User Access Service (UAS)

The User Access Service (UAS) is a service that manages User Access Instances (UAIs) which are containerized services under Kubernetes that provide application developers and users with a lightweight login environment in which to create and run user applications. UAIs run on non-compute nodes (NCN), specifically Kubernetes Worker nodes.

At a high level, there are two ways to configure UAS with respect to allowing users access to UAIs. The standard configuration involves the use of Broker UAIs through which users establish SSH login sessions. When a login session is established to a Broker UAI the Broker UAI either locates or creates a new UAI on behalf of the user and forwards the user’s SSH connection to that UAI. A legacy configuration requires users to create their own UAIs through the cray CLI. Once a UAI is created in this way, the users can use SSH to log into the UAI directly. The legacy configuration will soon be deprecated. Sites using it should migrate to the Broker UAI based configuration.

Once logged into a UAI, users can use most of the facilities found on a User Access Node (UAN) with certain limitations. Users can also use UAIs to transfer data between the Cray system and external systems.

By default, the timezone inside the UAI container is configured to match the timezone on the host NCN on which it is running, For example, if the timezone on the host NCN is set to CDT, the UAIs on that host will also be set to CDT.

Component Function/Description
User Access Instance (UAI) An instance of UAS container.
cray-uas-mgr Manages UAI life cycles.
Container Element Components
Operating system SLES15 SP2
kubectl command Utility to interact with Kubernetes.
cray command Command that allows users to create, describe, and delete UAIs.

Administrative users use cray uas admin uais list to list the following parameters for all existing UAIs:

NOTE: The example values below are used throughout the UAS procedures. They are used as examples only. Users should substitute with site-specific values.

Parameter Description Example value
uai_connect_string The UAI connection string ssh user@203.0.113.0 -i ~/.ssh/id\_rsa
uai_img The UAI image ID registry.local/cray/cray-uas-sles15sp1-slurm:latest
uai_name The UAI name uai-user-be3a6770
uai_status The state of the UAI. Running: Ready
username The user who created the UAI. user
uai_age The age of the UAI. 11m
uai_host The node hosting the UAI. ncn-w001

Authorized users in Legacy UAI Management use cray uas list to see the same information on all existing UAIs owned by the user (if any).

Getting Started

UAS is highly configurable and it is recommended that administrators familiarize themselves with, at least, the major concepts covered in the Table of Contents below before allowing users to use UAIs. In particular, the concepts of End-User UAIs and Broker UAIs, and the procedures for setting up and customizing Broker UAIs are critical to setting up UAS properly.

Another important topic, once administrators are familiar with setting up UAS to provide basic UAIs, is customizing the UAI image to support user workflows. At the simplest level, administrators will want to create and use a UAI image that matches the booted compute nodes. This can be done by following the Customize End-User UAI Images procedure.

Table of Contents

Next Topic: UAS Limitations