Added Unix Group membership procedures

2024-02-15 16:30:13 +01:00
parent 342f610e1a
commit ee2e65351e
8 changed files with 97 additions and 139 deletions
--- a/_data/sidebars/merlin6_sidebar.yml
+++ b/_data/sidebars/merlin6_sidebar.yml
@ -13,9 +13,9 @@ entries:
      url: /merlin6/introduction.html
    - title: Code Of Conduct
      url: /merlin6/code-of-conduct.html
-    - title: Requesting Accounts
+    - title: Requesting Merlin Access
      url: /merlin6/request-account.html
-    - title: Requesting Projects
+    - title: Requesting Merlin Projects
      url: /merlin6/request-project.html
    - title: Accessing the Interactive Nodes
      url: /merlin6/interactive.html
--- a/_data/topnav.yml
+++ b/_data/topnav.yml
@ -16,9 +16,9 @@ topnav_dropdowns:
        folderitems:
          - title: Introduction
            url: /merlin6/introduction.html
-          - title: Requesting Accounts
+          - title: Requesting Merlin Access 
            url: /merlin6/request-account.html
-          - title: Requesting Projects
+          - title: Requesting Merlin Projects
            url: /merlin6/request-project.html
          - title: Accessing the Interactive Nodes
            url: /merlin6/interactive.html
--- a/images/Access/01-request-merlin5-membership.png
+++ b/images/Access/01-request-merlin5-membership.png
--- a/images/Access/01-request-merlin6-membership.png
+++ b/images/Access/01-request-merlin6-membership.png
--- a/images/Access/01-request-unx-group-membership.png
+++ b/images/Access/01-request-unx-group-membership.png
--- a/pages/merlin6/01-Quick-Start-Guide/requesting-accounts.md
+++ b/pages/merlin6/01-Quick-Start-Guide/requesting-accounts.md
@ -1,5 +1,5 @@
 ---
-title: Requesting Accounts
+title: Requesting Merlin Accounts
 #tags:
 keywords: registration, register, account, merlin5, merlin6, snow, service now
 last_updated: 07 September 2022
@ -8,117 +8,32 @@ sidebar: merlin6_sidebar
 permalink: /merlin6/request-account.html
 ---
 Requesting access to the cluster must be done through **[PSI Service Now](https://psi.service-now.com/psisp)** as an
 *Incident Request*. AIT and us are working on a ServiceNow integrated form to ease this process in the future.
 Due to the ticket *priority* being *Low* for non-emergency requests of this kind, it might take up to 56h in the worst case until access to the cluster is granted (raise the priority if you have strong reasons for faster access) .
 ---
 ## Requesting Access to Merlin6
-Access to Merlin6 is regulated by a PSI user's account being a member of the **svc-cluster_merlin6** group.
+Access to Merlin6 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin6`** group. Access to this group will also grant access to older generations of Merlin (`merlin5`).
-Registration for **Merlin6** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
+Requesting **Merlin6** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
-* Please open a ticket as *Incident Request*, with subject:
+![Example: Requesting access to Merlin6]({{ "/images/Access/01-request-merlin6-membership.png" }})
-   ```
+Mandatory customizable fields are the following:
-   Subject: [Merlin6] Access Request for user xxxxx
+* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
-   ```
+* **`Request membership for group`**, for Merlin6 the **`svc-cluster_merlin6`** must be selected.
 * **`Justification`**, please add here a short justification why access to Merlin6 is necessary.
-* Text content (please use always this template and fill the fields marked by `xxxxx`):
+Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.
   ```
   Dear HelpDesk,
   I would like to request access to the Merlin6 cluster. This is my account information
   * Last Name: xxxxx
   * First Name: xxxxx
   * PSI user account: xxxxx
   Please add me to the following Unix groups:
    * 'svc-cluster_merlin6'
   Thanks,
   ```
 ---
 ## Requesting Access to Merlin5
-Merlin5 computing nodes will be available for some time as a **best effort** service.
+Access to Merlin5 is regulated by a PSI user's account being a member of the **`svc-cluster_merlin5`** group. Access to this group does not grant access to newer generations of Merlin (`merlin6`, `gmerlin6`, and future ones).
 For accessing the old Merlin5 resources, users should belong to the **svc-cluster_merlin5** Unix Group.
-Registration for **Merlin5** access *must be done* through **[PSI Service Now](https://psi.service-now.com/psisp)**:
+Requesting **Merlin5** access *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
-* Please open a ticket as *Incident Request*, with subject:
+![Example: Requesting access to Merlin5]({{ "/images/Access/01-request-merlin5-membership.png" }})
-   ```
+Mandatory customizable fields are the following:
-   Subject: [Merlin5] Access Request for user xxxxx
+* **`Order Access for user`**, which defaults to the logged in user. However, access for another user it's also possible.
-   ```
+* **`Request membership for group`**, for Merlin5 the **`svc-cluster_merlin5`** must be selected.
 * **`Justification`**, please add here a short justification why access to Merlin5 is necessary.
-* Text content (please use always this template):
+Once submitted, the Merlin responsible will approve the request as soon as possible (within the next few hours on working days). Once the request is approved, *it may take up to 30 minutes to get the account fully configured*.
 * Text content (please use always this template and fill the fields marked by `xxxxx`):
   ```
   Dear HelpDesk,
   I would like to request access to the Merlin5 cluster. This is my account information
   * Last Name: xxxxx
   * First Name: xxxxx
   * PSI user account: xxxxx
   Please add me to the following Unix groups:
    * 'svc-cluster_merlin5'
   Thanks,
   ```
 Alternatively, if you want to request access to both Merlin5 and Merlin6, you can request it in the same ticket as follows:
 * Use the template **[Requesting Access to Merlin6](##Requesting-Access-to-Merlin6)** 
 * Add the **``'svc-cluster_merlin5'``** Unix Group after the line containing the merlin6 group  **`'svc-cluster_merlin6'`**)
 ---
 ## Requesting extra Unix groups
 Some users may require to be added to some extra specific Unix groups.
 * This will grant access to specific resources.
   * In example, some BIO groups may belong to a specific BIO group for having access to the project area for that group.
 * Supervisors should inform new users which extra groups are needed for their project(s).
 When requesting access to **[Merlin6](##Requesting-Access-to-Merlin6)** or **[Merlin5](##Requesting-Access-to-Merlin5)**, 
 these extra Unix Groups can be added in the same *Incident Request* by supplying additional lines specifying the respective Groups.
 Naturally, this step can also be done later when the need arises in a separate **[PSI Service Now](https://psi.service-now.com/psisp)** ticket.
 * Please open a ticket as *Incident Request*, with subject:
   ```
   Subject: [Unix Group] Access Request for user xxxxx
   ```
 * Text content (please use always this template):
   ```
   Dear HelpDesk,
   I would like to request membership for the Unix Groups listed below. This is my account information
   * Last Name: xxxxx
   * First Name: xxxxx
   * PSI user account: xxxxx
   List of unix groups I would like to be added to:
    * unix_group_1
    * unix_group_2
    * ...
    * unix_group_N
   Thanks,
   ```
 **Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
--- a/pages/merlin6/01-Quick-Start-Guide/requesting-projects.md
+++ b/pages/merlin6/01-Quick-Start-Guide/requesting-projects.md
@ -1,5 +1,5 @@
 ---
-title: Requesting a Project
+title: Requesting a Merlin Project
 #tags:
 keywords: merlin project, project, snow, service now
 last_updated: 07 September 2022
@ -8,17 +8,83 @@ sidebar: merlin6_sidebar
 permalink: /merlin6/request-project.html
 ---
-A project owns its own storage area which can be accessed by the storage members.
+A project owns its own storage area in Merlin, which can be accessed by other group members.
 Projects can receive a higher storage quota than user areas and should be the primary way of organizing bigger storage requirements
 in a multi-user collaboration.
 Access to a project's directories is governed by project members belonging to a common **Unix group**. You may use an existing
 Unix group or you may have a new Unix group created especially for the project. The **project responsible** will be the owner of
-the Unix group (this is important)!
+the Unix group (*this is important*)!
-The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
+This document explains how to request new Unix group, to request membership for existing groups, and the procedure for requesting a Merlin project.
 need to request this and provide a description of your storage needs.
 ## About Unix groups
 Before requesting a Merlin project, it is important to have a Unix group that can be used to grant access to it to different members 
 of the project.
 Unix groups in the PSI Active Directory (which is the PSI central database containing user and group information, and more) are defined by the `unx-` prefix, followed by a name.
 In general, PSI employees working on Linux systems (including HPC clusters, like Merlin) can request for a non-existing Unix group, and can become responsible for managing it. 
 In addition, a list of administrators can be set. The administrators, together with the group manager, can approve or deny membership requests. Further information about this topic
 is covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
 To gran access to specific Merlin project directories, some users may require to be added to some specific **Unix groups**:
  * Each Merlin project (i.e. `/data/project/{bio|general}/$projectname`) or experiment (i.e. `/data/experiment/$experimentname`) directory has access restricted by ownership and group membership (with a very few exceptions allowing public access).
  * Users requiring access to a specific restricted project or experiment directory have to request membership for the corresponding Unix group owning the directory.
