Added Unix Group membership procedures
This commit is contained in:
@ -13,9 +13,9 @@ entries:
|
||||
url: /merlin6/introduction.html
|
||||
- title: Code Of Conduct
|
||||
url: /merlin6/code-of-conduct.html
|
||||
- title: Requesting Accounts
|
||||
- title: Requesting Merlin Access
|
||||
url: /merlin6/request-account.html
|
||||
- title: Requesting Projects
|
||||
- title: Requesting Merlin Projects
|
||||
url: /merlin6/request-project.html
|
||||
- title: Accessing the Interactive Nodes
|
||||
url: /merlin6/interactive.html
|
||||
|
@ -16,9 +16,9 @@ topnav_dropdowns:
|
||||
folderitems:
|
||||
- title: Introduction
|
||||
url: /merlin6/introduction.html
|
||||
- title: Requesting Accounts
|
||||
- title: Requesting Merlin Access
|
||||
url: /merlin6/request-account.html
|
||||
- title: Requesting Projects
|
||||
- title: Requesting Merlin Projects
|
||||
url: /merlin6/request-project.html
|
||||
- title: Accessing the Interactive Nodes
|
||||
url: /merlin6/interactive.html
|
||||
|
BIN
images/Access/01-request-merlin5-membership.png
Normal file
BIN
images/Access/01-request-merlin5-membership.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 68 KiB |
BIN
images/Access/01-request-merlin6-membership.png
Normal file
BIN
images/Access/01-request-merlin6-membership.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 68 KiB |
BIN
images/Access/01-request-unx-group-membership.png
Normal file
BIN
images/Access/01-request-unx-group-membership.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 66 KiB |
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Requesting Accounts
|
||||
title: Requesting Merlin Accounts
|
||||
#tags:
|
||||
keywords: registration, register, account, merlin5, merlin6, snow, service now
|
||||
last_updated: 07 September 2022
|
||||
@ -8,117 +8,32 @@ sidebar: merlin6_sidebar
|
||||
permalink: /merlin6/request-account.html
|
||||
---
|
||||
|
||||
Requesting access to the cluster must be done through **[PSI Service Now](https://psi.service-now.com/psisp)** as an
|
||||
*Incident Request*. AIT and us are working on a ServiceNow integrated form to ease this process in the future.
|
||||
|
||||
Due to the ticket *priority* being *Low* for non-emergency requests of this kind, it might take up to 56h in the worst case until access to the cluster is granted (raise the priority if you have strong reasons for faster access) .
|
||||
|
||||
---
|
||||
|
||||
## Requesting Access to Merlin6
|
||||
|
||||
Access to Merlin6 is regulated by a PSI user's account being a member of the **svc-cluster_merlin6** group.
|
||||
Access to Merlin6 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin6`** group. Access to this group will also grant access to older generations of Merlin (`merlin5`).
|
||||
|
||||
Registration for **Merlin6** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
|
||||
Requesting **Merlin6** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
|
||||
|
||||
* Please open a ticket as *Incident Request*, with subject:
|
||||

|
||||
|
||||
```
|
||||
Subject: [Merlin6] Access Request for user xxxxx
|
||||
```
|
||||
Mandatory customizable fields are the following:
|
||||
* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
|
||||
* **`Request membership for group`**, for Merlin6 the **`svc-cluster_merlin6`** must be selected.
|
||||
* **`Justification`**, please add here a short justification why access to Merlin6 is necessary.
|
||||
|
||||
* Text content (please use always this template and fill the fields marked by `xxxxx`):
|
||||
|
||||
```
|
||||
Dear HelpDesk,
|
||||
|
||||
I would like to request access to the Merlin6 cluster. This is my account information
|
||||
* Last Name: xxxxx
|
||||
* First Name: xxxxx
|
||||
* PSI user account: xxxxx
|
||||
|
||||
Please add me to the following Unix groups:
|
||||
* 'svc-cluster_merlin6'
|
||||
|
||||
Thanks,
|
||||
|
||||
```
|
||||
|
||||
---
|
||||
Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.
|
||||
|
||||
## Requesting Access to Merlin5
|
||||
|
||||
Merlin5 computing nodes will be available for some time as a **best effort** service.
|
||||
For accessing the old Merlin5 resources, users should belong to the **svc-cluster_merlin5** Unix Group.
|
||||
Access to Merlin5 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin5`** group. Access to this group does not grant access to newer generations of Merlin (`merlin6`, `gmerlin6`, and future ones).
|
||||
|
||||
Registration for **Merlin5** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
|
||||
Requesting **Merlin5** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
|
||||
|
||||
* Please open a ticket as *Incident Request*, with subject:
|
||||

|
||||
|
||||
```
|
||||
Subject: [Merlin5] Access Request for user xxxxx
|
||||
```
|
||||
Mandatory customizable fields are the following:
|
||||
* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
|
||||
* **`Request membership for group`**, for Merlin5 the **`svc-cluster_merlin5`** must be selected.
