9b8feef56b1ea77f918c21d4764109aab2fa5d8d
consortium-wiki/launching-remote-schrodinger-jobs-from-maestro.md
| ... | ... | @@ -1,8 +1,7 @@ |
| 1 | 1 | # launching remote schrodinger jobs from maestro |
| 2 | 2 | |
| 3 | 3 | The maestro GUI supports running jobs on remote systems (usually ones with |
| 4 | -more computational resources). Setting this up requires 3 things: [setting up |
|
| 5 | -passwordless ssh](../boston-cmcd-faqs-and-discussion/setting-up-passwordless-ssh.md) |
|
| 4 | +more computational resources). Setting this up requires 3 things: [set up SSH with keys](faq-setting-up-key-based-ssh) |
|
| 6 | 5 | to the remote system; configuring `schrodinger.hosts` for the system; and |
| 7 | 6 | launching the jobs on the appropriate system. |
| 8 | 7 | |
| ... | ... | @@ -13,7 +12,6 @@ directory; in `$HOME/.schrodinger`. |
| 13 | 12 | |
| 14 | 13 | An example `schrodinger.hosts` file: |
| 15 | 14 | |
| 16 | - |
|
| 17 | 15 | name: localhost |
| 18 | 16 | tmpdir: /tmp/ |
| 19 | 17 | |
| ... | ... | @@ -29,7 +27,4 @@ An example `schrodinger.hosts` file: |
| 29 | 27 | To launch a job on a remote system, the name under "Host" should match the |
| 30 | 28 | `name` line for the remote system in your `schrodinger.hosts`. |
| 31 | 29 | |
| 32 | - |
|
| 33 | - |
|
| 34 | - |
|
| 35 | - |
|
| 30 | + |
faq-remote-X11-beta.md
| ... | ... | @@ -89,7 +89,7 @@ For all systems off of the sbgrid network it will be easiest if you use the [cmc |
| 89 | 89 | |
| 90 | 90 | ### Troubleshooting tips. |
| 91 | 91 | |
| 92 | -Ideally you would have already set up [SSH Without a Password](faq-setting-up-passwordless-ssh) |
|
| 92 | +Ideally you would have already set up [SSH with keys](faq-setting-up-key-based-ssh) |
|
| 93 | 93 | |
| 94 | 94 | Make sure you can ssh to the host without error. You should not need to type 'yes' for ssh keys, etc. |
| 95 | 95 |
faq-setting-up-key-based-ssh.md
| ... | ... | @@ -0,0 +1,52 @@ |
| 1 | +# Setting up key based ssh |
|
| 2 | + * ***NOTE***: All SBGrid bound Servers and Workstations on the SBGrid network in the Longwood area require 'pub' key to be ***uploaded*** to our authentication servers. Please follow the steps named "Generate SSH Keys" and "For Systems on the SBGrid network at Longwood" below. |
|
| 3 | + |
|
| 4 | + Off Quad systems (at MCB, HU, Tufts, Sanofi) please following the steps named "Generate SSH Keys" and "For Off-Quad SBGrid Systems" below. |
|
| 5 | + |
|
| 6 | +### Generating SSH Keys |
|
| 7 | + |
|
| 8 | +***We reccommend using a password for ssh keys*** |
|
| 9 | + |
|
| 10 | + 1. You can generate ssh key-pair for local workstation from a Mac or Linux terminal: `ssh-keygen -t ed25519` or `ssh-keygen -t rsa` |
|
| 11 | + 2. Press enter to accept the default location. |
|
| 12 | + 3. Enter a password for the key pair. |
|
| 13 | + 4. On both linux and Mac systems keys can be loaded with 'ssh-add .ssh/id_rsa'. You can see loaded keys with 'ssh-add -l'. The keys remain loaded until you log out. |
|
| 14 | + 5. Macintosh systems with keys in default locations should get loaded automatically when connecting to systems |
|
| 15 | + |
|
| 16 | + |
|
| 17 | +#### For Off-Quad SBGrid Systems |
|
| 18 | + 1. Copy public key (`~/.ssh/id_rsa.pub`) to remote system: `scp ~/.ssh/id_rsa.pub remotesys:~/` If this is the first connection to the remote system, type `yes` to accept the remote system key. |
|
| 19 | + 2. Login to remote system, configure remote system to trust public key: |
|
| 20 | + |
|
| 21 | + * `ssh remotesys` |
|
| 22 | + * create ~/.ssh if it doesn't exist: `mkdir ~/.ssh` |
|
| 23 | + * `cat ~/id_rsa.pub >> ~/.ssh/authorized_keys` |
|
| 24 | + * `chmod 700 ~/.ssh` |
|
| 25 | + * `chmod 640 ~/.ssh/authorized_keys` |
|