 ### Requesting a new Unix group
 **If you need a new Unix group** to be created, you need to first get this group through a separate 
 **[PSI Service Now ticket](https://psi.service-now.com/psisp)**. **Please use the following template.**
 You can also specify the login names of the initial group members and the **owner** of the group.
 The owner of the group is the person who will be allowed to modify the group.
 * Please open an *Incident Request* with subject:
   ```
   Subject: Request for new unix group xxxx
   ```
 * and base the text field of the request on this template
   ```
   Dear HelpDesk
   I would like to request a new unix group.
   Unix Group Name: unx-xxxxx
   Initial Group Members: xxxxx, yyyyy, zzzzz, ...
   Group Owner: xxxxx
   Group Administrators: aaaaa, bbbbb, ccccc, ....
   Best regards,
   ```
 ### Requesting Unix group membership
 Existing Merlin projects have already a Unix group assigned. To have access to a project, users must belong to the proper **Unix group** owning that project.
 Supervisors should inform new users which extra groups are needed for their project(s). If this information is not known, one can check the permissions for that directory. In example:
 ```bash
 (base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/general/$projectname
 (base) ❄ [caubet_m@merlin-l-001:/data/user/caubet_m]# ls -ltrhd /data/project/bio/$projectname
 ```
 Requesting membership for a specific Unix group *has to be done* with the corresponding **[Request Linux Group Membership](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=84f2c0c81b04f110679febd9bb4bcbb1)** form, available in the [PSI Service Now Service Catalog](https://psi.service-now.com/psisp).
 ![Example: Requesting Unix Group membership]({{ "/images/Access/01-request-unx-group-membership.png" }})
 Once submitted, the responsible of the Unix group has to approve the request.
 **Important note**: Requesting access to specific Unix Groups will require validation from the responsible of the Unix Group. If you ask for inclusion in many groups it may take longer, since the fulfillment of the request will depend on more people.
 Further information can be found in the [Linux Documentation - Services User guide: Unix Groups / Group Management](https://linux.psi.ch/services-user-guide/unix_groups.html)
 ### Managing Unix Groups
 Other administration operations on Unix Groups it's mainly covered in the [Linux Documentation - Services Admin Guides: Unix Groups / Group Management](https://linux.psi.ch/services-admin-guide/unix_groups.html), managed by the Central Linux Team.
 ## Requesting a Merlin project
 Once a Unix group is available, a Merlin project can be requested.
 To request a project, please provide the following information in a **[PSI Service Now ticket](https://psi.service-now.com/psisp)**
 * Please open an *Incident Request* with subject:
@ -45,28 +111,5 @@ To request a project, please provide the following information in a **[PSI Servi
   Best regards,
   ```
-**If you need a new Unix group** to be created, you need to first get this group through
+The **default storage quota** for a project is 1TB (with a maximal *Number of Files* of 1M). If you need a larger assignment, you
-a separate  ***[PSI Service Now ticket](https://psi.service-now.com/psisp)**. Please
+need to request this and provide a description of your storage needs.
 use the following template. You can also specify the login names of the initial group
 members and the **owner** of the group. The owner of the group is the person who
 will be allowed to modify the group.
 * Please open an *Incident Request* with subject:
   ```
   Subject: Request for new unix group xxxx
   ```
 * and base the text field of the request on this template
   ```
   Dear HelpDesk
   I would like to request a new unix group.
   Unix Group Name: unx-xxxxx
   Initial Group Members: xxxxx, yyyyy, zzzzz, ...
   Group Owner: xxxxx
   Best regards,
   ```
--- a/pages/merlin6/99-support/faq.md
+++ b/pages/merlin6/99-support/faq.md
@ -12,7 +12,7 @@ permalink: /merlin6/faq.html
 ## How do I register for Merlin?
-See [Requesting Accounts](/merlin6/request-account.html).
+See [Requesting Merlin Access](/merlin6/request-account.html).
 ## How do I get information about downtimes and updates?
@ -21,9 +21,9 @@ See [Get updated through the Merlin User list!](/merlin6/contact.html#get-update
 ## How can I request access to a Merlin project directory?
 Merlin projects are placed in the `/data/project` directory. Access to each project is controlled by Unix group membership.
-If you require access to an existing project, please request group membership as described in [Requesting extra Unix groups](/merlin6/request-account.html#requesting-extra-unix-groups).
+If you require access to an existing project, please request group membership as described in [Requesting Unix Group Membership](/merlin6/request-project.html#requesting-unix-group-membership).
-Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrha`).
+Your project leader or project colleagues will know what Unix group you should belong to. Otherwise, you can check what Unix group is allowed to access that project directory (simply run `ls -ltrhd` for the project directory).
 ## Can I install software myself?