A shared user database is maintained in /mnt/nfs-main/etc/extrausers. The passwd, group, shadow files from this directory must be copied into /var/lib/extrausers for the changes to take effect. This directory is then read by the nss-extrausers package.
Creating a user works as follows:
cat passwd to find a free UID
Create it locally on some machine: adduser --uid NNN USERNAME
vi passwd (in extrausers) to change home directory to /exthome/USERNAME
vi group (in extrausers) to add user to relevant gpu groups
mv /home/USERNAME /exthome/USERNAME
Run /mnt/nfs-main/etc/extrausers/update-system on each participating machine. (done automatically at boot) This will perform the copy to /var/lib/extrausers described above.
Don't forget to add SSH keys to /exthome/USERNAME/.ssh/authorized_keys.
The user db should have home directories point to /exthome/<username>, which (for now) symlinks to /mnt/nfs-main/home, which is where home directories physically live.
UIDs and GIDs in the shared user DB should be 2000 or greater to avoid clashes with locally-created users.
Changing someone's password
Pick a nice password for them, pwgen works well for this. It spits out a screenful of halfway-pronounceable passwords.
Pick a salt. Another one of the passwords spit out by pwgen should work.
- Stick the output of
python -c 'import crypt; print crypt.crypt("THEIR_NEW_PASSWORD", "$6$SALT$")'
in the password field of that user in /mnt/nfs-main/etc/extrausers/shadow. Make sure to replace THEIR_NEW_PASSWORD and SALT with the actual values. Notice that the salt appears verbatim at the beginning of the output.
Access to haamster
Simply drop the new user's SSH key into /home/extuser/.ssh/authorized_keys on haamster.
GPU access is by the group gpu for Nvidia, and amdgpu for the (unnecessarily) more sensitive access to the entire X11 server and thereby the AMD GPU.
How's this implemented? Check /etc/init.d/nvidia-kernel where there's an extra
setfacl -m g:gpu:rw /dev/nvidiactl
setfacl -m g:gpu:rw /dev/nvidia$i
Also NVIDIA_CARDS=N must be correct in /etc/default/nvidia-kernel.
For AMD cards, we use a snippet in /etc/gdm3/Init/Default to call a script /etc/enable-amd-compute, which contains:
xauth extract /tmp/x11-auth-file "$DISPLAY" chmod 660 /tmp/x11-auth-file chgrp amdgpu /tmp/x11-auth-file cat > /tmp/enable-amd-compute <<EOF export COMPUTE=$DISPLAY unset DISPLAY export XAUTHORITY=/tmp/x11-auth-file EOF
The AMD and Nvidia OpenCL implementations (and the GPU drivers) are available as packages from Debian. Also install opencl-headers. The Intel implementation must be installed by hand.
Setting up a new machine
Change /etc/nsswitch.conf to read
passwd: compat extrausers group: compat extrausers shadow: compat extrausersJust change these three lines, leave the rest alone.
cd /; ln -s /mnt/nfs-main/home exthome
Make sure to add the following line to /etc/rc.local: