Skip to content
Snippets Groups Projects
Commit 40888c33 authored by Jan Siwiec's avatar Jan Siwiec
Browse files

Merge branch 'einfra-merge-test' into 'master-test' 

master-test-merge

See merge request !359
parents ba42d447 9a574bea
No related branches found
No related tags found
1 merge request!359master-test-merge
Pipeline #24974 passed with warnings
Stage: test
Stage: build
Stage: deploy
Stage: after_test
Hide whitespace changes
Inline Side-by-side
Showing
with 336 additions and 274 deletions
docs.it4i/general/access/.gitkeep 0 → 100644
+ 1
0
View file @ 40888c33
docs.it4i/general/access/account-introduction.md 0 → 100644
+ 31
0
View file @ 40888c33
# Introduction
This section provides basic information on how to gain access to IT4Innovations Information systems and project membership.
## Account Types
There are two types of accounts on IT4Innovations:
* [**e-INFRA CZ Account**][1]
Intended for all persons affiliated with an academic institution from the Czech Republic ([eduID.cz][a]).
* [**IT4I Account**][2]
Intended for all persons who are not eligible for e-INFRA CZ account.
Once you create an account, you can use it only for communication with IT4I support and accessing the SCS information system.
If you want to access IT4I clusters, your account must also be **assigned to a project**.
For more information, see the section:
* [**Get Project Membership**][3]
if you want to become a collaborator on a project, or
* [**Get Project**][4]
if you want to become a project owner.
[1]: ./einfracz-account.md
[2]: ../obtaining-login-credentials/obtaining-login-credentials.md
[3]: ../access/project-access.md
[4]: ../applying-for-resources.md
[a]: https://www.eduid.cz/
docs.it4i/general/access/einfracz-account.md 0 → 100644
+ 40
0
View file @ 40888c33
# e-INFRA CZ Account
[e-INFRA CZ][1] is a unique research and development e-infrastructure in the Czech Republic,
which provides capacities and resources for the transmission, storage and processing of scientific and research data.
IT4Innovations has become a member of e-INFRA CZ on January 2022.
!!! important
Only persons affiliated with an academic institution from the Czech Republic ([eduID.cz][6]) are eligible for an e-INFRA CZ account.
## Request e-INFRA CZ Account
1. Go to [https://signup.e-infra.cz/fed/registrar/?vo=IT4Innovations][2]
1. Select a member academic institution you are affiliated with.
1. Fill out the e-INFRA CZ Account information (username, password and ssh key(s)).
Your account should be created in a few minutes after submitting the request.
Once your e-INFRA CZ account is created, it is propagated into IT4I systems
and can be used to access [SCS portal][3] and [Request Tracker][4].
Continue with requesting a project or project membership.
## Logging Into IT4I Services
The table below shows how different IT4I services are accessed:
| Services | Access |
| -------- | ------- |
| Clusters | SSH key |
| IS, RT, web, VPN | e-INFRA CZ login |
| Profile<br>Change&nbsp;password<br>Change&nbsp;SSH&nbsp;key | Academic institution's credentials<br>e-INFRA CZ / eduID |
You can change you profile settings at any time.
[1]: https://www.e-infra.cz/en
[2]: https://signup.e-infra.cz/fed/registrar/?vo=IT4Innovations
[3]: https://scs.it4i.cz/
[4]: https://support.it4i.cz/
[5]: ../../management/einfracz-profile.md
[6]: https://www.eduid.cz/
docs.it4i/general/access/project-access.md 0 → 100644
+ 39
0
View file @ 40888c33
# Get Project Membership
!!! note
You need to be named as a collaborator by a Primary Investigator (PI) in order to access and use the clusters.
## Authorization by Web
This is a preferred method if you have an IT4I or e-INFRA CZ account.
Log in to the [IT4I SCS portal][e] and go to the **Authorization Requests** section. Here you can submit your requests for becoming a project member. You will have to wait until the project PI authorizes your request.
## Authorization by Email
An alternative way to become a project member is on request sent via [email by the project PI][8].
