https://wiki.anunna.wur.nl/api.php?action=feedcontributions&feedformat=atom&user=Haars0011HPCwiki - User contributions [en]2026-04-18T01:37:53ZUser contributionsMediaWiki 1.43.1https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2723Main Page2026-04-16T07:43:12Z<p>Haars0011: </p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
= About =<br />
<br />
* [[History of the Cluster|Historical information on the startup of Anunna]]<br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses and Tutorials =<br />
The Anunna team organizes HPC courses three times a year to strengthen basic & more advanced skills and enable users to make the most effective use of our facility.<br />
<br />
* [[Linux Basic]]<br />
* [[HPC Basic]]<br />
* [[HPC Advanced]]<br />
* [[2026 Course dates]]<br />
* [[Tutorials]]<br />
<br />
= Using Anunna =<br />
* [[Tariffs |Costs associated with resource usage]]<br />
<br />
== Getting support ==<br />
* [[Support|Get support with using Anunna (open a ticket with the HPC team)]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
== Browser apps ==<br />
This page provides an overview of the GUI-based applications available Anunna, including background information and practical guidance on how to access and use interactive desktops and graphical tools directly from your web browser.<br />
<br />
* [[General overview|General Overview]]<br />
* [[Anunna Shell Access]]<br />
* [[Using the File browser|File Browser]]<br />
* [[Jupyter|Featured Apps]]<br />
* [[Jupyter]]<br />
* [[RStudio|R Studio]]<br />
* [[Linux desktop|Linux Desktop]]<br />
* [[Requesting new software|Requesting New Software]]<br />
<br />
== Command-line Software ==<br />
<br />
==== Cluster Scheduler ====<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
==== [[Globally installed software]] ====<br />
<br />
==== [[ABGC_modules |ABGC specific modules]] ====<br />
<br />
==== Installation of software by users ====<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[Bioinformatics_tips_tricks_workflows |Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2714Linux desktop2026-04-03T12:29:25Z<p>Haars0011: Chappie help</p>
<hr />
<div>The Linux desktop gives you a graphical environment on the cluster, right inside your web browser. <br />
<br />
It is useful for running software that needs a screen, such as plotting tools, genome browsers, or graphical editors. You do not need to install anything on your own computer — a web browser and your Anunna account are all you need.<br />
<br />
The desktop is based on [https://www.xfce.org/ Xfce], a lightweight and user-friendly desktop environment.<br />
<br />
{{Warning|Start only one desktop session at a time. Running two sessions simultaneously causes conflicts and neither will work properly. If your desktop seems stuck, check '''My Interactive Sessions''' (see [[#Reconnecting to a running desktop|Reconnecting]]) to make sure you do not have a duplicate running.}}<br />
<br />
== Getting started ==<br />
<br />
=== Launching a desktop ===<br />
<br />
# Go to http://apps.anunna.wur.nl/.<br />
# Click the '''XFCE desktop''' tile:<br />
#: [[File:XFCE_tile.png|371x371px]]<br />
# A launch form appears:<br />
#: [[File:Minimal_desktop_form.png|400x400px]]<br />
# Enter how long you need the desktop (in hours). The desktop will shut down automatically when the time runs out.<br />
# Click '''Launch'''.<br />
<br />
After a short wait the desktop session will start. Continue to [[#Connecting to your desktop|Connecting to your desktop]] below.<br />
<br />
=== Connecting to your desktop ===<br />
<br />
Once the session is running you will see an information tile:<br />
<br />
[[File:XFCE_job_info.png|600x600px]]<br />
<br />
Click '''Launch Desktop (XFCE)''' to open the desktop in your browser.<br />
<br />
=== Using the desktop ===<br />
<br />
The desktop looks like this:<br />
<br />
[[File:XFCE_desktop.png]]<br />
<br />
Along the bottom you will find six shortcut icons:<br />
<br />
* '''Show Desktop''' — minimise all windows<br />
* '''Terminal''' — open a command-line terminal<br />
* '''File Browser''' — browse your files<br />
* '''Web Browser''' — open a web browser inside the desktop<br />
* '''Application Search''' — search for installed applications<br />
* '''Home Folder''' — open your home directory<br />
<br />
The '''Applications''' menu in the top-left corner gives access to the same applications, plus '''Settings''' for desktop preferences.<br />
<br />
=== Using pre-installed software (modules) ===<br />
<br />
Software that is available on Anunna via the <code>module load</code> command works inside the desktop as well. Open a terminal and use modules exactly as you would on the command line. See the [[Modules]] page for more information.<br />
<br />
=== Reconnecting to a running desktop ===<br />
<br />
If you close your browser or shut down your computer, the desktop keeps running in the background. To reconnect:<br />
<br />
# Go to http://apps.anunna.wur.nl/.<br />
# Click '''My Interactive Sessions''' in the menu bar.<br />
# Find your running session and click '''Launch Desktop (XFCE)'''.<br />
<br />
=== Stopping the desktop ===<br />
<br />
There are two ways to stop a desktop session:<br />
<br />
; From inside the desktop<br />
: Open the '''Applications''' menu (top left) and click '''Log Out''' at the bottom. Alternatively, click your name in the top-right corner and choose '''Log Out'''. You will see a "Connection lost" message — this is normal and simply means the session has ended.<br />
<br />
; From the session tile<br />
: Go to '''My Interactive Sessions''' and click '''Cancel''' on the session tile.<br />
<br />
After stopping, the tile changes to:<br />
<br />
[[File:XFCE_tile_after.png]]<br />
<br />
From here you can:<br />
* Click the '''pencil''' icon to change settings before starting a new session.<br />
* Click the '''recycle''' icon to start a new session with the same settings.<br />
* Click '''Delete''' to remove the session log files.<br />
<br />
== Advanced usage ==<br />
<br />
=== Customising your session ===<br />
<br />
The default launch form keeps things simple. If you need more control, tick '''Show advanced job options''' on the launch form to reveal additional settings:<br />
<br />
[[File:Desktop_extended_form.png|482x482px]]<br />
<br />
Here you can change:<br />
* The number of CPU cores and amount of memory.<br />
* The maximum duration of the session.<br />
* Whether to enable '''admin rights''' (see [[#Installing your own software|Installing your own software]] below).<br />
<br />
Adjust the settings to match your needs, then click '''Launch'''.<br />
<br />
=== Installing your own software ===<br />
<br />
If you need software that is not already available through [[Modules|modules]], you can install it yourself. To do so, you need ''administrator privileges'' inside the desktop.<br />
<br />
==== Enabling admin rights ====<br />
<br />
# On the launch form, tick '''Show advanced job options'''.<br />
# Enable the '''admin rights''' option.<br />
# Click '''Launch'''.<br />
<br />
When admin rights are enabled, you have full administrator (root) access inside the desktop. You can verify this by opening a terminal: the prompt will show <code>root</code> instead of your username.<br />
<br />
==== How changes are saved ====<br />
<br />
When you use admin rights, any software you install or files you change inside the system directories are saved automatically. The next time you start a desktop session with admin rights, your changes will still be there. This means you only need to install software once.<br />
<br />
{{Note|Changes are stored in a personal disk image on the lustre filesystem. If you run into disk-space issues or want a clean start, contact the HPC helpdesk.}}<br />
<br />
== Troubleshooting ==<br />
<br />
{| class="wikitable"<br />
! Problem !! What to do<br />
|-<br />
| Desktop does not start or stays ''Queued'' for a long time<br />
| The cluster may be busy. Try requesting fewer resources (cores, memory) or a shorter duration. Also check that you do not already have a session running under '''My Interactive Sessions'''.<br />
|-<br />
| Screen is black or unresponsive after connecting<br />
| Try reloading the browser tab. If the problem persists, stop the session and start a new one.<br />
|-<br />
| "Connection lost" message appeared unexpectedly<br />
| Your session may have reached its time limit. Start a new session with a longer duration. If it happens immediately, check '''My Interactive Sessions''' for error information.<br />
|-<br />
| I accidentally started two desktops<br />
| Go to '''My Interactive Sessions''', cancel both sessions, and start a single new one.<br />
|-<br />
| I installed software but it is gone after restarting<br />
| Make sure you launched the session with '''admin rights''' enabled. Without admin rights, system-level changes are not preserved.<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2713Linux desktop2026-04-03T12:24:14Z<p>Haars0011: </p>
<hr />
<div>The Linux desktop gives you a graphical environment on the Anunna cluster, right inside your web browser. It is useful for running software that needs a screen, such as plotting tools, genome browsers, or graphical editors. You do not need to install anything on your own computer — a web browser and your WUR account are all you need.<br />
<br />
The desktop is based on [https://www.xfce.org/ Xfce], a lightweight and user-friendly desktop environment.<br />
<br />
{{Warning|Start only one desktop session at a time. Running two sessions simultaneously causes conflicts and neither will work properly. If your desktop seems stuck, check '''My Interactive Sessions''' (see [[#Reconnecting to a running desktop|Reconnecting]]) to make sure you do not have a duplicate running.}}<br />
<br />
== Getting started ==<br />
<br />
=== Launching a desktop ===<br />
<br />
# Go to http://apps.anunna.wur.nl/.<br />
# Click the '''XFCE desktop''' tile:<br />
#: [[File:XFCE_tile.png]]<br />
# A launch form appears:<br />
#: [[File:Minimal_desktop_form.png]]<br />
# Enter how long you need the desktop (in hours). The desktop will shut down automatically when the time runs out.<br />
# Click '''Launch'''.<br />
<br />
After a short wait the desktop session will start. Continue to [[#Connecting to your desktop|Connecting to your desktop]] below.<br />
<br />
=== Connecting to your desktop ===<br />
<br />
Once the session is running you will see an information tile:<br />
<br />
[[File:XFCE_job_info.png]]<br />
<br />
Click '''Launch Desktop (XFCE)''' to open the desktop in your browser.<br />
<br />
=== Using the desktop ===<br />
<br />
The desktop looks like this:<br />
<br />
[[File:XFCE_desktop.png]]<br />
<br />
Along the bottom you will find six shortcut icons:<br />
<br />
* '''Show Desktop''' — minimise all windows<br />
* '''Terminal''' — open a command-line terminal<br />
* '''File Browser''' — browse your files<br />
* '''Web Browser''' — open a web browser inside the desktop<br />
* '''Application Search''' — search for installed applications<br />
* '''Home Folder''' — open your home directory<br />
<br />
The '''Applications''' menu in the top-left corner gives access to the same applications, plus '''Settings''' for desktop preferences.<br />
<br />
=== Reconnecting to a running desktop ===<br />
<br />
If you close your browser or shut down your computer, the desktop keeps running in the background. To reconnect:<br />
<br />
# Go to http://apps.anunna.wur.nl/.<br />
# Click '''My Interactive Sessions''' in the menu bar.<br />
# Find your running session and click '''Launch Desktop (XFCE)'''.<br />
<br />
