Fred Currell has obtained a pair of Dell PowerEdge servers to act as compute nodes for his team working on medical physics simulations with Geant4. These notes tell you what you need to know to use them.
Overview
The servers have twin 8-core 2.5GHz Xeon CPUs, with 64GB RAM. Local storage is 1TB total in a RAID1 configuration, but no backups are made. The machines run CentOS 6.5 64-bit edition with various additional packages. The expected mode of operation is to run compute intensive simulations on these machines and then bring results files back to your desktop for detailed analysis and 3D visualisation. The servers have no 3D hardware and are not at all suited to visualisation work.
Robert Ryans normally looks after them – if he’s not available then Malachy Montgomery can also assist. Note that their assistance is limited to installation and administration issues only; they can’t assist with actual Geant4 code problems.
Access – software you’ll need
You can access the machines over SSH, either as a terminal session, tunnelled X11, or by running a VNC desktop session on the server. Either way, your initial access to the systems will be by using SSH from some sort of terminal program; on OS X Terminal.app or your preferred X11 terminal, on Windows you might use PuTTY. If you want to run a tunnelled X11 session you will, obviously, need to install an X11 server; for VNC sessions I suggest Remotix on OS X and Windows. On Linux X11 is part of the OS, and there are generally more basic terminal programs than one can shake the proverbial stick at.
Plain terminal and X11 sessions are fine if you’re running a quick simulation. For longer-term work where you want to keep a working environment open for extended periods of time you’re better served with the VNC desktop, which acts like a virtual screen on the server which you can disconnect from at will without disturbing running processes.
Access – credentials
We do not use passwords to secure the machine, preferring the more secure approach of cryptographic keys. You generate a key pair on your laptop/desktop machine, composed of a public and a private key. These are cryptographically linked, and the public key is then copied to the remote machine. When you try to log onto the remote server your private key is encrypted and compared with the public key; if they form a valid pair access is granted. The maths is hard to explain, but the fundamental point is that the keys are equivalent to a password hundreds of characters long, without you having to remember it.
To generate the key pair, use the following commands on your Mac/Linux system – PuTTY has its own key generator.
ssh-keygen -t rsa
This will create two files in the folder ~/.ssh/ – id_rsa and id_rsa.pub – the private and public key respectively. Email the public key to the server admin who can create your account and install the key.
Logging on
There are two servers – buzz.mp.qub.ac.uk and woody.mp.qub.ac.uk. Your account may be created on one, or both of them; the admin will let you know when your account is created depending on your needs and after consulting with FC. In either case normally you’ll first logon from the command line along these lines:
ssh myname@buzz.mp.qub.ac.uk
The first time you log on you will be prompted to accept the server SSH key – you should type ‘yes’ to accept it; then you will be on the server’s shell prompt. From there you can use the machine like any Unix-type system.
If you want to run X11 applications then you should amend the initial logon command to tunnel the X session over SSH:
ssh -Y myname@woody.mp.qub.ac.uk
VNC sessions
If you want to use a VNC session then you need to set one running from the command line. After that you can connect directly using a (tunnelled) VNC client such as Remotix until either the machine is restarted or you kill the VNC session.
To start your VNC session SSH into the computer and type:
vncserver -geometry 1600x1000
You can select whatever size you prefer for the virtual screen. You’ll see some text like this:
[robert@woody ~]$ vncserver -geometry 1600x1000 New 'woody.mp.qub.ac.uk:1 (robert)' desktop is woody.mp.qub.ac.uk:1 Starting applications specified in /home/robert/.vnc/xstartup Log file is /home/robert/.vnc/woody.mp.qub.ac.uk:1.log
The important info here is the desktop number – in this case 1. VNC desktops are conventionally numbered from 5900 onwards, so when you have to enter a port or screen number in your VNC client you’ll need to either specify (in this case) 1 or 5901.
The desktop session is secured using the SSH encryption and also a (weak) VNC password. The admin will set this password for you when your account is created and let you know what it is. It can be reset using the vncpasswd command if desired.
Once this session is set up you can log off from your terminal session and switch to your tunnelled VNC client of choice. We use the lightweight XFCE4 desktop manager which provides a basic virtual desktop system with terminals, editors, browsers, and the usual amenities.
If you want to terminate the session at some point in the future then simply type
vncserver -kill :X
replacing X with the desktop number you’re using.
File transfer
Obviously at times you will want to transfer files to and from the servers. The best way to achieve this is using SFTP or SCP, which run over the SSH protocol and use the same SSH keys. Command-line clients are installed, as with any Unix system, and their use will not be reviewed here.
Various graphical options also exist which allow file transfer, or direct editing of files via an SFTP connection. On the Mac or Windows, one can use the free Cyberduck client, or the paid-for Expandrive (if you have a license!).
Many text editors have native support for editing files over SFTP – on the Mac TextWrangler is free and available from the Mac App Store or direct from the authors.
Most Linux systems have some sort of free alternative to these – the exact details will vary depending on your distribution.
The file systems on buzz and woody are not (currently) linked, so if you wish to copy files between them you need to generate an SSH key pair on one or both machine and then install it in ~/.ssh/authorized_keys on the other server. Ask for assistance if this does not make sense to you!
Offsite access
Work is in progress to provide off-campus SSH access to buzz. When this is set up it will be possible to use this to access buzz directly, and tunnel an SSH session to woody. Remotix is capable of handling these tunnelled SSH sessions; for plain terminal work and X11 one can simply first SSH to buzz and then to woody.