From 8d4d9f5c262ce68933c17c08067f15c4ca4bf759 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 08:50:11 +0100 Subject: [PATCH 01/50] An introduction of connecting a local computer to a cloud host via SSH is provided in this page. General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. --- .../tutorials/accessing-vm-with-ssh/_index.md | 168 ++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 content/en/users/tutorials/accessing-vm-with-ssh/_index.md diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md new file mode 100644 index 0000000000..cda3bf237b --- /dev/null +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -0,0 +1,168 @@ +--- +title: "Accessing virtual machines with SSH" +linkTitle: "Accessing VMs with SSH" +type: docs +weight: 20 +draft: true +description: > + SSH & OpenStack networking essentials +--- + +## Overview + +An introduction of connecting a local computer to a cloud host via SSH is provided in this page. +General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. + +## Username and password +`Username` and `password` access to cloud virtual machine images is usually **disabled** for security reasons and it is **strongly suggested not to be used**. + +To enable SSH password authentication, the destination virtual machine need to have changed `PasswordAuthentication no` to `PasswordAuthentication yes` + in the `/etc/ssh/sshd_config` file. + +If needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual machine is deployed. + +Depending on your deployment method it could be done with Ansible, Terraform, Salt, Puppet, Chef, Cloudinit, or your own deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA template). + +## SSH Keys +A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. + +#### TIP +If you are using ssh keys in GitHub your public keys are available at: + + https://github.com/${github_username}.keys + +i.e.: +```sh +wget https://github.com/github_username.keys +``` + +### SSH username + +The username to use to connect with a virtual machine is dependent on the virtual machine image and is generally different in each operative system image. + +For `official OS virtual machine images` you can use this page as a general reference for that: +https://docs.openstack.org/image-guide/obtain-images.html + +For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). + +It is also possible to change the username using CloudInit cloud-config, user-data script. +(i.e. here some https://alestic.com/2014/01/ec2-change-username/) or inject some code to add additional users (i.e. with Ansible). + + +### Local ssh key configuration +The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your local operative system you may need to run: + +```sh +chmod 600 ~/.ssh/id_rsa +``` + +(with `id_rsa` being the name of the private key associated with the public key in use). + +## OpenStack networking + +The OpenStack environment needs to be populated with the necessary configurations and virtual hardware. +To access the virtual machine from outside the OpenStack project you have to associate a `floating IP` to the virtual machine (which will provide a `public IP` to the virtual machine), you also have to open the necessary ports and add or edit the security groups, (more details on that in the specific section). + +Depending on the default configuration of the OpenStack project in order to associate a floating IP to a virtual machine in a private network it may be necessary to set up a virtual `router` in OpenStack and `attach` it with an `interface` to the private network. This step is usually not required as the OpenStack router is usually pre-configured by the cloud provider. + +### Security Groups Rules + +The Virtual Machine that you want to connect needs to have the SSH port (22) reachable by your local machine. +For that, it is necessary that a specific `Rule` is set up in one of the `Security Groups` associated with the virtual machine. +The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) matching the IP of the local machine used to connect with the virtual machine. + +### Private IP vs public IP + +Virtual machines in OpenStack are configured in a private network (often in the subnet 192.168.0.0/24) but you can directly SSH-connect with them from the internet only using a `Public IP`, which has to be associated with a virtual machine in the private network. + +### Accessing virtual machines in the private network. + +In general, to reach all the virtual machines in a private network, only a single public IP is needed. + +The virtual machine associated with a public IP is often referred to as a `Bastion` host, once you connect with the bastion host, you can connect with the other virtual machine in the same private network using the private IPs. +Alternatively, it is also possible to set up a `JumpHost` configuration in your local ssh configuration to do that with a single command. + +#### Example: ssh configuration for Jump host + +```sh +cat ~/.ssh/config +``` + +``` +# Bastion +Host bastion 193.1.1.2 + User ubuntu + Hostname 193.168.1.2 + IdentityFile ~/.ssh/id_rsa + IdentitiesOnly yes + +# with ProxyJump +Host private_vm + HostName 192.168.1.2 + ProxyJump bastion + +# old-style with ProxyCommand and additional settings +Host private_vm 192.168.1.2 + Hostname 192.168.1.2 + ProxyCommand ssh -q -A bastion nc %h %p + User ubuntu + ServerAliveInterval 60 + TCPKeepAlive yes + ControlMaster auto + ControlPath ~/.ssh/mux-%r@%h:%p + ControlPersist 8h + IdentityFile ~/.ssh/dev + CheckHostIP=no + StrictHostKeyChecking=no +``` + +General considerations related to the setup of the ssh configuration are valid also for the connection between hosts in the private network (i.e. the ssh destination host needs to have a `public key` in the `~/.ssh/known_hosts` file of the destination user, matching the `private key` used for the connection). + +## SSH connection practical example + +Network configuration of two virtual machines `A` and `B` : +- `A` private IP 192.168.1.2, public IP 193.168.1.2 +- `B` private IP 192.168.1.3 + +### Connecting from a local machine to `A` + +``` +#ssh VM_OS_username@PUBLIC_IP +ssh centos@193.1.1.2 +``` + +If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified with: + + ``` + #ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP + + ssh -i ~/private_key centos@193.1.1.2 +``` + +### Connecting from a local machine to `B` + +``` +# (from your computer) - connect to A +ssh centos@193.1.1.2 + +# (from the shell opened in 193.1.1.2) - connect from A to B +ssh centos@192.168.1.3. +``` + + +## Infrastructure Manager (IM) + +The Infrastructure Manager (IM) provides the SH key that can be used to connect to the virtual machine in the virtual machine info page of the IM-Dashboard (see Fig 14): + +https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures + +This page shows the information related to the virtual machine: the IP, the username (usually "cloudadm"), and the SSH key. + + +## Token-based authentication + +If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. + +More details on that soon. + +The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related `Optional Features`. From 6fb24b3c671ac5c1502839ef9aff21a97a10c4e8 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 08:50:11 +0100 Subject: [PATCH 02/50] Document SSH connection with a VM in OpenStack #543 An introduction of connecting a local computer to a cloud host via SSH is provided in this page. General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. From 3698712f3ab3b34866281f485aa93af6a7eb801d Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 13:57:27 +0100 Subject: [PATCH 03/50] Markdown linter fix --- .../tutorials/accessing-vm-with-ssh/_index.md | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index cda3bf237b..37054f94a0 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -5,7 +5,7 @@ type: docs weight: 20 draft: true description: > - SSH & OpenStack networking essentials + SSH & OpenStack networking essentials --- ## Overview @@ -14,24 +14,28 @@ An introduction of connecting a local computer to a cloud host via SSH is provid General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. ## Username and password + `Username` and `password` access to cloud virtual machine images is usually **disabled** for security reasons and it is **strongly suggested not to be used**. -To enable SSH password authentication, the destination virtual machine need to have changed `PasswordAuthentication no` to `PasswordAuthentication yes` - in the `/etc/ssh/sshd_config` file. +To enable SSH password authentication, the destination virtual machine needs to have changed `PasswordAuthentication no` to `PasswordAuthentication yes` +in the `/etc/ssh/sshd_config` file. If needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual machine is deployed. Depending on your deployment method it could be done with Ansible, Terraform, Salt, Puppet, Chef, Cloudinit, or your own deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA template). ## SSH Keys + A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. #### TIP + If you are using ssh keys in GitHub your public keys are available at: https://github.com/${github_username}.keys i.e.: + ```sh wget https://github.com/github_username.keys ``` @@ -48,8 +52,8 @@ For custom virtual machine images you need to refer to your virtual machine imag It is also possible to change the username using CloudInit cloud-config, user-data script. (i.e. here some https://alestic.com/2014/01/ec2-change-username/) or inject some code to add additional users (i.e. with Ansible). - ### Local ssh key configuration + The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your local operative system you may need to run: ```sh @@ -69,7 +73,7 @@ Depending on the default configuration of the OpenStack project in order to asso The Virtual Machine that you want to connect needs to have the SSH port (22) reachable by your local machine. For that, it is necessary that a specific `Rule` is set up in one of the `Security Groups` associated with the virtual machine. -The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) matching the IP of the local machine used to connect with the virtual machine. +The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) matching the IP of the local machine used to connect with the virtual machine. ### Private IP vs public IP @@ -121,22 +125,23 @@ General considerations related to the setup of the ssh configuration are valid a ## SSH connection practical example Network configuration of two virtual machines `A` and `B` : -- `A` private IP 192.168.1.2, public IP 193.168.1.2 -- `B` private IP 192.168.1.3 + +- `A` private IP 192.168.1.2, public IP 193.168.1.2 +- `B` private IP 192.168.1.3 ### Connecting from a local machine to `A` ``` #ssh VM_OS_username@PUBLIC_IP -ssh centos@193.1.1.2 +ssh centos@193.1.1.2 ``` If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified with: - ``` - #ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP +``` +#ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP - ssh -i ~/private_key centos@193.1.1.2 +ssh -i ~/private_key centos@193.1.1.2 ``` ### Connecting from a local machine to `B` @@ -146,10 +151,9 @@ If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified ssh centos@193.1.1.2 # (from the shell opened in 193.1.1.2) - connect from A to B -ssh centos@192.168.1.3. +ssh centos@192.168.1.3 ``` - ## Infrastructure Manager (IM) The Infrastructure Manager (IM) provides the SH key that can be used to connect to the virtual machine in the virtual machine info page of the IM-Dashboard (see Fig 14): @@ -158,11 +162,11 @@ https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures This page shows the information related to the virtual machine: the IP, the username (usually "cloudadm"), and the SSH key. - ## Token-based authentication -If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. +If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. More details on that soon. -The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related `Optional Features`. +The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related `Optional Features`. + From e1d6f767b381800aafa6cdfd70713155531765b7 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 14:05:05 +0100 Subject: [PATCH 04/50] Remove draft mode --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 37054f94a0..1d053b27ee 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -3,7 +3,6 @@ title: "Accessing virtual machines with SSH" linkTitle: "Accessing VMs with SSH" type: docs weight: 20 -draft: true description: > SSH & OpenStack networking essentials --- From 8ec126f53e76f21d64f07d976f38fae3e6d82fc6 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 14:52:23 +0100 Subject: [PATCH 05/50] Improve compliance with Super Lint style --- .../tutorials/accessing-vm-with-ssh/_index.md | 76 ++++++++++++------- 1 file changed, 48 insertions(+), 28 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 1d053b27ee..81a9e9b40c 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -14,18 +14,22 @@ General guidelines, SSH setup options, tips, and examples for setting up the Ope ## Username and password -`Username` and `password` access to cloud virtual machine images is usually **disabled** for security reasons and it is **strongly suggested not to be used**. +`Username` and `password` access to cloud virtual machine images is usually **disabled** for security reasons and it is +**strongly suggested not to be used**. -To enable SSH password authentication, the destination virtual machine needs to have changed `PasswordAuthentication no` to `PasswordAuthentication yes` -in the `/etc/ssh/sshd_config` file. +To enable SSH password authentication, the destination virtual machine needs to have changed `PasswordAuthentication no` +to `PasswordAuthentication yes` in the `/etc/ssh/sshd_config` file. -If needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual machine is deployed. +If needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual +machine is deployed. -Depending on your deployment method it could be done with Ansible, Terraform, Salt, Puppet, Chef, Cloudinit, or your own deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA template). +Depending on your deployment method it could be done with Ansible, Terraform, Salt, Puppet, Chef, Cloudinit, or your own +deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA template). ## SSH Keys -A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. +A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into +the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. #### TIP @@ -35,27 +39,30 @@ If you are using ssh keys in GitHub your public keys are available at: i.e.: -```sh +``` wget https://github.com/github_username.keys ``` ### SSH username -The username to use to connect with a virtual machine is dependent on the virtual machine image and is generally different in each operative system image. +The username to use to connect with a virtual machine is dependent on the virtual machine image and is generally +different in each operative system image. For `official OS virtual machine images` you can use this page as a general reference for that: -https://docs.openstack.org/image-guide/obtain-images.html +[https://docs.openstack.org/image-guide/obtain-images.html]() -For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). +For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something +specific like `cloudadm`). -It is also possible to change the username using CloudInit cloud-config, user-data script. -(i.e. here some https://alestic.com/2014/01/ec2-change-username/) or inject some code to add additional users (i.e. with Ansible). +It is also possible to change the username using CloudInit cloud-config, user-data script (i.e. here some +[https://alestic.com/2014/01/ec2-change-username/]()) or inject some code to add additional users (i.e. with Ansible). ### Local ssh key configuration -The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your local operative system you may need to run: +The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your +local operative system you may need to run: -```sh +``` chmod 600 ~/.ssh/id_rsa ``` @@ -64,30 +71,40 @@ chmod 600 ~/.ssh/id_rsa ## OpenStack networking The OpenStack environment needs to be populated with the necessary configurations and virtual hardware. -To access the virtual machine from outside the OpenStack project you have to associate a `floating IP` to the virtual machine (which will provide a `public IP` to the virtual machine), you also have to open the necessary ports and add or edit the security groups, (more details on that in the specific section). +To access the virtual machine from outside the OpenStack project you have to associate a `floating IP` to the virtual +machine (which will provide a `public IP` to the virtual machine), you also have to open the necessary ports and add or +edit the security groups, (more details on that in the specific section). -Depending on the default configuration of the OpenStack project in order to associate a floating IP to a virtual machine in a private network it may be necessary to set up a virtual `router` in OpenStack and `attach` it with an `interface` to the private network. This step is usually not required as the OpenStack router is usually pre-configured by the cloud provider. +Depending on the default configuration of the OpenStack project in order to associate a floating IP to a virtual machine +in a private network it may be necessary to set up a virtual `router` in OpenStack and `attach` it with an `interface` +to the private network. This step is usually not required as the OpenStack router is usually pre-configured by the cloud +provider. ### Security Groups Rules The Virtual Machine that you want to connect needs to have the SSH port (22) reachable by your local machine. -For that, it is necessary that a specific `Rule` is set up in one of the `Security Groups` associated with the virtual machine. -The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) matching the IP of the local machine used to connect with the virtual machine. +For that, it is necessary that a specific `Rule` is set up in one of the `Security Groups` associated with the virtual +machine. The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) +matching the IP of the local machine used to connect with the virtual machine. ### Private IP vs public IP -Virtual machines in OpenStack are configured in a private network (often in the subnet 192.168.0.0/24) but you can directly SSH-connect with them from the internet only using a `Public IP`, which has to be associated with a virtual machine in the private network. +Virtual machines in OpenStack are configured in a private network (often in the subnet 192.168.0.0/24) but you can +directly SSH-connect with them from the internet only using a `Public IP`, which has to be associated with a virtual +machine in the private network. ### Accessing virtual machines in the private network. In general, to reach all the virtual machines in a private network, only a single public IP is needed. -The virtual machine associated with a public IP is often referred to as a `Bastion` host, once you connect with the bastion host, you can connect with the other virtual machine in the same private network using the private IPs. -Alternatively, it is also possible to set up a `JumpHost` configuration in your local ssh configuration to do that with a single command. +The virtual machine associated with a public IP is often referred to as a `Bastion` host, once you connect with the +bastion host, you can connect with the other virtual machine in the same private network using the private IPs. +Alternatively, it is also possible to set up a `JumpHost` configuration in your local ssh configuration to do that with +a single command. #### Example: ssh configuration for Jump host -```sh +``` cat ~/.ssh/config ``` @@ -119,7 +136,9 @@ Host private_vm 192.168.1.2 StrictHostKeyChecking=no ``` -General considerations related to the setup of the ssh configuration are valid also for the connection between hosts in the private network (i.e. the ssh destination host needs to have a `public key` in the `~/.ssh/known_hosts` file of the destination user, matching the `private key` used for the connection). +General considerations related to the setup of the ssh configuration are valid also for the connection between hosts in +the private network (i.e. the ssh destination host needs to have a `public key` in the `~/.ssh/known_hosts` file of the +destination user, matching the `private key` used for the connection). ## SSH connection practical example @@ -139,7 +158,6 @@ If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified ``` #ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP - ssh -i ~/private_key centos@193.1.1.2 ``` @@ -155,7 +173,8 @@ ssh centos@192.168.1.3 ## Infrastructure Manager (IM) -The Infrastructure Manager (IM) provides the SH key that can be used to connect to the virtual machine in the virtual machine info page of the IM-Dashboard (see Fig 14): +The Infrastructure Manager (IM) provides the SH key that can be used to connect to the virtual machine in the virtual +machine info page of the IM-Dashboard (see Fig 14): https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures @@ -163,9 +182,10 @@ This page shows the information related to the virtual machine: the IP, the user ## Token-based authentication -If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. +If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which +implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. More details on that soon. -The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related `Optional Features`. - +The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related +`Optional Features`. From 09dd719844d239b61ad55e3cf03ebc17593c2ee3 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 16:32:47 +0100 Subject: [PATCH 06/50] Change code block style fenced -> indented; Actual --- .../tutorials/accessing-vm-with-ssh/_index.md | 100 ++++++++---------- 1 file changed, 46 insertions(+), 54 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 81a9e9b40c..dabfd3451d 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -31,7 +31,7 @@ deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. -#### TIP +- TIP If you are using ssh keys in GitHub your public keys are available at: @@ -39,7 +39,7 @@ If you are using ssh keys in GitHub your public keys are available at: i.e.: -``` +```sh wget https://github.com/github_username.keys ``` @@ -49,22 +49,21 @@ The username to use to connect with a virtual machine is dependent on the virtua different in each operative system image. For `official OS virtual machine images` you can use this page as a general reference for that: -[https://docs.openstack.org/image-guide/obtain-images.html]() +[https://docs.openstack.org/image-guide/obtain-images.html](content/en/users/tutorials/accessing-vm-with-ssh/_index.md) For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). It is also possible to change the username using CloudInit cloud-config, user-data script (i.e. here some -[https://alestic.com/2014/01/ec2-change-username/]()) or inject some code to add additional users (i.e. with Ansible). +[https://alestic.com/2014/01/ec2-change-username/](content/en/users/tutorials/accessing-vm-with-ssh/_index.md)) or +inject some code to add additional users (i.e. with Ansible). ### Local ssh key configuration The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your local operative system you may need to run: -``` -chmod 600 ~/.ssh/id_rsa -``` + chmod 600 ~/.ssh/id_rsa (with `id_rsa` being the name of the private key associated with the public key in use). @@ -93,7 +92,7 @@ Virtual machines in OpenStack are configured in a private network (often in the directly SSH-connect with them from the internet only using a `Public IP`, which has to be associated with a virtual machine in the private network. -### Accessing virtual machines in the private network. +### Accessing virtual machines in the private network In general, to reach all the virtual machines in a private network, only a single public IP is needed. @@ -104,37 +103,33 @@ a single command. #### Example: ssh configuration for Jump host -``` -cat ~/.ssh/config -``` - -``` -# Bastion -Host bastion 193.1.1.2 - User ubuntu - Hostname 193.168.1.2 - IdentityFile ~/.ssh/id_rsa - IdentitiesOnly yes - -# with ProxyJump -Host private_vm - HostName 192.168.1.2 - ProxyJump bastion - -# old-style with ProxyCommand and additional settings -Host private_vm 192.168.1.2 - Hostname 192.168.1.2 - ProxyCommand ssh -q -A bastion nc %h %p - User ubuntu - ServerAliveInterval 60 - TCPKeepAlive yes - ControlMaster auto - ControlPath ~/.ssh/mux-%r@%h:%p - ControlPersist 8h - IdentityFile ~/.ssh/dev - CheckHostIP=no - StrictHostKeyChecking=no -``` + cat ~/.ssh/config + + # Bastion + Host bastion 193.1.1.2 + User ubuntu + Hostname 193.168.1.2 + IdentityFile ~/.ssh/id_rsa + IdentitiesOnly yes + + # with ProxyJump + Host private_vm + HostName 192.168.1.2 + ProxyJump bastion + + # old-style with ProxyCommand and additional settings + Host private_vm 192.168.1.2 + Hostname 192.168.1.2 + ProxyCommand ssh -q -A bastion nc %h %p + User ubuntu + ServerAliveInterval 60 + TCPKeepAlive yes + ControlMaster auto + ControlPath ~/.ssh/mux-%r@%h:%p + ControlPersist 8h + IdentityFile ~/.ssh/dev + CheckHostIP=no + StrictHostKeyChecking=no General considerations related to the setup of the ssh configuration are valid also for the connection between hosts in the private network (i.e. the ssh destination host needs to have a `public key` in the `~/.ssh/known_hosts` file of the @@ -149,27 +144,24 @@ Network configuration of two virtual machines `A` and `B` : ### Connecting from a local machine to `A` -``` -#ssh VM_OS_username@PUBLIC_IP -ssh centos@193.1.1.2 -``` + # ssh VM_OS_username@PUBLIC_IP + ssh centos@193.1.1.2 + If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified with: -``` -#ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP -ssh -i ~/private_key centos@193.1.1.2 -``` + # ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP + ssh -i ~/private_key centos@193.1.1.2 ### Connecting from a local machine to `B` -``` -# (from your computer) - connect to A -ssh centos@193.1.1.2 - -# (from the shell opened in 193.1.1.2) - connect from A to B -ssh centos@192.168.1.3 -``` + # from your computer + # connect to A + ssh centos@193.1.1.2 + + # from the shell opened in 193.1.1.2 + # connect from A to B + ssh centos@192.168.1.3 ## Infrastructure Manager (IM) From 1fb2f7f61f544c13929fbc5c6d44cfe05d5005f1 Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 16:42:09 +0100 Subject: [PATCH 07/50] Fix links --- .../en/users/tutorials/accessing-vm-with-ssh/_index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index dabfd3451d..f5565ba2c5 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -49,13 +49,13 @@ The username to use to connect with a virtual machine is dependent on the virtua different in each operative system image. For `official OS virtual machine images` you can use this page as a general reference for that: -[https://docs.openstack.org/image-guide/obtain-images.html](content/en/users/tutorials/accessing-vm-with-ssh/_index.md) +[https://docs.openstack.org/image-guide/obtain-images.html](https://docs.openstack.org/image-guide/obtain-images.html) For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). It is also possible to change the username using CloudInit cloud-config, user-data script (i.e. here some -[https://alestic.com/2014/01/ec2-change-username/](content/en/users/tutorials/accessing-vm-with-ssh/_index.md)) or +[https://alestic.com/2014/01/ec2-change-username/](https://alestic.com/2014/01/ec2-change-username/)) or inject some code to add additional users (i.e. with Ansible). ### Local ssh key configuration @@ -165,12 +165,12 @@ If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified ## Infrastructure Manager (IM) -The Infrastructure Manager (IM) provides the SH key that can be used to connect to the virtual machine in the virtual -machine info page of the IM-Dashboard (see Fig 14): +The Infrastructure Manager (IM) provides the SSH key that can be used to connect to the virtual machine in the VM +info page of the IM-Dashboard (see Fig 14): https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures -This page shows the information related to the virtual machine: the IP, the username (usually "cloudadm"), and the SSH key. +The page shows the information related with the virtual machine: the IP, the username (usually "cloudadm"), and the SSH key. ## Token-based authentication From 24a8345e3b335e6c3f9a7d505deb52c32e7071fe Mon Sep 17 00:00:00 2001 From: Gianni Dalla Torre Date: Fri, 11 Nov 2022 16:58:26 +0100 Subject: [PATCH 08/50] Pagination & fixes --- .../users/tutorials/accessing-vm-with-ssh/_index.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index f5565ba2c5..80aa91e89f 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -9,7 +9,7 @@ description: > ## Overview -An introduction of connecting a local computer to a cloud host via SSH is provided in this page. +An introduction of connecting a local computer to a cloud host via SSH is provided in this page. General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. ## Username and password @@ -39,9 +39,7 @@ If you are using ssh keys in GitHub your public keys are available at: i.e.: -```sh -wget https://github.com/github_username.keys -``` + wget https://github.com/github_username.keys ### SSH username @@ -147,7 +145,6 @@ Network configuration of two virtual machines `A` and `B` : # ssh VM_OS_username@PUBLIC_IP ssh centos@193.1.1.2 - If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified with: # ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP @@ -168,9 +165,10 @@ If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified The Infrastructure Manager (IM) provides the SSH key that can be used to connect to the virtual machine in the VM info page of the IM-Dashboard (see Fig 14): -https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures +[https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures]( +https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures) -The page shows the information related with the virtual machine: the IP, the username (usually "cloudadm"), and the SSH key. +The page shows the information related with the virtual machine: the IP, the username (usually `cloudadm`), and the SSH key. ## Token-based authentication From c0363eda9d8f57de7db8e12afe41187b1a4dd251 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 10:40:50 +0100 Subject: [PATCH 09/50] Cosmetics --- .../tutorials/accessing-vm-with-ssh/_index.md | 243 ++++++++++-------- 1 file changed, 141 insertions(+), 102 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 80aa91e89f..65e842b6f5 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -3,37 +3,46 @@ title: "Accessing virtual machines with SSH" linkTitle: "Accessing VMs with SSH" type: docs weight: 20 -description: > - SSH & OpenStack networking essentials +description: "Accessing virtual machines with SSH" --- ## Overview -An introduction of connecting a local computer to a cloud host via SSH is provided in this page. -General guidelines, SSH setup options, tips, and examples for setting up the OpenStack environment. +This page provides an introduction of connecting from a local computer to a +cloud host via SSH. It provides general guidelines, SSH options, tips, and +examples for setting up the OpenStack environment. ## Username and password -`Username` and `password` access to cloud virtual machine images is usually **disabled** for security reasons and it is -**strongly suggested not to be used**. +{{% alert title="Warning" color="warning" %}} `Username` and `password` access +to cloud virtual machine images is usually **disabled** for security reasons and +it is **strongly suggested not to be used**. {{% /alert %}} -To enable SSH password authentication, the destination virtual machine needs to have changed `PasswordAuthentication no` -to `PasswordAuthentication yes` in the `/etc/ssh/sshd_config` file. +To enable SSH password authentication, the destination virtual machine needs to +have changed `PasswordAuthentication no` to `PasswordAuthentication yes` in the +`/etc/ssh/sshd_config` file. -If needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual -machine is deployed. +If really needed, a custom image with `PasswordAuthentication` enabled can be +used or that can be injected when the virtual machine is deployed. -Depending on your deployment method it could be done with Ansible, Terraform, Salt, Puppet, Chef, Cloudinit, or your own -deployment tool if supported (i.e. the Infrastructure Manager and a custom TOSCA template). +Depending on your deployment method it could be done with Ansible, Terraform, +Salt, Puppet, Chef, cloud-init, or your own deployment tool if supported (i.e. +the Infrastructure Manager and a custom TOSCA template). -## SSH Keys +{{% alert title="Warning" color="warning" %}} If you enable +`PasswordAuthentication`, be sure to +[generate a strong and unique password or passphrase](https://bitwarden.com/password-generator/) +for your account, otherwise you virtual machines **will be** compromised, and +you access may be suspended.{{% /alert %}} -A common method to access a cloud virtual machine is via ssh using **SSH keys**, you may inject your **public key** into -the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. +## SSH Keys -- TIP +A common method to access a cloud virtual machine is via ssh using **SSH keys**, +you may inject your **public key** into the virtual machine, at deployment time, +and use your **private key** to connect via ssh without any password. -If you are using ssh keys in GitHub your public keys are available at: +{{% alert title="Tip" color="info" %}} If you are using ssh keys in GitHub your +public keys are available at: https://github.com/${github_username}.keys @@ -41,97 +50,119 @@ i.e.: wget https://github.com/github_username.keys +{{% /alert %}} + ### SSH username -The username to use to connect with a virtual machine is dependent on the virtual machine image and is generally -different in each operative system image. +The username to use to connect to a virtual machine is dependent on the virtual +machine image and is generally different in each operative system image. -For `official OS virtual machine images` you can use this page as a general reference for that: -[https://docs.openstack.org/image-guide/obtain-images.html](https://docs.openstack.org/image-guide/obtain-images.html) +For `official OS virtual machine images` you can use the general reference +documentation on +[obtaining images](https://docs.openstack.org/image-guide/obtain-images.html). -For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something -specific like `cloudadm`). +For custom virtual machine images you need to refer to your virtual machine +image provider (i.e. it could be something specific like `cloudadm`). -It is also possible to change the username using CloudInit cloud-config, user-data script (i.e. here some -[https://alestic.com/2014/01/ec2-change-username/](https://alestic.com/2014/01/ec2-change-username/)) or -inject some code to add additional users (i.e. with Ansible). +It is also possible to change the username using cloud-init with a user-data +configuration (i.e. see the +[cloud config examples](https://cloudinit.readthedocs.io/en/latest/topics/examples.html)) +or inject some code to add additional users (i.e. with Ansible). ### Local ssh key configuration -The `private ssh-key` stored on your local computer is required to have restrictive file permissions. Depending on your -local operative system you may need to run: +The `private ssh-key` stored on your local computer is required to have +restrictive file permissions. Depending on your local operative system you may +need to run: - chmod 600 ~/.ssh/id_rsa +```shell +chmod 600 ~/.ssh/id_rsa +``` -(with `id_rsa` being the name of the private key associated with the public key in use). +(with `id_rsa` being the name of the private key associated with the public key +in use). ## OpenStack networking -The OpenStack environment needs to be populated with the necessary configurations and virtual hardware. -To access the virtual machine from outside the OpenStack project you have to associate a `floating IP` to the virtual -machine (which will provide a `public IP` to the virtual machine), you also have to open the necessary ports and add or -edit the security groups, (more details on that in the specific section). +The OpenStack environment needs to be populated with the necessary +configurations and virtual hardware. To access the virtual machine from outside +the OpenStack project you have to associate a `floating IP` to the virtual +machine (which will provide a `public IP` to the virtual machine), you also have +to open the necessary ports and add or edit the security groups, (more details +on that in the specific section). -Depending on the default configuration of the OpenStack project in order to associate a floating IP to a virtual machine -in a private network it may be necessary to set up a virtual `router` in OpenStack and `attach` it with an `interface` -to the private network. This step is usually not required as the OpenStack router is usually pre-configured by the cloud -provider. +Depending on the default configuration of the OpenStack project in order to +associate a floating IP to a virtual machine in a private network it may be +necessary to set up a virtual `router` in OpenStack and `attach` it with an +`interface` to the private network. This step is usually not required as the +OpenStack router is usually pre-configured by the cloud provider. ### Security Groups Rules -The Virtual Machine that you want to connect needs to have the SSH port (22) reachable by your local machine. -For that, it is necessary that a specific `Rule` is set up in one of the `Security Groups` associated with the virtual -machine. The rule has to open `port 22` either to any IPs (with `CIDR 0.0.0.0/0`) or to a specific IP (or subnet) -matching the IP of the local machine used to connect with the virtual machine. +The Virtual Machine that you want to connect needs to have the SSH port (22) +reachable by your local machine. For that, it is necessary that a specific +`Rule` is set up in one of the `Security Groups` associated with the virtual +machine. The rule has to open `port 22` either to any IPs (with +`CIDR 0.0.0.0/0`) or to a specific IP (or subnet) matching the IP of the local +machine used to connect with the virtual machine. + +> Sites are often providing a `default` security group, that