HPCE/gitea-pages
0
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Activity

Added Unix Group membership procedures

Browse Source
This commit is contained in:
caubet_m
2024-02-15 16:30:13 +01:00
parent 342f610e1a
commit ee2e65351e
8 changed files with 97 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
_data/sidebars/merlin6_sidebar.yml
View File

@ -13,9 +13,9 @@ entries:
url: /merlin6/introduction.html
- title: Code Of Conduct
url: /merlin6/code-of-conduct.html
- title: Requesting Accounts
- title: Requesting Merlin Access
url: /merlin6/request-account.html
- title: Requesting Projects
- title: Requesting Merlin Projects
url: /merlin6/request-project.html
- title: Accessing the Interactive Nodes
url: /merlin6/interactive.html

4
_data/topnav.yml
View File

@ -16,9 +16,9 @@ topnav_dropdowns:
folderitems:
- title: Introduction
url: /merlin6/introduction.html
- title: Requesting Accounts
- title: Requesting Merlin Access
url: /merlin6/request-account.html
- title: Requesting Projects
- title: Requesting Merlin Projects
url: /merlin6/request-project.html
- title: Accessing the Interactive Nodes
url: /merlin6/interactive.html

BIN
images/Access/01-request-merlin5-membership.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

BIN
images/Access/01-request-merlin6-membership.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

BIN
images/Access/01-request-unx-group-membership.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

119
pages/merlin6/01-Quick-Start-Guide/requesting-accounts.md
View File

@ -1,5 +1,5 @@
---
title: Requesting Accounts
title: Requesting Merlin Accounts
#tags:
keywords: registration, register, account, merlin5, merlin6, snow, service now
last_updated: 07 September 2022
@ -8,117 +8,32 @@ sidebar: merlin6_sidebar
permalink: /merlin6/request-account.html
---
Requesting access to the cluster must be done through **[PSI Service Now](https://psi.service-now.com/psisp)** as an
*Incident Request*. AIT and us are working on a ServiceNow integrated form to ease this process in the future.
Due to the ticket *priority* being *Low* for non-emergency requests of this kind, it might take up to 56h in the worst case until access to the cluster is granted (raise the priority if you have strong reasons for faster access) .
---
## Requesting Access to Merlin6
Access to Merlin6 is regulated by a PSI user's account being a member of the **svc-cluster_merlin6** group.
Access to Merlin6 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin6`** group. Access to this group will also grant access to older generations of Merlin (`merlin5`).
Registration for **Merlin6** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
Requesting **Merlin6** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
* Please open a ticket as *Incident Request*, with subject:
![Example: Requesting access to Merlin6]({{ "/images/Access/01-request-merlin6-membership.png" }})
```
Subject: [Merlin6] Access Request for user xxxxx
```
Mandatory customizable fields are the following:
* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
* **`Request membership for group`**, for Merlin6 the **`svc-cluster_merlin6`** must be selected.
* **`Justification`**, please add here a short justification why access to Merlin6 is necessary.
* Text content (please use always this template and fill the fields marked by `xxxxx`):
```
Dear HelpDesk,
I would like to request access to the Merlin6 cluster. This is my account information
* Last Name: xxxxx
* First Name: xxxxx
* PSI user account: xxxxx
Please add me to the following Unix groups:
* 'svc-cluster_merlin6'
Thanks,
```
---
Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.
## Requesting Access to Merlin5
Merlin5 computing nodes will be available for some time as a **best effort** service.
For accessing the old Merlin5 resources, users should belong to the **svc-cluster_merlin5** Unix Group.
Access to Merlin5 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin5`** group. Access to this group does not grant access to newer generations of Merlin (`merlin6`, `gmerlin6`, and future ones).
Registration for **Merlin5** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
Requesting **Merlin5** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
* Please open a ticket as *Incident Request*, with subject:
![Example: Requesting access to Merlin5]({{ "/images/Access/01-request-merlin5-membership.png" }})
```
Subject: [Merlin5] Access Request for user xxxxx
```
Mandatory customizable fields are the following:
* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
* **`Request membership for group`**, for Merlin5 the **`svc-cluster_merlin5`** must be selected.
* **`Justification`**, please add here a short justification why access to Merlin5 is necessary.
* Text content (please use always this template):
* Text content (please use always this template and fill the fields marked by `xxxxx`):
```
Dear HelpDesk,
I would like to request access to the Merlin5 cluster. This is my account information
* Last Name: xxxxx
* First Name: xxxxx
* PSI user account: xxxxx
Please add me to the following Unix groups:
* 'svc-cluster_merlin5'
Thanks,
```
Alternatively, if you want to request access to both Merlin5 and Merlin6, you can request it in the same ticket as follows:
* Use the template **[Requesting Access to Merlin6](##Requesting-Access-to-Merlin6)**
* Add the **``'svc-cluster_merlin5'``** Unix Group after the line containing the merlin6 group **`'svc-cluster_merlin6'`**)
---
## Requesting extra Unix groups
Some users may require to be added to some extra specific Unix groups.
* This will grant access to specific resources.
* In example, some BIO groups may belong to a specific BIO group for having access to the project area for that group.
* Supervisors should inform new users which extra groups are needed for their project(s).
When requesting access to **[Merlin6](##Requesting-Access-to-Merlin6)** or **[Merlin5](##Requesting-Access-to-Merlin5)**,
these extra Unix Groups can be added in the same *Incident Request* by supplying additional lines specifying the respective Groups.
Naturally, this step can also be done later when the need arises in a separate **[PSI Service Now](https://psi.service-now.com/psisp)** ticket.
* Please open a ticket as *Incident Request*, with subject:
```
Subject: [Unix Group] Access Request for user xxxxx
```
* Text content (please use always this template):
```
Dear HelpDesk,
I would like to request membership for the Unix Groups listed below. This is my account information
* Last Name: xxxxx
* First Name: xxxxx
* PSI user account: xxxxx
List of unix groups I would like to be added to:
* unix_group_1
* unix_group_2
* ...
* unix_group_N
Thanks,
```
**Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.

