Do1e

Do1e

github
email
HomeArchivesHomepageAbout @Do1e

CITE Lab Server User Guide

#CITE Lab200
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document provides guidelines for connecting to servers via SSH, emphasizing the importance of using SSH keys instead of passwords due to security updates effective from August 11, 2024. Users are advised to generate secure key pairs, preferably using the Ed25519 algorithm, and to keep their private keys confidential. It also introduces the `uv` tool for project environment management, which simplifies the setup and installation of dependencies compared to traditional methods like conda and pip. Users can initialize projects, specify Python versions, and manage dependencies easily with `uv`. For those using conda, instructions are provided for initializing it on systems where it may not be found, along with configuration tips for shared environments. Docker is suggested for cases where system software is inadequate, with a sample command for running a container. The document includes tips for managing GPU resources, troubleshooting network issues, and running code in the background using `tmux`. Users can also utilize proxy settings for internet access and log into the campus network if needed.

This article is updated synchronously to xLog by Mix Space
For the best browsing experience, it is recommended to visit the original link
https://www.do1e.cn/posts/citelab/server-help

Tip

This document is updated irregularly, feel free to come back often to learn about the latest developments.
Click the directory on the right (scroll up on mobile, bottom right button) to jump to the content of interest


Connection and Login#

SSH connection or download the remote-ssh plugin for VSCode, search for specifics on your own.

::: banner {warning}
Starting from 2024.08.11, all servers will no longer support password login. Please provide a public key when assigning a new account.
Send me the public key content (ssh-xxx xxxxx).
:::

Create a key pair:

# Try to use a longer key size to ensure security
ssh-keygen -t rsa -b 8192
# It is more recommended to use a newer encryption algorithm
ssh-keygen -t ed25519

On Linux/Mac, it is saved by default in ~/.ssh/id_rsa or ~/.ssh/id_ed25519 (private key), ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub (public key).
On Windows, it is saved by default in the C:\Users\[username]\.ssh folder, with the same names.
The public key can be shared and should be saved in the server's ~/.ssh/authorized_keys file, one public key per line corresponding to the private keys of different PCs.

::: banner {warning}
Keep the private key safe and do not disclose it. It is strongly discouraged to use the same key on all your PCs!

Reference links:

  1. Using TPM for secure SSH key authentication on Windows
  2. Password management service Bitwarden provided by Nanjing University
  3. SSH key hosting provided by Bitwarden
    :::

You can configure ~/.ssh/config on your own computer as follows, so you can directly use the ssh s1 command to connect to the server, which is more convenient.

Host s1
  HostName s1.xxx.cn
  Port 22
  User xxx
  IdentityFile xxx/id_rsa

For a detailed tutorial, see: VSCode Configuration for SSH Connection to Remote Server + Passwordless Connection Tutorial

If you cannot connect using VSCode and it keeps prompting that it is downloading, you need to first connect via SSH and then log in to https://p.nju.edu.cn, refer to the following section on network issues.

Environment Configuration#

uv#

It is strongly recommended to use uv for project management environments. After configuring it once, you can quickly complete the same environment configuration in different places, and the installation speed is much faster than conda and pip.

Related tutorial: UV: The Python package management tool - 100 times faster than pip

uv init # Initialize the current project
# This will generate five files: .gitignore, .python-version, main.py, pyproject.toml, README.md and execute git init
# Pay special attention to pyproject.toml, which contains dependencies, project name, etc. Do not modify .python-version, and delete or modify other files as needed.
uv python pin 3.12    # Specify Python version number
uv add "torch==2.1.0" # Similar to pip install
# This will generate a very important file uv.lock, which contains all dependency information and their version numbers
# There will also be a .venv folder, which is the virtual environment for the current project
uv run xxx.py # Execute code

# Or
source .venv/bin/activate # Activate the virtual environment, similar to conda activate
python xxx.py

If you create another project using the same environment, or copy code to another machine, you only need to copy pyproject.toml and uv.lock, modify pyproject.toml as needed, and then execute the following command to fully reproduce the original environment:

uv lock && uv sync

conda#

If you find conda: command not found, execute the following command and restart the terminal:

/opt/anaconda3/bin/conda init

Since the environment is stored in the ~/.conda directory, switching servers only requires copying the entire directory to complete the environment migration without needing to reconfigure. You can also edit ~/.condarc as follows and change envs_dirs and pkgs_dirs to /nasdata/[name]/.conda/[envs/pkgs], placing the environment configuration on NAS so that multiple services can use the same environment.

show_channel_urls: true
default_channels:
  - https://mirror.nju.edu.cn/anaconda/pkgs/main
  - https://mirror.nju.edu.cn/anaconda/pkgs/r
  - https://mirror.nju.edu.cn/anaconda/pkgs/msys2
custom_channels:
  conda-forge: https://mirror.nju.edu.cn/anaconda/cloud
  msys2: https://mirror.nju.edu.cn/anaconda/cloud
  bioconda: https://mirror.nju.edu.cn/anaconda/cloud
  menpo: https://mirror.nju.edu.cn/anaconda/cloud
  pytorch: https://mirror.nju.edu.cn/anaconda/cloud
  simpleitk: https://mirror.nju.edu.cn/anaconda/cloud
auto_activate_base: false
envs_dirs:
  - ~/.conda/envs
pkgs_dirs:
  - ~/.conda/pkgs

# Use Nanjing University's source for pip
pip config set global.index-url https://mirror.nju.edu.cn/pypi/web/simple

After configuring the environment, running conda clean --all and rm -rf ~/.cache/pip can clear a lot of useless conda cache to alleviate space issues.

docker#

If the system software cannot meet your needs, you can use Docker. You can search for specific tutorials to learn, but all Docker containers must be started with a regular user account, otherwise they will be removed (lines 2-6 be retained, others can be customized as needed)

docker container run --name pytorch-dpj \
  --gpus all \
  --user $(id -u ${USER}):$(id -g ${USER}) \
  -v /etc/passwd:/etc/passwd:ro \
  -v /etc/group:/etc/group:ro \
  -v /etc/shadow:/etc/shadow:ro \
  -v /data1/peijie:/data/:rw \
  -v /home/peijie:/home/peijie:rw \
  -it fenghaox/pyt1.3cu10.1:v2 /bin/bash

Alleviating Home Space Issues#

  • conda clean --all: Delete conda cache
  • rm -rf ~/.cache/pip: Delete pip cache
  • uv cache clean: Delete uv cache
  • rmoldvs: Delete old version of vscode-server

Check GPU Usage Status#

https://nvtop.njucite.cn/ (recommended)
Log in with your email. Please submit your email to the administrator to be added to the whitelist for access.

Or use the nvtop command on each machine.

Use Specified GPU#

If parallelism is not enabled, PyTorch defaults to using GPU 0. When parallelism is enabled, it defaults to using all GPUs.
Before running the code, set the CUDA_VISIBLE_DEVICES environment variable to specify which GPU to use. For non-parallel use of GPU 1:

export CUDA_VISIBLE_DEVICES=1

Or for parallel use of GPUs 0-3:

export CUDA_VISIBLE_DEVICES=0,1,2,3

Try learning the methods for multi-GPU parallelism DataParallel (which is relatively simple to implement but incurs additional memory overhead on the first GPU, leading to lower memory utilization) and DistributedDataParallel (which is more complex to implement and debug, but more efficient; it is recommended to switch to this method after the code is fixed).

nvtop can be used to check GPU occupancy, coordinate with those who are using or occupying it.

Network Issues#

Proxy#

If a proxy is configured and there are network issues (such as with GitHub), add proxychains before the commands that require internet access, such as:

proxychains curl https://ipapi.do1e.cn/get-ip

Or use setproxy to set the proxy and then execute commands:

setproxy
curl https://ipinfo.io
unsetproxy

Try both methods; they may not guarantee effectiveness for all websites.

Logging into Campus Network#

If you need to log in to p.nju.edu.cn, you can refer to this project:

uvx NJUlogin -i # Then scan the code to log in to the campus network
uvx NJUlogin -i -l pwdLogin # Or log in using your account and password
uvx NJUlogin -p # Print user information
uvx NJUlogin -o # Log out

Mirrors#

Some mirrors are provided for access on campus, see NJU CITE Lab provided campus mirrors.

Running Code in the Background#

The server has tmux installed. To run code in the background (which continues to run after exiting the terminal), you only need to use the most basic functionality.

