connect to bwUniCluster 2.0 is bwunicluster.scc.kit.edu or uc2.scc.kit.edu. The system has four login nodes and we use so-called DNS round-robin scheduling to load-balance the incoming connections between the nodes. If you open multiple SSH sessions to bwUniCluster 2.0, these sessions will be established to different login nodes, so processes started in one session might not be visible in other sessions.

The older Broadwell extension partition of the former bwUniCluster 1 is connected to bwUniCluster 2.0. You can use the hostname uc1e.scc.kit.edu to connect to the login nodes of this partition.

If you need to connect to specific login nodes, you can use the following hostnames:

Hostname Node type
uc2-login1.scc.kit.edu bwUniCluster 2.0, first login node
uc2-login2.scc.kit.edu bwUniCluster 2.0, second login node
uc2-login3.scc.kit.edu bwUniCluster 2.0, third login node
uc2-login4.scc.kit.edu bwUniCluster 2.0, fourth login node
uc1e-login1.scc.kit.edu Broadwell partition, first login node
uc1e-login2.scc.kit.edu Broadwell partition, second login node

Only the secure shell SSH is allowed to login. Other protocols like telnet or rlogin are not allowed for security reasons.

Usernames

Your username will be the same as the one provided by your home institution, but prefixed with two characters and an underscore indicating your home institution. For example: If you are a member of the university of Konstanz and your local username is ab1234, your username on bwUniCluster 2.0 is kn_ab1234.

The following list contains all prefixes currently in use:

Home organization <UserID>
Universität Freiburg fr_username
Universität Heidelberg hd_username
Universität Hohenheim ho_username
KIT username (without any prefix)
Universität Konstanz kn_username
Universität Mannheim ma_username
Universität Stuttgart st_username
Universität Tübingen tu_username
Universität Ulm ul_username
Hochschule Aalen aa_username
Hochschule Albstadt-Sigmaringen as_username
Hochschule Esslingen es_username
Hochschule Furtwangen hf_username
Hochschule Karlsruhe hk_username
HTWG Konstanz ht_username
Hochschule Reutlingen hr_username
Hochschule Rottenburg ro_username
Hochschule für Technik Stuttgart hs_username
Hochschule Ulm hu_username


Client application: OpenSSH

Most Unix and Unix-like operating systems like Linux, macOS and *BSD come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and the Windows Subsystem for Linux also come with a built-in OpenSSH client.

To use this client, simply open a command line terminal (the exact process differs on every operating system, but usually involves starting an application called Terminal or Command Prompt) and enter the following command to connect to bwUniCluster 2.0:

$ ssh <UserID>@bwunicluster.scc.kit.edu

If you are on a Linux or Unix system running the X Window System (X11) and want to use a GUI-based application on bwUniCluster 2.0, you can use the -X option for the ssh command to set up X11 forwarding:

$ ssh -X <UserID>@bwunicluster.scc.kit.edu

Windows users requiring X11 forwarding for graphical applications should use MobaXterm instead.

Client application: MobaXterm

The bwHPC-C5 support team strongly recommends to use MobaXterm instead of PuTTY or WinSCP on Windows. MobaXterm provides a bulit-in X11 server allowing to start GUI based software.

Start MobaXterm, fill in the following fields:

Remote name              : uc2.scc.kit.edu    # or uc1e.scc.kit.edu
Specify user name        : <UserID>
Port                     : 22

After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.


Example login process

After the connection has been initiated, a successful login process will go through the following three steps:

1. The system asks for a One-Time Password. Generate one using the Software or Hardware Token registered on the bwIDM system (see bwUniCluster 2.0 User Access/2FA Tokens) and enter it after the Your OTP: prompt.

2. The systems asks for your service password. Enter it after the Password: prompt.

3. You are greeted by the bwUniCluster 2.0 banner followed by a shell.

The result should look like this:

BwUniCluster 2.0 access login example.png


Troubleshooting

Issue: The "Your OTP:" prompt never appears and the connection hangs/times out instead

Likely cause: You are most likely not on a network from which access to the bwUniCluster 2.0 system is allowed. Please check if you might have to establish a VPN connection first.


Issue: The system asks for the One-Time Password multiple times

Likely cause: Make sure you are using the correct Software Token to generate the One-Time Password.


Issue: The system asks for the service password multiple times

Likely cause: Make sure you are using the service password set on bwIDM and not the password valid for your home institution. Unlike the bwUniCluster 1, the bwUniCluster 2.0 only accepts the service password.


Issue: There is an error message by the pam_ses_open.sh skript

Likely cause: Your account is in the "LOST_ACCESS" state because the entitlement is no longer valid, the questionaire was not filled out or there was a problem during the communication between your home institution and the central bwIDM system. Please try the following steps:

  • Log into [https:/bwidm.scc.kit.edu bwIDM], look for the bwUniCluster entry and click on Registry info. Your "Status:" should be "ACTIVE". If it is not, please wait for ten minutes since logging into the bwIDM causes a refresh and the problem might fix itself. If the status does not change to ACTIVE after a longer amount of time, please contact the support channels.



Allowed activities on login nodes

The login nodes of bwUniCluster 2.0 are the access point to the compute system and to your bwUniCluster 2.0 $HOME directory. The login nodes are shared with all the users of bwUniCluster 2.0. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • short compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

To guarantee usability for all the users of bwUniCluster 2.0 you must not run your compute jobs on the login nodes. Compute jobs must be submitted to the queueing system. Any compute job running on the login nodes will be terminated without any notice. Any long-running compilation or any long-running pre- or postprocessing of batch jobs must also be submitted to the queueing system.

SSH Keys

In contrast to the bwUniCluster 1 and many other HPC systems it is no longer possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file. Existing files will no longer be evaluated. SSH Keys have to be managed via the central bwIDM system instead. Please refer to the user guide for this functionality:

bwUniCluster 2.0 User Access/SSH Keys

First steps on bwUniCluster

First and some important steps on bwUniCluster 2.0 can be found here.

Deregistration

If you plan to permanently leave the bwUniCluster 2.0, follow the deregister checklist:

  1. Transfer all your data in $HOME and workspace to your local computer/storage and after that clear off all your data
  2. Visit https://bwidm.scc.kit.edu
    • Select your home organization from the list and click Proceed
    • Enter your home-organisational user ID / username and your home-organisational password and click Login button
    • You will be redirected back to the registration website https://bwidm.scc.kit.edu/
    • Select Registry Info of the service bwUniCluster (on the left hand side)
      BwUniCluster registration sidebar.png
    • Click Deregister

Note that Step 2 will automatically unsubscribe you from the bwunicluster mail list.