We have some basic automation in place for adding and removing users to the HGX nodes.
This Ansible automation is only available to sudo users.
To Add a New User
SSH to each SSH node that you’d like to grant access to (this needs to be run separately on each HGX).
ssh sean@hgx1.sail.cloud.nesi.nz
2. Escalate to root sudo su -, and cd to /root/sail-hgx/ansible/
3. Edit the file users.yml and add a new user under either sudo or nonsudo users categories:
Alternatively, move an existing user to “removed_users” to remove
Removing users will remove their home directories as well
--
- hosts: "localhost"
connection: "local"
vars:
sudo_users:
- john
- ricky
- newuser
nonsudo_users:
- taylor
- bob
removed_users:
- paul
- tanya
4. Run the playbook to create (or remove) the user(s):
[root@hgx1 ansible]# ansible-playbook users.yml
5. If you’d like to set up the user on the other HGX node, make the same changes to /root/sail-hgx/ansible/users.yml on the other server, and run the playbook.
6. Note that the user will have different SSH keys set up on each server, which isn’t ideal. To sync this up, run this script on one node (it doesn’t matter which one if the user hasn’t logged in before):
/root/sail-hgx/ansible/sync_user_keys.sh
After you run this, the SSH configuration will be the same on both servers. You can now copy the file contents of /home/NEWUSER/.ssh/id_rsa for the new user you created to give to the user to use.