|
||||
* **`Justification`**, please add here a short justification why access to Merlin5 is necessary.
|
||||
|
||||
* Text content (please use always this template):
|
||||
|
||||
* Text content (please use always this template and fill the fields marked by `xxxxx`):
|
||||
|
||||
```
|
||||
Dear HelpDesk,
|
||||
|
||||
I would like to request access to the Merlin5 cluster. This is my account information
|
||||
* Last Name: xxxxx
|
||||
* First Name: xxxxx
|
||||
* PSI user account: xxxxx
|
||||
|
||||
Please add me to the following Unix groups:
|
||||
* 'svc-cluster_merlin5'
|
||||
|
||||
Thanks,
|
||||
|
||||
```
|
||||
|
||||
Alternatively, if you want to request access to both Merlin5 and Merlin6, you can request it in the same ticket as follows:
|
||||
* Use the template **[Requesting Access to Merlin6](##Requesting-Access-to-Merlin6)**
|
||||
* Add the **``'svc-cluster_merlin5'``** Unix Group after the line containing the merlin6 group **`'svc-cluster_merlin6'`**)
|
||||
|
||||
---
|
||||
|
||||
## Requesting extra Unix groups
|
||||
|
||||
Some users may require to be added to some extra specific Unix groups.
|
||||
* This will grant access to specific resources.
|
||||
* In example, some BIO groups may belong to a specific BIO group for having access to the project area for that group.
|
||||
* Supervisors should inform new users which extra groups are needed for their project(s).
|
||||
|
||||
When requesting access to **[Merlin6](##Requesting-Access-to-Merlin6)** or **[Merlin5](##Requesting-Access-to-Merlin5)**,
|
||||
these extra Unix Groups can be added in the same *Incident Request* by supplying additional lines specifying the respective Groups.
|
||||
|
||||
Naturally, this step can also be done later when the need arises in a separate **[PSI Service Now](https://psi.service-now.com/psisp)** ticket.
|
||||
|
||||
* Please open a ticket as *Incident Request*, with subject:
|
||||
|
||||
```
|
||||
Subject: [Unix Group] Access Request for user xxxxx
|
||||
```
|
||||
|
||||
* Text content (please use always this template):
|
||||
|
||||
```
|
||||
Dear HelpDesk,
|
||||
|
||||
I would like to request membership for the Unix Groups listed below. This is my account information
|
||||
* Last Name: xxxxx
|
||||
* First Name: xxxxx
|
||||
* PSI user account: xxxxx
|
||||
|
||||
List of unix groups I would like to be added to:
|
||||
* unix_group_1
|
||||
* unix_group_2
|
||||
* ...
|
||||
* unix_group_N
|
||||
|
||||
Thanks,
|
||||
```
|
||||
|
||||
**Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
|
||||
Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Requesting a Project
|
||||
title: Requesting a Merlin Project
|
||||
#tags:
|
||||
keywords: merlin project, project, snow, service now
|
||||
last_updated: 07 September 2022
|
||||
@ -8,17 +8,83 @@ sidebar: merlin6_sidebar
|
||||
permalink: /merlin6/request-project.html
|
||||
---
|
||||
|
||||
A project owns its own storage area which can be accessed by the storage members.
|
||||
A project owns its own storage area in Merlin, which can be accessed by other group members.
|
||||
|
||||
Projects can receive a higher storage quota than user areas and should be the primary way of organizing bigger storage requirements
|
||||
in a multi-user collaboration.
|
||||
|
||||
Access to a project's directories is governed by project members belonging to a common **Unix group**. You may use an existing
|
||||
Unix group or you may have a new Unix group created especially for the project. The **project responsible** will be the owner of
|
||||
the Unix group (this is important)!
|
||||
the Unix group (*this is important*)!
|
||||
|
||||
The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
|
||||
need to request this and provide a description of your storage needs.
|
||||
This document explains how to request new Unix group, to request membership for existing groups, and the procedure for requesting a Merlin project.
|
||||
|
||||
## About Unix groups
|
||||
|
||||
Before requesting a Merlin project, it is important to have a Unix group that can be used to grant access to it to different members
|
||||
of the project.
|
||||
|
||||
Unix groups in the PSI Active Directory (which is the PSI central database containing user and group information, and more) are defined by the `unx-` prefix, followed by a name.
|
||||
In general, PSI employees working on Linux systems (including HPC clusters, like Merlin) can request for a non-existing Unix group, and can become responsible for managing it.
|
||||
In addition, a list of administrators can be set. The administrators, together with the group manager, can approve or deny membership requests. Further information about this topic
|
||||
is covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
|
||||
|
||||
To gran access to specific Merlin project directories, some users may require to be added to some specific **Unix groups**:
|
||||
* Each Merlin project (i.e. `/data/project/{bio|general}/$projectname`) or experiment (i.e. `/data/experiment/$experimentname`) directory has access restricted by ownership and group membership (with a very few exceptions allowing public access).
