March 7, 2022
Service accounts may be used with the ERISOne Linux Computing Cluster as described in the Use Cases sections
Request a New Service Account
On the Service Now catalog:
- Search for Network logon (request).
- Select 'Service/generic account (Network logon/request)'
- Select the appropriate site
- Fill in the requested details.
After you get the account created in Service Now please contact hpcsupport@partners.org to have it setup in the system.
Use Cases
Data Transfer and Backup
For running scheduled / automated data transfer tasks to copy files between the ERISOne cluster and other servers or run backups
Web Applications
For running web applications that reside on ERISOne virtual machines
Running computational jobs
If you have adopt-a-node resources on ERISOne then a service account can be attached to your ERISOne group for running computational jobs on your adopt-a-nodes. Service accounts cannot use the general pool of compute nodes.
Authentication Tokens
For automated data transfer tasks where your Mass General Brigham credentials are required (for example, transferring a backup to MAD3) the credentials of the service account may be stored in an encrypted "keytab" file which is used in place of a plain text password. Create a keytab file (for service accounts only) using the kutil tool, replacing "abc123" with the name of your service account, as follows:
$ ktutil
ktutil: add_entry -password -p abc123 -k 0 -e arcfour-hmac
Password for abc123@PARTNERS.ORG:
ktutil: write_kt abc123.keytab
ktutil: quit
Having created the keytab file (named abc123.keytab in this example), include this line in your LSF job file to access the credentials:
kinit -k -t abc123.keytab abc123@PARTNERS.ORG
The keytab file will need to be regenerated every 90 days when the service account password is changed