Service Accounts use with the ERISOne Linux Computing Cluster

Service accounts may be used with the ERISOne Linux Computing Cluster as described in the Use Cases sections

Request a New Service Account

On the Service Now catalog

  • Search for Network logon (request).
  • Select 'Service/generic account (Network logon/request)'
  • Select the appropriate site
  • Fill in the requested details.

After you get the account created in Service Now please contact hpcsupport@partners.org to have it setup in the system.

Use Cases

Data Transfer and Backup

For running scheduled / automated data transfer tasks to copy files between the ERISOne cluster and other servers or run backups

Web Applications

For running web applications that reside on ERISOne virtual machines

Running computational jobs

If you have adopt-a-node resources on ERISOne then a service account can be attached to your ERISOne group for running computational jobs on your adopt-a-nodes.  Service accounts cannot use the general pool of compute nodes.

Authentication Tokens

For automated data transfer tasks where Partners credentials are required (for example, transferring a backup to MAD3) the credentials of the service account may be stored in an encrypted "keytab" file which is used in place of a plain text password.  Create a keytab file (for service accounts only) using the kutil tool, replacing "abc123" with the name of your service account, as follows:

$ ktutil

ktutil: add_entry -password -p abc123 -k 0 -e arcfour-hmac
Password for abc123@PARTNERS.ORG:
ktutil: write_kt abc123.keytab
ktutil: quit

Having created the keytab file (named abc123.keytab in this example), include this line in your LSF job file to access the credentials:

kinit -k -t abc123.keytab abc123@PARTNERS.ORG

The keytab file will need to be regenerated every 90 days when the service account password is changed


Related articles