may already contain +> this rule. You can check this using +> `openstack security group rule list default`. ### Private IP vs public IP -Virtual machines in OpenStack are configured in a private network (often in the subnet 192.168.0.0/24) but you can -directly SSH-connect with them from the internet only using a `Public IP`, which has to be associated with a virtual +Virtual machines in OpenStack are configured in a private network (like in the +subnet 192.168.0.0/24) but you can directly SSH-connect with them from the +internet only using a `Public IP`, which has to be associated with a virtual machine in the private network. ### Accessing virtual machines in the private network -In general, to reach all the virtual machines in a private network, only a single public IP is needed. +In general, to reach all the virtual machines in a private network, only a +single public IP is needed. -The virtual machine associated with a public IP is often referred to as a `Bastion` host, once you connect with the -bastion host, you can connect with the other virtual machine in the same private network using the private IPs. -Alternatively, it is also possible to set up a `JumpHost` configuration in your local ssh configuration to do that with -a single command. +The virtual machine associated with a public IP is often referred to as a +`Bastion` host, once you connect with the bastion host, you can connect with the +other virtual machine in the same private network using the private IPs. +Alternatively, it is also possible to set up a `JumpHost` configuration in your +local ssh configuration to do that with a single command. #### Example: ssh configuration for Jump host - cat ~/.ssh/config - - # Bastion - Host bastion 193.1.1.2 - User ubuntu - Hostname 193.168.1.2 - IdentityFile ~/.ssh/id_rsa - IdentitiesOnly yes - - # with ProxyJump - Host private_vm - HostName 192.168.1.2 - ProxyJump bastion - - # old-style with ProxyCommand and additional settings - Host private_vm 192.168.1.2 - Hostname 192.168.1.2 - ProxyCommand ssh -q -A bastion nc %h %p - User ubuntu - ServerAliveInterval 60 - TCPKeepAlive yes - ControlMaster auto - ControlPath ~/.ssh/mux-%r@%h:%p - ControlPersist 8h - IdentityFile ~/.ssh/dev - CheckHostIP=no - StrictHostKeyChecking=no - -General considerations related to the setup of the ssh configuration are valid also for the connection between hosts in -the private network (i.e. the ssh destination host needs to have a `public key` in the `~/.ssh/known_hosts` file of the -destination user, matching the `private key` used for the connection). +```shell +$ cat ~/.ssh/config +# Bastion +Host bastion 193.1.1.2 + User ubuntu + Hostname 193.168.1.2 + IdentityFile ~/.ssh/id_rsa + IdentitiesOnly yes + +# with ProxyJump +Host private_vm + HostName 192.168.1.2 + ProxyJump bastion + +# old-style with ProxyCommand and additional settings +Host private_vm 192.168.1.2 + Hostname 192.168.1.2 + ProxyCommand ssh -q -A bastion nc %h %p + User ubuntu + ServerAliveInterval 60 + TCPKeepAlive yes + ControlMaster auto + ControlPath ~/.ssh/mux-%r@%h:%p + ControlPersist 8h + IdentityFile ~/.ssh/dev + CheckHostIP=no + StrictHostKeyChecking=no +``` + +General considerations related to setting up the ssh configuration are valid +also for the connection between hosts in the private network (i.e. the ssh +destination host needs to have a `public key` in the `~/.ssh/known_hosts` file +of the destination user, matching the `private key` used for the connection). ## SSH connection practical example @@ -142,40 +173,48 @@ Network configuration of two virtual machines `A` and `B` : ### Connecting from a local machine to `A` - # ssh VM_OS_username@PUBLIC_IP - ssh centos@193.1.1.2 +```shell +# ssh VM_OS_username@PUBLIC_IP +$ ssh centos@193.1.1.2 +``` -If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified with: +If the ssh local key is not the default `~/.ssh/id_rsa` it needs to be specified +with: - # ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP - ssh -i ~/private_key centos@193.1.1.2 +```shell +# ssh -i /path_of_your_private_ssh_key VM_OS_username@PUBLIC_IP +$ ssh -i ~/private_key centos@193.1.1.2 +``` ### Connecting from a local machine to `B` - # from your computer - # connect to A - ssh centos@193.1.1.2 - - # from the shell opened in 193.1.1.2 - # connect from A to B - ssh centos@192.168.1.3 +```shell +# from your computer +# connect to A +$ ssh centos@193.1.1.2 -## Infrastructure Manager (IM) +# from the shell opened in 193.1.1.2 +# connect from A to B +$ ssh centos@192.168.1.3 +``` -The Infrastructure Manager (IM) provides the SSH key that can be used to connect to the virtual machine in the VM -info page of the IM-Dashboard (see Fig 14): +## Infrastructure Manager (IM) -[https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures]( -https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures) +The Infrastructure Manager (IM) provides the SSH key that can be used to connect +to the virtual machine in the VM +[info page of the IM-Dashboard (see Fig 14)](https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures). -The page shows the information related with the virtual machine: the IP, the username (usually `cloudadm`), and the SSH key. +The page shows the information related with the virtual machine: the IP, the +username (usually `cloudadm`), and the SSH key. ## Token-based authentication -If supported by your virtual machine, you can also use [ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which -implements the authentication consuming under-the-hood tokens from a local demon installed on your local machine. +If supported by your virtual machine, you can also use +[ssh-oidc](https://github.com/EOSC-synergy/ssh-oidc) which implements the +authentication consuming under-the-hood tokens from a local demon installed on +your local machine. More details on that soon. -The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in virtual machines by selecting the related -`Optional Features`. +The Infrastructure Manager (IM) can `Enable SSH OIDC access to the VM` in +virtual machines by selecting the related `Optional Features`. From 3780f8a4a8a14381087eda90f8d570c32549904e Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 13:48:49 +0100 Subject: [PATCH 10/50] Try to fix error with mixing indented and fenced code blocks --- .../users/tutorials/accessing-vm-with-ssh/_index.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 65e842b6f5..382f5a0b64 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -42,15 +42,8 @@ you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. {{% alert title="Tip" color="info" %}} If you are using ssh keys in GitHub your -public keys are available at: - - https://github.com/${github_username}.keys - -i.e.: - - wget https://github.com/github_username.keys - -{{% /alert %}} +public keys are available at: https://github.com/${github_username}.keys i.e.: +wget https://github.com/github_username.keys {{% /alert %}} ### SSH username @@ -76,7 +69,7 @@ restrictive file permissions. Depending on your local operative system you may need to run: ```shell -chmod 600 ~/.ssh/id_rsa +$ chmod 600 ~/.ssh/id_rsa ``` (with `id_rsa` being the name of the private key associated with the public key From 550712ee1e90e22b78bcc933086229d0892f0e1d Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:04:19 +0100 Subject: [PATCH 11/50] Try to fix pattern --- .github/linters/mlc_config.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index d908848d52..2fcfacae62 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -62,6 +62,9 @@ }, { "pattern": "^https://operations-portal.egi.eu/downtimes/subscription" + }, + { + "pattern": "^https://github.com/*.keys" } ] } From 04aa95aceb396ca481d43d511ee8d306856975d9 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:13:19 +0100 Subject: [PATCH 12/50] Fix link check, tested locally docker run -v ${PWD}:/tmp:ro --rm -i ghcr.io/tcort/markdown-link-check:stable --config /tmp/.github/linters/mlc_config.json --quiet --verbose /tmp/content/en/users/tutorials/accessing-vm-with-ssh/_index.md --- .github/linters/mlc_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index 2fcfacae62..bd78ffeadb 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -64,7 +64,7 @@ "pattern": "^https://operations-portal.egi.eu/downtimes/subscription" }, { - "pattern": "^https://github.com/*.keys" + "pattern": "^https://github.com/.*.keys" } ] } From 6ade4ce3482eddc21bc47ce238fd28b870402f06 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:38:57 +0100 Subject: [PATCH 13/50] Prevent errors regarding bare urls --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 382f5a0b64..4f52897692 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -42,8 +42,8 @@ you may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. {{% alert title="Tip" color="info" %}} If you are using ssh keys in GitHub your -public keys are available at: https://github.com/${github_username}.keys i.e.: -wget https://github.com/github_username.keys {{% /alert %}} +public keys are available at: `https://github.com/${github_username}.keys`. +i.e.: `wget https://github.com/github_username.keys` {{% /alert %}} ### SSH username From e586e7ec4d372e5adccef6fd7a1b07ff7eb901b6 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:43:21 +0100 Subject: [PATCH 14/50] Move ssh username + password after SSH key --- .../tutorials/accessing-vm-with-ssh/_index.md | 53 ++++++++++--------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 4f52897692..acfaeb699e 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -12,34 +12,12 @@ This page provides an introduction of connecting from a local computer to a cloud host via SSH. It provides general guidelines, SSH options, tips, and examples for setting up the OpenStack environment. -## Username and password - -{{% alert title="Warning" color="warning" %}} `Username` and `password` access -to cloud virtual machine images is usually **disabled** for security reasons and -it is **strongly suggested not to be used**. {{% /alert %}} - -To enable SSH password authentication, the destination virtual machine needs to -have changed `PasswordAuthentication no` to `PasswordAuthentication yes` in the -`/etc/ssh/sshd_config` file. - -If really needed, a custom image with `PasswordAuthentication` enabled can be -used or that can be injected when the virtual machine is deployed. - -Depending on your deployment method it could be done with Ansible, Terraform, -Salt, Puppet, Chef, cloud-init, or your own deployment tool if supported (i.e. -the Infrastructure Manager and a custom TOSCA template). - -{{% alert title="Warning" color="warning" %}} If you enable -`PasswordAuthentication`, be sure to -[generate a strong and unique password or passphrase](https://bitwarden.com/password-generator/) -for your account, otherwise you virtual machines **will be** compromised, and -you access may be suspended.{{% /alert %}} - ## SSH Keys -A common method to access a cloud virtual machine is via ssh using **SSH keys**, -you may inject your **public key** into the virtual machine, at deployment time, -and use your **private key** to connect via ssh without any password. +The recommended method to access a cloud virtual machine is via ssh using **SSH +keys**, you may inject your **public key** into the virtual machine, at +deployment time, and use your **private key** to connect via ssh without any +password. {{% alert title="Tip" color="info" %}} If you are using ssh keys in GitHub your public keys are available at: `https://github.com/${github_username}.keys`. @@ -75,6 +53,29 @@ $ chmod 600 ~/.ssh/id_rsa (with `id_rsa` being the name of the private key associated with the public key in use). +## Username and password + +{{% alert title="Warning" color="warning" %}} `Username` and `password` access +to cloud virtual machine images is usually **disabled** for security reasons and +it is **strongly suggested not to be used**. {{% /alert %}} + +To enable SSH password authentication, the destination virtual machine needs to +have changed `PasswordAuthentication no` to `PasswordAuthentication yes` in the +`/etc/ssh/sshd_config` file. + +If really needed, a custom image with `PasswordAuthentication` enabled can be +used or that can be injected when the virtual machine is deployed. + +Depending on your deployment method it could be done with Ansible, Terraform, +Salt, Puppet, Chef, cloud-init, or your own deployment tool if supported (i.e. +the Infrastructure Manager and a custom TOSCA template). + +{{% alert title="Warning" color="warning" %}} If you enable +`PasswordAuthentication`, be sure to +[generate a strong and unique password or passphrase](https://bitwarden.com/password-generator/) +for your account, otherwise you virtual machines **will be** compromised, and +you access may be suspended.{{% /alert %}} + ## OpenStack networking The OpenStack environment needs to be populated with the necessary From 9b2166b4a43a1d44d2d59db459c08dc19dc20a43 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:45:33 +0100 Subject: [PATCH 15/50] Insist on the risks of using password authentication --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index acfaeb699e..d9b2f78591 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -59,9 +59,10 @@ in use). to cloud virtual machine images is usually **disabled** for security reasons and it is **strongly suggested not to be used**. {{% /alert %}} -To enable SSH password authentication, the destination virtual machine needs to -have changed `PasswordAuthentication no` to `PasswordAuthentication yes` in the -`/etc/ssh/sshd_config` file. +In case you have **no other option**, and are conscious of the risks, in order to +enable SSH password authentication, the destination virtual machine needs to +have `/etc/ssh/sshd_config` configuration changed from +`PasswordAuthentication no` to `PasswordAuthentication yes`. If really needed, a custom image with `PasswordAuthentication` enabled can be used or that can be injected when the virtual machine is deployed. From 6676b93bb2b5462f601beacd4cf5bce7af2382ea Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 15 Nov 2022 14:54:31 +0100 Subject: [PATCH 16/50] Align name of tutorials, group the entries --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 6 +++--- .../tutorials/create-your-first-virtual-machine/_index.md | 2 +- .../en/users/tutorials/data-transfer-grid-storage/_index.md | 2 +- .../users/tutorials/data-transfer-object-storage/_index.md | 2 +- .../tutorials/jupyter-datahub-virtual-machine/_index.md | 2 +- .../tutorials/oidc-agent-fedcloudclient-terraform/_index.md | 2 +- content/en/users/tutorials/vm-datahub/_index.md | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index d9b2f78591..3553510bfe 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -1,6 +1,6 @@ --- title: "Accessing virtual machines with SSH" -linkTitle: "Accessing VMs with SSH" +linkTitle: "Access a VM with SSH" type: docs weight: 20 description: "Accessing virtual machines with SSH" @@ -59,8 +59,8 @@ in use). to cloud virtual machine images is usually **disabled** for security reasons and it is **strongly suggested not to be used**. {{% /alert %}} -In case you have **no other option**, and are conscious of the risks, in order to -enable SSH password authentication, the destination virtual machine needs to +In case you have **no other option**, and are conscious of the risks, in order +to enable SSH password authentication, the destination virtual machine needs to have `/etc/ssh/sshd_config` configuration changed from `PasswordAuthentication no` to `PasswordAuthentication yes`. diff --git a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md b/content/en/users/tutorials/create-your-first-virtual-machine/_index.md index 24a5b80023..f94e0223ba 100644 --- a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md +++ b/content/en/users/tutorials/create-your-first-virtual-machine/_index.md @@ -1,5 +1,5 @@ --- -title: "Create your first Virtual Machine" +title: "Create your first Virtual Machine (VM)" type: docs weight: 10 description: > diff --git a/content/en/users/tutorials/data-transfer-grid-storage/_index.md b/content/en/users/tutorials/data-transfer-grid-storage/_index.md index 5af66ecc5c..bb9e8d6b5c 100644 --- a/content/en/users/tutorials/data-transfer-grid-storage/_index.md +++ b/content/en/users/tutorials/data-transfer-grid-storage/_index.md @@ -2,7 +2,7 @@ title: "Data transfer with grid storage" linkTitle: "Data transfer with grid storage" type: docs -weight: 50 +weight: 160 description: > Use EGI Data transfer to handle data in grid storage --- diff --git a/content/en/users/tutorials/data-transfer-object-storage/_index.md b/content/en/users/tutorials/data-transfer-object-storage/_index.md index 439c61ecf3..a7466ff55d 100644 --- a/content/en/users/tutorials/data-transfer-object-storage/_index.md +++ b/content/en/users/tutorials/data-transfer-object-storage/_index.md @@ -1,7 +1,7 @@ --- title: "Data transfer with object storage" type: docs -weight: 60 +weight: 170 description: > Use EGI Data transfer to handle data in object storage --- diff --git a/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md b/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md index b17d5c2b75..13967f084d 100644 --- a/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md +++ b/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md @@ -1,5 +1,5 @@ --- -title: "Create a Virtual Machine with Jupyter and DataHub" +title: "Create a VM with Jupyter and DataHub" type: docs weight: 100 description: > diff --git a/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md b/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md index ac00d98c62..9c671a02e7 100644 --- a/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md +++ b/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md @@ -1,5 +1,5 @@ --- -title: "Automating with oidc-agent, fedcloudclient, terraform and Ansible" +title: "Automate with oidc-agent, fedcloudclient, terraform and Ansible" type: docs weight: 150 description: > diff --git a/content/en/users/tutorials/vm-datahub/_index.md b/content/en/users/tutorials/vm-datahub/_index.md index fb9e27c670..f4e547ecdb 100644 --- a/content/en/users/tutorials/vm-datahub/_index.md +++ b/content/en/users/tutorials/vm-datahub/_index.md @@ -1,5 +1,5 @@ --- -title: "Access DataHub from a Virtual machine" +title: "Access DataHub from a VM" type: docs weight: 40 description: > From d52e380ca3eee8eea39380b6989e0de5d867a578 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 09:34:05 +0100 Subject: [PATCH 17/50] Fix deprecated link --- .../users/tutorials/create-your-first-virtual-machine/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md b/content/en/users/tutorials/create-your-first-virtual-machine/_index.md index f94e0223ba..7366ecd120 100644 --- a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md +++ b/content/en/users/tutorials/create-your-first-virtual-machine/_index.md @@ -40,7 +40,7 @@ use a web dashboard like [VMOps Dashboard](../../compute/cloud-compute/monitor) On the other hand, advanced users may prefer to use the [command-line interface](../../getting-started/cli). -To know more about the [Cloud Compute](https://www.egi.eu/services/cloud-compute/) +To know more about the [Cloud Compute](https://www.egi.eu/service/cloud-compute/) Service in EGI please visit its [dedicated section](../../compute/cloud-compute). ## Asking for help From 