| 26 | + 3. Logout of remote system, and repeat login to check that everything works correctly. If so, `~/id_rsa.pub` can be removed from the remote system. |
|
| 27 | + |
|
| 28 | +###For Systems on the SBGrid network in Longwood Medical area |
|
| 29 | +The 'pub' key ***must*** be uploaded to our authentication servers. These examples assume you copied the pub key to your Linux home directory, you can also copy and paste the entire contents of the .pub file between systems. |
|
| 30 | + |
|
| 31 | +You will need to run these commands on **xtal200.harvard.edu**. If you are a Consortium member use shell.sbgrid.org. |
|
| 32 | + |
|
| 33 | + ipa user-mod $USER --sshpubkey="ssh-ed25519 AAAABBBBBBCCCCCZZZZZZZ qqq@mbp.local" |
|
| 34 | + |
|
| 35 | +OR |
|
| 36 | + |
|
| 37 | + ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)" |
|
| 38 | + |
|
| 39 | +For multiple keys |
|
| 40 | + |
|
| 41 | + ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)" --sshpubkey="$(cat ~/.ssh/id_ed25519.pub)"\ |
|
| 42 | + --sshpubkey="$(cat ~/.ssh/othersystem_id_rsa.pub)" |
|
| 43 | + |
|
| 44 | +If you are using csh/tcsh shell |
|
| 45 | + |
|
| 46 | + ipa user-mod $USER --sshpubkey="`cat ~/.ssh/id_rsa.pub`" |
|
| 47 | + |
|
| 48 | +If you get a 'Kerberos Credential' error you will need to enter the following command, type your password and try again. |
|
| 49 | + |
|
| 50 | + kinit $USER |
|
| 51 | + |
|
| 52 | +*Note*: The 'ipa' command is not available on most workstations, connect to xtal200.harvard.edu and perform the commands there. |
faq-setting-up-passwordless-ssh.md
| ... | ... | @@ -1,48 +0,0 @@ |
| 1 | -# Setting up password-less ssh |
|
| 2 | - * ***NOTE***: All SBGrid bound Servers and Workstations on the SBGrid network in the Longwood area require 'pub' key to be ***uploaded*** to our authentication servers. Please follow the steps named "Generate SSH Keys" and "For Systems on the SBGrid network at Longwood" below. |
|
| 3 | - |
|
| 4 | - Off Quad systems (at MCB, HU, Tufts, Sanofi) please following the steps named "Generate SSH Keys" and "For Off-Quad SBGrid Systems" below. |
|
| 5 | - |
|
| 6 | -### Generating SSH Keys |
|
| 7 | - |
|
| 8 | -***We reccommend using a password for ssh keys*** |
|
| 9 | - |
|
| 10 | - 1. You can generate ssh key-pair for local workstation from a Mac or Linux terminal: `ssh-keygen -t ed25519` or `ssh-keygen -t rsa` |
|
| 11 | - 2. Press enter to accept the default location. |
|
| 12 | - 3. Enter a password for the key pair. |
|
| 13 | - 4. On both linux and Mac systems keys can be loaded with 'ssh-add .ssh/id_rsa'. You can see loaded keys with 'ssh-add -l'. The keys remain loaded until you log out. |
|
| 14 | - 5. Macintosh systems with keys in default locations should get loaded automatically when connecting to systems |
|
| 15 | - |
|
| 16 | - |
|
| 17 | -#### For Off-Quad SBGrid Systems |
|
| 18 | - 1. Copy public key (`~/.ssh/id_rsa.pub`) to remote system: `scp ~/.ssh/id_rsa.pub remotesys:~/` If this is the first connection to the remote system, type `yes` to accept the remote system key. |
|
| 19 | - 2. Login to remote system, configure remote system to trust public key: |
|
| 20 | - |
|
| 21 | - * `ssh remotesys` |
|
| 22 | - * create ~/.ssh if it doesn't exist: `mkdir ~/.ssh` |
|
| 23 | - * `cat ~/id_rsa.pub >> ~/.ssh/authorized_keys` |
|
| 24 | - * `chmod 700 ~/.ssh` |
|
| 25 | - * `chmod 640 ~/.ssh/authorized_keys` |
|
| 26 | - 3. Logout of remote system, and repeat login to check that everything works correctly. If so, `~/id_rsa.pub` can be removed from the remote system. |
|
| 27 | - |
|
| 28 | -###For Systems on the SBGrid network at Longwood |
|
| 29 | -There is no need for ~/.ssh/authorized_keys, the file is ignored on all our linux systems on the SBGrid network at Longwood. The 'pub' key ***must*** be uploaded to our authentication servers. These examples assume you copied the pub key to your Linux home directory, you can also copy and paste the entire contents of the .pub file between systems. |