|
||||
* Users requiring access to a specific restricted project or experiment directory have to request membership for the corresponding Unix group owning the directory.
|
||||
|
||||
### Requesting a new Unix group
|
||||
|
||||
**If you need a new Unix group** to be created, you need to first get this group through a separate
|
||||
**[PSI Service Now ticket](https://psi.service-now.com/psisp)**. **Please use the following template.**
|
||||
You can also specify the login names of the initial group members and the **owner** of the group.
|
||||
The owner of the group is the person who will be allowed to modify the group.
|
||||
|
||||
* Please open an *Incident Request* with subject:
|
||||
```
|
||||
Subject: Request for new unix group xxxx
|
||||
```
|
||||
|
||||
* and base the text field of the request on this template
|
||||
```
|
||||
Dear HelpDesk
|
||||
|
||||
I would like to request a new unix group.
|
||||
|
||||
Unix Group Name: unx-xxxxx
|
||||
Initial Group Members: xxxxx, yyyyy, zzzzz, ...
|
||||
Group Owner: xxxxx
|
||||
Group Administrators: aaaaa, bbbbb, ccccc, ....
|
||||
|
||||
Best regards,
|
||||
```
|
||||
|
||||
### Requesting Unix group membership
|
||||
|
||||
Existing Merlin projects have already a Unix group assigned. To have access to a project, users must belong to the proper **Unix group** owning that project.
|
||||
Supervisors should inform new users which extra groups are needed for their project(s). If this information is not known, one can check the permissions for that directory. In example:
|
||||
```bash
|
||||
(base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/general/$projectname
|
||||
(base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/bio/$projectname
|
||||
```
|
||||
|
||||
Requesting membership for a specific Unix group *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
|
||||
|
||||

|
||||
|
||||
Once submitted, the responsible of the Unix group has to approve the request.
|
||||
|
||||
**Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
|
||||
|
||||
Further information can be found in the [Linux Documentation - Services User guide: Unix Groups / Group Management](https://linux.psi.ch/services-user-guide/unix_groups.html)
|
||||
|
||||
### Managing Unix Groups
|
||||
|
||||
Other administration operations on Unix Groups it's mainly covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
|
||||
|
||||
## Requesting a Merlin project
|
||||
|
||||
Once a Unix group is available, a Merlin project can be requested.
|
||||
To request a project, please provide the following information in a **[PSI Service Now ticket](https://psi.service-now.com/psisp)**
|
||||
|
||||
* Please open an *Incident Request* with subject:
|
||||
@ -45,28 +111,5 @@ To request a project, please provide the following information in a **[PSI Servi
|
||||
Best regards,
|
||||
```
|
||||
|
||||
**If you need a new Unix group** to be created, you need to first get this group through
|
||||
a separate ***[PSI Service Now ticket](https://psi.service-now.com/psisp)**. Please
|
||||
use the following template. You can also specify the login names of the initial group
|
||||
members and the **owner** of the group. The owner of the group is the person who
|
||||
will be allowed to modify the group.
|
||||
|
||||
* Please open an *Incident Request* with subject:
|
||||
```
|
||||
Subject: Request for new unix group xxxx
|
||||
```
|
||||
|
||||
* and base the text field of the request on this template
|
||||
```
|
||||
Dear HelpDesk
|
||||
|
||||
I would like to request a new unix group.
|
||||
|
||||
Unix Group Name: unx-xxxxx
|
||||
Initial Group Members: xxxxx, yyyyy, zzzzz, ...
|
||||
Group Owner: xxxxx
|
||||
|
||||
Best regards,
|
||||
```
|
||||
|
||||
|
||||
The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
|
||||
need to request this and provide a description of your storage needs.
|
||||
|
@ -12,7 +12,7 @@ permalink: /merlin6/faq.html
|
||||
|
||||
## How do I register for Merlin?
|
||||
|
||||
See [Requesting Accounts](/merlin6/request-account.html).
|
||||
See [Requesting Merlin Access](/merlin6/request-account.html).
|
||||
|
||||
## How do I get information about downtimes and updates?
|
||||
|
||||
@ -21,9 +21,9 @@ See [Get updated through the Merlin User list!](/merlin6/contact.html#get-update
|
||||
## How can I request access to a Merlin project directory?
|
||||
|
||||
Merlin projects are placed in the `/data/project` directory. Access to each project is controlled by Unix group membership.
|
||||
If you require access to an existing project, please request group membership as described in [Requesting extra Unix groups](/merlin6/request-account.html#requesting-extra-unix-groups).
|
||||
If you require access to an existing project, please request group membership as described in [Requesting Unix Group Membership](/merlin6/request-project.html#requesting-unix-group-membership).
|
||||
|
||||
Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrha`).
|
||||
Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrhd` for the project directory).
|
||||
|
||||
## Can I install software myself?
|
||||
|
||||
|
Reference in New Issue
Block a user