European Center for Medium-Range Weather Forecast
website / service status / confluence / support / accounting
If you need access, talk to your supervisor to create an account for you. You will get a username and a password as well as an OTP device (hardware or smartphone). Accounts are handled via www.ecmwf.int
Available Services @ IMGW:
Connecting to ECMWF Services
A ECMWF user can connect to the ECS/ATOS using teleport, first load the teleport module and start the ssh-agent:
Using teleport |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13 | module load teleport
** INFO: Default jumphost now: jump.ecmwf.int
** INFO: Module loaded. SSH Agent required for login, run 'ssh-agentstart',
** or 'ssh-agentreconnect' ro reconnect to an existing agent.
** run 'ssh-agent -k' to kill the agent.
Login run: 'python3 -m teleport.login' and your ECMWF credentials.
e.g. 'ssh -J <id>@jump.ecmwf.int <id>@ecs-login'
Check certificates, run: 'tsh status'
# Activate the ssh-agent (required to store the key/certificate)
ssh-agentstart
# Check if it is running
ssh-add -l
|
once you have a running ssh-agent, run a browserless login via python
Connecting to ECMWF |
---|
1
2
3
4
5
6
7
8
9
10
11
12 | # Login to the default teleport jump host (shell.ecmwf.int) Reading
python3 -m teleport.login
tsh status
# run ssh agent again
ssh-add -l
# now there should be two keys!!!
# Login to ECaccess in Bologna
ssh -J [user]@jump.ecmwf.int [user]@ecs-login
# Login to HPC ATOS
ssh -J [user]@jump.ecmwf.int [user]@hpc-login
# delete current certificates
tsh logout
|
Environment variables configuration:
ECMWF_USERNAME
- The ECMWF Username
ECMWF_PASSWORD
- The ECMWF Password
TSH_EXEC
- The Teleport binary tsh path
TSH_PROXY
- The ECMWF Teleport proxy
You can set these variables in your ~/.bashrc
file to avoid typing these at every login. Please do not save your ECMWF_PASSWORD
like this!
It is highly advised to add this to your .ssh/config
:
.ssh/config |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | Host jump.ecmwf.int shell.ecmwf.int
HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
PubkeyAcceptedKeyTypes +ssh-rsa*
User [ECMWF USERNAME]
# For ecgate and Cray HPCF
Host ecg* cc*
HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
PubkeyAcceptedKeyTypes +ssh-rsa*
User [ECMWF USERNAME]
ProxyJump shell.ecmwf.int
# For Atos HPCF
Host a?-* a??-* hpc-* hpc2020-* ecs-*
HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
PubkeyAcceptedKeyTypes +ssh-rsa*
User [ECMWF USERNAME]
ProxyJump jump.ecmwf.int
|
SSH-agent
It is required to have an SSH-agent running in order to connect to the ECMWF servers. The teleport module includes a startagent
function to allow to reconnect to an existing ssh-agent. Do not start too many agents!
start ssh-agent |
---|
| # load the module
module load teleport
# start a new agent or reconnect
ssh-agentstart
# or reconnect
ssh-agentreconnect
# unsure about agents?
userservices sshtools -h
# kill all
userservices sshtools -k
|
ECMWF Access Server (ECS)
There is an issue with ssh-keys
ECS fix ssh-key issue |
---|
| # connect to ECS following the teleport login procedure above
ssh -J [user]@jump.ecmwf.int [user]@ecs-login
# Generate a new SSH key on ECS, no passphrase.
ssh-keygen -t ed25519
# Add the public key to your own authorized_keys on ECS/HPC
cat .ssh/id_ed25519.pub >> .ssh/authorized_keys
|
This will solve some ecaccess
issues.
Connecting via ECaccess
using a local installation of ecaccess tools can be used to submit jobs and monitor jobs from a remote location. Documentation @ECMWF
ECAccess module |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 | # load the ecaccess module
module load ecaccess-webtoolkit/6.3.1
# all available tools
ecaccess ecaccess-file-delete
ecaccess-association-delete ecaccess-file-dir
ecaccess-association-get ecaccess-file-get
ecaccess-association-list ecaccess-file-mdelete
ecaccess-association-protocol ecaccess-file-mget
ecaccess-association-put ecaccess-file-mkdir
ecaccess-certificate-create ecaccess-file-modtime
ecaccess-certificate-list ecaccess-file-move
ecaccess-cosinfo ecaccess-file-mput
ecaccess-ectrans-delete ecaccess-file-put
ecaccess-ectrans-list ecaccess-file-rmdir
ecaccess-ectrans-request ecaccess-file-size
ecaccess-ectrans-restart ecaccess-gateway-connected
ecaccess-event-clear ecaccess-gateway-list
ecaccess-event-create ecaccess-gateway-name
ecaccess-event-delete ecaccess-job-delete
ecaccess-event-grant ecaccess-job-get
ecaccess-event-list ecaccess-job-list
ecaccess-event-send ecaccess-job-restart
ecaccess-file-chmod ecaccess-job-submit
ecaccess-file-copy ecaccess-queue-list
# First get a valid certificate to get access
ecaccess-certificate-create
#
|
ECaccess Gateway
The department is running a member state ecaccess gateway service.
There are two gateways:
Please use your ECMWF credentials to login. Documentation @ECMWF
Last update:
February 1, 2024
Created:
December 12, 2022