Skip to content

2. ABCI System User Environment

2.1. Create an account

There are three types of ABCI users: "Responsible Person", "Usage Manager", "User". To use the ABCI system, "Responsible Person" needs to register from the ABCI User Portal in advance. For more detail, see the ABCI Portal Guide.

Note

  • Account is also issued to "Responsible Person".
  • "Responsible Person" can change the "User" to "Usage Manager" using ABCI User Portal.
  • "Responsible Person" and "Usage Manager" can add users ("Usage Manager" or "User").

2.2. Connecting to Interactive Node

To connect to the interactive node (es), the ABCI frontend, two-step SSH public key authentication is required.

  1. Login to the access server (as.abci.ai) with SSH public key authentication, so as to create an SSH tunnel between your computer and es.
  2. Login to the interactive node (es) with SSH public key authentication via the SSH tunnel.

Prerequisites

To connect to the interactive node, you will need the following in advance:

  • An SSH client. Your computer most likely has an SSH client installed by default. If your computer is a UNIX-like system such as Linux and macOS, or Windows 10 version 1803 (April 2018 Update) or later, it should have an SSH client. You can also check for an SSH client, just by typing ssh at the command line.
  • A secure SSH public/private key pair. ABCI only accepts the following public keys:
    • RSA keys, at least 2048bits
    • ECDSA keys, 256, 384, and 521bits
    • Ed25519 keys
  • Registration of SSH public keys. Your first need to register your SSH public key on ABCI User Portal. The instruction will be found at Register Public Key.

Note

If you would like to use PuTTY as an SSH client, please read PuTTY.

Login using an SSH Client

In this section, we will describe two methods to login to the interactive node using a SSH client. The first one is creating an SSH tunnel on the access server first and connecting the interactive node via this tunnel next. The second one, much easier method, is connecting directly to the interactive node using ProxyJump implemented in OpenSSH 7.3 or later.

General method

Login to the access server (as.abci.ai) with following command:

[yourpc ~]$ ssh -i /path/identity_file -L 10022:es:22 -l username as.abci.ai
The authenticity of host 'as.abci.ai (0.0.0.1)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX. <- Display only at the first login
Are you sure you want to continue connecting (yes/no)? <- Enter "yes"
Warning: Permanently added 'XX.XX.XX.XX' (RSA) to the list of known hosts.
Enter passphrase for key '/path/identity_file': <- Enter passphrase

Successfully logged in, the following message is shown on your terminal.

Welcome to ABCI access server.
Please press any key if you disconnect this session.

Warning

Be aware! The SSH session will be disconnected if you press any key.

Launch another terminal and login to the interactive node using the SSH tunnel:

[yourpc ~]$ ssh -i /path/identity_file -p 10022 -l username localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX. <- Display only at the first login
Are you sure you want to continue connecting (yes/no)? <- Enter "yes"
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Enter passphrase for key '/path/identity_file': <- Enter passphrase
[username@es1 ~]$

ProxyJump

If you have OpenSSH 7.3 or later, you can directly connect to the interactive node.

First, add the following configuration to your $HOME/.ssh/config:

Host abci
     HostName es
     User username
     ProxyJump %r@as.abci.ai
     IdentityFile /path/identity_file

Host as.abci.ai
     IdentityFile /path/identity_file

After that, you can log in with the following command only:

[yourpc ~]$ ssh abci

Warning

OpenSSH_for_Windows_7.7p1, bundled with Windows 10 version 1803 or later, does not allow you to use ProxyJump and ProxyCommand. They can be used in OpenSSH clients bundled with Windows Subsystem for Linux (WSL).

2.3. File Transfer to Interactive Node

When you transfer files between your computer and the ABCI system, create an SSH tunnel and run the scp (sftp) command.

[yourpc ~]$ scp -P 10022 local-file username@localhost:remote-dir
Enter passphrase for key: <- Enter passphrase

local-file    100% |***********************|  file-size  transfer-time

If you have OpenSSH 7.3 or later and already added the configuration to your $HOME/.ssh/config as described at ProxyJump, you can directly run the scp (sftp) command.

[yourpc ~]$ scp local-file abci:remote-dir

2.4. Change Password

The user accounts of the ABCI system are managed by the LDAP. You do not need your password to login via SSH, but you will need your password when you use the User Portal and change the login shell. To change your password, use the passwd command.

[username@es1 ~]$ passwd
Changing password for user username.
Current Password: <- Enter the current password
New password: <- Enter the new password
Retype new password: <- Enter the new password again
passwd: all authentication tokens updated successfully.

Warning

Password policies are as follows:

  • Specify a character string with more than 15 characters arranged randomly. For example, words in Linux dictionary cannot be used. We recommend generating it automatically by using password creation software.
  • Should contain all character types of lower-case letters, upper-case letters, numeric characters, and special characters.
  • Do not contain multi-byte characters.

2.5. Login Shell

GNU bash is the login shell be default on the ABCI system. The tcsh and zsh are available as a login shell. To change the login shell, use the chsh command. The change become valid from the next login. It will take 10 minutes to update the login shell.

$ chsh [option] <new_shell>
Option Description
-l Display the list of available shells.
-s new_shell Change the login shell.

Example) Change the current login shell into tcsh

[username@es1 ~]$ chsh -s /bin/tcsh
Password for username@ABCI.LOCAL: <- Enter password

When you login to the ABCI system, user environment is automatically set. If you need to customize environment variables such as PATH or LD_LIBRARY_PATH, edit a user configuration file in the following table.

Login shell User configuration file
bash $HOME/.bash_profile
tcsh $HOME/.cshrc
zsh $HOME/.zshrc

Warning

Make sure to add a new path at the end of PATH. If you add the new path to the beginning, you may not use the system properly.

The original user configuration files (templates) are stored in /etc/skel.

2.6. Check ABCI Point

To display ABCI point usage and limitation, use the show_point command. When your ABCI point usage ratio will reach 100%, a new job cannot be submitted, and queued jobs will become error state at the beginning. (Any running jobs are not affected.)

Example) Display ABCI point information.

[username@es1 ~]$ show_point
Group               Disk                    Used           Point   Used%
grpname                5             12,345.6789         100,000      12
  `- username          -                  0.1234               -       0
Item Description
Group ABCI group name
Disk Disk assignment (TB)
Used ABCI point usage
Point ABCI point limit
Used% ABCI point usage ratio

2.7. Check Disk Quota

To display your disk usage and quota about home area and group area, use the show_quota command

Example) Display disk information.

[username@es1 ~]$ show_quota
Disk quotas for user username
  Directory                     used(GiB)       limit(GiB)          nfiles
  /home                               100              200           1,234

Disk quotas for ABCI group grpname
  Directory                     used(GiB)       limit(GiB)          nfiles
  /groups1/grpname                  1,024            2,048         123,456
Item Description
Directory Assignment directory
used(GiB) Disk usage
limit(GiB) Disk quota limit
nfiles Number of files

2.8. Communications between compute nodes and external network

Communications between compute nodes and external services/servers are restricted:

Source Destination Port Service Name
ANY Compute nodes DENIED -
Compute nodes ANY 22/tcp ssh
Compute nodes ANY 53/tcp dns
Compute nodes ANY 80/tcp http
Compute nodes ANY 443/tcp https

Especially, for the outbound (compute nodes -> external) communications which are not currently permitted, we will consider granting a permission for a certain period of time on application basis. For further information, please contact ABCI support if you have any request.