[1]: https://docs.it4i.cz/general/obtaining-login-credentials/obtaining-login-credentials/#certificates-for-digital-signatures
[2]: #authorization-by-web
[3]: #alternative-way-to-personal-certificate
[4]: #certificates-for-digital-signatures
[5]: ../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
[6]: ../accessing-the-clusters/shell-access-and-data-transfer/putty.md#putty-key-generator
[7]: ../obtaining-login-credentials/certificates-faq.md
[8]: ../../obtaining-login-credentials/#authorization-by-email-an-alternative-approach
[a]: https://support.it4i.cz/rt/
[b]: mailto:support@it4i.cz
[c]: https://www.it4i.cz/cs/file/f4afe72710863f0e8d119a31389e7bfb/5422/acceptable-use-policy.pdf
[d]: http://support.it4i.cz/
[e]: https://scs.it4i.cz/
[f]: http://www.igtf.net/
[g]: https://www.eugridpma.org
[h]: https://tcs.cesnet.cz
[i]: http://www.postsignum.cz/
[j]: http://www.ica.cz/Kvalifikovany-certifikat.aspx
[k]: http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen
[l]: https://extrassl.actalis.it/portal/uapub/freemail?lang=en
[r]: https://www.it4i.cz/computing-resources-allocation/?lang=en
[s]: https://www.actalis.it/en/certificates-for-secure-electronic-mail.aspx
[t]: https://www.actalis.it/en/certificates-for-secure-electronic-mail.aspx
docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
+ 56
9
View file @ 40888c33
# SSH Key Management
# SSH
When you first create an account with IT4Innovations, you receive an SSH key with your credentials. However, you can manage your own SSH key for authentication to clusters.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
SSH uses public-private key pair for authentication, allowing users to log in without having to specify a password. The public key is placed on all computers that must allow access to the owner of the matching private key (the private key must be kept **secret**).
## Managing Your Own Key
## Private Key
1. Generate your SSH key (see the [OpenSSH Keys (UNIX)][1] or [PuTTY (Windows)][2] section).
!!! note
The path to a private key is usually /home/username/.ssh/
1. Go to [https://extranet.it4i.cz/ssp/index.php?action=changesshkey][a]
A private key file in the `id_rsa` or `*.ppk` format is present locally on local side and used for example in the Pageant SSH agent (for Windows users). The private key should always be kept in a safe place.
1. Enter your username, password and public SSH key.
An example of private key format:
1. Changes will take effect immediately.
```console
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqbo7jokygnBpG2wYa5NB45ns6+UKTNLMLHF0BO3zmRtKEElE
aGqXfbYwvXlcuRb2d9/Y5dVpCZHV0kbY3NhtVOcEIe+1ROaiU9BEsUAhMNEvgiLV
gSql4QvRO4BWPlM8+WAWXDp3oeoBh8glXyuh9teb8yq98fv1r1peYGRrW3/s4V+q
O1SQ0XY2T7rWCYRLIP6rTMXArTI35v3WU513mn7nm1fJ7oN0QgVH5b0W9V1Kyc4l
9vILHeMXxvz+i/5jTEfLOJpiRGYZYcaYrE4dIiHPl3IlbV7hlkK23Xb1US8QJr5G
ADxp1VTkHjY+mKagEfxl1hQIb42JLHhKMEGqNQIDAQABAoIBAQCkypPuxZjL+vai
UGa5dAWiRZ46P2yrwHPKpvEdpCdDPbLAc1K/CtdBkHZsUPxNHVV6eFWweW99giIY
Av+mFWC58X8asBHQ7xkmxW0cqAZRzpkRAl9IBS9/fKjO28Fgy/p+suOi8oWbKIgJ
3LMkX0nnT9oz1AkOfTNC6Tv+3SE7eTj1RPcMjur4W1Cd1N3EljLszdVk4tLxlXBS
yl9NzVnJJbJR4t01l45VfFECgYEAno1WJSB/SwdZvS9GkfhvmZd3r4vyV9Bmo3dn
XZAh8HRW13imOnpklDR4FRe98D9A7V3yh9h60Co4oAUd6N+Oc68/qnv/8O9efA+M
/neI9ANYFo8F0+yFCp4Duj7zPV3aWlN/pd8TNzLqecqh10uZNMy8rAjCxybeZjWd
DyhgywXhAoGBAN3BCazNefYpLbpBQzwes+f2oStvwOYKDqySWsYVXeVgUI+OWTVZ
eZ26Y86E8MQO+q0TIxpwou+TEaUgOSqCX40Q37rGSl9K+rjnboJBYNCmwVp9bfyj
kCLL/3g57nTSqhgHNa1xwemePvgNdn6FZteA8sXiCg5ZzaISqWAffek5AoGBAMPw
V/vwQ96C8E3l1cH5cUbmBCCcfXM2GLv74bb1V3SvCiAKgOrZ8gEgUiQ0+TfcbAbe
7MM20vRNQjaLTBpai/BTbmqM1Q+r1KNjq8k5bfTdAoGANgzlNM9omM10rd9WagL5
yuJcal/03p048mtB4OI4Xr5ZJISHze8fK4jQ5veUT9Vu2Fy/w6QMsuRf+qWeCXR5
RPC2H0JzkS+2uZp8BOHk1iDPqbxWXJE9I57CxBV9C/tfzo2IhtOOcuJ4LY+sw+y/
ocKpJbdLTWrTLdqLHwicdn8OxeWot1mOukyK2l0UeDkY6H5pYPtHTpAZvRBd7ETL
Zs2RP3KFFvho6aIDGrY0wee740/jWotx7fbxxKwPyDRsbH3+1Wx/eX2RND4OGdkH
gejJEzpk/7y/P/hCad7bSDdHZwO+Z03HIRC0E8yQz+JYatrqckaRCtd7cXryTmTR
FbvLJmECgYBDpfno2CzcFJCTdNBZFi34oJRiDb+HdESXepk58PcNcgK3R8PXf+au
OqDBtZIuFv9U1WAg0gzGwt/0Y9u2c8m0nXziUS6AePxy5sBHs7g9C9WeZRz/nCWK
+cHIm7XOwBEzDKz5f9eBqRGipm0skDZNKl8X/5QMTT5K3Eci2n+lTw==
-----END RSA PRIVATE KEY-----
```
## Public Key
A public key file in the `*.pub` format is present on the remote side and allows an access to the owner of the matching private key.
