LoginTutorial: Difference between revisions

From Mu2eWiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
==Authentication and First Login==


This page presumes that you have computer accounts and have completed the [[Day_1_CheckList#Computer_Accounts | the Day 1 Checklist]]. 


==Authentication and First Login==
If you are sitting at a Fermilab linux computer, you can use your kerberos principal and password login at the login screen.   
To login to the central machines at Fermilab, you will need first need your [[ComputingAccounts|accounts created]].  This process may take up to one month; so start early. This process will create three ways to authenticate to different types of Fermilab resources:
* kerberos used for loggins into central machines, among others
* a services account for email, servicedesk and other uses
* [[Authentication#Certificate|certificate authentication]], for submitting jobs, transferring and uploading data
You can read more about this at [[Authentication]], which you should at least scan before continuing.
 
If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen.  If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication.  If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with:
kinit <your user name>@FNAL.GOV
If that is successful, you can login to the central systems:
  ssh <username>@mu2egpvm01.fnal.gov


If you have problems, please look through [[Authentication]] and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file.
If you are sitting at your own computer or a university computer that is a unix computer or a Mac, follow the instructions at [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s]].


If you are on a windows laptop, you will want to install [[ComputingLogin#Logging_in_From_PC.27s|Putty and xming]]. PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop. If you are on a Mac, see [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s|Mac's]].
If you have issues, the first two guesses are:
* Your /etc/krb5.conf file is not compliant with Fermilab requirements. See [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s]].
* You have recently installed code form anaconda, miniconda or condaforge, which overwrites the default kerberos with their kerberos. See [[ComputingLogin#Anaconda]].


You probably want to try out your email, by going to email.fnal.gov and putting in your services passwordSome official communications are sent only to this address so check it regularly or forward it to a preferred account.
If you still have problems the places to look are, [[ComputingLogin]], [[Authentication]], or [[ErrorRecovery]]You can also ask a colleague or post a question on the [[Communications_and_Collaborative_Tools#Slack | Mu2e slack channel is_it_me_or_a_bug]].


OK, from here on we will assume you are on a central machine.
If you are otherwise on a Windows machine, follow the instructions at [[ComputingLogin#Logging_in_From_PC.27s]].  PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop.


You can see your ticket with the '''klist''' command:
On your local machine or on the central machine, you can see the status of your kerberos ticket with the '''klist''' command:
<pre>
<pre>
  > klist
  > klist
Line 31: Line 25:
         renew until 06/25/19 12:58:50
         renew until 06/25/19 12:58:50
</pre>
</pre>
If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''.
If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''. If you '''kinit''' on the central machine it will extend only that session.  If you  '''kinit'' on your local machine, you can start new sessions but it won't extend any existing sessions.
 
==Preparing the Mu2e Environment==
Please make sure your bash login scripts follow the recommendations in [[Shells]], in particular, your <code>.bash_profile</code> should have the line:
source /cvmfs/fermilab.opensciencegrid.org/products/common/etc/setups.sh
You can see that this worked if you get the following
> printenv PRODUCTS
/cvmfs/fermilab.opensciencegrid.org/products/common/db
 
You now have the [[UPS]] system ready to use.  UPS is a Fermilab package which allows you to access other UPS products in the UPS system.  UPS commands do things like put executables in your path, and set environmental variables.  The available products include code tools, analysis products, and access to grid computing.
 
The next step is to execute a UPS command to set the Mu2e environment.
setup mu2e
 
The main effect is to define PRODUCTS environmental variable:
<pre>
> printenv PRODUCTS | tr ":" "\n"
/cvmfs/mu2e.opensciencegrid.org/artexternals
/cvmfs/fermilab.opensciencegrid.org/products/common/db
</pre>
all the UPS products are under these directories and further setup commands can add them to your environment.
 
In addition, the <code>setup mu2e</code> command has set a few environmental variables for you
> printenv MU2E
/cvmfs/mu2e.opensciencegrid.org
> printenv MU2E_DATA_PATH
/cvmfs/mu2e.opensciencegrid.org/DataFiles
 
and setup two more UPS products:
# a modern version of git
# the Mu2e code build scripts, called [[Muse]]
you can see this with
> ups active
Active ups products:
git              v2_31_1        -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
muse              v2_07_00        -f NULL                                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
ups              v6_0_8          -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
The exact versions you see will probably be different, since new versions come out fairly regularly.
 
