search

ioos / Cloud-Sandbox

IOOS' Coastal Modeling Cloud Sandbox provides a framework for developing, modifying and running models in the cloud. It provides repeatable configurations, model code and required libraries, input data and analysis of model outputs. The Sandbox supports not only the development of services and models, but also Cloud HPC to run and validate models.
https://www-sandbox.ioos.us/
BSD 3-Clause "New" or "Revised" License
12 stars 12 forks source link

Sandbox login steps #85

Open Michael-Lalime opened 2 months ago

Michael-Lalime commented 2 months ago

This is a list of the steps I use for logging into the sandbox. *Note: if you are working in the office you might not need to connect to the VPN to access the Bastion server

Connect to the VPN

SSH into the Bastion server Using Putty:

image

SSH into the head node ssh -i ~/.ssh/ioos.pem ec2-user@...

Do science

Email from Arnold about accounts: Welcome IOOS Bastion User,

I hope this message finds you well. I am writing to inform you that you have been granted access to the IOOS Bastion (IP: ...) in the Coastal Modeling Sandbox. This access is an important part of our ongoing projects and collaborations.

Linux Username: Please note that your Linux username for accessing the Bastion is the same as the name of the Google Drive folder name being shared with you. It follows the format of your first and last name in lowercase, separated by a dot (e.g., john.doe).

Access Requirements:

  1. Connection to the ERAV VPN is mandatory before accessing the Bastion. This can be achieved using the Cisco AnyConnect client.

  2. Your SSH keys (id_rsa and id_rsa.pub) have been provided in the Google Drive folder specifically shared with your email.

Instructions for Using SSH Keys:

Windows Users:

Windows Native SSH Client:

  1. Download the id_rsa and id_rsa.pub files from your Google Drive folder.

  2. Move these files to the .ssh directory located in your user folder (e.g., C:\Users[YourUsername].ssh). If the directory does not exist, create it.

  3. Right-click on the Start button and select 'Windows PowerShell' or 'Command Prompt'.

  4. To ensure the SSH client can use your private key, set the correct permissions: Execute icacls .ssh\id_rsa /inheritance:r /grant:r "%username%:r" within the PowerShell or Command Prompt.

  5. To connect to the Bastion, use the following command: ssh [your.username]@[***.**.**.***](http://***.**.**.***/)

PuTTY Users:

  1. Download the id_rsa file from your Google Drive folder.

  2. Download and open PuTTYgen (available from the PuTTY download page).

  3. In PuTTYgen, click 'Load' and select the id_rsa file. It will prompt that it successfully imported the foreign key.

  4. Click 'Save private key' to save the key in PuTTY’s format (.ppk file). You can save it with the same name for consistency.

  5. Open PuTTY, enter the Host Name ***.**.**.*** and ensure the Port is set to 22.

  6. Go to Connection > SSH > Auth. Under "Private key file for authentication:", browse and select your .ppk file.

  7. Go back to the Session page, enter a name under 'Saved Sessions', and click 'Save' to save these settings.

  8. Click 'Open' to initiate the connection. Enter your Linux username when prompted.

Important: Please handle your SSH keys with utmost care and never share them with others. These keys provide secure, encrypted access to critical systems.

Should you have any questions or require further assistance, please do not hesitate to reach out.

Michael-Lalime commented 2 months ago

@ZacharyWills I obscured the IP addresses and didn't put a screenshot of the Bastion server screen because I wasn't sure if we should show the IP addresses in here. I can change it if you think it's though.

cpaternostro commented 1 month ago

Perhaps this should be moved to be a permanent document as a README or SOP.

Michael-Lalime commented 1 month ago

@Zachary Wills - NOAA Affiliate @.***> I put the information in there for you. It does scream SOP to me when I look at it too. What do you think? Should we move it?

Michael

On Mon, May 13, 2024 at 10:20 AM Chris Paternostro @.***> wrote:

Perhaps this should be moved to be a permanent document as a README or SOP.

— Reply to this email directly, view it on GitHub https://github.com/ioos/Cloud-Sandbox/issues/85#issuecomment-2107714082, or unsubscribe https://github.com/notifications/unsubscribe-auth/AR7UUIFAGZK5IGLDVEGOIXTZCDD25AVCNFSM6AAAAABG3POR7GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBXG4YTIMBYGI . You are receiving this because you authored the thread.Message ID: @.***>

Michael-Lalime commented 1 month ago

From Jiantao Xu in CO-OPS related to accessing through the CO-OPS system Notes: Please be on CO-OPS VPN to access the IOOS cloud servers. You should use your individual ssh keys. Please reach out to Michael Lalime (michael.lalime@noaa.gov) if you haven’t received them through a shared google folder with your keys.
Bastion server (server name: ioos-bastion, IP: 137.75.95.230). Bastion server is your login node with low memory and disk space. Please only use it as a gateway to the computing nodes. Cloud computing environment head node (IP: 10.26.37.40). IMPORTANT: Currently IOOS only sets up one user account (ec2-user) on the head node, which means all people use the same account to access the computing environment. Therefore, after you access this server, please don't delete any files/folders that are not created by you. Please create your own folder under the CO-OPS directory and work under your folder only. IOOS will create a CO-OPS working group and look into individual accounts.

For Windows with Tectia: 1) Download "id_rsa" and "id_rsa.pub" from the Google Drive folder (Please refer to Notes No. 2 above). 2) Save the files "id_rsa" and "id_rsa.pub" to C:\Users[first.last|YourAccount]\AppData\Roaming\SSH\UserKeys\ 3) Add a profile in Tectia. i) From the Tectia window, click on Profiles, then Add Profile…. ii) Then as shown in the following figure, type in the Profile name (you can choose a different name), hostname (exactly as it appears) and your user name, and click OK.

Tectia_1

4) From the Tectia window, click profiles from the menu and choose the profile name you choose for the IOOS bastion and you will be connected to the bastion.

Tectia_2

5) Now you’re on the IOOS Bastion server. At the command line, type the following command to connect to the head node where you can carry out all your development and testing work: ssh -i ~/.ssh/ioos.pem -o IdentitiesOnly=yes ec2-user@10.26.37.40 You may or may not need the option in red depending on the Tectia configuration. For convenience, the IOOS team also saved the command in a script east2b.sh under your home directory and you can run the script directly to connect to the head node. IOOS also created a script called IOeast2b.sh that contains the -o IdentitiesOnly=yes option in case you need to use that option. So you can use either ./east2b.sh or ./IOeast2b.sh to connect to the head node.

For Linux/Unix (For CO-OPS modeling team, this will be ofswork-east1): 1) Download "id_rsa" and "id_rsa.pub" from the Google Drive folder. 2) Save the files "id_rsa" and "idrsa.pub" to your "work-east" server directory ".ssh" under your home account, and change these two files' permission by typing command: chmod 600 ~/.ssh/id* 3) At the command line, type the following command to connect to IOOS bastion: ssh -i ~/.ssh/id_rsa first.last@137.75.95.230 Replace first.last with your account information. First time when you access, please type "yes" to save the information. Once you answer "yes" for the first time, this question should never appear again. 4) Now you’re on the IOOS Bastion server. At the command line, type the following command to connect to the head node where you can carry out all your development and testing work: ssh -i ~/.ssh/ioos.pem ec2-user@10.26.37.40