An example of public key format:
```console
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
```
## SSH Key Management
You can manage your own SSH key for authentication to clusters:
* [e-INFRA CZ account][3]
* [IT4I account][4]
[1]: ./ssh-keys.md
[2]: ./putty.md
[a]: https://extranet.it4i.cz/ssp/index.php?action=changesshkey
[3]: ../../management/einfracz-profile.md
[4]: ../../management/it4i-profile.md
docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
+ 2
48
View file @ 40888c33
......@@ -11,54 +11,8 @@ local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
!!! note
Enter a **strong** **passphrase** for securing your private key.
## Private Key
!!! note
The path to a private key is usually /home/username/.ssh/
A private key file in the `id_rsa` or `*.ppk` format is used to authenticate with the servers. A private key is present locally on local side and used for example in the Pageant SSH agent (for Windows users). The private key should always be kept in a safe place.
An example of private key format:
```console
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqbo7jokygnBpG2wYa5NB45ns6+UKTNLMLHF0BO3zmRtKEElE
aGqXfbYwvXlcuRb2d9/Y5dVpCZHV0kbY3NhtVOcEIe+1ROaiU9BEsUAhMNEvgiLV
gSql4QvRO4BWPlM8+WAWXDp3oeoBh8glXyuh9teb8yq98fv1r1peYGRrW3/s4V+q
O1SQ0XY2T7rWCYRLIP6rTMXArTI35v3WU513mn7nm1fJ7oN0QgVH5b0W9V1Kyc4l
9vILHeMXxvz+i/5jTEfLOJpiRGYZYcaYrE4dIiHPl3IlbV7hlkK23Xb1US8QJr5G
ADxp1VTkHjY+mKagEfxl1hQIb42JLHhKMEGqNQIDAQABAoIBAQCkypPuxZjL+vai
UGa5dAWiRZ46P2yrwHPKpvEdpCdDPbLAc1K/CtdBkHZsUPxNHVV6eFWweW99giIY
Av+mFWC58X8asBHQ7xkmxW0cqAZRzpkRAl9IBS9/fKjO28Fgy/p+suOi8oWbKIgJ
3LMkX0nnT9oz1AkOfTNC6Tv+3SE7eTj1RPcMjur4W1Cd1N3EljLszdVk4tLxlXBS
yl9NzVnJJbJR4t01l45VfFECgYEAno1WJSB/SwdZvS9GkfhvmZd3r4vyV9Bmo3dn
XZAh8HRW13imOnpklDR4FRe98D9A7V3yh9h60Co4oAUd6N+Oc68/qnv/8O9efA+M
/neI9ANYFo8F0+yFCp4Duj7zPV3aWlN/pd8TNzLqecqh10uZNMy8rAjCxybeZjWd
DyhgywXhAoGBAN3BCazNefYpLbpBQzwes+f2oStvwOYKDqySWsYVXeVgUI+OWTVZ
eZ26Y86E8MQO+q0TIxpwou+TEaUgOSqCX40Q37rGSl9K+rjnboJBYNCmwVp9bfyj
kCLL/3g57nTSqhgHNa1xwemePvgNdn6FZteA8sXiCg5ZzaISqWAffek5AoGBAMPw
V/vwQ96C8E3l1cH5cUbmBCCcfXM2GLv74bb1V3SvCiAKgOrZ8gEgUiQ0+TfcbAbe
7MM20vRNQjaLTBpai/BTbmqM1Q+r1KNjq8k5bfTdAoGANgzlNM9omM10rd9WagL5
yuJcal/03p048mtB4OI4Xr5ZJISHze8fK4jQ5veUT9Vu2Fy/w6QMsuRf+qWeCXR5
RPC2H0JzkS+2uZp8BOHk1iDPqbxWXJE9I57CxBV9C/tfzo2IhtOOcuJ4LY+sw+y/
ocKpJbdLTWrTLdqLHwicdn8OxeWot1mOukyK2l0UeDkY6H5pYPtHTpAZvRBd7ETL
Zs2RP3KFFvho6aIDGrY0wee740/jWotx7fbxxKwPyDRsbH3+1Wx/eX2RND4OGdkH
gejJEzpk/7y/P/hCad7bSDdHZwO+Z03HIRC0E8yQz+JYatrqckaRCtd7cXryTmTR
FbvLJmECgYBDpfno2CzcFJCTdNBZFi34oJRiDb+HdESXepk58PcNcgK3R8PXf+au
OqDBtZIuFv9U1WAg0gzGwt/0Y9u2c8m0nXziUS6AePxy5sBHs7g9C9WeZRz/nCWK
+cHIm7XOwBEzDKz5f9eBqRGipm0skDZNKl8X/5QMTT5K3Eci2n+lTw==
-----END RSA PRIVATE KEY-----
```
## Public Key
A public key file in the `*.pub` format is used to verify a digital signature. A public key is present on the remote side and allows an access to the owner of the matching private key.
An example of public key format:
```console
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
```
By default, your private key is saved to the `id_rsa` file in the `.ssh` directory
and your public key is saved to the `id_rsa.pub` file.
## Managing Your SSH Key
......
docs.it4i/general/applying-for-resources.md
+ 59
3
View file @ 40888c33
# Applying for Resources
# Get Project
Computational resources may be allocated via several [allocation mechanisms][a]:
The computational resources of IT4I are allocated by the Allocation Committee via several [allocation mechanisms][a] to a project investigated by a Primary Investigator. By allocating the computational resources, the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of their collaborators to access and use the clusters to consume the resources allocated to their Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:
![](../img/Authorization_chain.png)
**Allocation Mechanisms:**
* Academic researchers may apply via Open Access Competitions.
* Commercial and non-commercial institutions may also apply via the Directors Discretion.
......@@ -8,11 +12,63 @@ Computational resources may be allocated via several [allocation mechanisms][a]:
In all cases, IT4Innovations’ access mechanisms are aimed at distributing computational resources while taking into account the development and application of supercomputing methods and their benefits and usefulness for society. The applicants are expected to submit a proposal. In the proposal, the applicants **apply for a particular amount of core-hours** of computational resources. The requested core-hours should be substantiated by scientific excellence of the proposal, its computational maturity and expected impacts. The allocation decision is based on the scientific, technical, and economic evaluation of the proposal.
For more information, see [Computing resources allocation][a] and [Obtaining Login Credentials][1].
## Becoming Primary Investigator
Once you create an account, log in to the [IT4I Information System][e] and apply for a project.
You will be informed by IT4I about the Allocation Committee decision.
Once approved by the Allocation Committee, you become the Primary Investigator (PI) for the project
and are authorized to use the clusters and any allocated resources as well as authorize collaborators for your project.
## Authorize Collaborators for Your Project
As a PI, you can approve or deny users' requests to join your project. There are two methods of authorizing collaborators:
### Authorization by Web
This is a preferred method if you have an IT4I or e-INFRA CZ account.
Log in to the [IT4I SCS portal][e] using your credentials and go to the **Authorization Requests** section.
Here you can authorize collaborators for your project.
### Authorization by Email (An Alternative Approach)
In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the [IT4I support][f] (email: [support\[at\]it4i.cz][g]) and provide the following information:
1. Identify their project by project ID.
1. Provide a list of people, including themself, who are authorized to use the resources allocated to the project. The list must include the full name, email and affiliation. If collaborators' login access already exists in the IT4I systems, provide their usernames as well.
1. Include "Authorization to IT4Innovations" into the subject line.
!!! warning
Should the above information be provided by email, the email **must be** digitally signed. Read more on [digital signatures][2] below.
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```console
Subject: Authorization to IT4Innovations
Dear support,
Please include my collaborators to project OPEN-0-0.
John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
Jonas Johansson, jjohansson@otheremail.se, Department of Physics, RIT, Sweden
Luisa Fibonacci, lf@emailitalia.it, Department of Mathematics, National Research Council, Italy
Thank you,
PI
(Digitally signed)
```
!!! note
Web-based email interfaces cannot be used for secure communication; external application, such as Thunderbird or Outlook must be used. This way, your new credentials will be visible only in applications that have access to your certificate.