4939408c15c1e95d35b79ea70fa93bc49f891058 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 09:41:10 +0100 Subject: [PATCH 18/50] Fix deprecated links --- content/en/about/contributing/style/_index.md | 2 +- content/en/providers/check-in/idp/_index.md | 2 +- content/en/providers/check-in/sp/_index.md | 2 +- content/en/users/aai/check-in/_index.md | 2 +- content/en/users/compute/cloud-compute/_index.md | 6 +++--- content/en/users/compute/cloud-container-compute/_index.md | 2 +- .../users/compute/orchestration/workload-manager/_index.md | 2 +- content/en/users/data/management/data-transfer/_index.md | 2 +- content/en/users/data/storage/_index.md | 2 +- content/en/users/dev-env/notebooks/_index.md | 2 +- content/en/users/getting-started/_index.md | 4 ++-- content/en/users/training/_index.md | 2 +- content/en/users/tutorials/htc-job-submission/_index.md | 2 +- 13 files changed, 16 insertions(+), 16 deletions(-) diff --git a/content/en/about/contributing/style/_index.md b/content/en/about/contributing/style/_index.md index 92927d4033..e4788d74b4 100644 --- a/content/en/about/contributing/style/_index.md +++ b/content/en/about/contributing/style/_index.md @@ -16,7 +16,7 @@ weight: 20 - When introducing services, link to the public page of the service, if any: ```markdown -[EGI Cloud Compute](https://www.egi.eu/services/cloud-compute/) +[EGI Cloud Compute](https://www.egi.eu/service/cloud-compute/) ``` ## Markdown writing guidelines diff --git a/content/en/providers/check-in/idp/_index.md b/content/en/providers/check-in/idp/_index.md index db3f728520..10a43f2fd0 100644 --- a/content/en/providers/check-in/idp/_index.md +++ b/content/en/providers/check-in/idp/_index.md @@ -6,7 +6,7 @@ type: "docs" --- This page contains information about integrating your identity provider (IdP) -with [Check-in](https://www.egi.eu/services/check-in/) in order to allow users +with [Check-in](https://www.egi.eu/service/check-in/) in order to allow users in your community to access EGI tools and services. Organisations who want to register their IdP in Check-in needs to fill this diff --git a/content/en/providers/check-in/sp/_index.md b/content/en/providers/check-in/sp/_index.md index e5a7425863..6e31f28902 100644 --- a/content/en/providers/check-in/sp/_index.md +++ b/content/en/providers/check-in/sp/_index.md @@ -6,7 +6,7 @@ type: "docs" --- This page contains information about connecting services to -[EGI Check-in](https://www.egi.eu/services/check-in/) in order to allow user +[EGI Check-in](https://www.egi.eu/service/check-in/) in order to allow user login through Check-in and to receive users' attributes. Check-in is connected to a wide range of academic and social Identity Providers that users can choose from in order to access your service. diff --git a/content/en/users/aai/check-in/_index.md b/content/en/users/aai/check-in/_index.md index 30491b944e..0b9f09f73d 100644 --- a/content/en/users/aai/check-in/_index.md +++ b/content/en/users/aai/check-in/_index.md @@ -11,7 +11,7 @@ description: > ## What is it? -[EGI Check-in](https://www.egi.eu/services/check-in/) is a proxy service that +[EGI Check-in](https://www.egi.eu/service/check-in/) is a proxy service that **allows scientific communities to securely access and control access to resources in the EGI Federated infrastructure**. It operates as a central hub that connects federated [Identity Providers](../../../providers/check-in/idp) (IdPs) diff --git a/content/en/users/compute/cloud-compute/_index.md b/content/en/users/compute/cloud-compute/_index.md index 14c64d6a3d..0b1adcfcf6 100644 --- a/content/en/users/compute/cloud-compute/_index.md +++ b/content/en/users/compute/cloud-compute/_index.md @@ -9,7 +9,7 @@ description: > Run virtual machines in the EGI Cloud --- -The [EGI Federated Cloud Compute](https://www.egi.eu/services/cloud-compute/) (FedCloud) +The [EGI Federated Cloud Compute](https://www.egi.eu/service/cloud-compute/) (FedCloud) service offers a multi-cloud IaaS federation that brings together research clouds as a scalable computing platform for data and/or compute driven applications and services for research and science. @@ -26,7 +26,7 @@ servers. Cloud Compute service is provided through a federation of IaaS cloud sites that offer: -- Single Sign-On via [EGI Check-in](https://www.egi.eu/services/check-in/), +- Single Sign-On via [EGI Check-in](https://www.egi.eu/service/check-in/), users can login into every provider with their institutional credentials and use modern industry standards like [OpenID Connect](https://openid.net/connect/). @@ -71,7 +71,7 @@ emerged: - **Disposable and testing environments**: environments for training or testing new developments. - Example: - [Training infrastructure](https://www.egi.eu/services/training-infrastructure/) + [Training infrastructure](https://www.egi.eu/service/training-infrastructure/) Eager to test this service? Have a look at [how to create your first Virtual Machine in EGI](../../tutorials/create-your-first-virtual-machine). diff --git a/content/en/users/compute/cloud-container-compute/_index.md b/content/en/users/compute/cloud-container-compute/_index.md index 7338d9b286..708610e33e 100644 --- a/content/en/users/compute/cloud-container-compute/_index.md +++ b/content/en/users/compute/cloud-container-compute/_index.md @@ -9,7 +9,7 @@ description: > --- The -[EGI Cloud Container Compute service](https://www.egi.eu/services/cloud-container/) +[EGI Cloud Container Compute service](https://www.egi.eu/service/cloud-container/) allows you to run container-based applications on the providers of the EGI Federated Cloud. There are two main ways of executing containers: diff --git a/content/en/users/compute/orchestration/workload-manager/_index.md b/content/en/users/compute/orchestration/workload-manager/_index.md index 9ccd3bc55c..063f943780 100644 --- a/content/en/users/compute/orchestration/workload-manager/_index.md +++ b/content/en/users/compute/orchestration/workload-manager/_index.md @@ -11,7 +11,7 @@ description: > ## What is it? -[EGI Workload Manager](https://www.egi.eu/services/workload-manager/) is a +[EGI Workload Manager](https://www.egi.eu/service/workload-manager/) is a service provided to the EGI community to efficiently **manage and distribute computing workloads on the EGI infrastructure**. diff --git a/content/en/users/data/management/data-transfer/_index.md b/content/en/users/data/management/data-transfer/_index.md index d8d1edd5f0..bf39c909e5 100644 --- a/content/en/users/data/management/data-transfer/_index.md +++ b/content/en/users/data/management/data-transfer/_index.md @@ -10,7 +10,7 @@ description: ## What is it? -[EGI Data Transfer](https://www.egi.eu/services/data-transfer/) +[EGI Data Transfer](https://www.egi.eu/service/data-transfer/) allows scientists to **move any type of data files asynchronously from one storage to another**. The service includes dedicated interfaces to display statistics of on-going transfers and manage storage resource parameters. diff --git a/content/en/users/data/storage/_index.md b/content/en/users/data/storage/_index.md index 1254cf7e94..cb147cc543 100644 --- a/content/en/users/data/storage/_index.md +++ b/content/en/users/data/storage/_index.md @@ -10,7 +10,7 @@ description: > ## Overview -[Online Storage](https://www.egi.eu/services/online-storage/) includes services +[Online Storage](https://www.egi.eu/service/online-storage/) includes services that allow users to **store, share and access data** using the EGI infrastructure. Different categories of storage are available, depending on how data is stored, the technology used to access and consume data, and the foreseen usage. diff --git a/content/en/users/dev-env/notebooks/_index.md b/content/en/users/dev-env/notebooks/_index.md index a43497a2a0..9ee4b42363 100644 --- a/content/en/users/dev-env/notebooks/_index.md +++ b/content/en/users/dev-env/notebooks/_index.md @@ -17,7 +17,7 @@ of them. ## What is it? -[EGI Notebooks](https://www.egi.eu/services/notebooks/) is a service-like +[EGI Notebooks](https://www.egi.eu/service/notebooks/) is a service-like environment based on the [Jupyter technology](http://jupyter.org/), offering a **browser-based tool for interactive data analysis**. diff --git a/content/en/users/getting-started/_index.md b/content/en/users/getting-started/_index.md index 4847872e51..85976f0915 100644 --- a/content/en/users/getting-started/_index.md +++ b/content/en/users/getting-started/_index.md @@ -17,7 +17,7 @@ either run their own [data centers](https://www.egi.eu/federation/data-centres/) or rely on community, private and/or public cloud services. These service providers offer: -- **Single Sign-On** via [EGI Check-in](https://www.egi.eu/services/check-in/) +- **Single Sign-On** via [EGI Check-in](https://www.egi.eu/service/check-in/) allows users to login with their institutional (community) credentials - **Global image catalogue** at [AppDB](https://appdb.egi.eu) with pre-configured virtual machine images @@ -96,7 +96,7 @@ EGI services use the following types of access conditions: for such services. Example: Compute resources and tools allocated to researchers in medical imaging ([Biomed VO](http://lsgc.org/biomed.html)). - **Pay-for-use** - Services are provided for a fee. Example: - [FitSM Training](https://www.egi.eu/services/fitsm-training) + [FitSM Training](https://www.egi.eu/service/fitsm-training) The EGI user community support team handles access requests (orders) for the _Policy based_ and _Pay-for-use_ access modes. They will respond to the request diff --git a/content/en/users/training/_index.md b/content/en/users/training/_index.md index a621b7022a..cbdb90e41e 100644 --- a/content/en/users/training/_index.md +++ b/content/en/users/training/_index.md @@ -95,4 +95,4 @@ The infrastructure currently includes enough capacity to scale up to class-room size audiences, approximately up to 100 participants. Do you want to book the infrastructure for a course? Please send a -request through [our site](https://www.egi.eu/services/training-infrastructure/). +request through [our site](https://www.egi.eu/service/training-infrastructure/). diff --git a/content/en/users/tutorials/htc-job-submission/_index.md b/content/en/users/tutorials/htc-job-submission/_index.md index 718663f896..6e1cf877c6 100644 --- a/content/en/users/tutorials/htc-job-submission/_index.md +++ b/content/en/users/tutorials/htc-job-submission/_index.md @@ -584,7 +584,7 @@ $ glite-ce-job-output "$JOB_ID" ### Via the EGI Workload Manager -> The [EGI Workload Manager](https://www.egi.eu/services/workload-manager/) is a +> The [EGI Workload Manager](https://www.egi.eu/service/workload-manager/) is a > service provided to the EGI community to efficiently manage and distribute > computing workloads on the EGI infrastructure. From 09c195b588b75825c9cb4ad945cb008fd2b57a15 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 09:53:50 +0100 Subject: [PATCH 19/50] Fix deprecated links --- content/en/users/compute/cloud-compute/monitor/_index.md | 2 +- content/en/users/compute/cloud-container-compute/_index.md | 2 +- content/en/users/compute/orchestration/dodas/_index.md | 2 +- content/en/users/compute/orchestration/ec3/_index.md | 2 +- content/en/users/compute/orchestration/im/_index.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/users/compute/cloud-compute/monitor/_index.md b/content/en/users/compute/cloud-compute/monitor/_index.md index 2aa16a657d..7fbbed9f60 100644 --- a/content/en/users/compute/cloud-compute/monitor/_index.md +++ b/content/en/users/compute/cloud-compute/monitor/_index.md @@ -69,7 +69,7 @@ contextualisation options of the wizard described above). ![VM details](vmops_vm.png) -VMOps was presented in one of the [EGI Webinars](https://www.egi.eu/webinars/) +VMOps was presented in one of the [EGI Webinars](https://www.egi.eu/trainings-and-webinars/) in 2020. The [indico page](https://indico.egi.eu/event/5272/) contains more details and there is also a video recording available on [YouTube](https://youtu.be/0YuuKA_4pSM). diff --git a/content/en/users/compute/cloud-container-compute/_index.md b/content/en/users/compute/cloud-container-compute/_index.md index 708610e33e..6542534cce 100644 --- a/content/en/users/compute/cloud-container-compute/_index.md +++ b/content/en/users/compute/cloud-container-compute/_index.md @@ -27,6 +27,6 @@ Federated Cloud. There are two main ways of executing containers: Follow the guides below to learn more about them. The EGI Cloud Container Compute service was presented in one of the -[EGI Webinars](https://www.egi.eu/webinars/). See more details on the +[EGI Webinars](https://www.egi.eu/trainings-and-webinars/). See more details on the [indico page](https://indico.egi.eu/event/5492/) and a video recording on [YouTube](https://youtu.be/cZ3M47ON0pg). diff --git a/content/en/users/compute/orchestration/dodas/_index.md b/content/en/users/compute/orchestration/dodas/_index.md index 7e8e7aa78a..4e9be014dd 100644 --- a/content/en/users/compute/orchestration/dodas/_index.md +++ b/content/en/users/compute/orchestration/dodas/_index.md @@ -31,7 +31,7 @@ your cluster in the EGI Federation: {{% alert title="Note" color="info" %}} For detailed information about DODAS please see its [documentation](https://web.infn.it/dodas/index.php/en/). It was -also presented in one of the [EGI Webinars](https://www.egi.eu/webinars/), more +also presented in one of the [EGI Webinars](https://www.egi.eu/trainings-and-webinars/), more details are available on the [indico page](https://indico.egi.eu/event/5695/) and the video recording is available on [YouTube](https://www.youtube.com/watch?v=bcURl4ESRW8&ab_channel=EGI). diff --git a/content/en/users/compute/orchestration/ec3/_index.md b/content/en/users/compute/orchestration/ec3/_index.md index bfb37f1613..d3eb74ff6f 100644 --- a/content/en/users/compute/orchestration/ec3/_index.md +++ b/content/en/users/compute/orchestration/ec3/_index.md @@ -29,7 +29,7 @@ running [TORQUE](https://github.com/adaptivecomputing/torque), resized to fit the load (e.g. number of jobs at the batch system). {{% alert title="Note" color="info" %}} EC3 was presented in one of the -[EGI Webinars](https://www.egi.eu/webinars/). Please see more details on the +[EGI Webinars](https://www.egi.eu/trainings-and-webinars/). Please see more details on the [Indico page](https://indico.egi.eu/event/5092/) and check out the video recording on [YouTube](https://youtu.be/cN0tTBjV3I8). {{% /alert %}} diff --git a/content/en/users/compute/orchestration/im/_index.md b/content/en/users/compute/orchestration/im/_index.md index fa626afe5e..64252f78f5 100644 --- a/content/en/users/compute/orchestration/im/_index.md +++ b/content/en/users/compute/orchestration/im/_index.md @@ -39,7 +39,7 @@ A [tutorial](https://imdocs.readthedocs.io/en/latest/dashboard.html#usage) and {{% alert title="Note" color="info" %}} For detailed information about Infrastructure Manager please see its [documentation](https://imdocs.readthedocs.io). It was also presented in one of the -[EGI Webinars](https://www.egi.eu/webinars/), more details are available on the +[EGI Webinars](https://www.egi.eu/trainings-and-webinars/), more details are available on the [indico page](https://indico.egi.eu/event/5495/) and the video recording is available on [YouTube](https://youtu.be/Q9VsYjI1mD4). {{% /alert %}} From 2dd6b71c1709486ba97e6a9789b0495140b4a2d1 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:08:16 +0100 Subject: [PATCH 20/50] Fix deprecated link --- content/en/users/getting-started/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/getting-started/_index.md b/content/en/users/getting-started/_index.md index 85976f0915..6f332090dc 100644 --- a/content/en/users/getting-started/_index.md +++ b/content/en/users/getting-started/_index.md @@ -111,7 +111,7 @@ typically covers two topics: much RAM per CPU, which software services, and for how long do you need them, etc. -[Contact us](https://www.egi.eu/contact/) if you want to discuss further. +[Contact us](https://www.egi.eu/contact-us/) if you want to discuss further. ## Capacity allocation From 77076724548a1b1626a14366098f4b6998b736ef Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:10:18 +0100 Subject: [PATCH 21/50] Ignore all LTOS links. --- .github/linters/mlc_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index bd78ffeadb..c487d7b5fa 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -58,7 +58,7 @@ "pattern": "^https://opensource.org/licenses" }, { - "pattern": "^https://servproject.i3m.upv.es/ec3-ltos/index.php" + "pattern": "^https://servproject.i3m.upv.es/ec3-ltos/*" }, { "pattern": "^https://operations-portal.egi.eu/downtimes/subscription" From 1800ab07cd8dd14c0a789fde6d71fe2dbe6f1f51 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:12:33 +0100 Subject: [PATCH 22/50] Ignore RFC links that are often doing timeouts --- .github/linters/mlc_config.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index c487d7b5fa..68c086e8e6 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -65,6 +65,9 @@ }, { "pattern": "^https://github.com/.*.keys" + }, + { + "pattern": "^https://tools.ietf.org/html/rfc*" } ] } From 92aed323fc83948dbb7d3702d360f225c540acbd Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:56:23 +0100 Subject: [PATCH 23/50] Fix deprecated link --- content/en/users/compute/cloud-container-compute/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/compute/cloud-container-compute/_index.md b/content/en/users/compute/cloud-container-compute/_index.md index 6542534cce..d9b8241a3c 100644 --- a/content/en/users/compute/cloud-container-compute/_index.md +++ b/content/en/users/compute/cloud-container-compute/_index.md @@ -9,7 +9,7 @@ description: > --- The -[EGI Cloud Container Compute service](https://www.egi.eu/service/cloud-container/) +[EGI Cloud Container Compute service](https://www.egi.eu/service/cloud-container-compute/) allows you to run container-based applications on the providers of the EGI Federated Cloud. There are two main ways of executing containers: From 3cbffa7e43226a206e4d6993968bdc0f1e8e364a Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:57:12 +0100 Subject: [PATCH 24/50] Use an http link for EC3 --- content/en/users/compute/orchestration/ec3/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/compute/orchestration/ec3/_index.md b/content/en/users/compute/orchestration/ec3/_index.md index d3eb74ff6f..358c9e506c 100644 --- a/content/en/users/compute/orchestration/ec3/_index.md +++ b/content/en/users/compute/orchestration/ec3/_index.md @@ -11,7 +11,7 @@ description: > ## What is it? -[Elastic Cloud Compute Cluster](http://servproject.i3m.upv.es/ec3-ltos/) (EC3) +[Elastic Cloud Compute Cluster](https://servproject.i3m.upv.es/ec3-ltos/) (EC3) is a tool to **create elastic virtual clusters on top of Infrastructure-as-a-Service (IaaS) providers**. From 6244d42e0074cfec9cccbbd40b5a409a18403b46 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 10:59:31 +0100 Subject: [PATCH 25/50] Use an https link for oneclient installation --- content/en/users/data/management/datahub/clients/_index.md | 6 +++--- content/en/users/tutorials/vm-datahub/_index.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/users/data/management/datahub/clients/_index.md b/content/en/users/data/management/datahub/clients/_index.md index 6bc245d60f..2fe5b1aaa6 100644 --- a/content/en/users/data/management/datahub/clients/_index.md +++ b/content/en/users/data/management/datahub/clients/_index.md @@ -71,7 +71,7 @@ Ubuntu releases). ```shell $ docker run -it --privileged centos:7 /bin/bash -root@81dbd7e84438 /]# curl -sS http://get.onedata.org/oneclient.sh | bash +root@81dbd7e84438 /]# curl -sS https://get.onedata.org/oneclient.sh | bash # (...) Complete! Installation has been completed successfully. @@ -168,7 +168,7 @@ The following variables have to be exported: connect to. ```shell -$ curl -sS http://get.onedata.org/oneclient.sh | bash +$ curl -sS https://get.onedata.org/oneclient.sh | bash $ export ONECLIENT_ACCESS_TOKEN= $ export ONECLIENT_PROVIDER_HOST=plg-cyfronet-01.datahub.egi.eu $ mkdir /tmp/space @@ -184,7 +184,7 @@ It\'s possible to quickly test Oneclient using $ vagrant init ubuntu/xenial64 $ vagrant up $ vagrant ssh -$ curl -sS http://get.onedata.org/oneclient.sh | bash +$ curl -sS https://get.onedata.org/oneclient.sh | bash $ export ONECLIENT_ACCESS_TOKEN= $ export ONECLIENT_PROVIDER_HOST=plg-cyfronet-01.datahub.egi.eu $ mkdir /tmp/space diff --git a/content/en/users/tutorials/vm-datahub/_index.md b/content/en/users/tutorials/vm-datahub/_index.md index f4e547ecdb..aef790f2aa 100644 --- a/content/en/users/tutorials/vm-datahub/_index.md +++ b/content/en/users/tutorials/vm-datahub/_index.md @@ -38,7 +38,7 @@ Alternatively a docker based installation is also provided. Use the following command in order to install the `oneclient` package in a supported OS: ```shell -$ curl -sS http://get.onedata.org/oneclient.sh | bash +$ curl -sS https://get.onedata.org/oneclient.sh | bash ``` This will also install the needed dependencies. From a6b73c53dc6acc9ffe5e6417409dbef814c53a53 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:02:40 +0100 Subject: [PATCH 26/50] Use https links --- content/en/internal/accounting/service-information/_index.md | 2 +- .../en/internal/collaboration-tools/mailing-lists/_index.md | 2 +- content/en/internal/getting-started/_index.md | 4 ++-- content/en/internal/monitoring/_index.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/internal/accounting/service-information/_index.md b/content/en/internal/accounting/service-information/_index.md index 873590bd19..5cb292d6bb 100644 --- a/content/en/internal/accounting/service-information/_index.md +++ b/content/en/internal/accounting/service-information/_index.md @@ -17,7 +17,7 @@ description: "EGI Accounting identity card" | Support Email | `apel-admins` `` `stfc.ac.uk` | | [Helpdesk](../../helpdesk) Support Unit | **EGI Services and Service Components**