 
==Proxies==


You can use your kerberos identity to invoke your certificate identity with '''kx509'''.
You can use your kerberos identity to invoke your certificate identity with '''kx509'''.
Line 65: Line 99:
==Mu2e Machines==
==Mu2e Machines==
There are several Mu2e dedicated [[ComputingLogin#Machines|machines]] (actually virtual machines).
There are several Mu2e dedicated [[ComputingLogin#Machines|machines]] (actually virtual machines).
* mu2egpvm01,2,3,4,5 general purpose machines with SL6 operating system
* mu2egpvm01,2,3,4,5,6 general purpose machines with SL7 operating system
* mu2egpvm06 general purpose machines with SL7 operating system
* mu2egpvm07 general purpose machines with AL9 operating system; as of October 2023 Mu2e software does not yet run on AL9.
* mu2ebuild01 machine to compile code
* mu2ebuild01 machine to build large repositories.
By "general purpose" we mean running executables for a short time, or making and viewing histograms, or writing notes.  These machines have 4 cores.  The build machine, mu2ebuild01 has 16 cores so it can compile the entire Mu2e code in a reasonable time, about 11 min.
By "general purpose" we mean running executables for a short time, or making and viewing histograms, or writing notes.  These machines have 4 cores.  The build machine, mu2ebuild01 has 16 cores so it can compile the entire Mu2e code in a reasonable time, about 11 min.


Line 142: Line 176:
  ls -l /cvmfs/mu2e.opensciencegrid.org/Offline
  ls -l /cvmfs/mu2e.opensciencegrid.org/Offline
cvmfs acts like a ready-only disk.  It is actually a set of clients, servers, and databases.  Anywhere the client is run, the identical /cvmfs disk appears on the node and can be read by the users.  So this is perfect for distributing code to interactive machines, grid worker nodes, and universities.
cvmfs acts like a ready-only disk.  It is actually a set of clients, servers, and databases.  Anywhere the client is run, the identical /cvmfs disk appears on the node and can be read by the users.  So this is perfect for distributing code to interactive machines, grid worker nodes, and universities.
==Setup Code==
Please make sure your bash login scripts follow the recommendations in [[Shells]], in particular, your <code>.bash_profile</code> executes
source /cvmfs/fermilab.opensciencegrid.org/products/common/etc/setups.sh
You can see that this worked if you get the following
> printenv PRODUCTS
/cvmfs/fermilab.opensciencegrid.org/products/common/db
You now have the [[UPS]] system ready to use.  UPS is a Fermilab package which allows you to access other UPS products in the UPS system.  UPS commands do things like put executables in your path, and set environmental variables.  The available products include code tools, analysis products, and access to grid computing.
The next step is to execute a UPS command to set the Mu2e environment.
setup mu2e
The main effect is to define PRODUCTS environmental variable:
<pre>
> printenv PRODUCTS | tr ":" "\n"
/cvmfs/mu2e.opensciencegrid.org/artexternals
/cvmfs/fermilab.opensciencegrid.org/products/common/db
</pre>
all the UPS products are under these directories and further setup commands can add them to your environment.
In addition, the <code>setup mu2e</code> command has set a few environmental variables for you
> printenv MU2E
/cvmfs/mu2e.opensciencegrid.org
> printenv MU2E_DATA_PATH
/cvmfs/mu2e.opensciencegrid.org/DataFiles
and setup two more UPS products:
# a modern version of git
# the Mu2e code build scripts, called [[Muse]]
you can see this with
> ups active
Active ups products:
git              v2_31_1        -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
muse              v2_07_00        -f NULL                                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
ups              v6_0_8          -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
The exact versions you see will probably be different, since new versions come out fairly regularly.




[[Category:Computing]]
[[Category:Computing]]
[[Category:Tutorial]]
[[Category:Tutorial]]

Revision as of 03:23, 3 October 2023

Authentication and First Login

This page presumes that you have computer accounts and have completed the the Day 1 Checklist.

If you are sitting at a Fermilab linux computer, you can use your kerberos principal and password login at the login screen.

If you are sitting at your own computer or a university computer that is a unix computer or a Mac, follow the instructions at ComputingLogin#Logging_in_from_Linux_or_Mac.27s.

If you have issues, the first two guesses are:

If you still have problems the places to look are, ComputingLogin, Authentication, or ErrorRecovery. You can also ask a colleague or post a question on the Mu2e slack channel is_it_me_or_a_bug.

If you are otherwise on a Windows machine, follow the instructions at ComputingLogin#Logging_in_From_PC.27s. PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop.

On your local machine or on the central machine, you can see the status of your kerberos ticket with the klist command:

 > klist
Ticket cache: FILE:/tmp/krb5cc_1311_xShHU10541
Default principal: rlc@FNAL.GOV

Valid starting     Expires            Service principal
06/18/19 12:58:54  06/19/19 14:58:50  krbtgt/FNAL.GOV@FNAL.GOV
        renew until 06/25/19 12:58:50

If you stay logged on overnight, it will expire and you will need to renew it with kinit'. If you kinit on the central machine it will extend only that session. If you kinit on your local machine, you can start new sessions but it won't extend any existing sessions.

Preparing the Mu2e Environment

Please make sure your bash login scripts follow the recommendations in Shells, in particular, your .bash_profile should have the line:

source /cvmfs/fermilab.opensciencegrid.org/products/common/etc/setups.sh

You can see that this worked if you get the following

> printenv PRODUCTS
/cvmfs/fermilab.opensciencegrid.org/products/common/db

You now have the UPS system ready to use. UPS is a Fermilab package which allows you to access other UPS products in the UPS system. UPS commands do things like put executables in your path, and set environmental variables. The available products include code tools, analysis products, and access to grid computing.

The next step is to execute a UPS command to set the Mu2e environment.

setup mu2e

The main effect is to define PRODUCTS environmental variable:

> printenv PRODUCTS | tr ":" "\n"
/cvmfs/mu2e.opensciencegrid.org/artexternals
/cvmfs/fermilab.opensciencegrid.org/products/common/db

all the UPS products are under these directories and further setup commands can add them to your environment.

In addition, the setup mu2e command has set a few environmental variables for you

> printenv MU2E
/cvmfs/mu2e.opensciencegrid.org
> printenv MU2E_DATA_PATH
/cvmfs/mu2e.opensciencegrid.org/DataFiles

and setup two more UPS products:

  1. a modern version of git
  2. the Mu2e code build scripts, called Muse

you can see this with

> ups active
Active ups products:
git               v2_31_1         -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
muse              v2_07_00        -f NULL                                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals
ups               v6_0_8          -f Linux64bit+3.10-2.17                    -z /cvmfs/mu2e.opensciencegrid.org/artexternals

The exact versions you see will probably be different, since new versions come out fairly regularly.


Proxies

You can use your kerberos identity to invoke your certificate identity with kx509.

 > kx509
Authorizing ...... authorized
Fetching certificate ..... fetched
Storing certificate in /tmp/x509up_u1311
Your certificate is valid until: Tue Jun 25 13:18:18 2019

You can see your cert with voms-proxy-info --all:

> voms-proxy-info --all
subject   : /DC=org/DC=cilogon/C=US/O=Fermi National Accelerator Laboratory/OU=People/CN=Raymond Culbertson/CN=UID:rlc
issuer    : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
identity  : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
type      : unknown
strength  : 2048 bits
path      : /tmp/x509up_u1311
timeleft  : 167:51:31
key usage : Digital Signature, Key Encipherment, Data Encipherment

Your certificate can be extended with information about your experiment and the roles you have access to. This can be done with a script

/cvmfs/mu2e.opensciencegrid.org/bin/vomsCert 

If you then run voms-proxy-info --all you will see your cert has gotten longer.

You will want to bring your certificate into your browsers since a few web pages, notably the Mu2e doc-db, are authenticated with the certificate. Download your cert into your browsers.

You will want to create an account on hypernews and subscribe to forums that are relevant for you. If you are working on Mu2e software you should subscribe to the following forums: "Software and Simulation" and "Help! Is it me or a bug?". If you use STNTUPLE you will also want to sign up for that forum. Speak with your colleagues to learn what other forums are relevant for you work.

Mu2e Machines

There are several Mu2e dedicated machines (actually virtual machines).

  • mu2egpvm01,2,3,4,5,6 general purpose machines with SL7 operating system
  • mu2egpvm07 general purpose machines with AL9 operating system; as of October 2023 Mu2e software does not yet run on AL9.
  • mu2ebuild01 machine to build large repositories.

By "general purpose" we mean running executables for a short time, or making and viewing histograms, or writing notes. These machines have 4 cores. The build machine, mu2ebuild01 has 16 cores so it can compile the entire Mu2e code in a reasonable time, about 11 min.