[1]: obtaining-login-credentials/obtaining-login-credentials.md
[2]: https://docs.it4i.cz/general/obtaining-login-credentials/obtaining-login-credentials/#certificates-for-digital-signatures
[a]: https://www.it4i.cz/en/for-users/computing-resources-allocation
[b]: http://www.it4i.cz/open-access-competition/?lang=en&lang=en
[c]: http://www.it4i.cz/obtaining-computational-resources-through-directors-discretion/?lang=en&lang=en
[d]: https://prace-ri.eu/hpc-access/deci-access/deci-access-information-for-applicants/
[e]: https://scs.it4i.cz
[f]: https://support.it4i.cz/rt/
[g]: mailto:support@it4i.cz
docs.it4i/general/management/.gitkeep 0 → 100644
+ 1
0
View file @ 40888c33
docs.it4i/general/management/einfracz-profile.md 0 → 100644
+ 15
0
View file @ 40888c33
# Change e-INFRA CZ Profile Settings
You can change the settings of your e-INFRA CZ profile anytime by visiting [https://profile.e-infra.cz/][1].
## Change Password
To change your e-INFRA CZ account password, go to [https://profile.e-infra.cz/profile/settings/passwordReset][2].
## Change SSH Key
To change SSH key(s) associated with your e-INFRA CZ account, go to [https://profile.e-infra.cz/profile/settings/sshKeys][3].
[1]: https://profile.e-infra.cz/profile
[2]: https://profile.e-infra.cz/profile/settings/passwordReset
[3]: https://profile.e-infra.cz/profile/settings/sshKeys
docs.it4i/general/management/it4i-profile.md 0 → 100644
+ 15
0
View file @ 40888c33
# Change IT4I Account Settings
You can change the settings of your IT4I account anytime by visiting [extranet.it4i.cz][1].
## Change Password
To change your IT4I account password, go to [https://extranet.it4i.cz/ssp/][2].
## Change SSH Key
To change SSH key(s) associated with your IT4I account, go to [https://extranet.it4i.cz/ssp/?action=changesshkey][3].
[1]: https://scs.it4i.cz/
[2]: https://extranet.it4i.cz/ssp/
[3]: https://extranet.it4i.cz/ssp/?action=changesshkey
docs.it4i/general/obtaining-login-credentials/obtaining-login-credentials.md
+ 8
178
View file @ 40888c33
# Obtaining Login Credentials
!!! warning "Temporary Account Creation Suspension"
During the migration of IT4I accounts into a joint e-INFRA CZ user base, creating new IT4I accounts will be **temporarily suspended from January 19 to January 21**. For more information, see [Migration to e-INFRA CZ][8].
## Obtaining Authorization
The computational resources of IT4I are [allocated][r] by the Allocation Committee to a Project investigated by a Primary Investigator. By [allocating the computational resources][r], the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of their collaborators to access and use the clusters to consume the resources allocated to their Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:
![](../../img/Authorization_chain.png)
!!! note
You need to either [become a PI][1] or [be named as a collaborator][2] by a PI in order to access and use the clusters.
## Authorization of PI by Allocation Committee
The PI is authorized to use the clusters by the allocation decision issued by the Allocation Committee. The PI will be informed by IT4I about the Allocation Committee decision.
## Process Flow Chart
This chart describes the process of obtaining login credentials on the clusters. You may skip the tasks that you have already done. Some of the tasks, marked with asterisk (\*), are clickable and will take you to a more detailed description.