I\_\_ Accounting Portal
I\_\_ APEL Client and Accounting Repository | | Configuration Database entries | [Repository](https://goc.egi.eu/portal/index.php?Page_Type=Site&id=237)
[Portal](https://goc.egi.eu/portal/index.php?Page_Type=Site&id=646) | -| Suppliers | [UKRI](https://www.ukri.org/) (Repository), [CESGA](http://www.cesga.es) (Portal) | +| Suppliers | [UKRI](https://www.ukri.org/) (Repository), [CESGA](https://www.cesga.es) (Portal) | | Roadmap | N/A | | Release notes | N/A | | Source code | [APEL](https://github.com/apel/apel), Portal: N/A | diff --git a/content/en/internal/collaboration-tools/mailing-lists/_index.md b/content/en/internal/collaboration-tools/mailing-lists/_index.md index ac50d0dae9..fc312d9c94 100644 --- a/content/en/internal/collaboration-tools/mailing-lists/_index.md +++ b/content/en/internal/collaboration-tools/mailing-lists/_index.md @@ -77,6 +77,6 @@ will be assigned to the groups when they create the account. ## Documentation -- [Mailman documentation](http://www.gnu.org/software/mailman/docs.html) +- [Mailman documentation](https://www.gnu.org/software/mailman/docs.html) - [Mailman Frequently Asked Questions](https://wiki.list.org/DOC/Frequently%20Asked%20Questions) - [List administrator tasks](https://wiki.list.org/DOC/3%20List%20administrator%20tasks) diff --git a/content/en/internal/getting-started/_index.md b/content/en/internal/getting-started/_index.md index f0d59116db..a3aa156b3b 100644 --- a/content/en/internal/getting-started/_index.md +++ b/content/en/internal/getting-started/_index.md @@ -12,9 +12,9 @@ Use this section to get started quickly with internal EGI services: insight into how EGI is able to offer advanced public cloud services - The [**Configuration Database**](https://goc.egi.eu) records the topology of the sites in the EGI federation -- [**Service Monitoring**](http://argo.egi.eu) tracks and controls the +- [**Service Monitoring**](https://argo.egi.eu) tracks and controls the performance of the services - [**Accounting**](https://accounting.egi.eu) tracks service and resource usage, providing insights and reports on consumption -- The [**Helpdesk**](http://helpdesk.egi.eu) lets users and providers report +- The [**Helpdesk**](https://helpdesk.egi.eu) lets users and providers report incidents and bugs, or request changes diff --git a/content/en/internal/monitoring/_index.md b/content/en/internal/monitoring/_index.md index c353942ca5..675e0ae3bb 100644 --- a/content/en/internal/monitoring/_index.md +++ b/content/en/internal/monitoring/_index.md @@ -8,7 +8,7 @@ description: > ## What is it? -The [EGI Service Monitoring](http://argo.egi.eu) **keeps an eye on the +The [EGI Service Monitoring](https://argo.egi.eu) **keeps an eye on the performance of the EGI services** to quickly detect and resolve issues. The service monitors the infrastructure by collecting data generated by From 13dfe886b6f7448528a67b65d116e67b4f86671e Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:09:03 +0100 Subject: [PATCH 27/50] Replace more http links by https --- content/en/providers/cloud-compute/openstack/_index.md | 2 +- content/en/providers/cloud-compute/openstack/accounting.md | 4 ++-- content/en/providers/cloud-compute/validation/_index.md | 2 +- .../high-throughput-compute/storage-accounting/_index.md | 4 ++-- content/en/providers/joining/technology-provider/_index.md | 2 +- .../howto03_site_certificatoin_giis_check/_index.md | 2 +- .../man05_top_and_site_bdii_high_availability/_index.md | 6 +++--- .../man06_failover_for_mysql_grid_based_services/_index.md | 4 ++-- content/en/providers/rod/overview/_index.md | 6 +++--- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/content/en/providers/cloud-compute/openstack/_index.md b/content/en/providers/cloud-compute/openstack/_index.md index 7751c2b5e0..9040ec4a48 100644 --- a/content/en/providers/cloud-compute/openstack/_index.md +++ b/content/en/providers/cloud-compute/openstack/_index.md @@ -9,7 +9,7 @@ description: > This manual provides information on how to set up a Resource Centre providing cloud resources in the EGI infrastructure. Integration with FedCloud requires a _working OpenStack installation_ as a pre-requirement. EGI supports any recent -[OpenStack version](http://releases.openstack.org) (tested from OpenStack +[OpenStack version](https://releases.openstack.org) (tested from OpenStack Mitaka). EGI expects the following OpenStack services to be available and accessible from diff --git a/content/en/providers/cloud-compute/openstack/accounting.md b/content/en/providers/cloud-compute/openstack/accounting.md index dcff644645..c1c67b8d16 100644 --- a/content/en/providers/cloud-compute/openstack/accounting.md +++ b/content/en/providers/cloud-compute/openstack/accounting.md @@ -18,7 +18,7 @@ ssmsend every six hours. ### Using the VM Appliance -[cASO configuration](http://caso.readthedocs.org/en/latest/configuration.html) +[cASO configuration](https://caso.readthedocs.org/en/latest/configuration.html) is stored at `/etc/caso/caso.conf`. Most default values should be OK, but you must set: @@ -29,7 +29,7 @@ must set: - credentials to access the accounting data (lines 28-47, more options also available). Check the - [cASO documentation](http://caso.readthedocs.org/en/latest/configuration.html#openstack-configuration) + [cASO documentation](https://caso.readthedocs.org/en/latest/configuration.html#openstack-configuration) for the expected permissions of the user configured here. - The mapping from EGI VOs to your local projects `/etc/caso/voms.json`, diff --git a/content/en/providers/cloud-compute/validation/_index.md b/content/en/providers/cloud-compute/validation/_index.md index cce8da02c7..e84d9cf47e 100644 --- a/content/en/providers/cloud-compute/validation/_index.md +++ b/content/en/providers/cloud-compute/validation/_index.md @@ -42,5 +42,5 @@ Extra checks for your installation: [site certification manual tests](../../../providers/operations-manuals/howto04_site_certification_manual_tests/#check-the-functionality-of-the-cloud-elements) against your endpoints. -- Check in the [accounting portal](http://accounting.egi.eu/) that your site is +- Check in the [accounting portal](https://accounting.egi.eu/) that your site is listed and the values reported look consistent with the usage of your site. diff --git a/content/en/providers/high-throughput-compute/storage-accounting/_index.md b/content/en/providers/high-throughput-compute/storage-accounting/_index.md index 2a1ae826b1..cc6d1ff8cc 100644 --- a/content/en/providers/high-throughput-compute/storage-accounting/_index.md +++ b/content/en/providers/high-throughput-compute/storage-accounting/_index.md @@ -10,7 +10,7 @@ description: "Using Storage Accounting Record (StAR)" Storage space usage accounting is based on the StAR (Storage Accounting Record) developed during the EMI project in conjunction with the OGF Usage Record Work Group (UR-WG). The format is documented -[in GFD-I.201](http://cds.cern.ch/record/1452920/files/GFD.201.pdf). +[in GFD-I.201](https://cds.cern.ch/record/1452920/files/GFD.201.pdf). EMI delivered StAR solutions for dCache and DPM in EMI-3. In both cases the storage service queries its database at a site and extracts data to populate @@ -130,5 +130,5 @@ The page is updated on a daily basis. ## Storage Accounting Data at the EGI Accounting Portal The storage accounting view is currently available on the -[development instance](http://accounting-devel.egi.eu/storage.php) of the +[development instance](https://accounting-devel.egi.eu/storage.php) of the Accounting Portal. diff --git a/content/en/providers/joining/technology-provider/_index.md b/content/en/providers/joining/technology-provider/_index.md index 459d460b56..dcb85a4001 100644 --- a/content/en/providers/joining/technology-provider/_index.md +++ b/content/en/providers/joining/technology-provider/_index.md @@ -42,7 +42,7 @@ in parallel): Management Database (CMDB) - Information System: evaluating if the new technology should publish information in the Information System according to the - [GLUE Schema](http://www.ogf.org/documents/GFD.147.pdf). + [GLUE Schema](https://www.ogf.org/documents/GFD.147.pdf). - [Monitoring](../../../internal/monitoring): the new technology should allow external monitoring. If particular aspects of the technology need to be monitored, specific monitoring probes should be provided by the TPs and diff --git a/content/en/providers/operations-manuals/howto03_site_certificatoin_giis_check/_index.md b/content/en/providers/operations-manuals/howto03_site_certificatoin_giis_check/_index.md index ab82be7992..d5b881b534 100644 --- a/content/en/providers/operations-manuals/howto03_site_certificatoin_giis_check/_index.md +++ b/content/en/providers/operations-manuals/howto03_site_certificatoin_giis_check/_index.md @@ -20,7 +20,7 @@ These are the main branches of the LDAP tree: - `GlueServiceUniqueID` It is recommended to use the -[Apache Studio LDAP browser](http://directory.apache.org/studio/), although in +[Apache Studio LDAP browser](https://directory.apache.org/studio/), although in this page `ldapsearch` queries are shown. ### Contact information diff --git a/content/en/providers/operations-manuals/man05_top_and_site_bdii_high_availability/_index.md b/content/en/providers/operations-manuals/man05_top_and_site_bdii_high_availability/_index.md index 78a46d587a..8b2c5878ae 100644 --- a/content/en/providers/operations-manuals/man05_top_and_site_bdii_high_availability/_index.md +++ b/content/en/providers/operations-manuals/man05_top_and_site_bdii_high_availability/_index.md @@ -97,11 +97,11 @@ administrator. ### DNS round robin load balancing -- [Load balancing](http://en.wikipedia.org/wiki/Load_distribution) is a +- [Load balancing](https://en.wikipedia.org/wiki/Load_distribution) is a technique to distribute workload evenly across two or more resources. A load balancing method, which does not necessarily require a dedicated software or hardware node, is called - [round robin DNS](http://en.wikipedia.org/wiki/Round-robin_DNS). + [round robin DNS](https://en.wikipedia.org/wiki/Round-robin_DNS). - We can assume that all transactions (queries to top or site BDII generate the same resource load. For an effective load balancing, all top or site BDII @@ -112,7 +112,7 @@ administrator. is a primary DNS server (`dns.domain.tld`) where the DNS load balancing will be implemented, one simply has to add multiple A records mapping the same hostname to multiple IP addresses under the core.top.domain - [DNS zone](http://en.wikipedia.org/wiki/DNS_zone). It is equally applicable to + [DNS zone](https://en.wikipedia.org/wiki/DNS_zone). It is equally applicable to site BDII. ```bind diff --git a/content/en/providers/operations-manuals/man06_failover_for_mysql_grid_based_services/_index.md b/content/en/providers/operations-manuals/man06_failover_for_mysql_grid_based_services/_index.md index cd051ffc91..56ee3e8994 100644 --- a/content/en/providers/operations-manuals/man06_failover_for_mysql_grid_based_services/_index.md +++ b/content/en/providers/operations-manuals/man06_failover_for_mysql_grid_based_services/_index.md @@ -54,11 +54,11 @@ Database entries. 4. Stunnel uses Public-key cryptography with X.509 digital certificates to secure the SSL connection. Clients can optionally be authenticated via a certificate too -5. For more references, please check [www.stunnel.org](http://www.stunnel.org/) +5. For more references, please check [www.stunnel.org](https://www.stunnel.org/) - There are other possibilities for encryption, like enabling SSL Support directly in MySQL, but these approach was not tested. Details can be obtained - [here](http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4). + [here](https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4). ## MySQL replication diff --git a/content/en/providers/rod/overview/_index.md b/content/en/providers/rod/overview/_index.md index cadc3abbc8..76a2b3972a 100644 --- a/content/en/providers/rod/overview/_index.md +++ b/content/en/providers/rod/overview/_index.md @@ -24,7 +24,7 @@ There are few actions which needs to be taken before you start your work: 1. Get a valid grid certificate delivered by Certificate Authorities (CA) - this step is important because most of the tools used during the shift require - certificate. [Find](http://www.eugridpma.org/members/worldmap/) EUGRIDPMA + certificate. [Find](https://www.eugridpma.org/members/worldmap/) EUGRIDPMA members. 2. [Register to Dteam VO](https://voms2.hellasgrid.gr:8443/voms/dteam/). Dteam membership will give you possibility to test sites and debug problems. @@ -49,7 +49,7 @@ There are few actions which needs to be taken before you start your work: you will find all information relevant to your work as a ROD. To see how to perform all those actions please watch video -[How to become a ROD member](http://www.youtube.com/watch?v=p-SrqJMDlOo) (7 +[How to become a ROD member](https://www.youtube.com/watch?v=p-SrqJMDlOo) (7 steps which should be done to become a ROD member also). ## ROD duties @@ -109,7 +109,7 @@ important for your work. ### Operational Tools ROD uses several operational tools to perform theirs duties -([Operations tools video](http://www.youtube.com/watch?v=bNm4oupAmqI)): +([Operations tools video](https://www.youtube.com/watch?v=bNm4oupAmqI)): - [Operations Portal](../../../internal/operations-portal/). Dashboard tool on the Operations Portal is a main tool which is used by ROD teams. All actions From 0cd28d108791b36a3c26809646216765d3c93380 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:19:46 +0100 Subject: [PATCH 28/50] Use https links --- content/en/providers/check-in/sp/_index.md | 8 ++--- .../faq-hepspec06/_index.md | 4 +-- .../_index.md | 30 +++++++++---------- .../_index.md | 2 +- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/content/en/providers/check-in/sp/_index.md b/content/en/providers/check-in/sp/_index.md index 6e31f28902..6ba2f1f0e2 100644 --- a/content/en/providers/check-in/sp/_index.md +++ b/content/en/providers/check-in/sp/_index.md @@ -102,7 +102,7 @@ The integration follows a two-step process: EGI Check-in supports two authentication and authorisation protocols that you can choose from: -1. [Security Assertion Markup Language (SAML) 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) +1. [Security Assertion Markup Language (SAML) 2.0](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) 1. [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) - an extension to [OAuth 2.0](https://tools.ietf.org/html/rfc6749) @@ -274,7 +274,7 @@ If the SP supports the Single Logout profile, then its metadata **MUST** contain - at least one `` endpoint element (this MAY be omitted if the SP solely issues `` messages containing the `` extension - [SAML2ASLO](http://docs.oasis-open.org/security/saml/Post2.0/saml-async-slo/v1.0/cs01/saml-async-slo-v1.0-cs01.pdf)) + [SAML2ASLO](https://docs.oasis-open.org/security/saml/Post2.0/saml-async-slo/v1.0/cs01/saml-async-slo-v1.0-cs01.pdf)) ### Attributes @@ -325,7 +325,7 @@ Service Providers can be integrated with EGI Check-in using OpenID Connect (OIDC) as an alternative to the SAML2 protocol. To allow this, the EGI Check-in IdP provides an OpenID Connect (OAuth2) API based on [Keycloak](https://www.keycloak.org), which has been -[certified by the OpenID Foundation](http://openid.net/certification/). +[certified by the OpenID Foundation](https://openid.net/certification/). Interconnection with the EGI Check-in OpenID Provider allows users to sign in using any of the supported backend authentication mechanisms, such as institutional IdPs registered with eduGAIN or Social Providers. Once the user @@ -1927,7 +1927,7 @@ Identity Assurance, which is conveyed to the SP through both the (`AuthnContextClassRef`) of the SAML authentication response. EGI Check-in uses Assurance Profiles which distinguish between three Identity Assurance levels, similarly to the -[eID Assurance Framework (eIDAF)](http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:JOL_2015_235_R_0002). +[eID Assurance Framework (eIDAF)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:JOL_2015_235_R_0002). Each level is represented by a URI as follows: - **Low**: Authentication through a social identity provider or other low diff --git a/content/en/providers/operations-manuals/faq-hepspec06/_index.md b/content/en/providers/operations-manuals/faq-hepspec06/_index.md index 9bd29671c1..43498d986e 100644 --- a/content/en/providers/operations-manuals/faq-hepspec06/_index.md +++ b/content/en/providers/operations-manuals/faq-hepspec06/_index.md @@ -15,7 +15,7 @@ SPEC, a new CPU benchmark that will replace si2k and will become the reference benchmark for accounting purposes. Detailed description of the reasons are provided on the -[transition to a new CPU benchmarking unit for the WLCG](http://indico.cern.ch/getFile.py/access?contribId=3&sessionId=0&resId=0&materialId=0&confId=49388). +[transition