-
Created by
Massimo Sgaravatto, last updated on Jul 17, 2025
6 minute read
This howto explains how to manage the "User requires a new project" request, i.e. requests for an already registered user to create a new project.
The procedure to be followed is described in the following flowchart
Details on the single steps are described below
"Registered user requires a new project"
To manage a user registration request, log as admin in the Dashboard and click on Admin → Identity panel → Registrations. You will see the list of the pending requests.
Select the relevant request and click on Action → Details to see all the information concerning the request
This is the request for ?
You have to understand if this request if for a Unipd project, a INFN project or if it is for a "CloudVeneto" (i.e. non INFN, non Unipd) project.
You could be able to get this information from the "Home institution" field of the request.
If it is:
- xxx.unipd.it, this should be a request for a Unipd project
- xxx.infn.it: this should be a request for a INFN project
- in all other cases, this should be a request for a "CloudVeneto" (i.e. non INFN, non Unipd) project
But in general you might need to contact via e-mail the user to get this information
Is it is for a Unipd project
- Ask the user what is the relevant department
- Ask the user the name(s) of the supervisor(s)
Can the Unipd project be created ?
If the "Home institution field" is other.unipd.it this means that the request is coming from a department which is not one of 10 "managed" departments of the CloudVeneto collaboration. In this case in general we should ask Alberto Garfagnini if the request can be accepted. In case ask Massimo Sgaravatto if he knows something about this request.
In all other cases, please get in touch the contact person(s) that you can see selecting the relevant request and then clicking on Action → Details, as shown in the example picture below.
Send an e-mail to this(these) contact persons (CC-ing the user who submitted the request), asking:
- if it is fine with him/her for the creation of the new project
- the expiration date of the project
Can the CloudVeneto project be created ?
Request for non INFN - non Unipd projects in general should be decided by Alberto Garfagnini. Asks him:
- if the project should be created
- the expiration date of the project
Can the INFN project be created ?
Request for INFN projects should be only for approved INFN experiment, and the person asking for the project should be the local team leader of this experiment.
If this the case, the project can be created. Asks him/her the expiration date of the project
If you are not sure about a request, please ask Massimo Sgaravatto.
Is the user compliant with INFN IT rules ?
To be compliant with the INFN policies the user must be registered in INFN-AAI and:
- he/she must have a verified digital identity (LoA2)
- he/she must declare to have read and accepted the INFN rules for the use of IT resources
- he/she must have followed the "Corso di Sicurezza Informatica - BASE"
To check if a user is complaint with these rules you can use the script /usr/local/bin/check_compliance_to_infn_rules.sh on cld-ctrl-01.
The script check the common name and, if not found, the email address. You can use a regular expression in the query.
Some examples that show how to use this script:
[root@cld-ctrl-01 Comp]# /usr/local/bin/check_compliance_to_infn_rules.sh 'massimo sgaravatto' Trovati i seguenti utenti in INFN-AAI: ----------------- Massimo.Sgaravatto@pd.infn.it .... -->Utente compliant con le disposizioni INFN: l'account puo' essere concesso
[root@cld-ctrl-01 Comp]# /usr/local/bin/check_compliance_to_infn_rules.sh '*arcaro*' Trovati i seguenti utenti in INFN-AAI: ----------------- Cornelia.Arcaro@pd.infn.it .... L'utente non ha fatto il corso -->Utente NON compliant con le disposizioni INFN: l'account NON puo' essere concesso ----------------- cornelia.arcaro@gmail.com .... L'utente non ha una identita' Loa2 L'utente non ha accettato il disciplinare L'utente non ha fatto il corso -->Utente NON compliant con le disposizioni INFN: l'account NON puo' essere concesso
[root@cld-ctrl-01 Comp]# /usr/local/bin/check_compliance_to_infn_rules.sh '*andres gadea*' Trovati i seguenti utenti in INFN-AAI: ----------------- andres.gadea@lnl.infn.it .... Utente deve ancora fare il corso ma e' ancora nel grace period -->L'account puo' essere concesso, ma ricordare all'utente che deve fare il corso entro 30 giorni dalla data di registrazione (altrimenti l'account sara' sospeso)
If the account can be created, but the script reports " ricordare all'utente che deve fare il corso entro 30 giorni dalla data di registrazione (altrimenti l'account sara' sospeso)". once you accept the request write an e-mail to the user The text of the e-mail can be something like:
We received your request for registration for CloudVeneto infrastructure .
Your request was approved but we noticed that you didn't follow the INFN IT Security course. This must be done within 30 days after the registration.
To follow the course, please go to:
https://elearning.infn.it/course/view.php?id=105
Regards
The CloudVeneto support team
If the user is not compliant with the INFN IT rules, reject the request. Tell the user to reapply the registration process once he/she is compliant
Reject request
Select the relevant request and click on Action → Reject.
In the message field please explain why the request was rejected. You might want to explain the decision also via e-mail
Is this a DFA project ?
You should have already have this information (in the previous step)
Define if the project should be created on a 10.64 or 10.67 network
If this is a project for DFA there are two options for the network
- a 10.64 network
- To be used in general if this project will be used by persons who have an account at INFN/DFA (e.g. researchers).
- In this case all users affiliated with the project will have to be compliant with the INFN rules for IT resources
- Access to the VMs will be possible from INFN/DFA LAN without going through the gate
- a 10.67 network
- to be used in general if this project will be used by persons who don't have an account at INFN/DFA (e.g. students)
- In this case it is NOT necessary that users affiliated with the project have to be compliant with the INFN rules for IT resources
- Access to the VMs will be possible only going through a gate
- a 10.64 network
If the user asking for the new project is compliant with INFN IT rules, asks what he prefers (specify all the pros and cons of the two options)
If the user is not compliant with INFN IT rules, the project will use a 10.67 network
Create INFN project
Select the relevant request and click on Action → Create project to authorize the request.
A form will appear.
First of all you to set the expiration date (you should know this information from the previous step).
Select "INFN" as "Available units"
Select the relevant(s) Unit or Department
Choose a 10.64 network from "Available networks"
Create Unipd Project
Select the relevant request and click on Action → Create project to authorize the request.
A form will appear.
First of all you to set the expiration date (you should know this information from the previous step).
Select "Unipd" as "Available units"
Select the relevant(s) Unit or Department
If this is a DFA project, you need to choose a 10.64 or 10.67 network (see previous step)
Choose a 10.67 network from "Available networks" otherwise
Create CloudVeneto project
Select the relevant request and click on Action → Create project to authorize the request.
A form will appear.
First of all you to set the expiration date (you should know this information from the previous step).
Select "CloudVeneto" as "Available units"
Select the relevant(s) Unit or Department
Choose a 10.68 network from "Available networks"
Final steps
Update the relevant page under Networking with the information about the new created network.
Notify the Cloud governance about the new project. by sending an e-mail to:
cloud-unipd-gov@lists.pd.infn.it
Example:
Vi informo che e` stato creato su CloudVeneto il nuovo progetto AbinitioTransport
Descrizione:
We run density functional theory and post density-functional theory (namely the GW-BSE approach) forcalculating from first-principles transport properties such as effective masse, electron and hole lifetimes.Starting from test calculations we aim to study materialsrelevant for solar cell devices. We will focus in particular on hybrid organic-inorganic perovskites. - DFA
Project manager: paolo.umari@unipd.it
Cordiali saluti