* I am a collaborator on a project and want to obtain login credentials
<div class="mermaid">
graph TB
id10(I am a collaborator on a project and want to obtain login credentials)
id20[Obtain a certificate for digital signature]
id10-->id20
id30[EduID organizations from CESNET*]
click id30 "#certificates-for-digital-signatures"
id40[Personal certificate from PostSignum or I.CA]
id50[Free certificate from Sectigo / Comodo*]
click id50 "#alternative-way-to-personal-certificate"
id55[Other trusted certificate]
subgraph ""
id20-->id30
id20-->id40
id20-->id50
id20-->id55
end
id60[Export and save the certificate to a file]
id30-->id60
id40-->id60
id50-->id60
id55-->id60
id70[Import the certificate into your email client*]
click id70 "#installation-of-the-certificate-into-your-mail-client"
id60-->id70
id80[Send an email with request for access to IT4I Support*]
click id80 "#login-credentials"
id70-->id80
</div>
* I am a Primary Investigator and I want to allow my collaborators to access my project
<div class="mermaid">
graph TB
id110(I am a Primary Investigator and I want to allow my collaborators to access my project)
id120[Obtain a certificate for digital signature]
id110-->id120
id130[EduID organizations from CESNET*]
click id130 "#certificates-for-digital-signatures"
id140[Personal certificate from PostSignum or I.CA]
id150[Free certificate from Sectigo / Comodo*]
click id150 "#alternative-way-to-personal-certificate"
id155[Other trusted certificate]
subgraph ""
id120-->id130
id120-->id140
id120-->id150
id120-->id155
end
id160[Export and save the certificate to a file]
id130-->id160
id140-->id160
id150-->id160
id155-->id160
id170[Import the certificate into your email client*]
click id170 "#installation-of-the-certificate-into-your-mail-client"
id160-->id170
id180[Send an email with request for authorization to IT4I Support*]
click id180 "#authorization-by-e-mail-an-alternative-approach"
id170-->id180
</div>
* I am an existing user/Primary Investigator and I want to manage my projects/users
<div class="mermaid">
graph TB
id210(I am an existing user/Primary Investigator and I want to manage my projects/users)
id220[Log into scs.it4i.cz]
id230[Go to the Authorization Requests section]
id210-->id220
id220-->id230
id240[Submit a request to become a project member]
id245[Wait for an approval from the Primary Investigator]
id230-->|User|id240
id240-->id245
id250[Wait for a user to submit the request to become a project member]
id255[Approve or deny user requests for becoming project members]
id230-->|Primary Investigator|id250
id250-->id255
id240-.->id255
</div>
## Login Credentials
# IT4I Account
!!! important
CESNET, CERIT-SC, and IT4I infrastructures will operate a joint e-INFRA CZ infrastructure. If you have a CESNET (e.g. MetaCentrum, DÚ) or CERIT-SC account, make sure to choose the same login name for your IT4I account to have uniform access to all services in the future.
If you are affiliated with an academic institution from the Czech Republic ([eduID.cz][u]), create an [e-INFRA CZ account][8], instead.
Once authorized by a PI, every person (PI or collaborator) wishing to access the clusters should contact the [IT4I support][a] (email: [support\[at\]it4i.cz][b]) providing the following information:
If you are not eligible for an e-INFRA CZ account, contact the [IT4I support][a] (email: [support\[at\]it4i.cz][b]) and provide the following information:
1. Project ID
1. Full name and affiliation
1. Statement that you have read and accepted the [Acceptable use policy document][c] (AUP).
1. Attach the AUP file.
1. Your preferred username (3 to 12 characters). The preferred username must associate with your first and last name or be otherwise derived from it. Only alphanumeric sequences and dash signs are allowed.
1. Public part of your SSH key
1. In case you choose an [Alternative way to personal certificate][3], a **scan of photo ID** (personal ID or passport or driver license) is required.
!!! warning
Should the above information be provided by email, the email **must be** digitally signed. Read more on [digital signatures][4] below.
!!! hint
VSB associates will be given a VSB login username.
Example (except the subject line, which must be in English, you may use Czech or Slovak language for communication with us):
```console
......@@ -142,7 +33,7 @@ John Smith
(Digitally signed)
```
You will receive your personal login credentials by protected email. The login credentials include:
You will receive your personal login credentials by encrypted email. The login credentials include:
1. username
1. SSH private key and private key passphrase
......@@ -150,57 +41,6 @@ You will receive your personal login credentials by protected email. The login c
The clusters are accessed by the [private key][5] and username. Username and password are used for login to the [information systems][d].
## Authorization by Web
!!! warning
**Only** for those who already have their IT4I HPC account. This is a preferred way of granting access to project resources. Please, use this method when possible.
This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.
Log in to the [IT4I SCS portal][e] using IT4I credentials and go to the **Authorization Requests** section.
* **Users:** Please, submit your requests for becoming a project member.
* **Primary Investigators:** Please, approve or deny users' requests in the same section.
## Authorization by EMail (An Alternative Approach)
In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the [IT4I support][a] (email: [support\[at\]it4i.cz][b]) and provide the following information:
1. Identify their project by project ID.
1. Provide a list of people, including themself, who are authorized to use the resources allocated to the project. The list must include the full name, email and affiliation. If collaborators' login access already exists in the IT4I systems, provide their usernames as well.
1. Include "Authorization to IT4Innovations" into the subject line.
!!! warning
Should the above information be provided by email, the email **must be** digitally signed. Read more on [digital signatures][4] below.
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```console
Subject: Authorization to IT4Innovations
Dear support,
Please include my collaborators to project OPEN-0-0.
John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
Jonas Johansson, jjohansson@otheremail.se, Department of Physics, RIT, Sweden
Luisa Fibonacci, lf@emailitalia.it, Department of Mathematics, National Research Council, Italy
Thank you,
PI
(Digitally signed)
```
## Change Passphrase
On Linux, use:
```console
local $ ssh-keygen -f id_rsa -p
```
On Windows, use [PuTTY Key Generator][6].
## Certificates for Digital Signatures
We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in [International Grid Trust Federation][f], its European branch [EUGridPMA][g] and its member organizations, e.g. the [CESNET certification authority][h]. The Czech _"Qualified certificate" (Kvalifikovaný certifikát)_ provided by [PostSignum][i] or [I.CA][j], which is used in electronic contact with Czech authorities, is accepted as well.
......@@ -231,18 +71,6 @@ A FAQ about certificates can be found here: [Certificates FAQ][7].
!!! note
Web-based email interfaces cannot be used for secure communication; external application, such as Thunderbird or Outlook must be used. This way, your new credentials will be visible only in applications that have access to your certificate.
## End of User Account Lifecycle
A user account that is not attached to an active project is deleted 1 year after the last project expires to which it was attached.
The user will be notified by 3 automatically generated emails of the pending removal:
* First email will be sent 3 months before the removal
* Second email will be sent 1 month before the removal
* Third email will be sent 1 week before the removal.
These emails will inform about the projected removal date and will prompt the user to migrate their data.
[1]: https://docs.it4i.cz/general/obtaining-login-credentials/obtaining-login-credentials/#certificates-for-digital-signatures
[2]: #authorization-by-web
[3]: #alternative-way-to-personal-certificate
......@@ -250,7 +78,8 @@ These emails will inform about the projected removal date and will prompt the us
[5]: ../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
[6]: ../accessing-the-clusters/shell-access-and-data-transfer/putty.md#putty-key-generator
[7]: ../obtaining-login-credentials/certificates-faq.md
[8]: ../../einfracz-migration.md
[8]: ../access/einfracz-account.md
[10]: ../access/project-access.md
[a]: https://support.it4i.cz/rt/
[b]: mailto:support@it4i.cz
......@@ -267,3 +96,4 @@ These emails will inform about the projected removal date and will prompt the us
[r]: https://www.it4i.cz/computing-resources-allocation/?lang=en
[s]: https://www.actalis.it/en/certificates-for-secure-electronic-mail.aspx
[t]: https://www.actalis.it/en/certificates-for-secure-electronic-mail.aspx
[u]: https://www.eduid.cz/
docs.it4i/general/services-access.md 0 → 100644
+ 24
0
View file @ 40888c33
# Access to IT4I Services
Once you have created an e-INFRA CZ or an IT4I account, you can access the following IT4I services:
## IT4Innovations Information System (SCS IS)
SCS IS is a system where users can apply for a project membership and primary investigators can apply for a project
or manage ther projects (e.g. accept/deny users' requests to become project members).
You can also submit a feedback on suppport services, etc. SCS IS is available on [https://scs.it4i.cz/][1].
## Request Tracker (RT)
If you have a question or need help, you can contact our support on [https://support.it4i.cz/][2].
Please note that first response to a new ticket may take up to 24 hours.
## Cluster Usage Overview (Account Needed?)
For information about the current clusters usage, go to [https://extranet.it4i.cz/rsweb][3].
You can switch between the clusters by clicking on its name in the upper right corner.
You can filter your search by clicking on the respective keywords.
[1]: https://scs.it4i.cz/
[2]: https://support.it4i.cz/
[3]: https://extranet.it4i.cz/rsweb
docs.it4i/general/shell-and-data-access.md
+ 0
9
View file @ 40888c33
......@@ -241,15 +241,6 @@ $ ssh -R 6000:localhost:1080 cluster-name.it4i.cz
Now, configure the applications proxy settings to `localhost:6000`. Use port forwarding to access the [proxy server from compute nodes][5], as well.
## Graphical User Interface
* The [X Window system][6] is the principal way to get a GUI access to the clusters.
* [Virtual Network Computing][7] is a graphical desktop-sharing system that uses a Remote Frame Buffer protocol to remotely control another computer.
## VPN Access
* Access IT4Innovations internal resources via [VPN][8].
[1]: ../general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
[2]: ../general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
[5]: #port-forwarding-from-login-nodes
......
docs.it4i/general/support.md 0 → 100644
+ 11
0
View file @ 40888c33
# Getting Help and Support
Contact [support\[at\]it4i.cz][a] for help and support regarding the cluster technology at IT4Innovations.
For communication, use the **Czech**, **Slovak**, or **English** language.
Follow the status of your request to IT4Innovations [here][b].
The IT4Innovations support team will use best efforts to resolve requests within thirty days.