|
| 30 | - |
|
| 31 | -You will need to run these commands on **xtal200.harvard.edu**. If you are a Consortium member use shell.sbgrid.org. |
|
| 32 | - |
|
| 33 | - ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)" |
|
| 34 | - |
|
| 35 | -Or for multiple keys |
|
| 36 | - |
|
| 37 | - ipa user-mod $USER --sshpubkey="$(cat ~/.ssh/id_rsa.pub)" --sshpubkey="$(cat ~/.ssh/id_ed25519.pub)"\ |
|
| 38 | - --sshpubkey="$(cat ~/.ssh/othersystem_id_rsa.pub)" |
|
| 39 | - |
|
| 40 | -If you are using csh/tcsh shell |
|
| 41 | - |
|
| 42 | - ipa user-mod $USER --sshpubkey="`cat ~/.ssh/id_rsa.pub`" |
|
| 43 | - |
|
| 44 | -If you get a 'Kerberos Credential' error you will need to enter the following command, type your password and try again. |
|
| 45 | - |
|
| 46 | - kinit $USER |
|
| 47 | - |
|
| 48 | -*Note*: The 'ipa' command is not available on most workstations, connect to xtal200.harvard.edu and perform the commands there. |
faq-sshfs.md
| ... | ... | @@ -4,7 +4,7 @@ |
| 4 | 4 | |
| 5 | 5 | Installation requires administrative privileges. |
| 6 | 6 | |
| 7 | -Prior to installing, you should make sure that [password-less-ssh](faq-setting-up-passwordless-ssh) is configured correctly between the local system and the remote system. |
|
| 7 | +Prior to installing, you should make sure that [you can SSH with keys](faq-setting-up-key-based-ssh) |
|
| 8 | 8 | |
| 9 | 9 | 1. Download OSXFuse (`dmg`) (`pkg`) from <http://osxfuse.github.io> |
| 10 | 10 | 2. Open OSXFuse `dmg` , run installer |
| ... | ... | @@ -35,7 +35,7 @@ mkdir ~/userdocs |
| 35 | 35 | /usr/local/bin/sshfs oconnor@xtal200.harvard.edu:/nfs/userdocs /Users/oconnor/userdocs -o volname=userdocs,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3,idmap=user,auto_xattr,dev,suid,defer_permissions,noappledouble,noapplexattr |
| 36 | 36 | ``` |
| 37 | 37 | |
| 38 | -You should mount one complete filesystem from the remote site, so this would be anything listed in /nfs for example. This avoids local Apple Finder issues. We give the volume a name `volname=userdocs` (shows mount point on your desktop), add some additional options for server connections, etc. If you are using an [password-less-ssh](faq-setting-up-passwordless-ssh) you would add it's path to the IdentityFile paramater - adding `,IdentityFile=$HOME/.ssh/id_rsa` to the end of the line. |
|
| 38 | +You should mount one complete filesystem from the remote site, so this would be anything listed in /nfs for example. This avoids local Apple Finder issues. We give the volume a name `volname=userdocs` (shows mount point on your desktop), add some additional options for server connections, etc. If you are using an [key-based-ssh](faq-setting-up-key-based-ssh) you would add it's path to the IdentityFile paramater - adding `,IdentityFile=$HOME/.ssh/id_rsa` to the end of the line. |
|
| 39 | 39 | |
| 40 | 40 | ### Unmounting remote filesystems |
| 41 | 41 |
faqs.md
| ... | ... | @@ -17,7 +17,7 @@ Frequently Answered Questions |
| 17 | 17 | * [Linux Remote Access](faq-remote-access-to-linux-computers) |
| 18 | 18 | * [OS X (Apple): Find MAC Address](faq-how-to-find-mac-address-on-os-x-gui) |
| 19 | 19 | * [Running jobs after you logged off (using Screen)](faq-running-remote-jobs-after-disconnecting) |
| 20 | -* [SSH Without a Password](faq-setting-up-passwordless-ssh) |
|
| 20 | +* [SSH with keys](faq-setting-up-key-based-ssh) |
|
| 21 | 21 | * [SBGrid Software](faq-using-sbgrid-programs) |
| 22 | 22 | * [Using Crystal Email](faq-using-your-crystal-harvard-edu-email-address) |
| 23 | 23 | * [Using Google Apps](faq-using-crystal-google-apps) |