creating a software installer account - raeker/ARC-Wiki-Test GitHub Wiki

Creating a software installer account

We create service accounts for ARC and unit support to use when installing software for general use.  Those accounts need special treatment when they are created and configured.

The accounts are ITS Sponsored Accounts, as Academic Affiliates.  The uniqname created must end with the letters sw.

The following example uses monkeysw as the example uniqname to list the steps in the approximate order in which they must be done.  At the time of writing, bennet did not know what compliations might arise now that we have to have these accounts on all three clusters.

Create the login account on each cluster

$ sudo /usr/arcts/systems/scripts/addLinuxUser.sh monkeysw

Change the primary GID for the account to be 2392287 (arc-sw-installers) (Note:  Help desk personnel may not have permission to run this; Systems or Software group should be asked, if needed)

$ sudo usermod -g arc-sw-installers monkeysw

Recursively change the group ownership of the newly created home directory to match

$ sudo chgrp -R arc-sw-installers /home/monkeysw

Verify they are a member of hpc-users-<clustername> group in MCommunity

$ for cluster in greatlakes armis2 lighthouse ; do
    echo $cluster ; ldapsearch -x -LLL -h ldap.umich.edu \
        -b "ou=User Groups,ou=Groups,dc=umich,dc=edu" \
        "(cn=hpc-users-$cluster)" | grep monkeysw
done

greatlakes
umichDirectMember: uid=mcsw,ou=People,dc=umich,dc=edu
member: uid=mcsw,ou=People,dc=umich,dc=edu
armis2
lighthouse

Add the user to the Slurm account support and test on each cluster (does test exist on A2 and LH?)

Ask Systems to add the user to /etc/ssh/sshd_config on each cluster's build nodes (replace this with which file in Ansible should be changed and where).  This is done by adding the new sw account to $ANSIBLE_ROOT/group_vars/all/accounts file in the softwareSupport: stanza (block, whatever the right term is).  If added to the top of the list, it will look like

softwareSupport:
  monkeysw:
    hipaa: true

That should be one on a local copy, in a branch based off master, and a PR submitted to Systems (unless they do it) with a comment that the PR should be merged and the changes pushed to all clusters.

\

As of Jun 16, 2021, bennet believes this is correct and complete.

ITS Advanced Research Computing

⚠️ **GitHub.com Fallback** ⚠️