103
pages/merlin6/01-Quick-Start-Guide/requesting-projects.md
View File

@ -1,5 +1,5 @@
---
title: Requesting a Project
title: Requesting a Merlin Project
#tags:
keywords: merlin project, project, snow, service now
last_updated: 07 September 2022
@ -8,17 +8,83 @@ sidebar: merlin6_sidebar
permalink: /merlin6/request-project.html
---
A project owns its own storage area which can be accessed by the storage members.
A project owns its own storage area in Merlin, which can be accessed by other group members.
Projects can receive a higher storage quota than user areas and should be the primary way of organizing bigger storage requirements
in a multi-user collaboration.
Access to a project's directories is governed by project members belonging to a common **Unix group**. You may use an existing
Unix group or you may have a new Unix group created especially for the project. The **project responsible** will be the owner of
the Unix group (this is important)!
the Unix group (*this is important*)!
The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
need to request this and provide a description of your storage needs.
This document explains how to request new Unix group, to request membership for existing groups, and the procedure for requesting a Merlin project.
## About Unix groups
Before requesting a Merlin project, it is important to have a Unix group that can be used to grant access to it to different members
of the project.
Unix groups in the PSI Active Directory (which is the PSI central database containing user and group information, and more) are defined by the `unx-` prefix, followed by a name.
In general, PSI employees working on Linux systems (including HPC clusters, like Merlin) can request for a non-existing Unix group, and can become responsible for managing it.
In addition, a list of administrators can be set. The administrators, together with the group manager, can approve or deny membership requests. Further information about this topic
is covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
To gran access to specific Merlin project directories, some users may require to be added to some specific **Unix groups**:
* Each Merlin project (i.e. `/data/project/{bio|general}/$projectname`) or experiment (i.e. `/data/experiment/$experimentname`) directory has access restricted by ownership and group membership (with a very few exceptions allowing public access).
* Users requiring access to a specific restricted project or experiment directory have to request membership for the corresponding Unix group owning the directory.
### Requesting a new Unix group
**If you need a new Unix group** to be created, you need to first get this group through a separate
**[PSI Service Now ticket](https://psi.service-now.com/psisp)**. **Please use the following template.**
You can also specify the login names of the initial group members and the **owner** of the group.
The owner of the group is the person who will be allowed to modify the group.
* Please open an *Incident Request* with subject:
```
Subject: Request for new unix group xxxx
```
* and base the text field of the request on this template
```
Dear HelpDesk
I would like to request a new unix group.
Unix Group Name: unx-xxxxx
Initial Group Members: xxxxx, yyyyy, zzzzz, ...
Group Owner: xxxxx
Group Administrators: aaaaa, bbbbb, ccccc, ....
Best regards,
```
### Requesting Unix group membership
Existing Merlin projects have already a Unix group assigned. To have access to a project, users must belong to the proper **Unix group** owning that project.
Supervisors should inform new users which extra groups are needed for their project(s). If this information is not known, one can check the permissions for that directory. In example:
```bash
(base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/general/$projectname
(base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/bio/$projectname
```
Requesting membership for a specific Unix group *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
![Example: Requesting Unix Group membership]({{ "/images/Access/01-request-unx-group-membership.png" }})
Once submitted, the responsible of the Unix group has to approve the request.
**Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
Further information can be found in the [Linux Documentation - Services User guide: Unix Groups / Group Management](https://linux.psi.ch/services-user-guide/unix_groups.html)
### Managing Unix Groups
Other administration operations on Unix Groups it's mainly covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
## Requesting a Merlin project
Once a Unix group is available, a Merlin project can be requested.
To request a project, please provide the following information in a **[PSI Service Now ticket](https://psi.service-now.com/psisp)**
* Please open an *Incident Request* with subject:
@ -45,28 +111,5 @@ To request a project, please provide the following information in a **[PSI Servi
Best regards,
```
**If you need a new Unix group** to be created, you need to first get this group through
a separate ***[PSI Service Now ticket](https://psi.service-now.com/psisp)**. Please
use the following template. You can also specify the login names of the initial group
members and the **owner** of the group. The owner of the group is the person who
will be allowed to modify the group.
* Please open an *Incident Request* with subject:
```
Subject: Request for new unix group xxxx
```
* and base the text field of the request on this template
```
Dear HelpDesk
I would like to request a new unix group.
Unix Group Name: unx-xxxxx
Initial Group Members: xxxxx, yyyyy, zzzzz, ...
Group Owner: xxxxx
Best regards,
```
The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
need to request this and provide a description of your storage needs.

6
pages/merlin6/99-support/faq.md
View File

@ -12,7 +12,7 @@ permalink: /merlin6/faq.html
## How do I register for Merlin?
See [Requesting Accounts](/merlin6/request-account.html).
See [Requesting Merlin Access](/merlin6/request-account.html).
## How do I get information about downtimes and updates?
@ -21,9 +21,9 @@ See [Get updated through the Merlin User list!](/merlin6/contact.html#get-update
## How can I request access to a Merlin project directory?
Merlin projects are placed in the `/data/project` directory. Access to each project is controlled by Unix group membership.
If you require access to an existing project, please request group membership as described in [Requesting extra Unix groups](/merlin6/request-account.html#requesting-extra-unix-groups).
If you require access to an existing project, please request group membership as described in [Requesting Unix Group Membership](/merlin6/request-project.html#requesting-unix-group-membership).
Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrha`).
Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrhd` for the project directory).
## Can I install software myself?