ComputingLogin: Difference between revisions

From Mu2eWiki
Jump to navigation Jump to search
Line 151: Line 151:
===VNC===
===VNC===


  A VNC allows you to run a desktop on a central machine and display it on your remote machine.  It disconnects and reconnects well, so can recover from dropped connections.
A VNC allows you to run a desktop on a central machine and display it on your remote machine.  It disconnects and reconnects well, so can recover from dropped connections.
*[https://www.realvnc.com/en/ VNC]
*[https://www.realvnc.com/en/ VNC]
*[https://en.wikipedia.org/wiki/Virtual_Network_Computing wikipedia]
*[https://en.wikipedia.org/wiki/Virtual_Network_Computing wikipedia]

Revision as of 13:56, 2 May 2018

Introduction

Fermilab maintains several machines for interactive login by Mu2e members. Typically all interactive work would be done on the mu2evm (GPCF) nodes. This web page describes how to log in to these machines and and a few others. We use the bash shell exclusively.

Machines

The interactive login nodes come in these groups:

  • mu2evm.fnal.gov This is a pool of virtual machines within the General Purpose Computing Farm (GPCF), the main interactive computing facility for use by the Intensity Frontier experiments. They are identical virtual quad-core machines running SL6 linux. A virtual system looks like a single machine but is actually a copy of the operating system that may share the hardware with other copies of the OS. If you login to mu2evm you will be diverted to one of the machines in the pool, currently mu2egpvm01 through 05. You can also ssh directly to one of these nodes. These machines are intended for developing, compiling and linking jobs and other general purpose uses. You can also run short jobs here - longer jobs should be submitted to the grid. These nodes mount all the disks. More background information is here:
  • mu2egpvm06.fnal.gov This is a 4-core virtual machine, the same as 1-5, but running SL7.
  • mu2ebuild01.fnal.gov This is a 16-core virtual machine setup very similarly to the other virtual machines. This machine is only for building code (running scons) and running a few simple tests on the build results. It explicitly is not for running production jobs, analysis, or anything at all that takes more than a few minutes. As soon as anyone uses the machine for running jobs, its purpose as a build machine would be defeated.
  • mu2edaq01.fnal.gov This is a 24-core virtual machine, running SL7, dedicated to developing the DAQ and triggers. Special login permission required.


  • fnalu.fnal.gov This is a legacy machine which we have access to, but it is is only used for a few very specific purposes.

You can only log in to the above nodes if you have a Fermilab computer account. The only permitted access method is ssh authenticated with a kerberos ticket, as described more below.

Logging in from Linux or Mac's

From a Unix or Mac system you need to issue the following commands to log into one of the Fermilab interactive machines:

> kinit -l 6d -f
> ssh -AKX -l your_kerberos_principal mu2egpvm01.fnal.gov

The -f argument to kinit requests a forwardable kerberos ticket; this means that when you are logged in to your target machine you can request services that ask for kerberos authentication. Otherwise you just have permission to get into the machine, not to get further authorization once there. The -AK argument to ssh requests ssh to forward your forwardable ticket. The X argument might or might not be necessary: see the next section.

If your username on your desktop/laptop is he same as your kerberos principal, you may omit the "-l your_kerberos_principal".

Mac OpenGL 3D Error

When using OPEN GL based 3D event displays on MAC OS some people will get an error message containing the string "cannot load swrast driver". When this occurs no graphics is produced. The specific circumstances in which this error has been observed are:

  • You are working on a Mac laptop or desktop.
  • You are logged into one of the Mu2e linux machines ( for example one of the mu2egpvm machines ).
  • You are running a graphics program on the linux machine that opens a graphics window on your display.
  • Your Mac is using XQuartz installed as its X11 server and the version is at least 2.7.10.
  • Two cases in which this error has been seen are:

The most general solution is:

  1. Quit XQuartz.
  2. Open a fresh Terminal window and issue the command
  3. defaults write org.macosforge.xquartz.X11 enable_iglx -bool true
  4. Restart XQuartz and open a new Terminal window (either from the Applications menu or using the cmd-N keyboard shortcut). ( It is different from the default Mac Terminal - it is really an xTerm. )
  5. Use this xTerm window to login to a mu2egpvmxx machine:
  6. ssh -KAX userID@mu2egpvmxx.fnal.gov where userID is of course your own user ID.
  7. Your 3D graphics should now work, although you may still see an initial complaint.

In the error message, "swrast" refers to software rasterization. Depending on the details of your computer, you may have a high end graphics card capable of hardware rasterization of 3D graphics. If you do not, then X11 installation needs to do software rasterization of 3D graphics (which will work but will be slower).

If you have both a low and and a high end graphics card, your Mac normally automatically switches between the two (it uses the low end card when it can in order to save energy ). However there is a bug in the automatic switching that leads to the same error as seen above. In this case a possible solution is to disable automatic switching and to always use the high end card. The instructions for this are:

  1. To see if you have video cards: open up the Apple Menu and chose “About This Mac”. Click on “System Report”. In the left hand sidebar click on Graphics/Displays. On my machine this shows:
  2. AMD Radeon R9 M370X Intel Iris Pro The first is the more powerful video card; the second is the default on-chip video “card”.
  3. If you see only one video card then these instructions are not useful; use the instructions above.
  4. Go to the System Preferences (Gear icon) and choose energy saver. At the top is a check box for automatic graphics switching. Uncheck the box.
  5. Log out of the remote linux machine; restart XQuartz; log in again into the remote linux machine and retry.

