NDCMS SettingUpEnvironment

Back to NDCMS Home Page


Logging In on NDCMS CRC computers

From inside the ND network (being physically on campus) or at CERN, one can log directly into the interactive head node:

    ssh -Y username@earth.crc.nd.edu

Alternatively, if that doesn't work, try:

    /usr/bin/ssh -Y -l username earth.crc.nd.edu

From a remote location (e.g. your apartment, etc.), one must first log into one of the other CRC machines and then ssh to the earth machine.

Other CRC machines accessible from outside the ND network:

   crcfe01.crc.nd.edu 
   crcfe02.crc.nd.edu
   crcfeIB01.crc.nd.edu*

Tip: Don't forget the "-Y" option for both ssh commands if you want any X windows to show up on your screen (i.e. opening TBrowsers, histograms, etc.)

For more comfort, you can create the file ".ssh/config" on your local computer and insert an entry like

 Host earth, crcfe01, crcfe02
       HostName        %h.crc.nd.edu
       User            your_username
       ForwardX11      yes
       ForwardX11Trusted yes
       ControlMaster   auto
       ControlPath     ~/.ssh/control-%r@%h:%p

The last two lines are optional. They set up ssh to allow a second session to "tunnel" through the first one. As long as you have one ssh session open, further connections to earth do not require you to enter your password again. This should only be done for Notre Dame, as normally Kerberos authentication and ssh keys work better.

With this setup, you may type just "ssh earth" to log into earth, and likewise for crcfe01 and crcfe02.


*This machine has Infiniband and is only accessible from the campus network or VPN

Setting up environment

Note: Only the earth.crc.nd.edu machine has the software required to use CMSSW, CRAB, etc.

First login or when experiencing trouble with Condor: The first time you log into earth, set the AFS permissions of a directory to use for Condor as follows:

Your home directory needs to be readable by anyone on campus because Condor doesn't run the jobs under your username. In your home directory, do the following:

cd ~
fs sa . nd_campus rl
fs sa . system:authuser rl

If you have any subdirectories which you plan to use for Condor, you'll need to add read permissions for them as well. If you have a large number of subdirectories to modify see here.

For the directory where CRAB is going to write outputs, you need to give write permission to any user on campus. Be careful doing this. You don't want to do this for directories where someone else could make a mistake and delete important files (like your home directory). Assuming your condor directory is called "my _condor_directory", then you should do the following:

cd my_condor_directory/
fs sa . nd_campus rlidwk
fs sa . system:administrators rlidwka
fs sa . system:authuser rlidwk

You'll have to configure Condor so that any output files are stored in the specific directory to which you've granted write permissions. This will avoid possible problems in which condor does not have the correct permissions to launch jobs from your AFS space.

If you didn't do this the first time you logged in or created your Condor directory, this is fixable. See here

If you would like to switch to a more modern shell, such as bash, you need to contact the CRC to have your shell changed in their database.

If You Forgot to Set Your AFS Permissions at First Login

You can go back and set your AFS permissions recursively after the fact using the "find" command carefully:

Starting in your home directory or one of your subdirectories, you can do the following to set read permissions for all subdirectories below.

find . -type d -exec fs sa {} nd_campus rl \;
find . -type d -exec fs sa {} system:authuser rl \;

For the Condor directory and any of its subdirectories, you can use the following to set permissions correctly:

cd my_condor_directory
find . -type d -exec fs sa {} nd_campus rlidwk \;
find . -type d -exec fs sa {} system:administrators rlidwka \;
find . -type d -exec fs sa {} system:authuser rlidwk \;


--Lantonel 12:00, 25 January 2011 (EST) --Klannon 16:05, 14 June 2011 (EDT)