=== Stopping the desktop ===<br />
<br />
There are two ways to stop a desktop session:<br />
<br />
; From inside the desktop<br />
: Open the '''Applications''' menu (top left) and click '''Log Out''' at the bottom. Alternatively, click your name in the top-right corner and choose '''Log Out'''. You will see a "Connection lost" message — this is normal and simply means the session has ended.<br />
<br />
; From the session tile<br />
: Go to '''My Interactive Sessions''' and click '''Cancel''' on the session tile.<br />
<br />
After stopping, the tile changes to:<br />
<br />
[[File:XFCE_tile_after.png]]<br />
<br />
From here you can:<br />
* Click the '''pencil''' icon to change settings before starting a new session.<br />
* Click the '''recycle''' icon to start a new session with the same settings.<br />
* Click '''Delete''' to remove the session log files.<br />
<br />
== Advanced usage ==<br />
<br />
=== Customising your session ===<br />
<br />
The default launch form keeps things simple. If you need more control, tick '''Show advanced job options''' on the launch form to reveal additional settings:<br />
<br />
[[File:Desktop_extended_form.png]]<br />
<br />
Here you can change:<br />
* The number of CPU cores and amount of memory.<br />
* The maximum duration of the session.<br />
* Whether to enable '''admin rights''' (see [[#Installing your own software|Installing your own software]] below).<br />
<br />
Adjust the settings to match your needs, then click '''Launch'''.<br />
<br />
=== Using pre-installed software (modules) ===<br />
<br />
Software that is available on Anunna via the <code>module load</code> command works inside the desktop as well. Open a terminal and use modules exactly as you would on the command line. See the [[Modules]] page for more information.<br />
<br />
=== Installing your own software ===<br />
<br />
If you need software that is not already available through [[Modules|modules]], you can install it yourself. To do so, you need ''administrator privileges'' inside the desktop.<br />
<br />
==== Enabling admin rights ====<br />
<br />
# On the launch form, tick '''Show advanced job options'''.<br />
# Enable the '''admin rights''' option.<br />
# Click '''Launch'''.<br />
<br />
When admin rights are enabled, you have full administrator (root) access inside the desktop. You can verify this by opening a terminal: the prompt will show <code>root</code> instead of your username.<br />
<br />
==== How changes are saved ====<br />
<br />
When you use admin rights, any software you install or files you change inside the system directories are saved automatically. The next time you start a desktop session with admin rights, your changes will still be there. This means you only need to install software once.<br />
<br />
{{Note|Changes are stored in a personal overlay on the Anunna filesystem. If you run into disk-space issues or want a clean start, contact the HPC helpdesk.}}<br />
<br />
== Troubleshooting ==<br />
<br />
{| class="wikitable"<br />
! Problem !! What to do<br />
|-<br />
| Desktop does not start or stays ''Queued'' for a long time<br />
| The cluster may be busy. Try requesting fewer resources (cores, memory) or a shorter duration. Also check that you do not already have a session running under '''My Interactive Sessions'''.<br />
|-<br />
| Screen is black or unresponsive after connecting<br />
| Try reloading the browser tab. If the problem persists, stop the session and start a new one.<br />
|-<br />
| "Connection lost" message appeared unexpectedly<br />
| Your session may have reached its time limit. Start a new session with a longer duration. If it happens immediately, check '''My Interactive Sessions''' for error information.<br />
|-<br />
| I accidentally started two desktops<br />
| Go to '''My Interactive Sessions''', cancel both sessions, and start a single new one.<br />
|-<br />
| I installed software but it is gone after restarting<br />
| Make sure you launched the session with '''admin rights''' enabled. Without admin rights, system-level changes are not preserved.<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2712Linux desktop2026-03-27T14:48:41Z<p>Haars0011: </p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
'''Important: Only start a single desktop, otherwise things won't work!'''<br />
<br />
=== Starting a desktop ===<br />
To start a desktop, go to http://apps.anunna.wur.nl/, and select the desktop tile:<br />
<br />
[[File:XFCE tile.png|frameless|124x124px]]<br />
<br />
===== Default form =====<br />
This will then start up a form:<br />
[[File:Minimal desktop form.png|none|thumb]]<br />
If you click "Launch", a desktop job will be started with a maximum duration that you entered.<br />
<br />
==== Extended form ====<br />
You can also select the "Show advanced job options", and then the following form will appear:<br />
[[File:Desktop extended form.png|none|thumb]]<br />
<br />
<br />
An important option is that here you can select the "admin rights". With that you will become super user (root) inside your container.<br />
<br />
That way you can install software yourself.<br />
<br />
Adapt to what you need, click "Launch", and a desktop job will be started with the options that you entered.<br />
=== Getting acces to the desktop ===<br />
Once the job is started, you will be shown an informational tile like this:<br />
<br />
[[File:XFCE job info.png|frameless]]<br />
<br />
<br />
<br />
On this tile, you can see info on the job, and also Cancel the job.<br />
<br />
To show the running desktop, click on "Launch Desktop (XFCE)".<br />
<br />
If you close your browser or computer, the desktop will keep running, and you can access it again by going to http://apps.anunna.wur.nl/, and select the "My Interactive Session" in the menu bar.<br />
<br />
=== XFCE desktop usage ===<br />
After connecting, the desktop will look something like this:<br />
<br />
[[File:XFCE desktop.png|frameless]]<br />
<br />
<br />
<br />
At the bottom are 6 icons, being "Show Desktop", "Terminal", "File browser", "Web browser", "Application search" and "Home folder".<br />
<br />
At the top left is the "Applications" menu, where you can find the same applications, and "Settings".<br />
<br />
=== Stopping the desktop ===<br />
To stop the desktop, there are 2 options:<br />
<br />
# By clicking on "Logout" inside the desktop<br />
## There is a "Logout" button at the bottom of the "Applications" menu (top left)<br />
## There is a "Logout" button at the bottom of the menu when you click on your name (top right)<br />
# By clicking "Cancel" on the session tile<br />
<br />
If you log out inside the desktop, you will get a "Connection lost" message, as the job got stopped.<br />
<br />
If you cancel in the informational tile, the tile will then look like this:<br />
<br />
[[File:XFCE tile after.png|frameless]]<br />
<br />
<br />
<br />
The buttons at the top right allow you to change the settings to start another desktop session (the pencil), or to start another desktop session with the same settings as this one (the recycle logo).<br />
<br />
The "Delete" button will remove the debug logs.<br />
<br />
=== Running already installed software (using modules) ===<br />
[[Modules]] just work inside the container, you can use them as you are used.<br />
<br />
=== Installing your own software ===<br />
To install your own software, start the container with the "admin rights" option enabled.<br />
<br />
This will create an overlay container, stored on lustre, so any changes you make will be preserved between startups.<br />
<br />
Beside that, you will be super user inside the container.<br />
<br />
That is easy to spot if you open a terminal. Instead of your username, you will see root as the active user.</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:Desktop_extended_form.png&diff=2711File:Desktop extended form.png2026-03-27T14:39:06Z<p>Haars0011: </p>
<hr />
<div>desktop_extended_form</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:Minimal_desktop_form.png&diff=2710File:Minimal desktop form.png2026-03-27T14:37:47Z<p>Haars0011: </p>
<hr />
<div>minimal_desktop_form</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2709Using a hardware key for better security2026-03-25T13:16:13Z<p>Haars0011: </p>
<hr />
<div>WUR employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on your choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There are three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password for each new SSH session (use SSH agent to cache passphrase; no PIN or touch required per-session)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option. If your hardware key does not support ed25519-sk, use <code>-t ecdsa-sk</code> as a fallback.<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
<syntaxhighlight lang="bash"><br />
user001@LAPTOP:~$ ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "first.lastname@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/home/user001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/home/user001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /home/user001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /home/user001/.ssh/id_ed25519_sk.pub<br />
</syntaxhighlight><br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/home/user001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
<syntaxhighlight lang="bash"><br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
</syntaxhighlight><br />
==== Key use ====<br />
On the machine that you created the key, a stub file will have been added to point ssh-agent to the hardware key. If the SSH agent was already running at the time of key creation, you may need to run <code>ssh-add ~/.ssh/id_ed25519_sk</code> once to load it manually.<br />
<br />
On other machines, you can load the private SSH key from the hardware key with (requires OpenSSH ≥ 8.3):<br />
ssh-add -K <br />
After this all, you should be able to login without issue.<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh.<br />
<br />
First, download and inspect the LaunchAgent plist before loading it:<syntaxhighlight lang="bash"><br />
# Get the plist<br />
curl --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist <br />
# Review the file contents before proceeding<br />
cat ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
</syntaxhighlight>The content should look like this:<syntaxhighlight lang="xml"><?xml version="1.0" encoding="UTF-8"?><br />
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><br />
<plist version="1.0"><br />
<dict><br />
<key>Label</key><br />
<string>com.homebrew.ssh-agent</string><br />
<key>ProgramArguments</key><br />
<array><br />
<string>/bin/sh</string><br />
<string>-c</string><br />
<!-- We reuse SSH_AUTH_SOCK from com.openssh.ssh-agent --><br />
<string>rm -f $SSH_AUTH_SOCK; exec /opt/homebrew/bin/ssh-agent -D -a $SSH_AUTH_SOCK</string><br />
</array><br />
<key>RunAtLoad</key><br />
<true/><br />
</dict><br />
</plist></syntaxhighlight>Then load it and disable the Apple agent:<syntaxhighlight lang="bash"><br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
</syntaxhighlight>If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal. Verify that <code>$SSH_AUTH_SOCK</code> points to the Homebrew agent socket (not the Apple one) before continuing:<br />
echo $SSH_AUTH_SOCK<br />
Then follow the Linux flow above.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2708Using a hardware key for better security2026-03-25T13:12:48Z<p>Haars0011: </p>
<hr />