to a new CPU benchmarking unit for the WLCG](https://indico.cern.ch/getFile.py/access?contribId=3&sessionId=0&resId=0&materialId=0&confId=49388). ### Q2: What is HEP SPEC 06? @@ -36,7 +36,7 @@ change. ### Q3: Where can I find information about HEP SPEC 06 measurements? Some example results are available on the -[HEPIX group-page](http://w3.hepix.org/benchmarking.html), where one can see the +[HEPIX group-page](https://w3.hepix.org/benchmarking.html), where one can see the differences between gcc3.4.x and gcc4.1.x. Additional results tables are available from various EGI partners: diff --git a/content/en/providers/operations-manuals/howto01_using_igtf_ca_distribution/_index.md b/content/en/providers/operations-manuals/howto01_using_igtf_ca_distribution/_index.md index 288bb00f2d..ee6752af89 100644 --- a/content/en/providers/operations-manuals/howto01_using_igtf_ca_distribution/_index.md +++ b/content/en/providers/operations-manuals/howto01_using_igtf_ca_distribution/_index.md @@ -9,7 +9,7 @@ To ensure interoperability within and outside of EGI, the [Policy on Acceptable Authentication Assurance](https://documents.egi.eu/document/2930) defined a common set of trust anchors (in a PKIX implementation "Certification Authorities") that all sites in EGI should install. In short, all CAs accredited -to the [Interoperable Global Trust Federation](http://www.igtf.net/) under the +to the [Interoperable Global Trust Federation](https://www.igtf.net/) under the [classic](https://www.igtf.net/ap/classic/), [MICS](https://www.igtf.net/ap/mics/) or [SLCS](https://www.igtf.net/ap/slcs/) _Authentication Profiles_ are approved for use in EGI. When installing the @@ -25,7 +25,7 @@ exception. ## Release notes Review the -[release notes](http://repository.egi.eu/sw/production/cas/1/current/README.txt) +[release notes](https://repository.egi.eu/sw/production/cas/1/current/README.txt) containing important notices about the current release, as well as a list of changes to the trust fabric. @@ -37,7 +37,7 @@ to manage the installation. To install the currently valid distribution, all RPM packages are provided at ```text -http://repository.egi.eu/sw/production/cas/1/current/ +https://repository.egi.eu/sw/production/cas/1/current/ ``` The current version is based on the @@ -49,14 +49,14 @@ trusted CAs. ### Using YUM package management Add the following -[repo-file](http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo) +[repo-file](https://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo) to the `/etc/yum.repos.d/` directory: ```ini [EGI-trustanchors] name=EGI-trustanchors -baseurl=http://repository.egi.eu/sw/production/cas/1/current/ -gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 +baseurl=https://repository.egi.eu/sw/production/cas/1/current/ +gpgkey=https://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 gpgcheck=1 enabled=1 ``` @@ -65,7 +65,7 @@ and then update your installation. How to update depends on your previous activity: - **if you have previously ever installed the `lcg-CA` package**, remove any - references to `http://linuxsoft.cern.ch/LCG-CAs/current` from your YUM setup, + references to `https://linuxsoft.cern.ch/LCG-CAs/current` from your YUM setup, and run ```shell @@ -116,7 +116,7 @@ $ wget -q -O - \ ```shell #### EGI Trust Anchor Distribution #### -deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core +deb https://repository.egi.eu/sw/production/cas/1/current egi-igtf core ``` - Populate the cache and install the meta-package @@ -134,7 +134,7 @@ review the release notes carefully for any security issues or withdrawn CAs. The tar files can be found in the EGI repository at ```text -http://repository.egi.eu/sw/production/cas/1/current/tgz/ +https://repository.egi.eu/sw/production/cas/1/current/tgz/ ``` Once you have downloaded the directory, you can unpack all the CA tar,gz as @@ -153,20 +153,20 @@ Quattor templates are povided as drop-in replacements for both QWG and CDB installations. Update your software repository (re-generating the repository templates as needed) and obtain the new CA templates from: -- `http://repository.egi.eu/sw/production/cas/1/current/meta/ca-policy-egi-core.tpl` +- `https://repository.egi.eu/sw/production/cas/1/current/meta/ca-policy-egi-core.tpl` for QWG -- `http://repository.egi.eu/sw/production/cas/1/current/meta/pro_software_meta_ca_policy_egi_core.tpl` +- `https://repository.egi.eu/sw/production/cas/1/current/meta/pro_software_meta_ca_policy_egi_core.tpl` for CDB Make sure to mirror (or refer to) the new repository at -`http://repository.egi.eu/sw/production/cas/1/current/` and create the +`https://repository.egi.eu/sw/production/cas/1/current/` and create the appropriate repository definition file. For WLCG sites that are migrating from the lcg-CA package: the WLCG policy companion of the EGI templates can be found at -[QWG](http://lcg-ca.web.cern.ch/lcg-ca/distribution/current/meta/ca-policy-lcg.tpl) +[QWG](https://lcg-ca.web.cern.ch/lcg-ca/distribution/current/meta/ca-policy-lcg.tpl) and -[CDB](http://lcg-ca.web.cern.ch/lcg-ca/distribution/current/meta/pro_software_meta_ca_policy_lcg.tpl) +[CDB](https://lcg-ca.web.cern.ch/lcg-ca/distribution/current/meta/pro_software_meta_ca_policy_lcg.tpl) and can be included in the profile in parallel with the EGI core template. All packages needed are also included in the EGI repository, so only a single repository reference is necessary. @@ -230,4 +230,4 @@ or its [mirror](https://www.apgridpma.org/distribution/). See the IGTF and EUGridPMA web pages for additional information. Make sure to verify your trust anchors with [TACAR](https://www.tacar.org/), the -[TERENA](http://www.terena.org) Academic CA Repository, where applicable. +[TERENA](https://www.terena.org) Academic CA Repository, where applicable. diff --git a/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md b/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md index 0925414b35..ed83b85d74 100644 --- a/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md +++ b/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md @@ -83,7 +83,7 @@ ARC uses its own system to publish the accounting data through AMS, so please refer to the NorduGrid ARC 6 documentation: - Information relevant only for 6.4 ARC releases and beyond: - [Accounting-NG](http://www.nordugrid.org/documents/arc6/tech/accounting/accounting-ng.html#accounting-ng-tech) + [Accounting-NG](https://www.nordugrid.org/documents/arc6/tech/accounting/accounting-ng.html#accounting-ng-tech) - The old ActiveMQ network was dismissed. [ARC 6.12](https://www.nordugrid.org/arc/releases/6.12/release_notes_6.12.html) introduces new settings for publishing the accounting records via AMS. From 7167e80c6330a432a97a25d1050b6089c6e84b45 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:41:34 +0100 Subject: [PATCH 29/50] Replace more http links by https --- .../en/users/aai/check-in/vos/voms/_index.md | 2 +- .../compute/cloud-compute/appdb/_index.md | 44 +++++++++---------- .../compute/cloud-compute/auth/_index.md | 2 +- .../cloud-compute/dynamic-dns/_index.md | 2 +- .../compute/cloud-compute/images/_index.md | 2 +- .../compute/high-throughput-compute/_index.md | 2 +- .../querying-information-system/_index.md | 6 +-- .../users/compute/orchestration/ec3/_index.md | 8 ++-- .../compute/orchestration/ec3/apps/_index.md | 4 +- .../orchestration/ec3/apps/ecas/_index.md | 12 ++--- .../orchestration/ec3/developers/_index.md | 4 +- .../users/compute/orchestration/im/_index.md | 6 +-- .../compute/orchestration/im/cli/_index.md | 2 +- .../orchestration/workload-manager/_index.md | 6 +-- .../datahub/file-management/_index.md | 2 +- .../data/management/datahub/links/_index.md | 2 +- content/en/users/dev-env/notebooks/_index.md | 4 +- .../dev-env/notebooks/integration/_index.md | 2 +- content/en/users/getting-started/_index.md | 2 +- .../getting-started/architecture/_index.md | 2 +- content/en/users/training/_index.md | 2 +- .../tutorials/htc-job-submission/_index.md | 16 +++---- 22 files changed, 67 insertions(+), 67 deletions(-) diff --git a/content/en/users/aai/check-in/vos/voms/_index.md b/content/en/users/aai/check-in/vos/voms/_index.md index 8001a549bf..d94a104c67 100644 --- a/content/en/users/aai/check-in/vos/voms/_index.md +++ b/content/en/users/aai/check-in/vos/voms/_index.md @@ -33,7 +33,7 @@ be stored in the web browser to access EGI web tools and services. ### Get a Certificate -The [list of EGI recognised CAs](http://www.eugridpma.org/members/worldmap/) +The [list of EGI recognised CAs](https://www.eugridpma.org/members/worldmap/) provides a clickable map to find your nearby CA. Several of these offer the option to get an 'eScience Personal' certificate online from the Terena Certificate Service CA. diff --git a/content/en/users/compute/cloud-compute/appdb/_index.md b/content/en/users/compute/cloud-compute/appdb/_index.md index c409ad3c05..591764eabe 100644 --- a/content/en/users/compute/cloud-compute/appdb/_index.md +++ b/content/en/users/compute/cloud-compute/appdb/_index.md @@ -9,8 +9,8 @@ description: > This document is intended for developers who want to write applications that interact with the AppDB API over the web using HTTP commands following the -[REST](http://en.wikipedia.org/wiki/Representational_state_transfer) paradigm. -The API endpoint is located at `http://appdb-pi.egi.eu` and it allows +[REST](https://en.wikipedia.org/wiki/Representational_state_transfer) paradigm. +The API endpoint is located at `https://appdb-pi.egi.eu` and it allows information retrieval and modification from third party applications without having to reside on the rich user interface of the AppDB portal. Thus one is given the opportunity to design one's own frontends. @@ -22,7 +22,7 @@ given the opportunity to design one's own frontends. Starting with version 1.0, the AppDB API features write access as well, by supporting HTTP verbs such as `PUT`, `POST`, and `DELETE`. Verb mappings to data operations follow a -[CRUD](http://en.wikipedia.org/wiki/Create,_read,_update_and_delete) convention, +[CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) convention, as depicted in the following table: | Operation | HTTP Verb | @@ -33,7 +33,7 @@ as depicted in the following table: | Delete | `DELETE` | The API also supports the Listing operation -([CRUDL](http://en.wikipedia.org/wiki/Create,_read,_update_and_delete) +([CRUDL](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) extension), by passing the parameter listmode=listing in the querystring when performing a `GET` request. Please note that in order to simplify the access model, Update operations are always partial, meaning that properties of the @@ -41,26 +41,26 @@ resource that is being updated which are entirely missing from the representation, are ignored (i.e. their state in the backend does not change). Therefore, in order to unset/remove a property, one has to explicitly specify it as `NULL`, provided that this is permitted. This is the reason why Create and -Update [CRUD](http://en.wikipedia.org/wiki/Create,_read,_update_and_delete) +Update [CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) mappings are inverted with regards to what is usually accustomed. Finally, the API also supports the `OPTIONS` HTTP verb, which returns a list of the operations that are permitted, in principle, for the resource in question. The base URI for this version of the RESTful API is -`http://appdb-pi.egi.eu/rest/1.0/` +`https://appdb-pi.egi.eu/rest/1.0/` and requests must be followed by at least one resource name, which may be followed by one or more optional sub-resource names, separated by slashes, as in the examples given bellow: -- `http://appdb-pi.egi.eu/rest/1.0/applications/` -- `http://appdb-pi.egi.eu/rest/1.0/applications/50/` +- `https://appdb-pi.egi.eu/rest/1.0/applications/` +- `https://appdb-pi.egi.eu/rest/1.0/applications/50/` ### Response types Because the API conforms to the REST paradigm, responses to all -[CRUD](http://en.wikipedia.org/wiki/Create,_read,_update_and_delete) operations -are always [XML](http://en.wikipedia.org/wiki/XML) document representations of +[CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) operations +are always [XML](https://en.wikipedia.org/wiki/XML) document representations of the resource in question. These documents are described by schema files which reside publicly in the web server. All the XML documents are enveloped in a common root element named `appdb` with attributes that describe request status, @@ -233,7 +233,7 @@ Consider the following examples when searching for software: For a list of possible specifiers, you can look up the `/filter/reflect` subresource of any searchable resource (e.g. `/applications/filter/reflect`), or -you can also try using any search box in the [portal](http://appdb.egi.eu), and +you can also try using any search box in the [portal](https://appdb.egi.eu), and check out the autocompletion list. ### Authenticated Access @@ -254,18 +254,18 @@ required, but it is strongly suggested, since they can help safeguard its use. Below you may find an exhaustive list of the resources v1.0 of the AppDB RESTful API offers. Details and documentation about a resource's representation may be -found as [XSD](http://en.wikipedia.org/wiki/XSD) annotations inside the +found as [XSD](https://en.wikipedia.org/wiki/XSD) annotations inside the appropriate schema file, under -[the schemata base resource](http://appdb-pi.egi.eu/rest/1.0/schema). Note that +[the schemata base resource](https://appdb-pi.egi.eu/rest/1.0/schema). Note that when performing `POST` operations, the representation must be passed as a URL-encoded string in the query-string under the parameter `data`, whereas when performing `PUT` operations, the representation must be passed as a normal text stream. Representations passed to `PUT`/`POST` operations must be enclosed within an `appdb:appdb` root element, with the appropriate -[XML](http://en.wikipedia.org/wiki/XML) namespaces declared, the same way that +[XML](https://en.wikipedia.org/wiki/XML) namespaces declared, the same way that responses are; nevertheless, this will be omitted in all following examples, in order to reduce clutter. Also note that since all Update (`POST`) operations are -partial, [XML](http://en.wikipedia.org/wiki/XML) elements that represent +partial, [XML](https://en.wikipedia.org/wiki/XML) elements that represent properties with a cardinality 0..\* must be either - omitted, in which case the present state in the backend is left untouched, @@ -290,7 +290,7 @@ This way, it is possible - as well as advised - to differentiate the response with the input to such operations, in order to verify that the result is what was intended, since properties that are malformed or invalid will not break the operation, but rather be ignored, as long as the representation is well-formed -(i.e. passes the [XSD](http://en.wikipedia.org/wiki/XSD) compilation). +(i.e. passes the [XSD](https://en.wikipedia.org/wiki/XSD) compilation). ### Application List @@ -307,21 +307,21 @@ List of all application entries registered in the database Examples: - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/applications?flt=metatype:0 + GET https://appdb-pi.egi.eu/rest/1.0/applications?flt=metatype:0 ``` will return all applications that are listed under the Software Marketplace (i.e. Software) - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/applications?flt=metatype:1 + GET https://appdb-pi.egi.eu/rest/1.0/applications?flt=metatype:1 ``` will return all applications that are listed under the Cloud Marketplace (i.e. Virtual Appliances) - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/applications?flt=country:Greece + GET https://appdb-pi.egi.eu/rest/1.0/applications?flt=country:Greece ``` will return all applications that are related to Greece @@ -654,7 +654,7 @@ List of application entries bookmarked by a user Examples: - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/people/123/applications/bookmarked?flt=discipline:chemistry + GET https://appdb-pi.egi.eu/rest/1.0/people/123/applications/bookmarked?flt=discipline:chemistry ``` will return all application entries with a discipline related to chemistry and @@ -731,7 +731,7 @@ application's contact list List of users (people) that have registered with the database - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/people/?flt={flt} + GET https://appdb-pi.egi.eu/rest/1.0/people/?flt={flt} ``` where `{flt}` is the URL-encoded representation of @@ -828,7 +828,7 @@ List of VOs registered with the available to application entries - ```plain - GET http://appdb-pi.egi.eu/rest/1.0/vos/?flt={flt} + GET https://appdb-pi.egi.eu/rest/1.0/vos/?flt={flt} ``` where `{flt}` is the URL-encoded representation of diff --git a/content/en/users/compute/cloud-compute/auth/_index.md b/content/en/users/compute/cloud-compute/auth/_index.md index 28889f3c32..2c71972c93 100644 --- a/content/en/users/compute/cloud-compute/auth/_index.md +++ b/content/en/users/compute/cloud-compute/auth/_index.md @@ -10,7 +10,7 @@ description: > ## Authentication {#oidc-auth-using-check-in} -[OpenID Connect](http://openid.net/connect/) is the main authentication protocol +[OpenID Connect](https://openid.net/connect/) is the main authentication protocol used on the EGI Cloud. It replaces the legacy VOMS-based authentication for all OpenStack providers. diff --git a/content/en/users/compute/cloud-compute/dynamic-dns/_index.md b/content/en/users/compute/cloud-compute/dynamic-dns/_index.md index f9a83d4856..384a7741af 100644 --- a/content/en/users/compute/cloud-compute/dynamic-dns/_index.md +++ b/content/en/users/compute/cloud-compute/dynamic-dns/_index.md @@ -81,7 +81,7 @@ To register a new DNS host name: Dynamic DNS update server uses dydns2 protocol, compatible with commercial providers like [dyn.com](https://help.dyn.com/remote-access-api/perform-update/), -and [noip.com](http://www.noip.com/integrate/request). The API is specified as +and [noip.com](https://www.noip.com/integrate/request). The API is specified as follows: ```plain diff --git a/content/en/users/compute/cloud-compute/images/_index.md b/content/en/users/compute/cloud-compute/images/_index.md index baebbd4b9b..cbcc1b053e 100644 --- a/content/en/users/compute/cloud-compute/images/_index.md +++ b/content/en/users/compute/cloud-compute/images/_index.md @@ -163,7 +163,7 @@ that will manage the configuration of the VMs during runtime. You should also follow the best practice guides for each service that\'s exposed to the outside world. See for example guides for: -- [ssh](http://wiki.centos.org/HowTos/Network/SecuringSSH) +- [ssh](https://wiki.centos.org/HowTos/Network/SecuringSSH) - [tomcat](https://www.owasp.org/index.php/Securing_tomcat) See also diff --git a/content/en/users/compute/high-throughput-compute/_index.md b/content/en/users/compute/high-throughput-compute/_index.md index 657ba10dcb..b686859634 100644 --- a/content/en/users/compute/high-throughput-compute/_index.md +++ b/content/en/users/compute/high-throughput-compute/_index.md @@ -89,7 +89,7 @@ The key components of the EGI High Throughput Compute architecture are: - **Computing Elements** (CEs) are compute resources made available through GRID interfaces. The most common implementations of CEs in the EGI infrastructure are [HTCondor-CE](https://htcondor.com/htcondor-ce/) and - [ARC-CE](http://www.nordugrid.org/arc/ce/). + [ARC-CE](https://www.nordugrid.org/arc/ce/). ### Access model diff --git a/content/en/users/compute/high-throughput-compute/querying-information-system/_index.md b/content/en/users/compute/high-throughput-compute/querying-information-system/_index.md index 99d5606e41..8f0b151953 100644 --- a/content/en/users/compute/high-throughput-compute/querying-information-system/_index.md +++ b/content/en/users/compute/high-throughput-compute/querying-information-system/_index.md @@ -50,9 +50,9 @@ and for which you have a valid VOMS proxy. Nowadays mainly two Computing Element (CE) "flavours" are used in production: - [HTCondorCE](https://htcondor.org/htcondor-ce/overview/), a Compute Entrypoint - (CE) based on [HTCondor](http://htcondor.org/). -- [ARC-CE](http://www.nordugrid.org/arc/ce/), the - [ARC](http://www.nordugrid.org/arc/) Compute Element (CE). + (CE) based on [HTCondor](https://htcondor.org/). +- [ARC-CE](https://www.nordugrid.org/arc/ce/), the + [ARC](https://www.nordugrid.org/arc/) Compute Element (CE). The [CREAM CE](https://cream-guide.readthedocs.io/en/latest/) is a legacy and no more supported middleware. diff --git a/content/en/users/compute/orchestration/ec3/_index.md b/content/en/users/compute/orchestration/ec3/_index.md index 358c9e506c..16ceca9442 100644 --- a/content/en/users/compute/orchestration/ec3/_index.md +++ b/content/en/users/compute/orchestration/ec3/_index.md @@ -18,13 +18,13 @@ Infrastructure-as-a-Service (IaaS) providers**. Being based on [Infrastructure Manager](../im), EC3 supports the same wide choices of backends, either public (such as [Amazon Web Services](https://aws.amazon.com/), -[Google Cloud](http://cloud.google.com/) or -[Microsoft Azure](http://azure.microsoft.com/)) or on-premises (such as +[Google Cloud](https://cloud.google.com/) or +[Microsoft Azure](https://azure.microsoft.com/)) or on-premises (such as [OpenStack](../../../getting-started/openstack)). EC3 can provision clusters running [TORQUE](https://github.com/adaptivecomputing/torque), -[SLURM](http://slurm.schedmd.com/), +[SLURM](https://slurm.schedmd.com/), [HTCondor](https://research.cs.wisc.edu/htcondor/), -[Apache Mesos](http://mesos.apache.org/), [Nomad](https://www.nomadproject.io/), +[Apache Mesos](https://mesos.apache.org/), [Nomad](https://www.nomadproject.io/), [Kubernetes](https://kubernetes.io/) and others, which will be automatically resized to fit the load (e.g. number of jobs at the batch system). diff --git a/content/en/users/compute/orchestration/ec3/apps/_index.md b/content/en/users/compute/orchestration/ec3/apps/_index.md index 0de7ab1251..7b72e60c15 100644 --- a/content/en/users/compute/orchestration/ec3/apps/_index.md +++ b/content/en/users/compute/orchestration/ec3/apps/_index.md @@ -35,7 +35,7 @@ Check the To deploy a virtual cluster with [Marathon](https://mesosphere.github.io/marathon/), -[Mesos](http://mesos.apache.org/), and +[Mesos](https://mesos.apache.org/), and [Chronos](https://mesos.github.io/chronos/) as an orchestration, please select Mesos + Marathon + Chronos from the list of available LRMS. @@ -45,7 +45,7 @@ To deploy [Serverless computing for data-processing applications](https://www.egi.eu/about/newsletters/serverless-computing-for-data-processing-applications-in-egi/) in EGI, please select OSCAR from the list of LRMS (Local Resource Management System). OSCAR supports data-driven serverless computing for file-processing -applications. A file upload, to the object storage backend [MinIO](http://minio.io), +applications. A file upload, to the object storage backend [MinIO](https://minio.io), will trigger the execution of a chosen shell script running inside a user-defined container. These will be orchestrated as Kubernetes batch jobs. The output data will be uploaded to any object storage backends support. Synchronous invocations diff --git a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md index 63a956fd74..397948e517 100644 --- a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md +++ b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md @@ -19,7 +19,7 @@ and aims to: 1. avoid data transfer, and 1. improve reusability of data and workflows. -It relies on [Ophidia](http://ophidia.cmcc.it/), a data analytics framework for +It relies on [Ophidia](https://ophidia.cmcc.it/), a data analytics framework for eScience, which provides declarative, server-side, and parallel data analysis, jointly with an internal storage model able to efficiently deal with multidimensional data and a hierarchical data organization to manage large data @@ -27,7 +27,7 @@ volumes ("datacubes"), and on JupyterHub, to give users access to ready-to-use computational environments and resources. Thanks to the Elastic Cloud Compute Cluster (EC3) platform, operated by the -[Polytechnic University of Valencia (UPV)](http://www.upv.es/index-en.html), +[Polytechnic University of Valencia (UPV)](https://www.upv.es/index-en.html), researchers will be able to rely on the EGI Cloud Compute service to scale up to larger simulations without being worried about the complexity of the underlying infrastructure. @@ -195,7 +195,7 @@ can use the `oph_explorecube` operator to visualize the first 100 values. ![Explore cube](ecas-explore.png) For further details about the Ophidia operators, please refer to the official -[documentation](http://ophidia.cmcc.it/). +[documentation](https://ophidia.cmcc.it/). #### Accessing the Jupyter interface @@ -270,8 +270,8 @@ management page. - [ECASLab CMCC](https://ecaslab.cmcc.it/web/home.html) - [ECASLab DKRZ](https://ecaslab.dkrz.de/home.html) -- [Ophidia](http://ophidia.cmcc.it/) +- [Ophidia](https://ophidia.cmcc.it/) - [GitHub: ECAS-Lab](https://github.com/ECAS-Lab) - [GitHub: ansible role Ophidia cluster](https://github.com/OphidiaBigData/ansible-role-ophidia-cluster>) -- [EC3](http://www.grycap.upv.es/ec3) -- [GitHub EC3](http://www.github.com/grycap/ec3) +- [EC3](https://www.grycap.upv.es/ec3) +- [GitHub EC3](https://www.github.com/grycap/ec3) diff --git a/content/en/users/compute/orchestration/ec3/developers/_index.md b/content/en/users/compute/orchestration/ec3/developers/_index.md index be381d413d..e39919410f 100644 --- a/content/en/users/compute/orchestration/ec3/developers/_index.md +++ b/content/en/users/compute/orchestration/ec3/developers/_index.md @@ -22,8 +22,8 @@ following process: ### Documentations -* [Ansible documentation](http://docs.ansible.com/) -* [EC3 documentation](http://ec3.readthedocs.io/en/devel/templates.html) +* [Ansible documentation](https://docs.ansible.com/) +* [EC3 documentation](https://ec3.readthedocs.io/en/devel/templates.html) * [RADL](https://github.com/grycap/ec3/tree/master/templates) ### Contacts diff --git a/content/en/users/compute/orchestration/im/_index.md b/content/en/users/compute/orchestration/im/_index.md index 64252f78f5..d9c5f2cd95 100644 --- a/content/en/users/compute/orchestration/im/_index.md +++ b/content/en/users/compute/orchestration/im/_index.md @@ -20,14 +20,14 @@ IM is integrated with the [EGI Check-in Service](../../../aai/check-in) and supp a wide variety of backends, either federated (such as [EGI Cloud Compute](../../cloud-compute)), public (such as [Amazon Web Services](https://aws.amazon.com/), -[Google Cloud](http://cloud.google.com/) or -[Microsoft Azure](http://azure.microsoft.com/)) or on-premises (such as +[Google Cloud](https://cloud.google.com/) or +[Microsoft Azure](https://azure.microsoft.com/)) or on-premises (such as [OpenStack](../../../getting-started/openstack)), thus making user applications cloud agnostic. IM features a [web-based GUI](https://appsgrycap.i3m.upv.es:31443/im-dashboard/), an XML-RPC API, a REST API and a [command-line interface](cli) (CLI). It supports -[OASIS TOSCA Simple Profile in YAML](http://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.0/csprd01/TOSCA-Simple-Profile-YAML-v1.0-csprd01.html). +[OASIS TOSCA Simple Profile in YAML](https://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.0/csprd01/TOSCA-Simple-Profile-YAML-v1.0-csprd01.html). {{% alert title="Tip" color="info" %}} An easy way to deploy your first VM in the EGI Federation is from the diff --git a/content/en/users/compute/orchestration/im/cli/_index.md b/content/en/users/compute/orchestration/im/cli/_index.md index 7acfad35c5..796861b4e8 100644 --- a/content/en/users/compute/orchestration/im/cli/_index.md +++ b/content/en/users/compute/orchestration/im/cli/_index.md @@ -81,7 +81,7 @@ id = egi; type = EGI; host = SCAI; vo = vo.access.egi.eu; token = command(oidc-t To create a virtual infrastructure you have to describe a file documenting the required resources. IM supports its native language [RADL](https://imdocs.readthedocs.io/en/latest/radl.html) and the -[OASIS TOSCA Simple Profile in YAML Version 1.0](http://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.0). +[OASIS TOSCA Simple Profile in YAML Version 1.0](https://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.0). You can find some examples in the [IM GitHub repository](https://github.com/grycap/im/tree/master/examples). diff --git a/content/en/users/compute/orchestration/workload-manager/_index.md b/content/en/users/compute/orchestration/workload-manager/_index.md index 063f943780..735e10b8f2 100644 --- a/content/en/users/compute/orchestration/workload-manager/_index.md +++ b/content/en/users/compute/orchestration/workload-manager/_index.md @@ -23,7 +23,7 @@ scientific communities. {{% alert title="Note" color="info" %}} Workload Manager is based on -[DIRAC technology](http://diracgrid.org/).
+[DIRAC technology](https://diracgrid.org/).
The delivery of the service is coordinated by the EGI Foundation and [IN2P3](https://in2p3.cnrs.fr/) provides the resources and operates the service. @@ -133,7 +133,7 @@ Team on shift. DIRAC uses [X.509 certificates](../../../aai/check-in/vos/voms) to identify and authenticate users. These certificates are delivered to each individual by trusted certification authorities. If you have a personal certificate issued by -a [EUGridPMA-certified](http://www.eugridpma.org/) authority you can use it for +a [EUGridPMA-certified](https://www.eugridpma.org/) authority you can use it for this tutorial. Otherwise refer to the information available in this [section](../../../aai/check-in/vos/voms/#get-a-certificate), to obtain a certificate. Your certificate may take a few days to be delivered, so please ask for your @@ -366,7 +366,7 @@ $ dirac-login --issuer=https://dirac.egi.eu/auth DIRAC commands Have a look at the official -[command reference documentation](http://dirac.readthedocs.io/en/latest/UserGuide/CommandReference/WorkloadManagement/index.html) +[command reference documentation](https://dirac.readthedocs.io/en/latest/UserGuide/CommandReference/WorkloadManagement/index.html) for the complete list of the Workload Management commands. In general, you can submit jobs, check their status, and retrieve the output. diff --git a/content/en/users/data/management/datahub/file-management/_index.md b/content/en/users/data/management/datahub/file-management/_index.md index e62ef444a2..fbf6c8ebfe 100644 --- a/content/en/users/data/management/datahub/file-management/_index.md +++ b/content/en/users/data/management/datahub/file-management/_index.md @@ -31,7 +31,7 @@ tool. Details on how to use are described in the ## CDMI (Cloud Data Management Interface) For more advanced use cases, files can be managed using the -[CDMI](http://www.snia.org/cdmi) protocol, as described in details +[CDMI](https://www.snia.org/cdmi) protocol, as described in details [in the Onedata CDMI documentation](https://onedata.org/#/home/documentation/doc/advanced/cdmi.html). ## File Permissions diff --git a/content/en/users/data/management/datahub/links/_index.md b/content/en/users/data/management/datahub/links/_index.md index bfc3b9fd72..0f2e65be4e 100644 --- a/content/en/users/data/management/datahub/links/_index.md +++ b/content/en/users/data/management/datahub/links/_index.md @@ -10,7 +10,7 @@ description: > --- - [EGI DataHub service](https://datahub.egi.eu) - - [Overview slides](http://go.egi.eu/datahub-intro) + - [Overview slides](https://go.egi.eu/datahub-intro) - [Community Forum](https://community.egi.eu/c/egi-services/datahub) - [EGI Webinar](https://indico.egi.eu/event/5089/) and [YouTube video](https://youtu.be/ayAplV2kEN4) diff --git a/content/en/users/dev-env/notebooks/_index.md b/content/en/users/dev-env/notebooks/_index.md index 9ee4b42363..432e06b41a 100644 --- a/content/en/users/dev-env/notebooks/_index.md +++ b/content/en/users/dev-env/notebooks/_index.md @@ -12,13 +12,13 @@ The more you go in data analysis, the more you understand that the most suitable tool for coding and visualizing is not pure code, or some integrated development environment (IDE), nor data manipulation diagrams (such as workflows or flowcharts). From some point on you just need a mix of all these -- that is what -_notebook_ platforms are, [Jupyter](http://jupyter.org/) being the most popular +_notebook_ platforms are, [Jupyter](https://jupyter.org/) being the most popular of them. ## What is it? [EGI Notebooks](https://www.egi.eu/service/notebooks/) is a service-like -environment based on the [Jupyter technology](http://jupyter.org/), offering a +environment based on the [Jupyter technology](https://jupyter.org/), offering a **browser-based tool for interactive data analysis**. The Notebooks environment provides users with _notebooks_ where they can combine diff --git a/content/en/users/dev-env/notebooks/integration/_index.md b/content/en/users/dev-env/notebooks/integration/_index.md index 5f6361f67a..c56c54e006 100644 --- a/content/en/users/dev-env/notebooks/integration/_index.md +++ b/content/en/users/dev-env/notebooks/integration/_index.md @@ -85,7 +85,7 @@ from owslib.wps import WebProcessingService # init http header parameter and base folders for gCube REST API gcube_vre_token_header = {'gcube-token': os.environ["GCUBE_TOKEN"]} # init WPS access for DataMiner algorithms -dataminer_url = 'http://dataminer-prototypes.d4science.org/wps/WebProcessingService' +dataminer_url = 'https://dataminer-prototypes.d4science.org/wps/WebProcessingService' wps = WebProcessingService(dataminer_url, headers=gcube_vre_token_header) for process in wps.processes: diff --git a/content/en/users/getting-started/_index.md b/content/en/users/getting-started/_index.md index 6f332090dc..28436502f6 100644 --- a/content/en/users/getting-started/_index.md +++ b/content/en/users/getting-started/_index.md @@ -41,7 +41,7 @@ of the EGI FedCloud architecture. {{% /alert %}} ## Accessing resources Access to resources (services) in the EGI infrastructure is based on -[OpenID Connect](http://openid.net/connect/) (OIDC), which replaces the legacy +[OpenID Connect](https://openid.net/connect/) (OIDC), which replaces the legacy authentication and authorization based on [X.509 certificates](../aai/check-in/vos/voms/). diff --git a/content/en/users/getting-started/architecture/_index.md b/content/en/users/getting-started/architecture/_index.md index 44304e8214..07b38e4ab4 100644 --- a/content/en/users/getting-started/architecture/_index.md +++ b/content/en/users/getting-started/architecture/_index.md @@ -277,7 +277,7 @@ APEL SSM (Secure STOMP Messenger). SSM client packages can be obtained at . A Cloud Accounting Summary Usage Record has also been defined and summaries created on a daily basis from all the accounting records received from the Resource Providers are sent to the EGI Accounting Portal. The -[Accounting portal](http://accounting.egi.eu/) also runs SSM to receive these +[Accounting portal](https://accounting.egi.eu/) also runs SSM to receive these summaries and provides a web view of the accounting data received from the Resource Providers. diff --git a/content/en/users/training/_index.md b/content/en/users/training/_index.md index cbdb90e41e..2dddb68211 100644 --- a/content/en/users/training/_index.md +++ b/content/en/users/training/_index.md @@ -87,7 +87,7 @@ The list of providers and VAs is also discoverable in the [training.egi.eu VO entry of AppDB](https://appdb.egi.eu/store/vo/training.egi.eu). The VO is also described at the [EGI Operations Portal training.egi.eu VO id -card](http://operations-portal.egi.eu/vo/view/voname/training.egi.eu). +card](https://operations-portal.egi.eu/vo/view/voname/training.egi.eu). ## Booking the infrastructure diff --git a/content/en/users/tutorials/htc-job-submission/_index.md b/content/en/users/tutorials/htc-job-submission/_index.md index 6e1cf877c6..27d248a545 100644 --- a/content/en/users/tutorials/htc-job-submission/_index.md +++ b/content/en/users/tutorials/htc-job-submission/_index.md @@ -205,9 +205,9 @@ It is possible to identify available resources by Two Computing Element (CE) "flavours" are used in production: - [HTCondorCE](https://htcondor.org/htcondor-ce/overview/), a Compute Entrypoint - (CE) based on [HTCondor](http://htcondor.org/). -- [ARC-CE](http://www.nordugrid.org/arc/ce/), the - [ARC](http://www.nordugrid.org/arc/) Compute Element (CE). + (CE) based on [HTCondor](https://htcondor.org/). +- [ARC-CE](https://www.nordugrid.org/arc/ce/), the + [ARC](https://www.nordugrid.org/arc/) Compute Element (CE). In this section we will document querying the EGI Information System to retrieve information about the available resources. @@ -340,7 +340,7 @@ $ ldapsearch -x -LLL -H ldap://lcg-bdii.egi.eu:2170 \ > The [HTCondor-CE](https://htcondor.com/htcondor-ce/#what-is-htcondor-ce) > software is a Compute Entrypoint (CE) based on -> [HTCondor](http://htcondor.org/) for sites that are part of a larger computing +> [HTCondor](https://htcondor.org/) for sites that are part of a larger computing > grid (e.g. [EGI](https://www.egi.eu/), > [Open Science Grid (OSG)](https://osg-htc.org/)). @@ -442,12 +442,12 @@ Fetching data files... ### To an ARC-CE Computing Element -> [ARC](http://www.nordugrid.org/arc) Compute Element (CE) is a Grid front-end +> [ARC](https://www.nordugrid.org/arc) Compute Element (CE) is a Grid front-end > on top of a conventional computing resource (e.g. a Linux cluster or a > standalone workstation). ARC CE is sometimes also called **ARC server**. While there is an official documentation on -[How to submit a job](http://www.nordugrid.org/arc/arc6/users/submit_job.html), +[How to submit a job](https://www.nordugrid.org/arc/arc6/users/submit_job.html), the main steps will be documented below. If you haven't already generated a credential with `voms-proxy-init`, you can @@ -535,8 +535,8 @@ $ arcstat -l "$JOB_ID" #### References -- [ARC: submit a job](http://www.nordugrid.org/arc/arc6/users/submit_job.html) -- [ARC client tools](http://www.nordugrid.org/arc/arc6/users/client_tools.html) +- [ARC: submit a job](https://www.nordugrid.org/arc/arc6/users/submit_job.html) +- [ARC client tools](https://www.nordugrid.org/arc/arc6/users/client_tools.html) ### To a CREAM Computing Element From eb1e7e1c52ac634e8fe2a16c8b62d137f8604579 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:53:01 +0100 Subject: [PATCH 30/50] Fix link to renamed page --- .../man09_accounting_data_publishing/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md b/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md index ed83b85d74..8b05de893d 100644 --- a/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md +++ b/content/en/providers/operations-manuals/man09_accounting_data_publishing/_index.md @@ -95,4 +95,4 @@ as explained in the general information section. In addition, HTCondor-CE must be configured to create accounting records: - Information on configuring HTCondor-CE for APEL accounting: - [APEL Accounting for HTCondor-CE](../../high-throughput-compute/htcondor-ce-apel) + [APEL Accounting for HTCondor-CE](../../high-throughput-compute/htcondor-ce-accounting) From 48b81bd19cd03956af984a895244527bfea64f18 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 11:55:09 +0100 Subject: [PATCH 31/50] Ops Portal VO page is protected --- .github/linters/mlc_config.