Creating additional SAIL users on the HGX nodes

We have some basic automation in place for adding and removing users to the HGX nodes.

This Ansible automation is only available to sudo users.

To Add a New User

1. SSH to each SSH node that you’d like to grant access to (this needs to be run separately on each HGX).

2. Escalate to root sudo su -, and cd to /root/sail-hgx/ansible/

3. Edit the file users.yml and add a new user under either sudo or nonsudo users categories:

4. Run the playbook to create (or remove) the user(s):

5. If you’d like to set up the user on the other HGX node, make the same changes to /root/sail-hgx/ansible/users.yml on the other server, and run the playbook.

6. Note that the user will have different SSH keys set up on each server, which isn’t ideal. To sync this up, run this script on one node (it doesn’t matter which one if the user hasn’t logged in before):

After you run this, the SSH configuration will be the same on both servers.

Sending users ssh keys

There is a ansible playbook that is supported with a bash script to make this process a lot easier

1. SSH to the HGX1 (hgx1.sail.cloud.nesi.nz) node

2. Escalate to root sudo su - and cd to /root/sail-hgx/ansible/

   1. There is a one-time edit that needs to be done on the file send_ssh_key.sh, the following 2 Variables need to be update with your API and USER from https://onetimesecret.com/account

      1. API_USERNAME is your OneTimeSecret username

      2. API_KEY is the value from under the accounts section of OneTimeSecret

3. Run send_ssh_key.sh and the answer the on screen prompts regarding the user and users email

4. The user should recieve and email with a link to the secret that contains their ssh private key

You can now copy the file contents of /home/NEWUSER/.ssh/id_rsa for the new user as well and send that to the user manually