IP addresses

These IP addresses are only valid from the internal network:

Accounts

Accounts are centrally managed. You need to ask someone to create the account for you. Furthermore, you can't change your password or shell yourself - ask someone to do this for you.

Accessing compute nodes

aqfctl is the most commonly used system. It is a shared head node, and where you submit jobs. It is underpowered and overloaded most of the time. See CUChem/QueueSystem for information on how to use the queue.

The most common things you will ssh to are aqfctl (shared head node) or surmgt1 (old head node).

In order to get to a compute nodes themselves, you have to ssh hop through aqfctl or surmgt1. First ssh to aqfctl or surmgt1, and then you can ssh to any other compute node. Once you are on surmgt1 or aqfctl, DNS is set up so you can do ssh foct01.

The compute node names are things like foct01 -- ask your group.

Firewall issues

The theory group has an internal network and firewall. This LAN is shared among the various theory groups. For most work with our clusters, and to get to your workstation, you need to get inside the internal network first.

Our LAN has a firewall that prevents access from anywhere outside to anything inside (a good safety measure), and also blocks certain traffic from leaving the network (makes Stalin and Ahmadinejad proud).

If you are plugged into a cable in most of our offices, you are on our internal network and can access the main machines normally.

How to connect to machines from the outside

If you are on the public internet (e.g., using wireless in the reichman group, at your apartment, or anywhere else), you must get into the internal network by a series of ssh hops.

First, ssh to chemgate.chem.columbia.edu. This step needs a separate user account-- ask someone to make one for you. Most of the user accounts have the same name and password, BUT that's only if it was made that way. Make sure that you don't forget. (this step is not needed if you are on an internal wired connection.) Note: this is round-robin DNS going to two separate machines now, vickyp.chem.columbia.edu and 128.59.74.4 ("vickyp-2"). Thus, your home directory may not be the same among these two systems. These are simple dumb nodes to use to connect through. There used to be vickyp only, so this step is often called the vickyp step.

Once you connect to vickyp or vickyp-2, you, you can ssh to the head nodes like aqfctl or surmgt1 or your desktop (write down you IP address somewhere, use /sbin/ifconfig to get it).

Important: vickyp is very strict on failed password attempts, and blocks by both user and IP. Be careful. If you aren't able to log in, stop. Don't type a failed password too many times or it will IP block you. Re-figuring out how to unblock an IP address is annoying, so please try to avoid this if possible (just believe me, ok?). Consider setting up SSH keys so that there is less chance of mistyping passwords.

The router can be set up such that you can access your machine directly over predefined ports. For instance, to ssh into it (port 22):

ssh -p {port}{the last byte of your IP address} reichman.gw.zgib.net

mount the cluster via nfs

This will let you access your home directory over the network.

fstab entry for nsf mount:

192.168.100.12:/export/Reichman /mnt/cluster nfs rsize=4096,wsize=4096,timeo=14,intr 0 2

IP addresses of other groups (replace the first part with this for the different groups):

Note that you may need to create the folder /mnt/cluster: sudo mkdir /mnt/cluster. After putting this into fstab, type (as root)

mount -a

CUChem/Networking (last edited 2013-04-25 21:54:57 by noway)