<div>WUR employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on your choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There are three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password for each new SSH session (use SSH agent to cache passphrase; no PIN or touch required per-session)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option. If your hardware key does not support ed25519-sk, use <code>-t ecdsa-sk</code> as a fallback.<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
user001@LAPTOP:~$ ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "first.lastname@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/home/user001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/home/user001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /home/user001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /home/user001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/home/user001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
==== Key use ====<br />
On the machine that you created the key, a stub file will have been added to point ssh-agent to the hardware key. If the SSH agent was already running at the time of key creation, you may need to run <code>ssh-add ~/.ssh/id_ed25519_sk</code> once to load it manually.<br />
<br />
On other machines, you can load the private SSH key from the hardware key with (requires OpenSSH ≥ 8.3):<br />
ssh-add -K <br />
After this all, you should be able to login without issue.<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh.<br />
<br />
First, download and inspect the LaunchAgent plist before loading it:<syntaxhighlight lang="bash"><br />
# Get the plist<br />
curl --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist <br />
# Review the file contents before proceeding<br />
cat ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
</syntaxhighlight>The content should look like this:<syntaxhighlight lang="xml"><?xml version="1.0" encoding="UTF-8"?><br />
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><br />
<plist version="1.0"><br />
<dict><br />
<key>Label</key><br />
<string>com.homebrew.ssh-agent</string><br />
<key>ProgramArguments</key><br />
<array><br />
<string>/bin/sh</string><br />
<string>-c</string><br />
<!-- We reuse SSH_AUTH_SOCK from com.openssh.ssh-agent --><br />
<string>rm -f $SSH_AUTH_SOCK; exec /opt/homebrew/bin/ssh-agent -D -a $SSH_AUTH_SOCK</string><br />
</array><br />
<key>RunAtLoad</key><br />
<true/><br />
</dict><br />
</plist></syntaxhighlight>Then load it and disable the Apple agent:<syntaxhighlight lang="bash"><br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
</syntaxhighlight>If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal. Verify that <code>$SSH_AUTH_SOCK</code> points to the Homebrew agent socket (not the Apple one) before continuing:<br />
echo $SSH_AUTH_SOCK<br />
Then follow the Linux flow above.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2707Using a hardware key for better security2026-03-25T13:06:09Z<p>Haars0011: </p>
<hr />
<div>WUR employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password for each new SSH session (use SSH agent to cache passphrase; no PIN or touch required per-session)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option. If your hardware key does not support ed25519-sk, use <code>-t ecdsa-sk</code> as a fallback.<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
user001@LAPTOP:~$ ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna -C "first.lastname@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/home/user001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/home/user001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /home/user001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /home/user001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/home/user001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
==== Key use ====<br />
On the machine that you created the key, a stub file will have been added to point ssh-agent to the hardware key. If the SSH agent was already running at the time of key creation, you may need to run <code>ssh-add ~/.ssh/id_ed25519_sk</code> once to load it manually.<br />
<br />
On other machines, you can load the private SSH key from the hardware key with (requires OpenSSH ≥ 8.3):<br />
ssh-add -K <br />
After this all, you should be able to login without issue.<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh.<br />
<br />
First, download and inspect the LaunchAgent plist before loading it:<br />
curl --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist <nowiki>https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist</nowiki><br />
# Review the file contents before proceeding<br />
cat ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
Then load it and disable the Apple agent:<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal. Verify that <code>$SSH_AUTH_SOCK</code> points to the Homebrew agent socket (not the Apple one) before continuing:<br />
echo $SSH_AUTH_SOCK<br />
Then follow the Linux flow above.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Tapeworm&diff=2671Tapeworm2026-03-03T17:31:45Z<p>Haars0011: Don't flow text around images</p>
<hr />
<div>= Tapeworm: Automated tape-archival of old datasets =<br />
<br />
<div style="border:2px solid #d32f2f; background:#ffebee; padding:12px; margin:12px 0;"><br />
<b>Warning:</b><br />
<ul style="margin:8px 0 0 18px;"><br />
<li>This documentation page is under construction and may contain errors.</li><br />
<li>The Tapeworm application is in beta and may contain errors.</li><br />
</ul><br />
</div><br />
<br />
=== https://tapeworm.anunna.wur.nl/ ===<br />
<br />
Tapeworm helps you manage data on <code>/archive</code> by identifying datasets that are no longer actively used and preparing them for tape archival. <br />
The goal is simple: keep our warm storage available for active work, while safely preserving older data on tape.<br />
<br />
With Tapeworm, you can:<br />
* See which of your datasets are being considered for tape archival<br />
* Review planned moves before they happen<br />
* Approve, snooze, or block moves when needed<br />
* Add metadata to help describe archived datasets. The metadata is included on tape and can be used to view/retrieve from tape, should you need to do so in the future<br />
<br />
If you do nothing, Tapeworm will continue with the planned move after the review period. <br />
That is why we recommend checking your pending actions regularly. You will also receive notification emails about pending actions.<br />
<br />
== How Tapeworm works ==<br />
<br />
# Tapeworm scans <code>/archive</code> and builds an index of datasets, size, owner, and last active use.<br />
# A policy engine checks which datasets look stale (for example: 30+ days old and larger than 1GB).<br />
# Matching datasets are marked as <b>planned</b> and shown in your overview.<br />
# You will be notified by email that Tapeworm plans to move data you own<br />
# You can review and change what should happen, or block the move(s) entirely<br />
# If no action is taken, after a wait period of 4 weeks, planned moves can become scheduled and then executed.<br />
# Data is moved to tape, and removed from /archive/<br />
<br />
== Who sees what? ==<br />
<br />
* <b>Regular users</b> see only their own datasets and actions.<br />
* <b>Group admins/contacts</b> see data for their configured group(s), in addition to their own data.<br />
<br />
== User pages ==<br />
<br />
=== 1) Overview ===<br />
This is your action page. It shows items that currently need your decision.<br />
<br />
[[File:User overview 3.png|frame|none]]<br />
<br />
For each candidate, you can:<br />
* <b>Approve</b>: proceed with the tape move. It will schedule for the next day<br />
* <b>Deny</b>: stop this move, configure an override for this path. Tapeworm will not try to move this dataset/path again, until you choose to remove the override<br />
* <b>Snooze</b>: postpone the decision to a future date<br />
* <b>Edit metadata</b>: add key/value notes for archived data. These values are included on tape and can be used to view/retrieve datasets on tape<br />
<br />
You can also select multiple rows and apply actions in bulk.<br />
<br />
=== 2) Datasets ===<br />
This page shows your discovered datasets, their sizes, and last activity times. The application has no concept of what data belongs together and should be considered a 'dataset'. If the selections on this page are wrong, you can change how Tapeworm should handle these datasets instead.<br />
<br />
[[File:User datasets.png|frame|none]]<br />
<br />
Important:<br />
* If a dataset already has an active move candidate, scheduling controls are disabled.<br />
The dataset list is informational; move decisions are handled through the Schedule page.<br />
<br />
=== 3) Schedule ===<br />
This page shows move candidates and their status over time.<br />
<br />
[[File:User schedule.png|frame|none]]<br />
<br />
Common statuses:<br />
* <b>Planned</b> (or <b>planned + notified</b>): under review<br />
* <b>Scheduled</b>: move is planned for a specific date<br />
* <b>Executing / Tape staged / On tape</b>: move is in progress or completed<br />
* <b>Error</b>: move needs admin attention. You may be contacted, maybe we resolve it ourselves :)<br />
<br />
Once a move is already executing or completed, schedule-changing actions are locked.<br />
<br />
=== 4) Overrides ===<br />
Overrides tell Tapeworm to ignore specific paths in future planning.<br />
<br />
[[File:User override.png|frame|none]]<br />
<br />
Use overrides when:<br />
* a project is still active and needs to remain on /archive<br />
* policy suggestions are not appropriate for that location<br />
<br />
If you agree that the dataset can in principle be moved to tape, but you don't (yet) know when, you can choose to postpone/snooze the archival instead of overriding it.<br />
<br />
Overrides apply to the selected path and everything below it.<br />
<br />
=== 5) History ===<br />
This page shows completed archival moves. <br />
When a dataset has been successfully archived and finalized, it is removed from active scheduling pages and moved into history.<br />
<br />
[[File:User history.png|frame|none]]<br />
<br />
== Group pages ==<br />
<br />
Group admins have a separate set of pages for their group scope:<br />
* <b>Group overview</b><br />
* <b>Group datasets</b><br />
* <b>Group schedule</b><br />
* <b>Group overrides</b><br />
* <b>Group history</b><br />
<br />
If you manage more than one group, you can switch group scope in the selector at the top of the group pages.<br />
<br />
== Notifications (email) ==<br />
<br />
Tapeworm sends email updates when actions are pending, dates are approaching, or move state changes happen.<br />
<br />
Emails typically include:<br />
* Dataset path<br />
* Size<br />
* Last activity<br />
* Current status<br />
* Review/scheduled date<br />
<br />
Notification types you may receive:<br />
* <b>Action required</b>: please approve, snooze, or deny<br />
* <b>Reminder</b>: review date is approaching<br />
* <b>Informational</b>: move status changed (for example scheduled, staging, or completed)<br />
* <b>Escalation</b>: sent to group contacts when no user response is received<br />
<br />
Please read these emails carefully — they are your chance to adjust decisions before execution.<br />
<br />
== Best practices for users ==<br />
<br />
* Check your <b>Overview</b> page regularly<br />
* Use <b>Snooze</b> if you need time to validate impact<br />
* Add <b>metadata</b> when approving important datasets<br />
