ECE Clusters, Andrew AFS, Andrew Authentication

Owned by Keith Kain (Unlicensed)
Last updated: Apr 20, 2024 by John Alacce
3 min read

UPDATE: 2020.08.31 12:30 EDT – Please note that legacy ECE accounts can still be used by connecting to fileexchange.cit.cmu.edu

Overview:

ANDREW.CMU.EDU authentication is now the default for the ECE Community clusters (“number cluster”, ECE-GUI cluster, and HH1305 lab linux machines).

The default home directory will be within your Andrew AFS space (/afs/andrew.cmu.edu/usr/$USER/).

Your ECE AFS space (/afs/ece.cmu.edu/usr/$USER) also exists and can be accessed via cross realm authentication viaaklog ece.cmu.edu (cs documentation). Cross realm authentication is available for all existing and newly created users. 

FAQ:

I am unable to login to the lab/cluster hosts with ssh/X11/FastX/graphical desktop?

  • You can always ssh into unix.andrew.cmu.edu (ssh unix.andrew.cmu.edu) and verify your quota/files there.

  • Verify your Andrew AFS AFS space is not over quota fs lq /afs/andrew.cmu.edu/usr/$USER/ see others within the FAQ for determining what is using your quota.

  • If your Andrew AFS space is not over quota and you are still experiencing issues, please contact ITS.

CMU only provides a 2GB storage quota to my home directory. How can I get more space?

  • Andrew AFS space (ie, /afs/andrew.cmu.edu/usr/$USER/) has 2GB of quota, ECE ITS has no ability to modify it or increase it.

  • ECE ITS provides more quota to ECE community users, fs lq /afs/ece.cmu.edu/usr/$USER/ to see your ECE AFS space quota.

    • Use ECE space for larger data needs, if you don’t have permissions within your ECE AFS space, make sure to aklog ece.cmu.edu

      • We can increase ECE AFS space upon request for larger projects, ECE AFS space starts at 25GB.

      • Please contact ITS if you require assistance.

  • scratch space exists as /scratch (a local disk mount on linux hosts) which can be used for temporary/intermediate data.

    • As the /scratch directory is cleared daily of old files (>28days), ensure any important data is copied elsewhere.

    • There is no currently no quota, however this space is shared across all users of the machine, please be respectful of the amount of data you store there.

What is using up my quota?

Keep in mind you likely have 2 different AFS directories.

Default Andrew AFS /afs/andrew.cmu.edu/usr/$USER/

ECE AFS /afs/ece.cmu.edu/usr/$USER with a larger quota for course work.

  • "du -hsc ~/* ~/.??" will show you where your quota is being used. OldFiles is the last backup, so you can ignore that counting against your quota.

Where are my files, I do not see files I had in my home directory?

  • Your files haven’t been deleted or moved.  Your home directory ($HOME) is defaulting to your Andrew AFS directory (/afs/andrew.cmu.edu/usr/$USER) vs your ECE directory (/afs/ece.cmu.edu/usr/$USER).  Your files are likely in the ECE AFS space directory.  If your programs expect to write into your home directory, create the symlink mentioned in the next paragraph.

I am getting permission denied for AFS directories?

  • You want to verify AFS tokens with the tokens command:

    • tokens

  • If you do not have tokens for the cell(s) (andrew.cmu.edu ; ece.cmu.edu) you want, you should execute aklog with the cell:

    • aklog ece.cmu.edu

    • aklog andrew.cmu.edu

  • To make the above command easier ~/.xlog can have the cell names. Note: this command only needs to be run once!

    • echo -e 'andrew.cmu.edu\nece.cmu.edu' > ~/.xlog

      • aklog

  • Kerberos tickets or AFS tokens may have expired

    • examine klist -A and tokens, and renew if needed

      • kinit && aklog

  • If these don’t solve the issue, and you believe it to be ACL related:

    • View the below item “How can I fix permission issues myself?”

I would prefer to use my ECE home directory, How can I do that?

  • For ease of use, you can set this to happen automatically at login. Create a symlink which will, after the next login, cd to the directory linked upon and set $HOME to the link target. The command to cut and paste is below:

    • ln -s /afs/ece.cmu.edu/usr/$USER/ /afs/andrew.cmu.edu/usr/$USER/.ecehomedir

      • Log out and log back into the system for the $HOME environment variable to update

    • $HOME can be updated directly in the active session with the following commands:

      • cd /afs/ece.cmu.edu/usr/$USER

        export HOME=/afs/ece.cmu.edu/usr/$USER

The SSH banner text is interfering with my program. How can I fix this?

  • Enable quiet SSH on the commandline (or in your ~/.ssh/config) using the "-q" flag:

    • ssh -q USERNAME@SERVER_FQDN

How can I fix permission issues within ECE AFS space myself?

AFS is documented on the Computing Service site https://www.cmu.edu/computing/services/comm-collab/collaboration/afs/ the ACLs are documented here

  • User permissions on a directory

    • add (“rlidwk”)

      • fs setacl directoryhere $USER@andrew.cmu.edu write

        • keep in mind a user will require the “l” for lookup on any parents to be able to descend into the directory

        • fs setacl parentdirectoryhere $USER@andrew.cmu.edu l

    • remove

      • fs setacl directoryhere $USER@andrew.cmu.edu none

  • LEGACY permissions - If you have a legacy ECE account (prior to 2020): SSH to fileexchange.cit.cmu.edu with your ECE account and change them.

    • After login via ssh, run (on one line):

      • find /afs/ece.cmu.edu/usr/$USER -type d -exec fs sa {} $USER@andrew.cmu.edu all \;

      • Substitute path for external project space, or group access as needed.

  • If you modified your ACL and have removed the admin flag from your own permissions, please contact ITS.