Logging in to HPCI using AlmaLinux 8 WSL

0. Change Log

0.1 Major changes

2024.04.05

• The wording of the login procedure has been partially changed to match the user’s environment.

2023.07.31

• The wording and structure of some items have been arranged.

• The text version of this document has been discontinued.

2023.05.09

• Add how to get the curl command.

• Fixed some typos.

2023.04.28

• Corrected the URL of the referenced document.

2022.12.19

• Initial release

1. Overview

This document is for those using Windows 10 and running AlmaLinux 8 WSL, and explains how to log in to the HPCI environment.

• The methods described in this document focus only on AlmaLinux 8 WSL. This document does not cover AlmaLinux running in any environment other than WSL2.

• AlmaLinux 8 WSL uses RPM packages for the Grid Community Toolkit (GCT) and GSI-Open SSH’s RHEL8. It does not use Docker.

1.1 About AlmaLinux 8 WSL

AlmaLinux 8 is a Linux distribution that is binary-compatible with RHEL 8. AlmaLinux 8 WSL is distributed on the Microsoft Store as an application, and provides an AlmaLinux terminal environment on Windows machines.

More information on AlmaLinux and AlmaLinux WSL is available at the following URLs.

• AlmaLinux Wiki

• AlmaLinux WSL

1.2 Operating environment

You will need a Windows machine that meets the following requirements:

• For more information on WSL, see Microsoft’s documentation Windows Subsystem for Linux Documentation.

• For up-to-date information on prerequisites, see Microsoft’s documentation Prerequisites .

System requirements for installing WSL.

• Windows 10 64bit version 2004 (build 19041) or higher

1.3 Installing WSL

This section describes how to install WSL on a Windows machine, along with Ubuntu as the Linux distribution.

• For more information on the installation procedure, see Microsoft’s documentation Install Linux on Windows with WSL .

• This step is not necessary if you are already using Docker Desktop for Windows on the WSL2 back end.

Installation procedure

1. Run the following as the PowerShell admin.

• Display the [Quicklink] menu

  • Either by right-clicking the [ Start ] button or by pressing the Windows logo key + X .

• Select “Windows PowerShell (Admin).”

• When a dialog will appear asking “Do you want to allow this app to make changes to your device?” click [ Yes ].

2. Run the wsl command to perform the installation.

• Type the following into PowerShell.

wsl --install

• This will install WSL and the default Linux distribution, which is Ubuntu.

PS C:\WINDOWS\system32> wsl --install
Installing: Virtual Machine Platform
Virtual Machine Platform has been installed.
Installing: Windows Subsystem for Linux
Windows Subsystem for Linux has been installed.
Downloading: WSL Kernel
Installing: WSL Kernel
WSL Kernel has been installed.
Downloading: Ubuntu
The requested operation is successful. Changes will not be effective until the system is rebooted.
PS C:\WINDOWS\system32>

3. Follow the instructions and restart to finish installing WSL.

4. Set up the default UNIX user account.

Immediately after logging in to Windows, you need to launch Ubuntu and create the default UNIX user account.

For more information on default UNIX user accounts, see Microsoft’s documentation Set up your Linux username and password .

Ubuntu should run automatically after you restart and log in to Windows; if it does not, do the following:

• Click the [ Start ] button and choose [ Ubuntu ] from the list of application.

This completes the WSL and Ubuntu installation process.

Update and upgrade packages

We recommend using the package manager to periodically update and upgrade packages. Run the following command.

$ sudo apt update && sudo apt upgrade

1.4 Installing AlmaLinux 8 WSL

This section describes how to install AlmaLinux 8 WSL in an environment in which WSL2 is already installed.

For a detailed installation procedure, refer to the Installation steps in the AlmaLinux wiki.

Installation procedure

1. Select [ Microsoft Store ] from the task bar.

2. Enter “AlmaLinux 8 WSL” in the search field.

3. Double-click on AlmaLinux 8 WSL in the search results.

4. Click [ Get ] to install the application.

5. Click [ Open ] . This launches the AlmaLinux terminal.

6. Set up the default UNIX user account.

Installing, this may take a few minutes...
Please create a default UNIX user account. The username does not need to match your Windows username.
For more information visit: https://aka.ms/wslusers
Enter new UNIX username:

• Follow the instructions on screen and enter a new username and password, and confirm the password.

  • Enter new UNIX username:

  • New password:

  • Retype new password:

• Once you have registered a user, the shell prompt will be displayed and the shell will be ready to run Linux commands.

This completes the AlmaLinux 8 WSL installation process.

2. Installing GSI-OpenSSH on AlmaLinux 8 WSL

2.1 Preparatory steps2.1 Preparatory steps

Install cron-related packages, which are needed to periodically update the CRL, and set up crond to run.

Install cron-related packages

The following steps will be performed in the AlmaLinux terminal.

1. Click the [ Start ] button and select [ AlmaLinux 8 ] from the applications list to launch the AlmaLinux terminal.

2. Install crontabs and other dependent packages.

$ sudo dnf install crontabs

3. Type the exit command to quit out of the AlmaLinux terminal.

$ exit

Set up crond to run

Use Windows’ Task Scheduler to set AlmaLinux 8 WSL’s crond to run when you log into Windows.

1. Launch Task Scheduler:

• Click the [ Start ] button and select [ Task Scheduler ] from the applications list.

  • [ Task Scheduler ] can also be found in the [ Windows Admin Tools ] folder.

2. Do the following in the ” Create Task ” window:

• Under the ” General ” tab

  1. Enter any task name you like in the “ Name: ” field.

  • For example, AlmaLinux-8 crond.

• Under the ” Triggers ” tab

  1. Click the [ New… ] button.

  2. Do the following in the ” New Trigger ” window:

  • Select “ At log on ” under the “ Begin the task: ” dropdown menu.

  3. Click the [ OK ] button to close the ” New Trigger ” window.

• Under the ” Actions ” tab

  1. Click the [ New… ] button.

  2. Do the following in the ” New Action ” window:

  • select [ Start a program ] under the ” Action: ” dropdown menu.

  • In the ” Settings: ” panel, set the following:

    • ” Program/script: “

    C:\Windows\System32\wsl.exe
    

    • ” Add arguments (optional): “

    -d AlmaLinux-8 bash -l -c "sudo /usr/sbin/crond"
    

  3. Click the [ OK ] button to close the ” New Action ” window.

3. Click the [ OK ] button to close the ” Create Task ” window.

The next time you log into Windows, the crond daemon will launch automatically.

2.2 Installation procedure

AlmaLinux 8 WSL uses the GSI-OpenSSH package for RHEL8. Refer to ” 3.2.1.1 Installing ” in the User’s Guide, HPCI Login Manual .

The following steps will be performed in the AlmaLinux terminal.

1. Click the [ Start ] button and select [ AlmaLinux 8 ] from the applications list to launch the AlmaLinux terminal. The following steps will be performed in the AlmaLinux terminal.

2. To install the NII version of GSI-OpenSSH, you will first install the NII-GT6 repository.

• Refer to “(1) Install RPM Repository Package” under “3.2.1.1 Installing”.

• The example below uses the curl command to download the repository file. If the curl command does not exist in AlmaLinux terminal, install it with the dnf command.

  $ sudo dnf install curl
  

• About checksum file

  • Access the NII版のGSI-OpenSSHのリポジトリファイル page (Note: There is no English translation page.) in your Windows web browser and download the repository checksum file.

  • The downloaded file will be in the Windows Downloads folder (c:\Users\username\Downloads). To access this from within AlmaLinux, specify the pathname to that folder as /mnt/c/Users/username/Downloads.

    • Replace “username” with the actual username.

$ curl -OR https://www.hpci.nii.ac.jp/gt6/stable/installers/repo/rpm/hpci-gt6-repo-latest.noarch.rpm
$ cp /mnt/c/Users/username/Downloads/hpci-gt6-repo-latest.noarch.rpm.sha512 .
$ sha512sum --check hpci-gt6-repo-latest.noarch.rpm.sha512
$ sudo rpm -ivh hpci-gt6-repo-latest.noarch.rpm

3. Install the EPEL repository.

• To install the GCT library package, which is a dependency for GSI-OpenSSH, install the EPEL repository.

$ sudo dnf install epel-release

4. Install the gsi-hpn-openssh-clients package for the NII version of GSI-OpenSSH and the GridCF version of myproxy.

• Run the command shown under “[for RHEL8]” under “(2) Install software” under “3.2.1.1 Installing”.

  • Running the dnf install command will install gsi-hpn-openssh-clients and myproxy.

$ sudo dnf install gsi-hpn-openssh-clients myproxy

This completes the installation process for GSI-OpenSSH.

2.3 Post-installation setup

The following steps will also be performed in the AlmaLinux terminal.

Set up a trustworthy Certificate Authority

Refer to “(3) Trusting certificate issued by HPCI CA” under ” 3.2.1.1 Installing ” in the User’s Guide, HPCI Login Manual .

1. Create the directory where files will be stored.

$ sudo mkdir -p /etc/grid-security/certificates

2. Navigate into the directory you just created and get the required files.

• Download the files for openssl 1.0 or later from HPCI Certification Authority Web site.

$ cd /etc/grid-security/certificates
$ sudo curl -OR https://www.hpci.nii.ac.jp/ca/61cd35bd.0
$ sudo curl -OR https://www.hpci.nii.ac.jp/ca/61cd35bd.signing_policy

Update the Certificate Revocation Lists (CRLs)

Use crond to periodically run the fetch-crl utility to periodically update the CRLs.

1. Install fetch-crl.

$ sudo dnf install fetch-crl

2. Set up the URL that is the source for CRL updates.

• In the following example, we are getting the list hpcica.crl and saving it as the file named 61cd35bd.r0.

$ cd /etc/grid-security/certificates
$ sudo sh -c "echo 'https://www.hpci.nii.ac.jp/ca/hpcica.crl' > 61cd35bd.crl_url"

3. Add an entry for fetch-crl to crontab to execute it periodically.

   • Create the directory /etc/cron/d

   • Set fetch-crl-boot to run fetch-crl once when crond runs.

   • Set fetch-crl-regularly to run fetch-crl periodically.

$ cd /etc/cron.d
$ sudo sh -c "echo '@reboot root /usr/sbin/fetch-crl -q' > fetch-crl-boot"
$ sudo sh -c "echo '45 */6 * * * root /usr/sbin/fetch-crl -q -r 360' > fetch-crl-regularly"

3. Logging in to the HPCI environment

Using the GSI-OpenSSH for RHEL8 environment that you have installed, you can run the myproxy-logon and gsissh commands in the AlmaLinux terminal as-is. Follow the instructions in the HPCI Login Manual.

3.1 Launch the AlmaLinux terminal

Launch the AlmaLinux terminal.

3.2 Log into the login server

This section provides an overview of the login procedure. See User’s Guide, HPCI Login Manual for details.

Issue a proxy certificate

First, a proxy certificate must be issued using HPCI Certificate Issuing System and stored in the proxy certificate repository.

Attention

• Proxy certificates are valid for up to 168 hours.

• It should be issued (stored) each time it expires.

• Refer to the following document for the issuing (storing) procedure.

  • User’s Guide, HPCI Login Manual, “2.2. Storing the Proxy Certifdicate”

Download the proxy certificate

Download the proxy certificate to the AlmaLinux terminal .

• For details on the procedure, refer to the following document.

  • User’s Guide, HPCI Login Manual , “2.3.2. Download with myproxy-logon”

• If you are unable to download a proxy certificate, refer to the following document

  • User’s Guide, HPCI Login Manual , “2.3.2.2. Troubleshooting”

  • トラブルシューティング - GSI-SSHシステム管理関連 in the HPCI information-sharing CMS. (Note: There is no English translation page.)

1. Download the proxy certificate using the myproxy-logon command.

[hpciuser@XXXXXXXXXXXX ~]$ myproxy-logon -s portal.hpci.nii.ac.jp -l [HPCI-ID]
Enter MyProxy pass phrase: ********
A credential has been received for user <HPCI-ID> in /tmp/x509up_up2000.
[hpciuser@XXXXXXXXXXXX ~]$

2. Verify the information in the resulting proxy certificate using the grid-proxy-info command.

[hpciuser@XXXXXXXXXXXX ~]$ grid-proxy-info
subject  : /C=JP/O=NII/OU=HPCI/CN=user/CN=proxy/CN=proxy/CN=proxy/CN=proxy
issuer   : /C=JP/O=NII/OU=HPCI/CN=user/CN=proxy/CN=proxy/CN=proxy
identity : /C=JP/O=NII/OU=HPCI/CN=user
type     : RFC 3820 compliant impersonation proxy
strength : 2048 bits
path     : /tmp/x509up_u2000
timeleft : 12:01:15
[hpciuser@XXXXXXXXXXXX ~]$

Log in to the login server

• For details on the procedure, refer to the following document.

  • User’s Guide, HPCI Login Manual , “2.4. Login to the Login Server”

• If you are unable to log in to the login server, refer to the following document.

  • User’s Guide, HPCI Login Manual , “2.4.2. Troubleshooting”

  • トラブルシューティング - GSI-SSHシステム管理関連 in the HPCI information-sharing CMS. (Note: There is no English translation page.)

1. Log in to the login server. In the following example, we are logging in to the login server at the Tokyo Institute of Technology, login.t3.gsic.titech.ac.jp.

[hpciuser@XXXXXXXXXXXX ~]$ gsissh -p 2222 login.t3.gsic.titech.ac.jp
Last login: Tue Jan 24 11:09:13 2023 from xxx.xxx.xxx.xxx
--------------------------------------------------------------------
Last modified: 2023-04-06 17:00:00 JST

 ** Do not run heavy programs like ISVs on login nodes login[01]. **

    (The current TSUBAME 3.0 operational status)
    https://www.t3.gsic.titech.ac.jp/      Twitter:@Titech_TSUBAME
--------------------------------------------------------------------
<HPCI-ID>@login1:~>

2. When you exit the login server, you will return to the AlmaLinux terminal bash shell .

<HPCI-ID>@login1:~> exit
logout
Connection to login.t3.gsic.titech.ac.jp closed.
[hpciuser@XXXXXXXXXXXX ~]$