Use your IT4Innovations username and password to log in to the [support][b] portal.
[a]: mailto:support@it4i.cz
[b]: http://support.it4i.cz/rt
docs.it4i/index.md
+ 0
7
View file @ 40888c33
......@@ -8,13 +8,6 @@ Welcome to the IT4Innovations documentation. The IT4Innovations National Superco
1. Scan for all the notes and reminders on the page.
1. If more information is needed, read the details and **look for examples** illustrating the concepts.
## Getting Help and Support
!!! note
Contact [support\[at\]it4i.cz][a] for help and support regarding the cluster technology at IT4Innovations. For communication, use the **Czech**, **Slovak**, or **English** language. Follow the status of your request to IT4Innovations [here][b]. The IT4Innovations support team will use best efforts to resolve requests within thirty days.
Use your IT4Innovations username and password to log in to the [support][b] portal.
## Required Proficiency
!!! note
......
mkdocs.yml
+ 34
20
View file @ 40888c33
......@@ -48,30 +48,44 @@ theme:
nav:
- General:
- Home: index.md
- Obtaining Login Credentials: general/obtaining-login-credentials/obtaining-login-credentials.md
- Accessing the Clusters: general/shell-and-data-access.md
- Applying for Resources: general/applying-for-resources.md
- Certificates FAQ: general/obtaining-login-credentials/certificates-faq.md
- Resource Allocation and Job Execution:
- Introduction: index.md
- Get Access:
- Introduction: general/access/account-introduction.md
- Get Account:
- e-INFRA CZ Account: general/access/einfracz-account.md
- IT4I Account: general/obtaining-login-credentials/obtaining-login-credentials.md
- Get Project Membership: general/access/project-access.md
- Get Project: general/applying-for-resources.md
- Manage Your Profile:
- e-INFRA CZ Profile: general/management/einfracz-profile.md
- IT4I Profile: general/management/it4i-profile.md
- Access Services:
- Access the Clusters:
- SSH: general/shell-and-data-access.md
- SSH Key Management: general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
- GUI:
- X Window System: general/accessing-the-clusters/graphical-user-interface/x-window-system.md
- Xorg: general/accessing-the-clusters/graphical-user-interface/xorg.md
- VNC: general/accessing-the-clusters/graphical-user-interface/vnc.md
- Access the IS and Web Services: general/services-access.md
- VPN Access: general/accessing-the-clusters/vpn-access.md
- Run Jobs:
- Introduction: general/resource_allocation_and_job_execution.md
- Resources Allocation Policy: general/resources-allocation-policy.md
- Job Priority: general/job-priority.md
- Job Submission and Execution: general/job-submission-and-execution.md
- Capacity Computing: general/capacity-computing.md
- Migrating from SLURM: general/slurmtopbs.md
- Connect to the Clusters:
- SSH Key Management: general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
- OpenSSH Keys (UNIX): general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
- PuTTY (Windows): general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
- X Window System: general/accessing-the-clusters/graphical-user-interface/x-window-system.md
- Xorg: general/accessing-the-clusters/graphical-user-interface/xorg.md
- VNC: general/accessing-the-clusters/graphical-user-interface/vnc.md
- VPN Access: general/accessing-the-clusters/vpn-access.md
- Satisfaction and Feedback: general/feedback.md
- PRACE User Support: prace.md
- API Documentation: apiv1.md
- Migration to e-INFRA CZ: einfracz-migration.md
- Technical Information:
- SSH Keys:
- OpenSSH Keys (UNIX): general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
- PuTTY (Windows): general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
- Certificates FAQ: general/obtaining-login-credentials/certificates-faq.md
- API Documentation: apiv1.md
- Satisfaction and Feedback: general/feedback.md
- PRACE: prace.md
- Support: general/support.md
- e-INFRA CZ Migration: einfracz-migration.md
- Withdrawal from service: anselm-salomon-shutdown.md
- PROJECT Storage Availability: project-storage-availability.md
- Storage:
......@@ -81,14 +95,14 @@ nav:
- Standard File ACL: storage/standard-file-acl.md
- NFSv4 File ACL: storage/nfs4-file-acl.md
- Clusters:
- Karolina:
- Karolina:
- Introduction: karolina/introduction.md
- Hardware Overview: karolina/hardware-overview.md
- Compute Nodes: karolina/compute-nodes.md
- Storage: karolina/storage.md
- Network: karolina/network.md
- Visualization Servers: karolina/visualization.md
- Barbora:
- Barbora:
- Introduction: barbora/introduction.md
- Hardware Overview: barbora/hardware-overview.md
- Compute Nodes: barbora/compute-nodes.md
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment