Training Course - ComIntro - ECaccess
Training Course - ComIntro - ECaccess
Training Course - ComIntro - ECaccess
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>ECaccess</strong><br />
A portal to access ECMWF<br />
Dominique Lucas<br />
1 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
Content<br />
• <strong>ECaccess</strong> concepts<br />
• telnet, ssh and ftp access<br />
• X11 access<br />
• <strong>ECaccess</strong> file management<br />
• <strong>ECaccess</strong> job management<br />
• Unattended file transfers<br />
• Tutorial<br />
2 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - Concepts<br />
• <strong>ECaccess</strong> provides a portal to access ECMWF<br />
archiving and computing facilities<br />
• Strict authentication via SecurID card and<br />
X509 certificates<br />
• Data integrity/confidentiality guaranteed by SSL<br />
3 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - Concepts<br />
• <strong>ECaccess</strong> provides:<br />
File and job management in batch or interactive<br />
mode through an extended FTP server<br />
File and job management through a Web browser<br />
A secure telnet access to ECMWF<br />
A secure X Windows access to ECMWF<br />
• All this via internet or RMDCN.<br />
4 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - Architecture<br />
•Multi tiers<br />
<strong>ECaccess</strong> Client, <strong>ECaccess</strong> Gateway, <strong>ECaccess</strong> Server,<br />
<strong>ECaccess</strong> ecgate<br />
<strong>ECaccess</strong><br />
Tools<br />
MS<br />
Work-<br />
station<br />
ECcert<br />
Command<br />
FTP<br />
Client<br />
Telnet<br />
Client<br />
Web<br />
Browser<br />
FTP<br />
Server<br />
X<br />
Server<br />
<strong>ECaccess</strong><br />
Gateway<br />
<br />
MS<br />
Gateway<br />
I<br />
N R<br />
T M<br />
E D<br />
R C<br />
N N<br />
E<br />
T<br />
<strong>ECaccess</strong><br />
Server<br />
(Java<br />
app)<br />
JSSE-SSL<br />
OpenSSL-SSL<br />
ECproxy<br />
Server<br />
(C app)<br />
ECMWF<br />
Gateway<br />
<strong>ECaccess</strong><br />
5 Com Intro training course – 2005 <strong>ECaccess</strong><br />
F<br />
I<br />
R<br />
E<br />
W<br />
A<br />
L<br />
L<br />
ECcmd<br />
Server<br />
(Java app)<br />
ECios<br />
Server<br />
(C app)<br />
<strong>ECaccess</strong><br />
CA<br />
(OpenSSL)<br />
Ecgate<br />
ECMWF
<strong>ECaccess</strong> - Architecture<br />
• <strong>ECaccess</strong> client<br />
Standard Telnet, FTP, ssh and HTTP/S client<br />
Standard X Windows and FTP Server<br />
<strong>ECaccess</strong> tools (eccert …)<br />
6 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - Architecture<br />
• <strong>ECaccess</strong> gateway<br />
Entry point for all <strong>ECaccess</strong> users<br />
Verifies <strong>ECaccess</strong> users authentication<br />
(certificates or passcodes)<br />
Implements Telnet, FTP and HTTP/S protocols<br />
Secure tunnels through firewalls to <strong>ECaccess</strong><br />
Server<br />
Either local gateway installed at your site or<br />
ecaccess.ecmwf.int for internet and<br />
msaccess.ecmwf.int for RMDCN.<br />
7 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – Architecture<br />
• <strong>ECaccess</strong> Server<br />
Located at ECMWF: ecaccess.ecmwf.int or<br />
msaccess.ecmwf.int<br />
Entry point for all <strong>ECaccess</strong> gateways<br />
Authenticate <strong>ECaccess</strong> gateways<br />
Provides job and file management functions<br />
Provides functions to monitor file transfers<br />
Provides system access functions<br />
Keeps track of users activity<br />
8 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - Architecture<br />
• <strong>ECaccess</strong> ecgate<br />
Runs the <strong>ECaccess</strong> Certificate Authority (CA)<br />
Provides job management through LoadLeveler<br />
(and NQS).<br />
Provides access to home, scratch and ECFS<br />
Keeps job input, output and error files<br />
Manages spool for unattended file transfers<br />
9 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – local gateways<br />
• Use local <strong>ECaccess</strong> gateways if installed<br />
• Internet <strong>ECaccess</strong> gateways available at most NMSs<br />
and at several other sites (29 gateways in total)<br />
• 12 <strong>ECaccess</strong> Gateways available over RMDCN<br />
• If local <strong>ECaccess</strong> gateway not installed, then use<br />
ecaccess.ecmwf.int or msaccess.ecmwf.int<br />
10 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – telnet/ssh<br />
{mshost}$ telnet ecaccess.ecmwf.int<br />
…<br />
login: xyz<br />
Passcode: XXXXXX<br />
Which system: ecgate<br />
…<br />
ecgate{~xyz}:1 <br />
{mshost}$ ssh xyz@ecaccess.ecmwf.int<br />
…<br />
login: xyz<br />
Passcode: XXXXXX<br />
Which system: ecgate<br />
ecgate1{~xyz}:1 <br />
• Where xyz is your ECMWF User ID<br />
• On local gateways, port 9023 (telnet) or 9022 (ssh) may be needed.<br />
11 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - ftp<br />
{mshost}$ ftp ecaccess.ecmwf.int<br />
…<br />
login: xyz<br />
Passcode: XXXXXX<br />
…<br />
ftp> ls<br />
227 Entering Passive Mode. (193,61,196,110,135,230)<br />
150 Opening ASCII mode data connection<br />
drwxr-x--- 1 xyz ecaccess 2048 Nov 05 11:00 ECJOBS<br />
drwxr-x--- 1 xyz ecaccess 2048 Nov 05 11:00 ECSCRATCH<br />
drwxr-x--- 1 xyz ecaccess 2048 Nov 05 11:00 ECTMP<br />
drwxr-x--- 1 xyz ecaccess 2048 Nov 05 11:00 ECFS<br />
drwxr-x--- 1 xyz ecaccess 2048 Nov 05 11:00 ECHOME<br />
226 Transfer complete<br />
ftp><br />
• sftp not yet available.<br />
• On local gateways, port 9021 may be needed.<br />
12 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - ftp<br />
Local<br />
environment<br />
Local file<br />
can be<br />
dragged<br />
and<br />
dropped<br />
into<br />
ecaccess<br />
area.<br />
13 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ftp entry for<br />
batch access<br />
ECMWF
<strong>ECaccess</strong> – X11 via telnet<br />
{mshost}$ echo $DISPLAY<br />
mshost:0.0<br />
{mshost}$ xhost +ecaccess.ecmwf.int<br />
ecaccess being added to access control list<br />
{mshost}$ telnet ecaccess.ecmwf.int<br />
… (Passcode validation required)<br />
Which host …: ecgate<br />
Which proxy … : X<br />
…<br />
ecgate{~xyz}:1 echo $DISPLAY<br />
(Something like … )ecaccess.ecmwf.int:<br />
ecgate{~xyz}:2 xcdp&<br />
• A control window showing the DISPLAY to be used will appear.<br />
This window or an X11 application should remain present to<br />
keep the X11 proxy.<br />
14 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – ecxterm via ssh<br />
{mshost}$ echo $DISPLAY<br />
mshost:0.0<br />
{mshost}$ ssh –X xyz@ecaccess.ecmwf.int<br />
… (Passcode validation required)<br />
Which host …: ecgate<br />
ecgate{~xyz}:1 echo $DISPLAY<br />
(Something like)ecaccess.ecmwf.int:<br />
ecgate{~xyz}:2 xcdp&<br />
• A control window will also appear. Keep it while X11 access<br />
required.<br />
15 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – ecxterm<br />
16 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> – web – http://ecaccess.ecmwf.int/<br />
17 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> tools - ECtools<br />
• Must be installed at your end on each platform for which<br />
access to ECMWF is required.<br />
• Help for each command is available with “-help” option:<br />
<br />
{mshost}$ eccert –help<br />
• ECtools are also available at ECMWF.<br />
18 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> - eccert Command<br />
{mshost}$ eccert –verbose<br />
echost: ecaccess.ecmwf.int<br />
ecport: 443<br />
eccert: /home/xyz/.eccert.crt<br />
Certificate request<br />
ECMWF user identifier: xyz<br />
Passcode from your SecurID card:<br />
Certificate saved (855 bytes)<br />
{mshost}$<br />
• Certificate valid for 7 days.<br />
• Certificate only needed for file, job and transfer management,<br />
NOT required for unattended transfers (see later - ectrans).<br />
•Certificate not needed for ECMWF local use of ECtools.<br />
19 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> environment<br />
Name Purpose Default value<br />
Environment Variables<br />
Oh<br />
ECDOMAIN<br />
Target domain (either<br />
ECFS, ECHOME,<br />
ECSCRATCH or<br />
ECMARS) and optionally<br />
target user.<br />
ECDEBUG Enable debug mode False<br />
ECHOME<br />
ECCERT Certificate file location $HOME/.eccert.crt<br />
ECHOST Gateway host name Local host<br />
ECPORT Gateway port number 443<br />
20 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> File Management<br />
ecls Print a list of files at $ECDOMAIN.<br />
ecdir Same as the previous command but with any system-dependent<br />
information.<br />
ecget Retrieve an $ECDOMAIN file and store it on the local machine.<br />
ecreget Same as the previous command, but transfer is continued from the<br />
apparent point of failure.<br />
ecput Store a local file at $ECDOMAIN.<br />
ecdelete Delete a file at $ECDOMAIN.<br />
ecmkdir Create a directory at $ECDOMAIN.<br />
ecrmdir Remove an empty directory at $ECDOMAIN.<br />
ecmodtime Get the last modification date of a file at $ECDOMAIN.<br />
ecsize Get the size of a file at $ECDOMAIN.<br />
• No support for meta-characters.<br />
21 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> file management<br />
{mshost}$ ecls<br />
script.sh<br />
ecaccess-tools.tar.gz<br />
ecaccess.doc<br />
ecaccess<br />
{mshost}$ ecdir ecaccess<br />
10838 drwxr-xr-- 4 xyz systems 96 Mar 14 09:30 .<br />
3194 drwxr-xr-x 47 xyz systems 4096 Mar 14 09:30 ..<br />
12721 drwxr-x--- 4 xyz systems 96 Mar 13 18:55 client<br />
124513 drwxr-x--- 11 xyz systems 2048 Mar 5 11:38 gateway<br />
{mshost}$ ecget ecaccess-tools.tar.gz<br />
{mshost}$ ecget ecaccess-tools.tar.gz tools.tar.gz<br />
{mshost}$ ls *.tar.gz<br />
ecaccess-tools.tar.gz<br />
tools.tar.gz<br />
{mshost}$<br />
22 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> file management<br />
{mshost}$ ecdelete ecaccess-tools.tar.gz<br />
DELE command successful<br />
{mshost}$ ecput ecaccess-tools.tar.gz<br />
{mshost}$ ecmkdir ectest<br />
MKD command successful<br />
{mshost}$ ecrmdir ectest<br />
RMD command successful<br />
{mshost}$ ecrmdir ecaccess<br />
Directory not empty<br />
{mshost}$<br />
23 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> file management<br />
{mshost}$ export ECDOMAIN=ecfs<br />
{mshost}$ ecdir<br />
10838 drwxr-xr-- 4 xyz systems 96 Mar 14 09:30 .<br />
3194 drwxr-xr-x 47 xyz systems 4096 Mar 14 09:30 ..<br />
12721 drwxr-x--- 4 xyz systems 96 Mar 13 18:55 backup<br />
124513 drwxr-x--- 11 xyz systems 2048 Mar 5 11:38 doc<br />
{mshost}$ export ECDOMAIN=“ecfs[zzz]”<br />
…<br />
{mshost}$ export ECDOMAIN=echome<br />
…<br />
{mshost}$<br />
24 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job and transfer management<br />
ecqls<br />
List Ecaccess target queues<br />
ecjreq Submit a batch request (file is at $ECDOMAIN).<br />
ecjget Get job input, job output and job error.<br />
ecjput<br />
ecjls<br />
Submit a batch request (file is local).<br />
Check status of a batch request.<br />
ecjdel Delete a batch request.<br />
ectreq Initiate a transfer from $ECDOMAIN, using the ectrans spooling<br />
mechanism.<br />
ectls List transfers carried out by ectrans.<br />
ectret Retry a transfer.<br />
ectdel Cancel an ectrans transfer (remove it from the spool).<br />
ectinfo Display the target location for a user-id.<br />
25 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job Management<br />
{mshost}$ ecqls<br />
ecgate LoadLeveler submission on ecgate (INIT=23 ...)<br />
hpcd LoadLeveler submission on hpcd (INIT=21 ...)<br />
...<br />
{mshost}$<br />
{mshost}$ ecqls hpcd<br />
diag Diagnostic jobs only<br />
temp Temporary small jobs < 5 Nodes<br />
inter_class Default interactive class<br />
debug Default interactive class<br />
os Operational serial/single task work<br />
ns Serial/single task work<br />
bench Benchmark class<br />
np Parallel work<br />
op Operational parallel work<br />
{mshost}$<br />
26 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job Management<br />
{mshost}$ ecjreq -help<br />
Syntax: JREQ <strong>ECaccess</strong>-queue remote-script [args ...]<br />
-at - start date (yyyy-MM-dd HH:mm)<br />
-nd - no directives within the input script<br />
-tg - specify the target gateway name<br />
-tr - specifiy the access method (msuser[@destination])<br />
-to - transfer output file when the request ends<br />
-te - transfer error file when the request ends<br />
-ti - transfer input file when the request ends<br />
-tk - keep in spool (default: deleted if transfer<br />
successful)<br />
-mu - send mail for the request to the stated address<br />
-mb - send mail when the execution/transfer begins<br />
-me - send mail when the execution/transfer ends<br />
-mf - send mail when the execution/transfer fails<br />
27 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job Management<br />
{mshost}$ ecjreq ecgate script.sh –me<br />
34850<br />
{mshost}$ ecjreq ecgate test.sh<br />
Error opening file<br />
{mshost}$<br />
{mshost}$ ecjput ecgate test.sh –me<br />
34851<br />
{mshost}$<br />
28 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job Management<br />
{mshost}$ ecjls<br />
4421 ecgate WAIT Nov 24 21:33<br />
3884 hpcd@hpcd.ecmwf.int DONE Nov 18 11:42<br />
{mshost}$ ecjls 3884<br />
Jobid: 3884<br />
Location: hpcd@hpcd.ecmwf.int<br />
Date/Time: Nov 18 11:42<br />
Status: DONE<br />
stdout size: 221<br />
stderr size: 219<br />
stdin size: 241Jobid: 4421<br />
{mshost}$<br />
29 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> Job Management<br />
{mshost}$ ecjget o34852<br />
{mshost}$ ls JOB*<br />
JOB-o34852<br />
{mshost}$ ecjget o34852 job.out<br />
{mshost}$ ls –ail job.out<br />
71196 -rw-r----- 1 xyz group 686 Mar 13 19:10 job.out<br />
{mshost}$<br />
{mshost}$ ecjdel 34852<br />
JDEL command successful<br />
{mshost}$<br />
• ecjdel kills job running and removes all files.<br />
30 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans Command<br />
• Unattended file transfers, issued from ECMWF<br />
• It is preferable if the <strong>ECaccess</strong> gateway is installed at your<br />
end. Alternatively use gateway at ECMWF.<br />
Internet<br />
RMDCN<br />
<strong>ECaccess</strong><br />
Server<br />
(ECMWF)<br />
ecgate or<br />
hpcd:<br />
MS Server<br />
running<br />
the gateway<br />
Shared File System<br />
MS Network<br />
file://<br />
<strong>ECaccess</strong><br />
Gateway<br />
(Member State)<br />
ftp://<br />
MS<br />
Workstation<br />
ms3<br />
$ ectrans –gateway ecaccess.ecmwf.int \<br />
-remote msuser@destination \<br />
–source [location/]filename \<br />
[-target [location/]filename]<br />
MS<br />
Workstation<br />
ms1<br />
MS<br />
Server<br />
ms2<br />
ECAccess<br />
Member State<br />
Gateway:<br />
destination=<br />
ftp://$msuser[name]:$msuser[passwd]@$hostname/$location<br />
31 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans - msuser maintenance<br />
32 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans - msuser maintenance<br />
33 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans - msuser maintenance<br />
34 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans - msuser maintenance<br />
35 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans - msuser maintenance<br />
•MS associations are specific to each <strong>ECaccess</strong> gateway.<br />
36 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans Command – at ECMWF<br />
{echost}$ ectrans –help<br />
usage: ectrans [-get] -gateway name \<br />
–remote msuser@destination \<br />
-source name [args ...]<br />
-gateway str - target gateway name<br />
-source str - source file name<br />
-echost str - eccmd host name (default: localhost)<br />
-ecport num - eccmd port number (default: 644)<br />
-remote str - target user (default: same as ecuser)<br />
-target str - target file name (default: same a source)<br />
-verbose - verbose mode on<br />
-help - this message<br />
-get - transfer file from your site to ECMWF<br />
-status - check the status on file transfer<br />
Default values can also be set by the ECHOST, ECPORT,<br />
ECUSER or GATEWAY shell variables.<br />
{echost}$<br />
37 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
ECtrans Command<br />
{ecgate}$ ectrans –gateway ecaccess.ecmwf.int \<br />
-remote from_ecmwf@genericFtp<br />
–source ./data.grib \<br />
–target data.grib \<br />
-verbose<br />
echost: ecaccess.ecmwf.int<br />
ecport: 644<br />
ecuser: usl<br />
source: ./data.grib<br />
target: data.grib<br />
keep : false<br />
option: reject<br />
File to upload (585 bytes)<br />
10129250216245<br />
{ecgate}$<br />
• Users have to maintain MS user’s associations on local<br />
gateway, via the web interface.<br />
• ectrans is available in both directions.<br />
38 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> transfer Management<br />
{mshost}$ ectreq –help<br />
Syntax: TREQ source [args ...]<br />
-remote str - target user (default: current)<br />
-gateway str - target gateway name (default: current)<br />
-target str - target file name (default: same as source)<br />
-keep - keep the request in the spool<br />
-reject - if the target file already exists<br />
(default)<br />
-append - if the target file already exists<br />
-resume - if the target file already exists<br />
-erase - if the target file already exists<br />
{mshost}$<br />
{mshost}$ ectreq data.grib<br />
10161191420729<br />
{mshost}$<br />
39 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> transfer Management<br />
{mshost/echost}$ ectret 10161191420729<br />
TRET command successful<br />
{mshost}$<br />
• $SCRATCH used for temporary file storage.<br />
40 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> transfer Management<br />
{mshost/echost}$ ectls<br />
10161191420729 STOP xyz@ecaccess.ecmwf.int Mar 14 15:19<br />
10164593445344 DONE xyz@ecaccess.ecmwf.int Mar 14 15:22<br />
10161193432443 DONE xyz@ecaccess.ecmwf.int Mar 14 15:19<br />
{mshost/echost}$ ectls 10161191420729<br />
Copyid: 10161191420729<br />
MS user: xyz<br />
Hostname: ecaccess.ecmwf.int<br />
Access: <strong>ECaccess</strong> gateway<br />
Status: STOP<br />
Error message: No target location for xyz<br />
Date/Time: Mar 14 15:19<br />
Source: ./job.out<br />
Target: ./job.out<br />
{mshost/echost}$ ectdel 10161191420729<br />
{mshost/echost}$<br />
41 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF
<strong>ECaccess</strong> pointers<br />
• http://www.ecmwf.int/services/ecaccess<br />
User’s manual<br />
Administrator’s manual<br />
Registration center (for local <strong>ECaccess</strong> gateway)<br />
• Quick start – check first if local gateway available<br />
http://ecaccess.ecmwf.int/<br />
telnet ecaccess.ecmwf.int<br />
ssh [-X] xyz@ecaccess.ecmwf.int<br />
ftp ecaccess.ecmwf.int<br />
Ectrans<br />
42 Com Intro training course – 2005 <strong>ECaccess</strong><br />
ECMWF