* Use <b>Overrides</b> for known and persisting exceptions<br />
* If unsure, contact HPC support before a scheduled move date<br />
<br />
== FAQ ==<br />
<br />
=== What happens if I do nothing? ===<br />
Planned items can move forward automatically after the review window (4 weeks)<br />
<br />
=== Can I undo after tape staging? ===<br />
Not directly in Tapeworm. Retrieval is done via the tape/iRODS workflow.<br />
See: https://irods.wur.nl/userguide/tape_retrieval/<br />
<br />
=== What does “completed” mean? ===<br />
Completed means Tapeworm saw the tape workflow finish and finalized the move. <br />
Before finalization, the system verifies the archive in iRODS and only then removes the staged source copy.<br />
<br />
=== Why is an action button disabled? ===<br />
Usually because the move has already progressed (executing/staged/on tape/error), so schedule edits are no longer valid.<br />
<br />
=== Why do I see “planned + notified”? ===<br />
That means the dataset move is planned and a notification has already been sent.<br />
<br />
== Need help? ==<br />
If anything is unclear, or you think a move is incorrect but you cannot alter it in the provided GUI, please open an HPC support ticket.</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2670Using a hardware key for better security2026-03-03T17:24:35Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
==== Key use ====<br />
On the machine that you created the key, there will be a stub file added to point ssh-agent to the hardware key, so that machine should work out of the box.<br />
<br />
On other machines, you can load the private SSH key from the hardware key with<br />
ssh-add -K <br />
After this all, you should be able to login without issue.<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh:<br />
# Download the plist<br />
curl --silent --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist <nowiki>https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist</nowiki><br />
<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal , and follow the Linux flow.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2669Using a hardware key for better security2026-03-03T17:21:12Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
Key use<br />
<br />
On the machine that you created the key, there will be a stub file added to point ssh-agent to the hardware key, so that machine should work out of the box.<br />
<br />
On other machines, you can load the private SSH key from the hardware key with<br />
ssh-add -K <br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh:<br />
# Download the plist<br />
curl --silent --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist <nowiki>https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist</nowiki><br />
<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal , and follow the Linux flow.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=User:Haars001&diff=2664User:Haars0012026-03-03T13:19:03Z<p>Haars0011: </p>
<hr />
<div>== Jan van Haarst ==<br />
<br />
I am one of the admins of the HPC.<br />
== See also ==<br />
[[List_of_users | List of users of the HPC Agrogenomics]]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2663Using a hardware key for better security2026-03-03T13:10:36Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to replace the MacOS ssh-agent with the one from openssh:<br />
# Download the plist<br />
curl --silent --output ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist <nowiki>https://gist.githubusercontent.com/partikus/cd45013b1274af8ae63b17030d89176c/raw/d34dfae3872dec38137e8a51780fbcb95380034c/com.homebrew.ssh-agent.plist</nowiki><br />
<br />
# disable the default ssh-agent<br />
launchctl disable gui/$UID/com.openssh.ssh-agent<br />
launchctl stop gui/$UID/com.openssh.ssh-agent<br />
<br />
# enable the homebrew ssh-agent <br />
launchctl bootstrap gui/$UID ~/Library/LaunchAgents/com.homebrew.ssh-agent.plist<br />
<br />
# verify installation (you should see com.homebrew.ssh-agent)<br />
launchctl list | grep ssh<br />
If there are issues with the MacOS ssh-agent, try a reboot, do another verify, and only the homebrew one should be present.<br />
<br />
After this, open a new terminal , and follow the Linux flow.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2662Using a hardware key for better security2026-03-03T11:39:55Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to add this snippet to your .zshrc file, otherwise the default ssh-agent will be used:<br />
# Use Homebrew's ssh-agent instead of Apple's<br />
if [ -z "$SSH_AGENT_PID" ] || ! ps -p "$SSH_AGENT_PID" > /dev/null 2>&1; then<br />
# Kill Apple's agent<br />
pkill -u $USER /usr/bin/ssh-agent 2>/dev/null<br />
# Start Homebrew's<br />
eval "$($(brew --prefix openssh)/bin/ssh-agent -s)"<br />
fi<br />
After this, open a new terminal , and follow the Linux flow.<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2661Using a hardware key for better security2026-03-03T11:38:45Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to add this snippet to your .zshrc file, otherwise the default ssh-agent will be used:<br />
# Use Homebrew's ssh-agent instead of Apple's<br />
if [ -z "$SSH_AGENT_PID" ] || ! ps -p "$SSH_AGENT_PID" > /dev/null 2>&1; then<br />
# Kill Apple's agent<br />
pkill -u $USER /usr/bin/ssh-agent 2>/dev/null<br />
# Start Homebrew's<br />
eval "$($(brew --prefix openssh)/bin/ssh-agent -s)"<br />
fi<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2660Using a hardware key for better security2026-03-03T11:38:13Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
==== Copy your key: ====<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh -o ClearAllForwardings=yes login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to add this snippet to your .zshrc file, otherwise the default ssh-agent will be used:<br />
# Use Homebrew's ssh-agent instead of Apple's<br />
if [ -z "$SSH_AGENT_PID" ] || ! ps -p "$SSH_AGENT_PID" > /dev/null 2>&1; then<br />
# Kill Apple's agent<br />
pkill -u $USER /usr/bin/ssh-agent 2>/dev/null<br />
# Start Homebrew's<br />
eval "$($(brew --prefix openssh)/bin/ssh-agent -s)"<br />
fi<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2659Using a hardware key for better security2026-03-03T11:37:45Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
<br />
<br />
Copy your key:<br />
<br />
To be able to log in, the server will have to have the public part of your key.<br />
<br />
For that, copy the contents of your public key, in my case <code>/Users/haars001/.ssh/id_ed25519_sk.pub</code> to <code>$HOME/.ssh/authorized_keys</code><br />
<br />
To allow touchless entry, we'll need to tell the SSH daemon to allow that:<br />
# Copy over key<br />
ssh -o ClearAllForwardings=yes login.anunna.wur.nl "umask 0077; mkdir -p ~/.ssh; echo 'no-touch-required $(cat ~/.ssh/id_ed25519_sk.pub)' >> ~/.ssh/authorized_keys"<br />
# Check for key<br />
ssh login.anunna.wur.nl 'tail -1 .ssh/authorized_keys'<br />
<br />
=== MacOS ===<br />
For MacOS, we can mostly do the same as for Linux, except that we will have to install openssh, as the default SSH stack doesn't work with hardware keys.<br />
<br />
So:<br />
brew install openssh<br />
Besides that, you will have to add this snippet to your .zshrc file, otherwise the default ssh-agent will be used:<br />
# Use Homebrew's ssh-agent instead of Apple's<br />
if [ -z "$SSH_AGENT_PID" ] || ! ps -p "$SSH_AGENT_PID" > /dev/null 2>&1; then<br />
# Kill Apple's agent<br />
pkill -u $USER /usr/bin/ssh-agent 2>/dev/null<br />
# Start Homebrew's<br />
eval "$($(brew --prefix openssh)/bin/ssh-agent -s)"<br />
fi<br />
<br />
=== Windows ===<br />
(needs to be filled by a Windows user)</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2658Using a hardware key for better security2026-03-03T11:17:02Z<p>Haars0011: </p>
<hr />
<div>Employees can get a Yubikey hardware key for free at the servicedesk in Forum.<br />
<br />
With that key, you can implement multifactor authentication for your SSH connections.<br />
<br />
Depending on you choices and setup, you can make it very secure, so that without the key, pin and password your SSH key won't be able to be used.<br />
<br />
The steps below are adaptations of https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html <br />
<br />
=== Different levels of security/annoyance ===<br />
There are different levels of security you can apply, each being more secure, but also introducing an extra step before you have an active session.<br />
<br />
There a three "interactions" that can be used:<br />
<br />
# Enforce/use a password to unlock your SSH key<br />
# Enforce/use a PIN to unlock the hardware key<br />
# Enforce/use touching the hardware key to get access<br />
<br />
<br />
This then leads to the following 4 scenarios:<br />
<br />
# Use SSH key password, pin and touch for each new SSH session (no SSH agent)<br />
# Use pin and touch for each new SSH session (use SSH agent for password)<br />
# Use touch for each new SSH session (use SSH agent for password, but no PIN enforcement in key)<br />
# Use SSH key password and touch for first SSH session (pass in SSH agent, no PIN and touch enforcement in key)<br />
<br />
The last one is the least intrusive, and as an attacker would need physical access to your device to circumvent your security, this is probably fine for most people.<br />
<br />
This is thus the scenario that we'll describe below in detail.<br />
<br />
For scenario 1 & 2, add <code>-O verify-required</code> to the <code>ssh-keygen</code> command to enforce PIN enforcement in key.<br />
<br />
For scenarios 1, 2 & 3, do not add <code>-O no-touch-required</code> to the <code>ssh-keygen</code> command to enforce touch enforcement in key.<br />
<br />
=== Linux ===<br />
<br />
==== Create your key: ====<br />
(do this on your laptop or desktop)<br />
ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "[Your comment to identify this key on the server]"<br />
The options are:<br />
<br />
* <code>-t ed25519-sk</code> : Type of key, this is the more secure option<br />
* <code>-O resident</code> : Store the SSH key on your hardware key, makes it easier to use on another machine<br />
* <code>-O no-touch-required</code> : No need to touch the hardware key every time<br />
* <code>-O application=ssh:anunna.wur.nl</code> : identifier for the key on your hardware key<br />
* <code>-C "[Your comment to identify this key on the server]"</code> : identifier for the key on the server<br />
<br />
<br />
An example exchange looks like this:<br />
haars001@L0160372:~ % ssh-keygen -t ed25519-sk -O resident -O no-touch-required -O application=ssh:anunna.wur.nl -C "jan.vanhaarst@wur.nl"<br />
Generating public/private ed25519-sk key pair.<br />
You may need to touch your authenticator to authorize key generation.<br />
Enter PIN for authenticator:<br />
You may need to touch your authenticator again to authorize key generation.<br />
Enter file in which to save the key (/Users/haars001/.ssh/id_ed25519_sk):<br />
Enter passphrase for "/Users/haars001/.ssh/id_ed25519_sk" (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /Users/haars001/.ssh/id_ed25519_sk<br />
Your public key has been saved in /Users/haars001/.ssh/id_ed25519_sk.pub<br />
<br />
<br />
Copy your key:<br />
<br />
<br />
=== MacOS ===<br />
<br />
=== Windows ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Using_a_hardware_key_for_better_security&diff=2657Using a hardware key for better security2026-03-03T09:53:40Z<p>Haars0011: Created page with "Stub"</p>
<hr />
<div>Stub</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Ssh_without_password&diff=2656Ssh without password2026-03-03T09:53:16Z<p>Haars0011: </p>
<hr />
<div>Secure shell (ssh) protocols can be configure to work without entering your password every time. This is particularly helpful for machines that are used often.<br />
Although we mention that you can use SSH keys without passwords, that is something you should really not do, if someone gets a hold of your keys (without password), they can access our servers as if they are you, and thus incur costs/manage or delete data in your name.<br />
<br />
== Configuring ssh without password from a POSIX-compliant terminal ==<br />
<br />
=== Step 1: create a public key and copy to remote computer ===<br />
* Log into WSL, a local Linux or MacOSX computer<br />
* Type the following to generate the ssh key:<br />
<pre><br />
ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname)<br />
</pre><br />
* Accept the default key location by pressing <code>Enter</code>.<br />
* Please use a '''different''' password/passphrase for your SSH key than your WUR password.<br />
* Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files<br />
<pre><br />
chmod go-wx $HOME<br />
chmod 700 $HOME/.ssh<br />
chmod 600 $HOME/.ssh/*<br />
</pre><br />
* Type the following to copy the key to the remote server (this will prompt for a password).<br />
<pre><br />
ssh-copy-id remote_username@remote_host<br />
</pre><br />
<br />
== Configuring ssh without password for Anunna ==<br />
<br />
* Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine.<br />
* Similar to step 2 of the previous section, add the public key to the <code>$HOME/.ssh/authorized_keys2</code> file. There is already a <code>$HOME/.ssh/authorized_keys</code> present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default.<br />
<br />
== Configuring ssh without password using PuTTY ==<br />
Use '''pageant''': http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available.<br />
<br />
Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------).<br />
<br />
Now PuTTY will login passwordlessly whenever '''pageant''' is running.<br />
<br />
Finally, get '''pageant''' to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html<br />
== Configuring ssh without password using MobaXterm ==<br />
<br />
Have a look here: https://docs.gcc.rug.nl/hyperchicken/generate-key-pair-mobaxterm/<br />
<br />
== Configuring ssh without password using WinSCP ==<br />
WinSCP has provided a detailed instruction in https://winscp.net/eng/docs/public_key, and https://winscp.net/eng/docs/ui_login_authentication<br />
<br />
== Configuring ssh without password on a Mac ==<br />
* Create a public key as in Step 1 of the first section and copy it to Anunna.<br />
* Add the passphrase that you entered above to the keychain on your mac:<br />
ssh-add -K /path/to/private/key/file<br />
<br />
== Selecting which settings to use ==<br />
<br />
To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config<br />
<br />
For example :<br />
<pre><br />
<br />
Host *.wurnet.nl *.wur.nl <br />
User haars001<br />
Compression no<br />
RequestTTY force<br />
<br />
Host *<br />
Compression yes<br />
Protocol 2<br />
ServerAliveInterval 120<br />
ServerAliveCountMax 50<br />
TCPKeepAlive no<br />
ConnectTimeout 60<br />
IdentityFile ~/.ssh/id_ed25519<br />
AddKeysToAgent yes<br />
<br />
</pre><br />
<br />
As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will.<br />
More options and settings can be found by using `man ssh_config`<br />
<br />
== See also ==<br />
* [[log_in_to_Anunna |Logging into cluster using ssh and file transfer]]<br />
* [[Using a hardware key for better security]]<br />
<br />
== External Links ==</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Ssh_without_password&diff=2655Ssh without password2026-03-03T09:52:53Z<p>Haars0011: </p>
<hr />
<div>Secure shell (ssh) protocols can be configure to work without entering your password every time. This is particularly helpful for machines that are used often.<br />
Although we mention that you can use SSH keys without passwords, that is something you should really not do, if someone gets a hold of your keys (without password), they can access our servers as if they are you, and thus incur costs/manage or delete data in your name.<br />
<br />
== Configuring ssh without password from a POSIX-compliant terminal ==<br />
<br />
=== Step 1: create a public key and copy to remote computer ===<br />
* Log into WSL, a local Linux or MacOSX computer<br />
* Type the following to generate the ssh key:<br />
<pre><br />
ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname)<br />
</pre><br />
* Accept the default key location by pressing <code>Enter</code>.<br />
* Please use a '''different''' password/passphrase for your SSH key than your WUR password.<br />
* Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files<br />
<pre><br />
chmod go-wx $HOME<br />
chmod 700 $HOME/.ssh<br />
chmod 600 $HOME/.ssh/*<br />
</pre><br />
* Type the following to copy the key to the remote server (this will prompt for a password).<br />
<pre><br />
ssh-copy-id remote_username@remote_host<br />
</pre><br />
<br />
== Configuring ssh without password for Anunna ==<br />
<br />
* Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine.<br />
* Similar to step 2 of the previous section, add the public key to the <code>$HOME/.ssh/authorized_keys2</code> file. There is already a <code>$HOME/.ssh/authorized_keys</code> present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default.<br />
<br />
== Configuring ssh without password using PuTTY ==<br />
Use '''pageant''': http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available.<br />
<br />
Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------).<br />
<br />
Now PuTTY will login passwordlessly whenever '''pageant''' is running.<br />
<br />
Finally, get '''pageant''' to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html<br />
== Configuring ssh without password using MobaXterm ==<br />
<br />
Have a look here: https://docs.gcc.rug.nl/hyperchicken/generate-key-pair-mobaxterm/<br />
<br />
== Configuring ssh without password using WinSCP ==<br />
WinSCP has provided a detailed instruction in https://winscp.net/eng/docs/public_key, and https://winscp.net/eng/docs/ui_login_authentication<br />
<br />
== Configuring ssh without password on a Mac ==<br />
* Create a public key as in Step 1 of the first section and copy it to Anunna.<br />
* Add the passphrase that you entered above to the keychain on your mac:<br />
ssh-add -K /path/to/private/key/file<br />
<br />
== Selecting which settings to use ==<br />
<br />
To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config<br />
<br />
For example :<br />
<pre><br />
<br />
Host *.wurnet.nl *.wur.nl <br />
User haars001<br />
Compression no<br />
RequestTTY force<br />
<br />
Host *<br />
Compression yes<br />
Protocol 2<br />
ServerAliveInterval 120<br />
ServerAliveCountMax 50<br />
TCPKeepAlive no<br />
ConnectTimeout 60<br />
IdentityFile ~/.ssh/id_ed25519<br />
AddKeysToAgent yes<br />
<br />
</pre><br />
<br />
As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will.<br />
More options and settings can be found by using `man ssh_config`<br />
<br />
== See also ==<br />
* [[log_in_to_Anunna | Logging into cluster using ssh and file transfer]]<br />
* Using a hardware key for better security<br />
<br />
== External Links ==</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2654Linux desktop2026-03-03T09:26:09Z<p>Haars0011: </p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
=== Starting a desktop ===<br />
To start a desktop, go to http://apps.anunna.wur.nl/, and select the desktop tile:<br />
<br />
[[File:XFCE tile.png|frameless|124x124px]]<br />
<br />
===== Default form =====<br />
This will then start up a form:<br />
<br />
[[File:Basic XFCE form.png|frameless]]<br />
<br />
If you click "Launch", a desktop job will be started with a maximum duration that you entered.<br />
<br />
==== Extended form ====<br />
You can also select the "Show advanced job options", and then the following form will appear:<br />
<br />
[[File:XFCE form extended.png|frameless]]<br />
<br />
<br />
Adapt to what you need, click "Launch", and a desktop job will be started with the options that you entered.<br />
<br />
=== Getting acces to the desktop ===<br />
Once the job is started, you will be shown an informational tile like this:<br />
<br />
[[File:XFCE job info.png|frameless]]<br />
<br />
<br />
On this tile, you can see info on the job, and also Cancel the job.<br />
<br />
To show the running desktop, click on "Launch Desktop (XFCE)".<br />
<br />
If you close your browser or computer, the desktop will keep running, and you can access it again by going to http://apps.anunna.wur.nl/, and select the "My Interactive Session" in the menu bar.<br />
<br />
=== XFCE desktop usage ===<br />
After connecting, the desktop will look something like this:<br />
<br />
[[File:XFCE desktop.png|frameless]]<br />
<br />
<br />
At the bottom are 6 icons, being "Show Desktop", "Terminal", "File browser", "Web browser", "Application search" and "Home folder".<br />
<br />
At the top left is the "Applications" menu, where you can find the same applications, and "Settings".<br />
<br />
=== Stopping the desktop ===<br />
To stop the desktop, there are 2 options:<br />
<br />
# By clicking on "Logout" inside the desktop<br />
## There is a "Logout" button at the bottom of the "Applications" menu (top left)<br />
## There is a "Logout" button at the bottom of the menu when you click on your name (top right)<br />
# By clicking "Cancel" on the session tile<br />
<br />
If you log out inside the desktop, you will get a "Connection lost" message, as the job got stopped.<br />
<br />
If you cancel in the informational tile, the tile will then look like this:<br />
<br />
[[File:XFCE tile after.png|frameless]]<br />
<br />
<br />
The buttons at the top right allow you to change the settings to start another desktop session (the pencil), or to start another desktop session with the same settings as this one (the recycle logo).<br />
<br />
The "Delete" button will remove the debug logs.<br />
<br />
=== Running already installed software (using modules) ===<br />
<br />
=== Installing your own software ===<br />
<br />
=== Starting from scratch. ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2653Linux desktop2026-03-03T09:25:54Z<p>Haars0011: </p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
=== Starting a desktop ===<br />
To start a desktop, go to http://apps.anunna.wur.nl/, and select the desktop tile:<br />
<br />
[[File:XFCE tile.png|frameless|124x124px]]<br />
<br />
===== Default form =====<br />
This will then start up a form:<br />
<br />
[[File:Basic XFCE form.png|frameless]]<br />
<br />
If you click "Launch", a desktop job will be started with a maximum duration that you entered.<br />
<br />
Extended form<br />
<br />
You can also select the "Show advanced job options", and then the following form will appear:<br />
<br />
[[File:XFCE form extended.png|frameless]]<br />
<br />
<br />
Adapt to what you need, click "Launch", and a desktop job will be started with the options that you entered.<br />
<br />
=== Getting acces to the desktop ===<br />
Once the job is started, you will be shown an informational tile like this:<br />
<br />
[[File:XFCE job info.png|frameless]]<br />
<br />
<br />
On this tile, you can see info on the job, and also Cancel the job.<br />
<br />
To show the running desktop, click on "Launch Desktop (XFCE)".<br />
<br />
If you close your browser or computer, the desktop will keep running, and you can access it again by going to http://apps.anunna.wur.nl/, and select the "My Interactive Session" in the menu bar.<br />
<br />
=== XFCE desktop usage ===<br />
After connecting, the desktop will look something like this:<br />
<br />
[[File:XFCE desktop.png|frameless]]<br />
<br />
<br />
At the bottom are 6 icons, being "Show Desktop", "Terminal", "File browser", "Web browser", "Application search" and "Home folder".<br />
<br />
At the top left is the "Applications" menu, where you can find the same applications, and "Settings".<br />
<br />
=== Stopping the desktop ===<br />
To stop the desktop, there are 2 options:<br />
<br />
# By clicking on "Logout" inside the desktop<br />
## There is a "Logout" button at the bottom of the "Applications" menu (top left)<br />
## There is a "Logout" button at the bottom of the menu when you click on your name (top right)<br />
# By clicking "Cancel" on the session tile<br />
<br />
If you log out inside the desktop, you will get a "Connection lost" message, as the job got stopped.<br />
<br />
If you cancel in the informational tile, the tile will then look like this:<br />
<br />
[[File:XFCE tile after.png|frameless]]<br />
<br />
<br />
The buttons at the top right allow you to change the settings to start another desktop session (the pencil), or to start another desktop session with the same settings as this one (the recycle logo).<br />
<br />
The "Delete" button will remove the debug logs.<br />
<br />
=== Running already installed software (using modules) ===<br />
<br />
=== Installing your own software ===<br />
<br />
=== Starting from scratch. ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:XFCE_tile_after.png&diff=2652File:XFCE tile after.png2026-03-03T09:23:19Z<p>Haars0011: </p>
<hr />
<div>XFCE tile after</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:XFCE_desktop.png&diff=2651File:XFCE desktop.png2026-03-03T09:12:43Z<p>Haars0011: </p>
<hr />
<div>XFCE desktop</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:XFCE_job_info.png&diff=2650File:XFCE job info.png2026-03-03T09:05:47Z<p>Haars0011: </p>
<hr />
<div>XFCE job info</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2649Linux desktop2026-03-03T09:04:14Z<p>Haars0011: </p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
=== Starting a desktop ===<br />
To start a desktop, go to http://apps.anunna.wur.nl/, and select the desktop tile:<br />
<br />
[[File:XFCE tile.png|frameless|124x124px]]<br />
<br />
===== Default form =====<br />
This will then start up a form:<br />
<br />
[[File:Basic XFCE form.png|frameless]]<br />
<br />
If you click "Launch", a desktop job will be started with a maximum duration that you entered.<br />
<br />
Extended form<br />
<br />
You can also select the "Show advanced job options", and then the following form will appear:<br />
<br />
[[File:XFCE form extended.png|frameless]]<br />
<br />
<br />
Adapt to what you need, click "Launch", and a desktop job will be started with the options that you entered.<br />
<br />
=== Getting started on the desktop ===<br />
<br />
=== Running already installed software (using modules) ===<br />
<br />
=== Installing your own software ===<br />
<br />
=== Starting from scratch. ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2648Linux desktop2026-03-03T09:03:49Z<p>Haars0011: Added form info</p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
=== Starting a desktop ===<br />
To start a desktop, go to http://apps.anunna.wur.nl/, and select the desktop tile:<br />
[[File:XFCE tile.png|frameless|124x124px]]<br />
<br />
===== Default form =====<br />
This will then start up a form:<br />
<br />
[[File:Basic XFCE form.png|frameless]]<br />
<br />
If you click "Launch", a desktop job will be started with a maximum duration that you entered.<br />
<br />
Extended form<br />
<br />
You can also select the "Show advanced job options", and then the following form will appear:<br />
<br />
[[File:XFCE form extended.png|frameless]]<br />
<br />
<br />
Adapt to what you need, click "Launch", and a desktop job will be started with the options that you entered.<br />
<br />
=== Getting started on the desktop ===<br />
<br />
=== Running already installed software (using modules) ===<br />
<br />
=== Installing your own software ===<br />
<br />
=== Starting from scratch. ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:XFCE_form_extended.png&diff=2647File:XFCE form extended.png2026-03-03T09:02:47Z<p>Haars0011: </p>
<hr />
<div>XFCE form extended</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:Basic_XFCE_form.png&diff=2646File:Basic XFCE form.png2026-03-03T08:59:05Z<p>Haars0011: </p>
<hr />
<div>Basic XFCE form</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=File:XFCE_tile.png&diff=2645File:XFCE tile.png2026-03-03T08:56:55Z<p>Haars0011: </p>
<hr />
<div>XFCE tile</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_desktop&diff=2644Linux desktop2026-03-03T08:55:21Z<p>Haars0011: stub page</p>
<hr />
<div>To enable users to run their own Linux software that has graphical output, we have created a Linux desktop.<br />
<br />
The desktop is a [https://www.xfce.org/ Xfce] Desktop Environment. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.<br />
<br />
=== Starting a desktop ===<br />
<br />
=== Getting started on the desktop ===<br />
<br />
=== Running already installed software (using modules) ===<br />
<br />
=== Installing your own software ===<br />
<br />
=== Starting from scratch. ===</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2572Main Page2026-02-20T10:04:29Z<p>Haars0011: /* Our Courses */</p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses =<br />
<br />
* [[Linux Basic]]<br />
* [[HPC Basic]]<br />
* [[HPC Advanced]]<br />
* [[2026 Course dates]]<br />
<br />
= Using Anunna =<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
=Web Apps=<br />
<br />
*[[Jupyter]]<br />
<br />
*[[RStudio]]<br />
<br />
*[[Linux desktop]]<br />
<br />
*[[Open OnDemand]]<br />
<br />
= Other Software =<br />
<br />
== Cluster Scheduler ==<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
== Installation of software by users ==<br />
<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
== Installed software ==<br />
<br />
* [[Globally_installed_software | Globally installed software]]<br />
* [[ABGC_modules | ABGC specific modules]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[History_of_the_Cluster | Historical information on the startup of Anunna]]<br />
* [[Bioinformatics_tips_tricks_workflows | Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Linux_Basic&diff=2571Linux Basic2026-02-20T10:04:05Z<p>Haars0011: Created page with "Text"</p>
<hr />
<div>Text</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2570Main Page2026-02-20T10:02:14Z<p>Haars0011: /* Our Courses */</p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses =<br />
<br />
=== [[Linux Basic]] ===<br />
<br />
=== [[HPC Basic]] ===<br />
<br />
=== [[HPC Advanced]] ===<br />
<br />
=== [[2026 Course dates]] ===<br />
<br />
= Using Anunna =<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
=Web Apps=<br />
<br />
*[[Jupyter]]<br />
<br />
*[[RStudio]]<br />
<br />
*[[Linux desktop]]<br />
<br />
*[[Open OnDemand]]<br />
<br />
= Other Software =<br />
<br />
== Cluster Scheduler ==<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
== Installation of software by users ==<br />
<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
== Installed software ==<br />
<br />
* [[Globally_installed_software | Globally installed software]]<br />
* [[ABGC_modules | ABGC specific modules]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[History_of_the_Cluster | Historical information on the startup of Anunna]]<br />
* [[Bioinformatics_tips_tricks_workflows | Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2569Main Page2026-02-20T10:00:58Z<p>Haars0011: /* Our Courses */</p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses =<br />
<br />
* [[Linux Basic]]<br />
* [[HPC Basic]]<br />
<br />
=== HPC Advanced ===<br />
* 2026 Course dates<br />
<br />
= Using Anunna =<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
=Web Apps=<br />
<br />
*[[Jupyter]]<br />
<br />
*[[RStudio]]<br />
<br />
*[[Linux desktop]]<br />
<br />
*[[Open OnDemand]]<br />
<br />
= Other Software =<br />
<br />
== Cluster Scheduler ==<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
== Installation of software by users ==<br />
<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
== Installed software ==<br />
<br />
* [[Globally_installed_software | Globally installed software]]<br />
* [[ABGC_modules | ABGC specific modules]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[History_of_the_Cluster | Historical information on the startup of Anunna]]<br />
* [[Bioinformatics_tips_tricks_workflows | Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2568Main Page2026-02-20T10:00:14Z<p>Haars0011: /* Our Courses */</p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses =<br />
<br />
* [[Linux Basic]]<br />
* [[HPC Basic]]<br />
* HPC Advanced<br />
* 2026 Course dates<br />
<br />
= Using Anunna =<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
=Web Apps=<br />
<br />
*[[Jupyter]]<br />
<br />
*[[RStudio]]<br />
<br />
*[[Linux desktop]]<br />
<br />
*[[Open OnDemand]]<br />
<br />
= Other Software =<br />
<br />
== Cluster Scheduler ==<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
== Installation of software by users ==<br />
<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
== Installed software ==<br />
<br />
* [[Globally_installed_software | Globally installed software]]<br />
* [[ABGC_modules | ABGC specific modules]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[History_of_the_Cluster | Historical information on the startup of Anunna]]<br />
* [[Bioinformatics_tips_tricks_workflows | Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Main_Page&diff=2567Main Page2026-02-20T09:57:58Z<p>Haars0011: /* Our Courses */</p>
<hr />
<div>Anunna is a [http://en.wikipedia.org/wiki/High-performance_computing High Performance Computer] (HPC) infrastructure hosted by [https://www.wur.nl/en/show/supercomputer-anunna-opens-up-more-opportunities-for-data-storage-and-artificial-intelligence-applications.htm Wageningen University & Research Centre]. It is open for use for all WUR research groups as well as other organizations, including companies, that have collaborative projects with WUR. <br />
<br />
== Access Policy ==<br />
[[Access_Policy | Main Article: Access Policy]]<br />
<br />
Access needs to be granted actively (by creation of an account on the cluster by FB-IT). Use of resources is limited by the scheduler. Note that the use of Anunna is not free of charge. <br />
<br />
= Our Courses =<br />
<br />
* [[Linux Basic]]<br />
* HPC Basic<br />
* HPC Advanced<br />
* 2026 Course dates<br />
<br />
= Using Anunna =<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== Gaining access to Anunna==<br />
Access to the cluster and file transfer are traditionally done via [http://en.wikipedia.org/wiki/Secure_Shell SSH and SFTP].<br />
* [[log_in_to_B4F_cluster | Logging into cluster using ssh]]<br />
* [[file_transfer | File transfer options]]<br />
* [[Services | Alternative access methods, and extra features and services on Anunna]]<br />
* [[Filesystems | Data storage methods on Anunna]]<br />
<br />
== Using Anunna for courses (mainly jupyter notebooks) ==<br />
* [[steps_for_courses | Steps involved to run a course on Anunna]]<br />
<br />
= Events =<br />
<br />