Note on Mac's

  • 9/2015 - Users switching from OSX 10.9.5 to OSX 10.10.5 have noticed that their ticket lifetime defaults to 10h instead of the 26h that is standard at the lab. The solution is to update krb5.conf. At this time, this official source was not up-to-date, so the working conf file had to be downloaded directly from the authentication experts.
  • 1/2017: Problems logging into lab Linux machines from Sierra: the lab's official answer
  • 10/2017 If running Yosemite (v10.10), you must upgrade it to Sierra (v10.12) or El Captain (v10.11) by Nov. 10, 2017.

Sierra upgrade notes from Eric Prebys.

  • Allowing remote nodes to Open a Window on your Linux or Mac Laptop or Desktop
  • Mac OS X users can acquire the X.Org X Window System disk image at xquartz.org.
  • If you use Scientific Linux Fermi (SLF) it is normally configured so that when you use ssh on your laptop to log in to a remote node ( like one of the GPCF nodes), software running on that remote node is permitted to open a new window on your laptop display. If this does not work, add the -X or -Y options to your ssh command:
> ssh -X -AK -l your_kerberos_principal mu2egpvm01.fnal.gov
  • On some very old versions of MAC OS you must run ssh from within an XTerm. If you run it from within a Terminal it will not be possible to have windows from the remote machine appear on your display.
  • kerberos ticket lifetimes on a Mac. As a linux system, a Mac may have keberos installed. You will probably need to download a custom krb5.conf.

ssh on Very Old MAC's

There were some issues related to older MACs running MAC OS X with a version earlier than Leopard. Since Snow Leopard all of these issues are resolved. Follow this link to find an explanation of how to access Fermilab machines using Macs running OS X Panther or earlier.

If you have and Apple Mac that is still running a version of OS X that is earlier than Leopard ( ie Tiger or Panther ), then there are some tricks to login in to the Fermilab machines.

The first is that some of these MACs require you to use an XTerm instead of a Terminal; if you log in using a Terminal then the Fermilab machine will not be able to open windows that appear on your laptop.

The second issue is that the version of kerberos that comes with the older Mac OS X version is not compatible with the version of kerberos installed on the FNALU nodes. The solution is to install a second version of ssh on your Mac. This installs as scp3a and ssh3a, so it does not overwrite the native ssh.

Installation packages for both Panther and Tiger are available:

http://home.fnal.gov/~mzs/fnalssh103.dmg
http://home.fnal.gov/~mzs/fnalssh104.dmg

fnalssh103.dmg is for OS X 10.3 and fnalssh104.dmg is for OS X 10.4. I believe, but am not 100% sure, that neither Leopard nor Snow Leopard require this fix.

Just use ssh3a, scp3a, and sftp3a instead of ssh, scp, and sftp after installation to connect to hosts running older versions of sshd.

It's all explained in the README file that comes with the downloads. This is probably enough for most people.

Additional information is available at the Mac section of the FNAL strong authentication site.

Logging in From PC's

Fermilab does not officially support logging in to one of the Mu2e interactive nodes from a PC. We are trying to change this. Your options are:

  • The current recommended option is to use puTTy ssh client and xming xwindows server. Unoffical but helpful links: CMS doc link link link.
  • Another option is to install cyqwin , which provides a Linux-like environment for Windows. You can install kerberized ssh in this environment. Consult with the Service Desk to learn how to configure ssh to work correctly.
  • The service desk may recommend Reflection software. You can run terminals on a remote linux host and display the terminal and other xwindows on your PC, and use ftp to move files.
  • You can install SLF as a guest virtual OS hosted by your Windows machine.
  • Purchase and install WRQ, which is X-Windows software that runs on PCs; configure it to do kerberized ssh. The Service Desk may be able to help with this configuration because they support WRQ but only for Fermilab employees. You need to pay for WRQ and non-employees are not covered by the Fermilab license.
  • You can configure your machine for dual boot and install both Linux and Windows. Boot to Linux when you wish to log in to Fermilab. This is very inconvenient if you need to switch from one OS to the other frequently.

VPN

Some web pages at the lab are restricted to viewing only on the lab network. If you are offsite and want to access one of these pages, you can use a VPN, which runs on a gateway node, authenticates you, then redirects your web traffic onto the lab network. Here is the lab VPN (use your services [email] password) and some VPN help.

Remote Desktops

VNC

A VNC allows you to run a desktop on a central machine and display it on your remote machine. It disconnects and reconnects well, so can recover from dropped connections.

Important: you must limit your history to a few days or it will fill up /tmp which freezes process on the machine. Alternatively you can redirect your history to your home area. Please don't redirect to a data disk.