Mu2e Disks

You can read more about the Disks, but in the tutorial, we give a quick tour.

home disk

When you log in, your default directory will be your home area, which is the same for all the Mu2e centrl machines. It may or may not be the same as a linux desktop you are sitting at, depending on how it was set up.

 > pwd
/nashome/r/rlc

We recommend you use the bash shell, which you should get by default:

 > echo $SHELL
/bin/bash

to do only minor configuration of your preferences, such and alias for convenience. We have some recommendations

This disk is backed up daily.

app disk

/mu2e/app is where you will put code that you checkout compile and develop. You can create you own area:

mkdir -p /mu2e/app/users/$USER

and you should be able to write there

touch /mu2e/app/users/$USER/test

Note that you will have a finite quota on this disk, so do not put data files here (see next).

This disk is not backed up.

data disk

/mu2e/data is where you can put data files and ntuples that you are using now. You can create you own area:

mkdir -p /mu2e/data/users/$USER

and you should be able to write there

touch /mu2e/data/users/$USER/test

This space is limited, so if you are using more than 500 GB or the files are sitting there for more than a few months, you should consider putting the files on tape or dCache (see next).

This disk is not backed up.

dCache

dCache is a system of software, databases, and disk servers that are design to present a huge amount of disk, spread over many machines, as a single simple disk system. We will cover these area in more depth in future tutorials, but as an overview, dCache has three main parts:

  • tape-backed If files are written here, they are copied to tape. These file might disappear off disk if they are not used, and can be restored to disk from tape, as needed. You will only write here using specific tools.
> ls -l /pnfs/mu2e/tape/phy-sim/sim/mu2e/DS-beam/MDC2018a/art/ff/f7/sim.mu2e.DS-beam.MDC2018a.001002_00373598.art 
-rw-r--r-- 1 mu2epro mu2e 34186158 May 24  2018 /pnfs/mu2e/tape/phy-sim/sim/mu2e/DS-beam/MDC2018a/art/ff/f7/sim.mu2e.DS-beam.MDC2018a.001002_00373598.art
  • persistant Files written here are not automatically purged and are not copied to tape, so the space must be managed. Currenlty we only allow writing here in specific cases.
> ls -l /pnfs/mu2e/persistent/datasets/phy-etc/cnf/mu2e/CeEndpoint/MDC2018b/fcl/00/04/cnf.mu2e.CeEndpoint.MDC2018b.001002_00000025.fcl 
-rw-r--r-- 1 mu2epro mu2e 690 Aug 27  2018 /pnfs/mu2e/persistent/datasets/phy-etc/cnf/mu2e/CeEndpoint/MDC2018b/fcl/00/04/cnf.mu2e.CeEndpoint.MDC2018b.001002_00000025.fcl
  • scratch You can write as much data here as you would like. As space is needed, file that have not be recently accessed will be deleted to make room. You can expect untouched files to last a month, but we have seen shorter times, under special circumstances.

Create your scratch directory:

mkdir -p /pnfs/mu2e/scratch/users/$USER

and you should be able to write there

touch /pnfs/mu2e/scratch/users/$USER/test

and copy a file there:

cp /pnfs/mu2e/persistent/datasets/phy-etc/cnf/mu2e/CeEndpoint/MDC2018b/fcl/00/04/cnf.mu2e.CeEndpoint.MDC2018b.001002_00000025.fcl \
 /pnfs/mu2e/scratch/users/$USER

There a are few important notes about dCache you should know right from the beginning.

  • dCache is not a file system - it is an nfs server backed by a database. This means simple disk commands such as "find" can cause millions of database queries and try up resources for hours. Only explore one directory at a time. Even using "ls" and not "ls -l" can be much faster.
  • You cannot modify files on dCache, only write and read them. If you open a dCache file with an editor, it will come up read-only. The system is designed to be a large data cache, not an interactive disk. All your code should be in your home area or /mu2e/app.

cvmfs

We store code on the cvmfs disk. software packages from outside Mu2e:

ls -l /cvmfs/mu2e.opensciencegrid.org/artexternals

and pre-built Mu2e code versions:

ls -l /cvmfs/mu2e.opensciencegrid.org/Offline

cvmfs acts like a ready-only disk. It is actually a set of clients, servers, and databases. Anywhere the client is run, the identical /cvmfs disk appears on the node and can be read by the users. So this is perfect for distributing code to interactive machines, grid worker nodes, and universities.