Type tmux new in the terminal to open a new terminal, execute long-running commands inside it, then press ctrl+B, followed by D, to exit. The code will continue to run in the background.
Alternatively, use tmux new -s <name> to specify a name for the new terminal, which defaults to a number starting from 0.

You can view the names of terminals running in the background with tmux ls.
Use tmux attach -t <name> to return to that terminal and check the running status.

In the tmux terminal, press ctrl+B, then [ to scroll up and down using the arrow keys, and press q to exit the scrolling mode.

Data!!!#

Data Storage Location#

::: warning
The home directory has limited space; do not place data files in the home directory. Please place them in /data1.
:::

Infrequently used files can be placed in /nasdata, see the NAS section below for details.

Data Backup#

::: warning
Ensure the safety of your data on public servers.
:::

The server has rclone installed, and here is a method for backup (syncing important files from the server to NJUBox):

rclone config

n → Custom configuration name (e.g., njubox) → 56 (seafile) → https://box.nju.edu.cn → Student ID → Password (enter y first, then enter the password twice) → 2fa (just press enter) → Database name (press enter to indicate all unencrypted databases) → Follow the prompts for the rest.

Common rclone Methods#

View Remote Files#

rclone ls [configuration name]:/[directory]

image

Sync#

The first run will copy all files (source address) to the remote (target address).
Subsequent runs will only copy changed and new files.

::: warning
Special note: Each time you run it, the files at the target address will be completely consistent with the source address. If files are deleted from the source address, running sync will also delete the corresponding files at the target address (using rclone copy will not delete files at the target address).
:::

rclone sync -v [source directory] [configuration name]:/[target directory]

image

Scheduled Sync#

Copy the above sync command and use crontab for scheduled tasks; you can find many related tutorials online.

NAS Explanation#

::: banner {warning}
NAS is not 100% reliable either; for important data, please follow the 321 principle (three copies, two media, one offline backup).
:::

Download the application from Synology's official website: Enterprise Cloud | Synology Drive_Private Cloud_Access Data Anytime_Multi-Person Collaboration | Synology Inc.
Or access directly via the web: https://nas.njucite.cn:5001

IP/Domain: nas.njucite.cn

The application login to Drive will only show the home directory, which is only visible to you.
Logging in via the web will show the share directory, which is a shared directory mounted on each server at /nasdata, used for data transfer between servers. Some (s4 and s5) servers have a 10G connection to NAS, while others have a 1G connection.

::: warning
Everyone has access to /nasdata. To prevent others from accidentally deleting files, it is recommended to configure important data using rclone, refer to the section on Using rclone to sync local and NAS files, and remember to replace the URL.
:::

You can move files in the two directories via the web interface.

image

You can also mount using webdav, webdav address: https://nas.njucite.cn:5006

Use iperf3 to test connection speed:

iperf3 -c nas.njucite.cn

image

Using rclone to Sync Local and NAS Files#

rclone config
e/n/d/r/c/s/q> n # Create a new configuration
name> nas # Configuration name is nas
Storage> 52 # WebDAV, the rclone version may vary
url> https://nas.njucite.cn:5006 # It is recommended to use the 10G network on s4 and s5 servers with http://10.0.0.100:5005
vendor> 7 # Other site/service or software, the rclone version may vary
user> abcd # NAS username
y/g/n> y # Enter password
password: ... # Enter NAS password twice
# Just press enter for the rest.

After creating the configuration on your local computer as described above, you can use the previously introduced rclone copy or rclone sync commands to sync files (e.g., upload local files to NAS or download NAS files to local).

::: warning
Special note: Each time you run it, the files at the target address will be completely consistent with the source address. If files are deleted from the source address, running sync will also delete the corresponding files at the target address (using rclone copy will not delete files at the target address).
:::

Advanced#

Auto-fill Previously Entered Commands#

You can use zsh as the default terminal and configure oh-my-zsh, powerlevel10k, zsh-autosuggestions, and zsh-syntax-highlighting.

zsh+oh-my-zsh+powerlevel10k terminal configuration_powerlevel10k configuration-CSDN Blog

Or directly use my own configuration by unzipping the following file into your home directory.
zshconfigs.tar.gz

GUI Related#

Some commands may prompt that there is no display. If you must use GUI and have no other options, you can refer to the following two methods. The first method is suitable for executing commands in your own terminal, while the second requires executing in MobaXterm. The former requires additional configuration, while the latter is ready to use.

Method One#

Install MobaXterm on your local computer and open the X server.

image

Hover the mouse over it to display [IP]:[x11port], choose an IP and port under non-router NAT (at Nanjing University, non-NAT IP generally starts with 114 or 172, while router NAT IP generally starts with 192.168 or 10) and enter the following in the server terminal:

export DISPLAY=[IP]:[x11port]

Then enter commands related to GUI, and click "Yes" in the pop-up window on your local computer.

image

Method Two#

Directly use MobaXterm for SSH connection and execute GUI-related commands.

Copy with Progress Display#

Add the following to ~/.bashrc or ~/.zshrc:

function rcp(){
    local src=$1
    local dst=$2
    if [ -f "$src" ] && [ -d "$dst" ]; then
        dst="$dst/$(basename "$src")"
    fi
    mkdir -p "$(dirname "$dst")"
    rsync -ah --info=progress2 "$src" "$dst"
}

Then use rcp, which is not exactly the same logic as cp; the second parameter dst should be the target directory and cannot be renamed like cp.

Send Email Alerts After Training Ends/Fails#

Add the following Python code at the end of your training script.

sender = "noreply@do1e.cn"             # Configure the sending email address
sender_name = "s1"                     # Define the sender's name, here defined as the server name
passwd = "xxxxxxx"                     # Email password, if it's a QQ email, it's the authorization code
server = "smtphz.qiye.163.com"         # Email server for sending, for QQ email it's smtp.qq.com
port = 465                             # Port number for sending email, usually this one
receiver = "pjdiao@smail.nju.edu.cn"   # Receiving email address
receiver_name = "Peijie Diao"          # Receiver's name
subject = "train on s3"                # Email subject
message = "Training on s3 is finished" # Email content

import smtplib
from email.mime.text import MIMEText
from email.utils import formataddr
import socks

# The server cannot access the internet without logging in. Here I configure the proxy, which allows local connections.
socks.set_default_proxy(socks.SOCKS5, "xxxx", 7891)
socks.wrapmodule(smtplib)

msg = MIMEText(message, 'plain', 'utf-8')
msg['From'] = formataddr((sender_name, sender))
msg['To'] = formataddr((receiver_name, receiver))
msg['Subject'] = subject

server = smtplib.SMTP_SSL(server, port)
server.login(sender, passwd)
server.sendmail(sender, [receiver], msg.as_string())
server.quit()

VPN Alternatives#

When the school VPN server is unstable, you can consider using this, which is also relatively fast (provided that P2P connection is successful).

image

If you have the capability, you can also consider building your own Zerotier or OpenVPN service.

Using Zerotier to Connect P2P with My Campus Server#

Refer to xubiaolin/docker-zerotier-planet-client configuration to configure Zerotier One (only focus on the client configuration section).
The planet file and network ID can be viewed by logging into https://nvtop.njucite.cn, or contact me. After configuration, contact me to provide the address for authentication.

The address is as follows: 15ffbcaa44

> zerotier-cli info
200 info 15ffbcaa44 1.14.2 ONLINE

After verification, restart the zerotier service again, and you should obtain an IP address of 10.128.3.0/24, and be able to access https://test.nju.do1e.cn/. This step is successful, proceed to the next step.

Routing#

The following commands require administrator/sudo privileges. After completion, you should be able to connect to the server and NAS from off-campus and successfully access https://nvtop.main.njucite.cn.

Windows

Run the following command as an administrator in PowerShell (not cmd):

$interface = (route print | Select-String 'ZeroTier Virtual Port').Line.Split('.')[0].Trim()
route add 114.212.0.0 mask 255.255.0.0 10.128.3.4 if $interface metric 1

Linux

sudo ip route add 114.212.0.0/16 via 10.128.3.4 dev $(ifconfig | awk -F: '/^zt[^:]+:/ {print $1; exit}') metric 1

MacOS (AI result, unverified)

route add -net 114.212.0.0/16 10.128.3.4 -hopcount 1

You need to execute the above routing configuration after each reboot, or find a method for permanent configuration, but it is not recommended to permanently configure on laptops.
This method only ensures that the server and NAS can connect.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.