Automated pC setup

From RHIC Spin Group
Jump to navigationJump to search

This page describes the method to automate the pC analysis. The first step is to obtain an SSH gateway account (call ITD for help to create a new account). The following webpage provides instructions on using the SSH gateways:

http://www.bnl.gov/itd/unix/ssh/ssh_linux.php

In addition, one will need to have account on the blue and yellow pC machines which are located at IP12.

Setting up an ssh tunnel

To copy new datafiles we need to be able to ssh directly to the DAQ machines. The way to access them directly is to create a tunnel through the PBN SSH Gateway.

Running ssh tunnel will open a local TCP ports that would be tunnelled to the particular TCP ports of machines behind the firewall. This will allow clients to use these tunnels to access remote machines at any time while the tunnel is up.

The steps needed to setup such tunnel are described below.

First add following records into your ~/.ssh/config file on eic0005 (create the file if it doesn't exist, replace gdwebb with your CAD username).

 # you need this section to setup tunnels
 Host ssh.pbn.bnl.gov
      HostName ssh.pbn.bnl.local
      LocalForward 2200 acnlinf8.pbn.bnl.gov:22
      LocalForward 2201 acnlinf9.pbn.bnl.gov:22
      User gdwebb  
 
 # you need these sections to use tunnels
 Host yellowpc
      HostName localhost
      ForwardX11 yes
      User gdwebb
      Port 2200
      HostKeyAlias alias_yellowpc
 
 Host bluepc
      HostName localhost
      ForwardX11 yes
      User gdwebb
      Port 2201
      HostKeyAlias alias_bluepc
 
 # you need this section just as a short alias for eicsrv1
 Host eicsrv1
      HostName eicsrv1.phy.bnl.gov
      ForwardX11 yes
      User cnipol

Setting up a passwordless DAQ machine access

This step will require your public key to be added to the ~/.ssh/authorized_keys file at the remote machines. We assume that you have your public key located at ~/.ssh/id_rsa.pub. Use ssh-keygen to generate a new key pair if you need to. To add your key from ~/.ssh/id_rsa.pub to authorized_keys of the SSH Gateway do on eic0005:

 cat ~/.ssh/id_rsa.pub | ssh ssh.pbn.bnl.gov "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"

this will require you to enter your RSA Token password.

Now you should start your ssh tunnel. Refer to section "Starting tunnel" for instructions. Do this section before the next command.

With the tunnel established, you can then copy your public key to your CAD account is then done by:

 cat ~/.ssh/id_rsa.pub | ssh yellowpc sh -c "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"

this will require you to enter your BNL domain account password.

You will also want to put your public key onto the web server

 cat ~/.ssh/id_rsa.pub | ssh eicsrv1 sh -c "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"

Another viable method, would be to simply ssh into the machine of interest and catenate the public key to the authorize_keys file located in the .ssh directory.

Starting tunnel

To bring up the tunnel run:

 ssh -Nf ssh.pbn.bnl.gov

This tunnel will then stay up until machine and/or the gateway are shutdown or rebooted.