* [[Courses]] that have happened and are happening<br />
* [[Downtime]] that will affect all users<br />
* [[Meetings]] that may affect the policies of Anunna<br />
<br />
= Software =<br />
* [[Modules]]<br />
* [[Apptainer]]<br />
* [[Python]]<br />
* [[R]] <br />
* [[Julia]]<br />
<br />
=Web Apps=<br />
<br />
*[[Jupyter]]<br />
<br />
*[[RStudio]]<br />
<br />
*[[Linux desktop]]<br />
<br />
*[[Open OnDemand]]<br />
<br />
= Other Software =<br />
<br />
== Cluster Scheduler ==<br />
Anunna uses Slurm as job scheduler.<br />
* [[Using_Slurm | Submit jobs with Slurm]]<br />
* [[node_usage_graph | Be aware of how much work the cluster is under right now with 'node_usage_graph']]<br />
* [[SLURM_Compare | Rosetta Stone of Workload Managers]]<br />
<br />
== Installation of software by users ==<br />
<br />
* [[Domain_specific_software_on_B4Fcluster_installation_by_users | Installing domain specific software: installation by users]]<br />
* [[Setting local variables]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Virtual_environment_Python_3.4_or_higher | Setting up and using a virtual environment for Python3.4 or higher ]]<br />
* [[Installing WRF and WPS]]<br />
* [[Running scripts on a fixed timeschedule (cron)]]<br />
<br />
== Installed software ==<br />
<br />
* [[Globally_installed_software | Globally installed software]]<br />
* [[ABGC_modules | ABGC specific modules]]<br />
<br />
= Useful Notes = <br />
<br />
== Being in control of Environment parameters ==<br />
<br />
* [[Using_environment_modules | Using environment modules]]<br />
* [[Aliases and local variables]]<br />
* [[Setting local variables]]<br />
* [[Setting_TMPDIR | Set a custom temporary directory location]]<br />
* [[Installing_R_packages_locally | Installing R packages locally]]<br />
* [[Setting_up_Python_virtualenv | Setting up and using a virtual environment for Python3 ]]<br />
* [[Locale_settings]] (how numbers and dates are displayed)<br />
<br />
== Controlling costs ==<br />
<br />
* [[SACCT | using SACCT to see your costs]]<br />
* [[get_my_bill | using the "get_my_bill" script to estimate costs]]<br />
<br />
== Management ==<br />
Product Owner of Anunna is Alexander van Ittersum (Wageningen UR,FB-IT, C&PS). [[User: prins089 | Fons Prinsen (Wageningen UR, FB-IT, C&PS)]] is responsible for [[Maintenance_and_Management | Maintenance and Management]] of the cluster.<br />
<br />
* [[Roadmap | Ambitions regarding innovation, support and administration of Anunna ]]<br />
<br />
= Miscellaneous =<br />
* [[History_of_the_Cluster | Historical information on the startup of Anunna]]<br />
* [[Bioinformatics_tips_tricks_workflows | Bioinformatics tips, tricks, and workflows]]<br />
* [[Parallel_R_code_on_SLURM | Running parallel R code on SLURM]]<br />
* [[Convert_between_MediaWiki_and_other_formats | Convert between MediaWiki format and other formats]]<br />
* [[Manual GitLab | GitLab: Create projects and add scripts]]<br />
* [[Monitoring_executions | Monitoring job execution]]<br />
* [[Shared_folders | Working with shared folders in the Lustre file system]]<br />
* [[Old_binaries | Running older binaries on the updated OS]]<br />
* [[locale_settings | How to change language settings for yourself]]<br />
<br />
= See also =<br />
* [[Maintenance_and_Management | Maintenance and Management]]<br />
* [[About_ABGC | About ABGC]]<br />
* [[Computer_cluster | High Performance Computing @ABGC]]<br />
* [[Lustre_PFS_layout | Lustre Parallel File System layout]]<br />
<br />
= External links =<br />
{| width="90%"<br />
|- valign="top"<br />
| width="30%" |<br />
* [https://www.wur.nl/en/Value-Creation-Cooperation/Facilities/Wageningen-Shared-Research-Facilities/Our-facilities/Show/High-Performance-Computing-Cluster-HPC-Anunna.htm SRF offers a HPC facilty]<br />
| width="30%" |<br />
* [http://en.wikipedia.org/wiki/Scientific_Linux Scientific Linux]<br />
* [http://en.wikipedia.org/wiki/Help:Cheatsheet Help with editing Wiki pages]<br />
|}</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Open_OnDemand&diff=2561Open OnDemand2026-02-16T15:20:27Z<p>Haars0011: Created stub for ood</p>
<hr />
<div>Open OnDemand is a webbased system to enable users to access GUI applications.<br />
<br />
The URL in which it is available is <nowiki>https://app.anunna.wur.nl</nowiki></div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Tapeworm&diff=2560Tapeworm2026-02-06T09:57:44Z<p>Haars0011: Make text flow above and below images.</p>
<hr />
<div>= Tapeworm: Automated tape-archival of old datasets =<br />
<br />
<div style="border:2px solid #d32f2f; background:#ffebee; padding:12px; margin:12px 0;"><br />
<b>Warning:</b><br />
<ul style="margin:8px 0 0 18px;"><br />
<li>This documentation page is under construction and may contain errors.</li><br />
<li>The Tapeworm application is in beta and may contain errors.</li><br />
</ul><br />
</div><br />
<br />
=== https://tapeworm.anunna.wur.nl/ ===<br />
<br />
Tapeworm helps you manage data on <code>/archive</code> by identifying datasets that are no longer actively used and preparing them for tape archival. <br />
The goal is simple: keep our warm storage available for active work, while safely preserving older data on tape.<br />
<br />
With Tapeworm, you can:<br />
* See which of your datasets are being considered for tape archival.<br />
* Review planned moves before they happen.<br />
* Approve, snooze, or block moves when needed.<br />
* Add metadata to help describe archived datasets. The metadata is included on tape and can be used to view/retrieve from tape, should you need to do so in the future.<br />
<br />
If you do nothing, Tapeworm will continue with the planned move after the review period. <br />
That is why we recommend checking your pending actions regularly. You will also receive notification emails about pending actions.<br />
<br />
== How Tapeworm works ==<br />
<br />
# Tapeworm scans <code>/archive</code> and builds an index of datasets, size, owner, and last activite use.<br />
# A policy engine checks which datasets look stale (for example: 30+ days old and larger than 1GB).<br />
# Matching datasets are marked as <b>planned</b> and shown in your overview.<br />
# You will be notified by email that Tapeworm plans to move data you own<br />
# You can review and change what should happen, or block the move(s) entirely<br />
# If no action is taken, after a wait period of 4 weeks, planned moves can become scheduled and then executed.<br />
# Data is moved to tape, and removed from /archive/<br />
<br />
== Who sees what? ==<br />
<br />
* <b>Regular users</b> see only their own datasets and actions.<br />
* <b>Group admins/contacts</b> see data for their configured group(s), in addition to their own data.<br />
<br />
== User pages ==<br />
<br />
=== 1) Overview ===<br />
This is your action page. It shows items that currently need your decision.<br />
[[File:User overview 3.png|frame|center]]<br />
<br />
For each candidate, you can:<br />
* <b>Approve</b>: proceed with the tape move. It will schedule for the next day.<br />
* <b>Deny</b>: stop this move, configure an override for this path. Tapeworm will not try to move this dataset/path again, until you choose to remove the override.<br />
* <b>Snooze</b>: postpone the decision to a future date.<br />
* <b>Edit metadata</b>: add key/value notes for archived data. These values are included on tape and can be used to view/retrieve datasets on tape.<br />
<br />
You can also select multiple rows and apply actions in bulk.<br />
<br />
=== 2) Datasets ===<br />
This page shows your discovered datasets, their sizes, and last activity times. The application has no concept of what data belongs together and should be considered a 'dataset'. If the selections on this page are wrong, you can change how Tapeworm should handle these datasets instead.<br />
<br />
[[File:User datasets.png|frame|center]]<br />
<br />
Important:<br />
* If a dataset already has an active move candidate, scheduling controls are disabled.<br />
The dataset list is informational; move decisions are handled through the Schedule page.<br />
<br />
=== 3) Schedule ===<br />
This page shows move candidates and their status over time.<br />
<br />
[[File:User schedule.png|frame|center]]<br />
<br />
Common statuses:<br />
* <b>Planned</b> (or <b>planned + notified</b>): under review.<br />
* <b>Scheduled</b>: move is planned for a specific date.<br />
* <b>Executing / Tape staged / On tape</b>: move is in progress or completed.<br />
* <b>Error</b>: move needs admin attention. You may be contacted, maybe we resolve it ourselves :).<br />
<br />
Once a move is already executing or completed, schedule-changing actions are locked.<br />
<br />
=== 4) Overrides ===<br />
Overrides tell Tapeworm to ignore specific paths in future planning.<br />
<br />
[[File:User override.png|frame|center]]<br />
<br />
Use overrides when:<br />
* a project is still active and needs to remain on /archive<br />
* policy suggestions are not appropriate for that location<br />
<br />
If you agree that the dataset can in principle be moved to tape, but you don't (yet) know when, you can choose to postpone/snooze the archival instead of overriding it.<br />
<br />
Overrides apply to the selected path and everything below it.<br />
<br />
== Notifications (email) ==<br />
<br />
Tapeworm sends email updates when actions are pending or dates are approaching.<br />
<br />
Emails typically include:<br />
* dataset path,<br />
* size and last activity,<br />
* current status,<br />
* review/scheduled date.<br />
<br />
Please read these emails carefully — they are your chance to adjust decisions before execution.<br />
<br />
== Best practices for users ==<br />
<br />
* Check your <b>Overview</b> page regularly.<br />
* Use <b>Snooze</b> if you need time to validate impact.<br />
* Add <b>metadata</b> when approving important datasets.<br />
* Use <b>Overrides</b> for known exceptions.<br />
* If unsure, contact HPC support before a scheduled move date.<br />
<br />
== FAQ ==<br />
<br />
=== What happens if I do nothing? ===<br />
Planned items can move forward automatically after the review window.<br />
<br />
=== Can I undo after tape staging? ===<br />
Not directly in Tapeworm. Retrieval is done via the tape/iRODS workflow.<br />
See: https://irods.wur.nl/userguide/tape_retrieval/<br />
<br />
=== Why is an action button disabled? ===<br />
Usually because the move has already progressed (executing/staged/on tape/error), so schedule edits are no longer valid.<br />
<br />
=== Why do I see “planned + notified”? ===<br />
That means the dataset move is planned and a notification has already been sent.<br />
<br />
== Need help? ==<br />
If anything is unclear, or you think a move is incorrect but you cannot alter it in the provided GUI, please open an HPC support ticket.</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2538Filesystems2025-12-19T15:25:46Z<p>Haars0011: </p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories over the slower internal network from the active master. Each user has a 200G quota for this filesystem,it is regularly backed up to tape, and can reliably be restored from up to a week's history. Use this for programs and configuration files.<br />
<br />
* /shared - This mount provides a consistent set of binaries and configuration files for the entire cluster.<br />
<br />
* /lustre - This large and fast mount uses the Lustre parallel filesystem to provide files from multiple redundant servers over the fast Omnipath network. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how to use it, please see https://irods.wur.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
On Anunna there are some differences and additions to the above site:<br />
<br />
* The zone is HPC<br />
* With <code>iinit</code> you can init the irods env. Use your account password.<br />
* With <code>ils</code> you can see your available irods collections. You need that as a destination location for <code>itape</code><br />
* We have a function to ease uploads (use -h for help) : <code>itape</code><br />
* We have aliases to ease checking of the status of your archive process. (it takes a while) : <code>itapestat</code> and <code>itapestatnp</code>, the first is for human use, is shows a paginated status of all your files. The latter dumps all the info, so you can e.g. use grep to filter.<br />
* If you remove data with <code>irm</code> within iRODS, the data isn't actually removed but moved to a trashbin. The advantage is that you can retrieve it if the removal was in error, the disadvantage is that the data will keep costing money. To empty it, see <code>irmtrash -h</code>. <br />
<br />
Because of hardware limitations on the backend tape storage, the size limit per file for our tape archive is 5T.<br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2534Filesystems2025-11-21T14:14:17Z<p>Haars0011: Clearer descriptions</p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories over the slower internal network from the active master. Each user has a 200G quota for this filesystem,it is regularly backed up to tape, and can reliably be restored from up to a week's history. Use this for programs and configuration files.<br />
<br />
* /shared - This mount provides a consistent set of binaries and configuration files for the entire cluster.<br />
<br />
* /lustre - This large and fast mount uses the Lustre parallel filesystem to provide files from multiple redundant servers over the fast Omnipath network. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how to use it, please see https://irods.wur.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
On Anunna there are some differences and additions to the above site:<br />
<br />
* The zone is HPC<br />
* With <code>iinit</code> you can init the irods env. Use your account password.<br />
* With <code>ils</code> you can see your available irods collections. You need that as a destination location for <code>itape</code><br />
* We have a function to ease uploads (use -h for help) : <code>itape</code><br />
* We have aliases to ease checking of the status of your archive process. (it takes a while) : <code>itapestat</code> and <code>itapestatnp</code>, the first is for human use, is shows a paginated status of all your files. The latter dumps all the info, so you can e.g. use grep to filter.<br />
* If you remove data with <code>irm</code> within iRODS, the data isn't actually removed but moved to a trashbin. The advantage is that you can retrieve it if the removal was in error, the disadvantage is that the data will keep costing money. To fix that, either use <code>irm -f</code> or the icommand to empty it, see <code>irmtrash -h</code>. <br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2516Filesystems2025-07-18T09:14:58Z<p>Haars0011: Added info on how to empty the iRODS trashbin</p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how to use it, please see https://irods.wur.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
On Anunna there are some differences and additions to the above site:<br />
<br />
* The zone is HPC<br />
* We have a function to ease uploads : <code>itape</code><br />
* We have aliases to ease checking of the status : <code>itapestat</code> and <code>itapestatnp</code>, the first is for human use, is shows a paginated status of all your files. The latter dumps all the info, so you can e.g. use grep to filter.<br />
* If you remove data with <code>irm</code> within iRODS, the data isn't actually removed but moved to a trashbin. The advantage is that you can retrieve it if the removal was in error, the disadvantage is that the data will keep costing money. To fix that, either use <code>irm -f</code> or the icommand to empty it, see <code>irmtrash -h</code>. <br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Tariffs&diff=2514Tariffs2025-07-08T12:40:53Z<p>Haars0011: </p>
<hr />
<div>== Computing: Calculations (cores)==<br />
{| class="wikitable"<br />
!Queue<br />
!CPU core hour<br />
!GB memory hour<br />
|-<br />
|Standard queue<br />
|€ 0.0150<br />
|€ 0.0011<br />
|-<br />
|High priority queue<br />
|€ 0.0195<br />
|€ 0.00143<br />
|}<br />
<br />
== Computing: GPU Use==<br />
{| class="wikitable"<br />
!Tariff per device per hour (gpu/hour)<br />
|-<br />
|€ 0.45<br />
|}<br />
<br />
== Storage ==<br />
Tariffs per year per TB<br />
{| class="wikitable"<br />
!Lustre Backup<br />
!Lustre Nobackup<br />
!Lustre Scratch<br />
!Home-dir<br />
!Archive<br />
|-<br />
|€ 150<br />
|€ 100<br />
|€ 100<br />
|€ 150<br />
|€ 65<br />
|}<br />
<br />
== Reservations ==<br />
{| class="wikitable"<br />
!Tariff per node per day (node/day)<br />
|-<br />
|€ 50<br />
|}<br />
<br />
== Notes==<br />
<br />
If you are a member of a group with a commitment, then these costs get deducted from that commitment. <br />
Once you get to around 125% of your commitment we will take action to fix things.<br />
<br />
== Example ==<br />
<br />
You are running a job that needs 4 cores, 32G of RAM and runs for 90 minutes in the std quality. To run this, you over-request resources slightly, and submit a job that requests 4 CPUs, 40G of RAM and with a time limit of 3 hours. Your job is done after two hours, using at maximum 3 CPUs and 32G of RAM.<br />
<br />
Thus, your costs are:<br />
<br />
4 * 0.015 * 2 = 0.12 EUR for the CPU<br />
<br />
40 * 0.0011 * 2 = 0.088 EUR for the memory<br />
<br />
Total: € 0.208<br />
<br />
So you are billed for the duration that you claimed the 4CPUs and 40G of RAM, not the 3 CPUs and 32G RAM you actually used.</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2513Filesystems2025-07-08T11:52:09Z<p>Haars0011: </p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how to use it, please see https://irods.wurnet.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
On Anunna there are some differences and additions to the above site:<br />
<br />
* The zone is HPC<br />
* We have a function to ease uploads : <code>itape</code><br />
* We have aliases to ease checking of the status : <code>itapestat</code> and <code>itapestatnp</code>, the first is for human use, is shows a paginated status of all your files. The latter dumps all the info, so you can e.g. use grep to filter.<br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2512Filesystems2025-07-08T08:59:13Z<p>Haars0011: </p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how to use it, please see https://irods.wurnet.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
On Anunna there are some differences and additions to the above site:<br />
<br />
* The zone is HPC<br />
* We have a function to ease uploads : <code>itape</code><br />
* We have an alias to ease checking : <code>itapestat</code><br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2511Filesystems2025-07-07T11:32:16Z<p>Haars0011: Add iRods</p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
== iRods ==<br />
On Anunna we host our own iRods instance.<br />
<br />
With that you can push data to the WUR tape storage for archiving at very low cost.<br />
<br />
More info on how, please see https://irods.wurnet.nl/.<br />
<br />
The best course of action is to loosely follow the course, using your own data, and use your personal space for data upload and transfer to tape.<br />
<br />
Be sure to check whether the data is correctly stored on tape before you remove your data!<br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2510Filesystems2025-07-07T11:28:35Z<p>Haars0011: Updated /archive</p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* '''/archive''' - an archive mount only accessible from the login nodes. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
<br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011https://wiki.anunna.wur.nl/index.php?title=Filesystems&diff=2496Filesystems2025-05-26T14:29:35Z<p>Haars0011: </p>
<hr />
<div>Anunna currently has multiple filesystem mounts that are available cluster-wide:<br />
<br />
== Global ==<br />
* /home - This mount uses NFS to mount the home directories directly from the active master. Each user has a 200G quota for this filesystem, as it is regularly backed up to tape, and can reliably be restored from up to a week's history.<br />
<br />
* /shared - This mount provides a consistent set of binaries for the entire cluster.<br />
<br />
* /lustre - This large mount uses the Lustre parallel filesystem to provide files from multiple redundant servers. Access is provided per group, thus:<br />
/lustre/[level]/[partner]/[unit]<br />
e.g.<br />
/lustre/backup/WUR/ABGC/<br />
It comprises of two major parts (and some minor):<br />
* /lustre/'''nobackup''' - This is the 'normal' filesystem for Lustre - no backups, just stored on the filesystem. Without having a backup needed, the cost of data here is not as much as under /lustre/backup, but in case of disaster cannot be recovered.<br />
* /lustre/'''backup''' - In case of disaster, this data is stored a second time on a separate machine. Whilst this backup is purely in case of complete tragedy (such as some immense filesystem error, or multiple component failure), it can potentially be used to revert mistakes if you are very fast about reporting them. There is however no guarantee of this service.<br />
* /lustre/'''shared''' - Same as /lustre/backup, except publicly available. This is where truly shared data lives that isn't assigned to a specific group.<br />
<br />
And additionally:<br />
* /lustre/'''scratch''' - Files here may be removed after some time if the filesystem gets too full (Typically 30 days). You should tidy up this data yourself once work is complete.<br />
<br />
=== Private shared directories ===<br />
If you are working with a group of users on a similar project, you might consider making a [[Shared_folders|Shared directory]] to coordinate. Information on how to do so is in the linked article.<br />
<br />
== Local ==<br />
Specific to certain machines are some other filesystems that are available to you:<br />
* /archive - an archive mount only accessible from the login nodes. Files here are sent to the PowerScale for deeper storage. The cost of storing data here is less than on Lustre, but it cannot be used for compute work. This location is only available to WUR users. Files are able to be reverted via snapshot, and there is a separated backup, however this only comes in fortnightly (14 day) intervals.<br />
<br />
* /tmp - On each worker node there is a /tmp mount that can be used for temporary local caching. Be advised that you should clean this up, lest your files become a hindrance to other users. You can request a node with free space in your sbatch script like so:<br />
<pre><br />
#SBATCH --tmp=<required space><br />
</pre><br />
<br />
* /dev/shm - On each worker you may also create a virtual filesystem directly into memory, for extremely fast data access. Be advised that this will count against the memory used for your job, but it is also the fastest available filesystem if needed.<br />
<br />
<br />
<br />
== See also ==<br />
* [[Tariffs | Costs associated with resource usage]]<br />
<br />
== External links ==<br />
* [http://wiki.lustre.org/index.php/Main_Page Lustre website]</div>Haars0011