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index 68c086e8e6..cea6cdfb80 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -63,6 +63,9 @@ { "pattern": "^https://operations-portal.egi.eu/downtimes/subscription" }, + { + "pattern": "^https://operations-portal.egi.eu/vo" + }, { "pattern": "^https://github.com/.*.keys" }, From 007bf642074084adeaf209f69d7a0907a36a91f4 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 12:02:36 +0100 Subject: [PATCH 32/50] Fix some obsolete links --- content/en/users/compute/cloud-compute/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/users/compute/cloud-compute/_index.md b/content/en/users/compute/cloud-compute/_index.md index 0b1adcfcf6..1065063468 100644 --- a/content/en/users/compute/cloud-compute/_index.md +++ b/content/en/users/compute/cloud-compute/_index.md @@ -63,8 +63,8 @@ emerged: providers to satisfy extremly intensive HW resource requirements. - Example: [VERCE platform](https://www.egi.eu/news/new-egi-use-case-a-close-look-at-the-amatrice-earthquake/), - [The Genetics of Salmonella Infections](https://www.egi.eu/use-cases/research-stories/the-genetics-of-salmonella-infections/), - [The Chipster Platform](https://www.egi.eu/use-cases/research-stories/new-viruses-implicated-in-fatal-snake-disease/). + [The Genetics of Salmonella Infections](https://www.egi.eu/article/the-genetics-of-salmonella-infections/), + [The Chipster Platform](https://www.egi.eu/article/new-viruses-implicated-in-fatal-snake-disease/). - **Datasets repository**: the EGI Cloud can be used to store and manage large datasets exploiting the large amount of disk storage available in the Federation. From 1d026599ca9d416abef60b034c6697030cd56ff2 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 12:08:37 +0100 Subject: [PATCH 33/50] Fix some obsolete links --- content/en/internal/getting-started/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/internal/getting-started/_index.md b/content/en/internal/getting-started/_index.md index a3aa156b3b..4d705b08db 100644 --- a/content/en/internal/getting-started/_index.md +++ b/content/en/internal/getting-started/_index.md @@ -7,7 +7,7 @@ weight: 10 Use this section to get started quickly with internal EGI services: -- The [complete list](https://www.egi.eu/internal-services) of internal +- The [complete list](https://www.egi.eu/services/federation/) of internal EGI services supporting the coordination of the EGI Federation offers insight into how EGI is able to offer advanced public cloud services - The [**Configuration Database**](https://goc.egi.eu) records the topology From 77834a81d7dcd796de206f4751466e8d654108ea Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 12:14:00 +0100 Subject: [PATCH 34/50] Address issue with check github.com links, see https://github.com/tcort/markdown-link-check/issues/201. --- .github/linters/mlc_config.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index cea6cdfb80..179e4a473e 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -1,4 +1,12 @@ { + "httpHeaders": [ + { + "urls": ["https://.*.github.com/"], + "headers": { + "Accept-Encoding": "zstd, br, gzip, deflate" + } + } + ], "ignorePatterns": [ { "pattern": "^http://localhost" From 52765e9d670a4bba028160731d1a79dc681ed5c2 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 14:06:17 +0100 Subject: [PATCH 35/50] Fix some obsolete links --- content/en/users/compute/cloud-compute/_index.md | 2 +- content/en/users/compute/orchestration/ec3/apps/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/users/compute/cloud-compute/_index.md b/content/en/users/compute/cloud-compute/_index.md index 1065063468..5c35fb0c55 100644 --- a/content/en/users/compute/cloud-compute/_index.md +++ b/content/en/users/compute/cloud-compute/_index.md @@ -62,7 +62,7 @@ emerged: intensive I/O. Ad-hoc computing environments can be created in the EGI cloud providers to satisfy extremly intensive HW resource requirements. - Example: - [VERCE platform](https://www.egi.eu/news/new-egi-use-case-a-close-look-at-the-amatrice-earthquake/), + [VERCE platform](https://www.egi.eu/article/what-happened-during-the-august-2016-amatrice-earthquake/), [The Genetics of Salmonella Infections](https://www.egi.eu/article/the-genetics-of-salmonella-infections/), [The Chipster Platform](https://www.egi.eu/article/new-viruses-implicated-in-fatal-snake-disease/). - **Datasets repository**: the EGI Cloud can be used to store and manage large diff --git a/content/en/users/compute/orchestration/ec3/apps/_index.md b/content/en/users/compute/orchestration/ec3/apps/_index.md index 7b72e60c15..dc719bbb9f 100644 --- a/content/en/users/compute/orchestration/ec3/apps/_index.md +++ b/content/en/users/compute/orchestration/ec3/apps/_index.md @@ -42,7 +42,7 @@ Mesos + Marathon + Chronos from the list of available LRMS. ### OSCAR cluster To deploy -[Serverless computing for data-processing applications](https://www.egi.eu/about/newsletters/serverless-computing-for-data-processing-applications-in-egi/) +[Serverless computing for data-processing applications](https://www.egi.eu/article/serverless-computing-for-data-processing-applications-in-egi/) in EGI, please select OSCAR from the list of LRMS (Local Resource Management System). OSCAR supports data-driven serverless computing for file-processing applications. A file upload, to the object storage backend [MinIO](https://minio.io), From 11fb8de0f63c375084a75dc41b12611d72c00616 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 14:41:47 +0100 Subject: [PATCH 36/50] Fix broken link --- content/en/users/getting-started/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/getting-started/_index.md b/content/en/users/getting-started/_index.md index 28436502f6..121f2eb5f0 100644 --- a/content/en/users/getting-started/_index.md +++ b/content/en/users/getting-started/_index.md @@ -12,7 +12,7 @@ EGI is a federation of compute and storage resource providers united by a mission to support research and innovation. The resources in the EGI infrastructure are offered by -[service providers](https://www.egi.eu/federation/egi-federated-cloud/) that +[service providers](https://www.egi.eu/egi-infrastructure/) that either run their own [data centers](https://www.egi.eu/federation/data-centres/) or rely on community, private and/or public cloud services. These service providers offer: From 7a532343f38519d4ebc2e02e3ea560f8bba25cf3 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 14:41:59 +0100 Subject: [PATCH 37/50] Address issue with check github.com links, see https://github.com/tcort/markdown-link-check/issues/201. --- .github/linters/mlc_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index 179e4a473e..6c4da725ee 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -1,7 +1,7 @@ { "httpHeaders": [ { - "urls": ["https://.*.github.com/"], + "urls": ["https://github.com/"], "headers": { "Accept-Encoding": "zstd, br, gzip, deflate" } From 0dfaa4c53bb58450765f7189e403cd3f2ac7637e Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 14:55:26 +0100 Subject: [PATCH 38/50] Fix broken link, including left over char --- content/en/users/compute/orchestration/ec3/apps/ecas/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md index 397948e517..464b7ddcae 100644 --- a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md +++ b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md @@ -272,6 +272,6 @@ management page. - [ECASLab DKRZ](https://ecaslab.dkrz.de/home.html) - [Ophidia](https://ophidia.cmcc.it/) - [GitHub: ECAS-Lab](https://github.com/ECAS-Lab) -- [GitHub: ansible role Ophidia cluster](https://github.com/OphidiaBigData/ansible-role-ophidia-cluster>) +- [GitHub: ansible role Ophidia cluster](https://github.com/OphidiaBigData/ansible-role-ophidia-cluster) - [EC3](https://www.grycap.upv.es/ec3) - [GitHub EC3](https://www.github.com/grycap/ec3) From bee38eeed596d94668b23991810cd30280e8afe9 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 14:57:08 +0100 Subject: [PATCH 39/50] Drop link pointing to a dead page. --- content/en/users/getting-started/_index.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/en/users/getting-started/_index.md b/content/en/users/getting-started/_index.md index 121f2eb5f0..854d16af73 100644 --- a/content/en/users/getting-started/_index.md +++ b/content/en/users/getting-started/_index.md @@ -34,10 +34,6 @@ each with their own virtualised resources built around open standards. The development of these communities is driven by by their own scientific requirements. -{{% alert title="Tip" color="info" %}} See also an -[overview](https://www.egi.eu/federation/egi-federated-cloud/the-egi-federated-cloud-architecture/) -of the EGI FedCloud architecture. {{% /alert %}} - ## Accessing resources Access to resources (services) in the EGI infrastructure is based on From 66cf654526c9eb43153ee2a116a6d3adb3c8e1f3 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 9 Jan 2023 15:10:05 +0100 Subject: [PATCH 40/50] Fix link to NBIS stuff --- content/en/users/compute/cloud-compute/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/users/compute/cloud-compute/_index.md b/content/en/users/compute/cloud-compute/_index.md index 5c35fb0c55..d96ac55167 100644 --- a/content/en/users/compute/cloud-compute/_index.md +++ b/content/en/users/compute/cloud-compute/_index.md @@ -55,12 +55,12 @@ emerged: service as web servers, databases, etc. Cloud features, as elasticity, can help users to provide better performance and reliable services. - Example: - [NBIS Web Services](https://www.egi.eu/use-cases/scientific-applications-tools/nbis-toolkit/), + [NBIS Web Services](https://www.egi.eu/case-study/nbis/), [Peachnote analysis platform](https://www.egi.eu/news/peachnote-in-unison-with-egi/). - **Compute and data intensive applications**: for those applications needing considerable amount of resources in terms of computation and/or memory and/or intensive I/O. Ad-hoc computing environments can be created in the EGI cloud - providers to satisfy extremly intensive HW resource requirements. + providers to satisfy extremely intensive HW resource requirements. - Example: [VERCE platform](https://www.egi.eu/article/what-happened-during-the-august-2016-amatrice-earthquake/), [The Genetics of Salmonella Infections](https://www.egi.eu/article/the-genetics-of-salmonella-infections/), From 8937027a9bb6ca397007a6c1af316da19ff47874 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 7 Mar 2023 17:47:56 +0100 Subject: [PATCH 41/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Enol Fernández --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 3553510bfe..1f69c3e45a 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -26,7 +26,7 @@ i.e.: `wget https://github.com/github_username.keys` {{% /alert %}} ### SSH username The username to use to connect to a virtual machine is dependent on the virtual -machine image and is generally different in each operative system image. +machine image and is generally different in each operating system image. For `official OS virtual machine images` you can use the general reference documentation on From 4d8e095ccbfeec6b235253c9154b5bccf5b15730 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Wed, 8 Mar 2023 09:20:37 +0100 Subject: [PATCH 42/50] Document retrieving user name from AppDB image description. --- .../tutorials/accessing-vm-with-ssh/_index.md | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 1f69c3e45a..e1549c3787 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -26,19 +26,21 @@ i.e.: `wget https://github.com/github_username.keys` {{% /alert %}} ### SSH username The username to use to connect to a virtual machine is dependent on the virtual -machine image and is generally different in each operating system image. - -For `official OS virtual machine images` you can use the general reference -documentation on -[obtaining images](https://docs.openstack.org/image-guide/obtain-images.html). - -For custom virtual machine images you need to refer to your virtual machine -image provider (i.e. it could be something specific like `cloudadm`). - -It is also possible to change the username using cloud-init with a user-data -configuration (i.e. see the -[cloud config examples](https://cloudinit.readthedocs.io/en/latest/topics/examples.html)) -or inject some code to add additional users (i.e. with Ansible). +machine image and is generally different in each operating system image: + +- For images available in the + [EGI AppDB Cloud Marketplace](https://appdb.egi.eu/browse/cloud), you should + be able to find the username in the image description. +- For `official OS virtual machine images` you can use the general OpenStack + reference documentation on + [obtaining images](https://docs.openstack.org/image-guide/obtain-images.html). +- For custom virtual machine images you need to refer to your virtual machine image + provider (i.e. it could be something specific like `cloudadm`). + +> It is also possible to change the username using `cloud-init` with a user-data +> configuration (i.e. see the +> [cloud config examples](https://cloudinit.readthedocs.io/en/latest/topics/examples.html)) +> or inject some code to add additional users (i.e. with Ansible). ### Local ssh key configuration From 71e840b032a382e58e6f75378bdaf7fea922470f Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:28:54 +0100 Subject: [PATCH 43/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index e1549c3787..3c5963e184 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -15,7 +15,7 @@ examples for setting up the OpenStack environment. ## SSH Keys The recommended method to access a cloud virtual machine is via ssh using **SSH -keys**, you may inject your **public key** into the virtual machine, at +keys**. You may inject your **public key** into the virtual machine, at deployment time, and use your **private key** to connect via ssh without any password. From 960ff79026f9f054d6b3095bb8de06a3274ac5b7 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:29:26 +0100 Subject: [PATCH 44/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 3c5963e184..f5fdaa5f33 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -36,6 +36,8 @@ machine image and is generally different in each operating system image: [obtaining images](https://docs.openstack.org/image-guide/obtain-images.html). - For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). +- For virtual machines deployed with [Infrastructure Manager](../../compute/orchestration/im/) + the default username is `cloudadm`. > It is also possible to change the username using `cloud-init` with a user-data > configuration (i.e. see the From 3f91f55c110191fac3f3c9ff373222941ee67ddb Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:29:38 +0100 Subject: [PATCH 45/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index f5fdaa5f33..7987cb08ec 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -88,7 +88,7 @@ configurations and virtual hardware. To access the virtual machine from outside the OpenStack project you have to associate a `floating IP` to the virtual machine (which will provide a `public IP` to the virtual machine), you also have to open the necessary ports and add or edit the security groups, (more details -on that in the specific section). +on that in the specific section below). Depending on the default configuration of the OpenStack project in order to associate a floating IP to a virtual machine in a private network it may be From 26640ebf4c03cf51ca915b20e94466254229cacc Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:30:03 +0100 Subject: [PATCH 46/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index 7987cb08ec..a578a7e45d 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -201,7 +201,7 @@ $ ssh centos@192.168.1.3 The Infrastructure Manager (IM) provides the SSH key that can be used to connect to the virtual machine in the VM -[info page of the IM-Dashboard (see Fig 14)](https://imdocs.readthedocs.io/en/latest/dashboard.html#infrastructures). +[info page of the IM-Dashboard](../../compute/orchestration/im/dashboard/#vm-info-page). The page shows the information related with the virtual machine: the IP, the username (usually `cloudadm`), and the SSH key. From c213cd1c87212aaddae0ee5bda95b05908cb196d Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:30:18 +0100 Subject: [PATCH 47/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index a578a7e45d..e5e860796f 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -79,7 +79,7 @@ the Infrastructure Manager and a custom TOSCA template). `PasswordAuthentication`, be sure to [generate a strong and unique password or passphrase](https://bitwarden.com/password-generator/) for your account, otherwise you virtual machines **will be** compromised, and -you access may be suspended.{{% /alert %}} +your access may be suspended.{{% /alert %}} ## OpenStack networking From 449b28e0c8778fd77facfcc8a84d2fb20ae761bb Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 09:30:29 +0100 Subject: [PATCH 48/50] Update content/en/users/tutorials/accessing-vm-with-ssh/_index.md Co-authored-by: Sebastian Luna-Valero --- content/en/users/tutorials/accessing-vm-with-ssh/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md index e5e860796f..65c2934426 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/accessing-vm-with-ssh/_index.md @@ -199,7 +199,7 @@ $ ssh centos@192.168.1.3 ## Infrastructure Manager (IM) -The Infrastructure Manager (IM) provides the SSH key that can be used to connect +The [Infrastructure Manager (IM)](../../compute/orchestration/im/) provides the SSH key that can be used to connect to the virtual machine in the VM [info page of the IM-Dashboard](../../compute/orchestration/im/dashboard/#vm-info-page). From 4d679a67e4b6d3425eb4175be920b52fed94877e Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 10:11:02 +0100 Subject: [PATCH 49/50] Add mytoken to expected words --- .github/actions/spelling/expect.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 0b4593faa6..382270fbff 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -5,3 +5,4 @@ microk8s diracsgm reponame sgm +mytoken From 278e56c581383d43990f6682dc2eed40f2fa17db Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Fri, 10 Mar 2023 10:22:06 +0100 Subject: [PATCH 50/50] ecas: add missing new line character at end of file. --- content/en/users/compute/orchestration/ec3/apps/ecas/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md index 05323949fc..dc42a35802 100644 --- a/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md +++ b/content/en/users/compute/orchestration/ec3/apps/ecas/_index.md @@ -274,4 +274,4 @@ management page. - [GitHub: ECAS-Lab](https://github.com/ECAS-Lab) - [GitHub: Ansible role Ophidia cluster](https://github.com/OphidiaBigData/ansible-role-ophidia-cluster) - [EC3](https://www.grycap.upv.es/ec3) -- [GitHub EC3](https://www.github.com/grycap/ec3) \ No newline at end of file +- [GitHub EC3](https://www.github.com/grycap/ec3)