BwUniCluster2.0/Login

From bwHPC Wiki
< BwUniCluster2.0
Revision as of 09:29, 7 October 2022 by P Schuhmacher (talk | contribs) (P Schuhmacher moved page BwUniCluster 2.0 Login to BwUniCluster2.0/Login: Restructuring bwUniCluster pages into subpages)
Jump to navigation Jump to search
Attention.svg

Access to bwUniCluster 2.0 is limited to IP addresses from the BelWü network. All home institutions of our current users are connected to BelWü, so if you are on your campus network (e.g. in your office or on the Campus WiFi) you should be able to connect to bwUniCluster 2.0 without restrictions. If you are outside one of the BelWü networks (e.g. at home), a VPN connection to the home institution or a connection to an SSH jump host at the home institution must be established first.

After finishing the web registration and making sure that you are on a network from which you have access to bwUniCluster 2.0 (e.g. by establishing a VPN connection), the HPC cluster is ready for your SSH based login. Recommended SSH clients applications are:

  • the ssh (OpenSSH) command included in all Linux distributions and macOS, -in command under Linux and macOS using the application terminal
  • MobaXterm under Windows

Hostnames

The main hostname required to connect to bwUniCluster 2.0 is bwunicluster.scc.kit.edu or uc2.scc.kit.edu. The system has four login nodes and we use so-called DNS round-robin scheduling to load-balance the incoming connections between the nodes. If you open multiple SSH sessions to bwUniCluster 2.0, these sessions will be established to different login nodes, so processes started in one session might not be visible in other sessions.

The older Broadwell extension partition of the former bwUniCluster 1 is connected to bwUniCluster 2.0.

If you need to connect to specific login nodes, you can use the following hostnames:

Hostname Node type
uc2-login1.scc.kit.edu bwUniCluster 2.0, first login node
uc2-login2.scc.kit.edu bwUniCluster 2.0, second login node
uc2-login3.scc.kit.edu bwUniCluster 2.0, third login node
uc2-login4.scc.kit.edu bwUniCluster 2.0, fourth login node

Only the secure shell SSH is allowed to login. Other protocols like telnet or rlogin are not allowed for security reasons.

Usernames

Your username will be the same as the one provided by your home institution, but prefixed with two characters and an underscore indicating your home institution. For example: If you are a member of the university of Konstanz and your local username is ab1234, your username on bwUniCluster 2.0 is kn_ab1234.

The following list contains all prefixes currently in use:

Home organization <UserID>
Universität Freiburg fr_username
Universität Heidelberg hd_username
Universität Hohenheim ho_username
KIT username (without any prefix)
Universität Konstanz kn_username
Universität Mannheim ma_username
Universität Stuttgart st_username
Universität Tübingen tu_username
Universität Ulm ul_username
Hochschule Aalen aa_username
Hochschule Albstadt-Sigmaringen as_username
Hochschule Esslingen es_username
Hochschule Heilbronn hn_username
Hochschule Karlsruhe hk_username
HTWG Konstanz ht_username
Hochschule Mannheim mn_username
Hochschule Offenburg of_username
Hochschule Reutlingen hr_username
Hochschule Rottenburg ro_username
Hochschule für Technik Stuttgart hs_username
Hochschule Ulm hu_username

Client application: OpenSSH

Most Unix and Unix-like operating systems like Linux, macOS and *BSD come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and the Windows Subsystem for Linux also come with a built-in OpenSSH client.

To use this client, simply open a command line terminal (the exact process differs on every operating system, but usually involves starting an application called Terminal or Command Prompt) and enter the following command to connect to bwUniCluster 2.0:

$ ssh <UserID>@bwunicluster.scc.kit.edu

If you are on a Linux or Unix system running the X Window System (X11) and want to use a GUI-based application on bwUniCluster 2.0, you can use the -X option for the ssh command to set up X11 forwarding:

$ ssh -X <UserID>@uc2.scc.kit.edu

Windows users requiring X11 forwarding for graphical applications should use MobaXterm instead.

Client application: MobaXterm

The bwHPC-C5 support team strongly recommends to use MobaXterm instead of PuTTY or WinSCP on Windows. MobaXterm provides a built-in X11 server allowing to start GUI based software.

Start MobaXterm, fill in the following fields:

Remote name              : uc2.scc.kit.edu
Specify user name        : <UserID>
Port                     : 22

After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.

Client application: FileZilla

Many GUI applications that support SFTP transfers on Linux don't work well with 2-factor authentification, e.g. Nautilus and Dolphin don't support it. A good alternative for Linux is FileZilla.

Start FileZilla, Select "File -> Site Manager..." from the main menu and set up a new connection with the following settings:

Protocol: SFTP - SSH File Transfer Protocol
Host: uc2.scc.kit.edu
Logon Typ: Interactive
User: <UserID>

Then click on the "Connect" button.

Files can be transferred between the local system and the cluster by navigating to the respective folders in the split file view and then either dragging files and folders between the views or by clicking on a file/folder with the right mouse button and then selecting "Upload" or "Download" from the menu.

Note: If no data is sent or received FileZilla will close the connection after 20 seconds by default. This timeout can be changed in the FileZilla settings: Setting -> Timeout.

Example login process

After the connection has been initiated, a successful login process will go through the following three steps:

1. The system asks for a One-Time Password. Generate one using the Software or Hardware Token registered on the bwIDM system (see Registration/2FA) and enter it after the Your OTP: prompt.

2. The systems asks for your service password. Enter it after the Password: prompt.

3. You are greeted by the bwUniCluster 2.0 banner followed by a shell.

The result should look like this:

BwUniCluster 2.0 access login example.png

Troubleshooting

Issue: The "Your OTP:" prompt never appears and the connection hangs/times out instead

Likely cause: You are most likely not on a network from which access to the bwUniCluster 2.0 system is allowed. Please check if you might have to establish a VPN connection first.


Issue: The system asks for the One-Time Password multiple times

Likely cause: Make sure you are using the correct Software Token to generate the One-Time Password.


Issue: The system asks for the service password multiple times

Likely cause: Make sure you are using the service password set on bwIDM and not the password valid for your home institution. Unlike the bwUniCluster 1, the bwUniCluster 2.0 only accepts the service password.


Issue: There is an error message by the pam_ses_open.sh skript

Likely cause: Your account is in the "LOST_ACCESS" state because the entitlement is no longer valid, the questionaire was not filled out or there was a problem during the communication between your home institution and the central bwIDM system. Please try the following steps:

  • Log into bwIDM, look for the bwUniCluster entry and click on Registry info. Your "Status:" should be "ACTIVE". If it is not, please wait for ten minutes since logging into the bwIDM causes a refresh and the problem might fix itself. If the status does not change to ACTIVE after a longer amount of time, please contact the support channels.


Allowed activities on login nodes

The login nodes of bwUniCluster 2.0 are the access point to the compute system and to your bwUniCluster 2.0 $HOME directory. The login nodes are shared with all the users of bwUniCluster 2.0. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • short compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

To guarantee usability for all the users of bwUniCluster 2.0 you must not run your compute jobs on the login nodes. Compute jobs must be submitted to the queueing system. Any compute job running on the login nodes will be terminated without any notice. Any long-running compilation or any long-running pre- or postprocessing of batch jobs must also be submitted to the queueing system.


SSH Keys

In contrast to the bwUniCluster 1 and many other HPC systems it is no longer possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file. Existing files will no longer be evaluated. SSH Keys have to be managed via the central bwIDM system instead. Please refer to the user guide for this functionality:

Registering SSH Keys with your Cluster