How to access the TRANSP code

  1. Request a TRANSP account at PPPL

    Email transp_support@pppl.gov with:

    • a brief description of your project, and
    • the name of your TRANSP mentor (the person who will guide you in using the code).

    With a PPPL TRANSP account, you can submit runs to PPPL clusters and retrieve results. To submit runs, you must authenticate with an X.509 user certificate. You can request a new certificate from PPPL or migrate from a CILogon certificate (see the instructions below on this page).

    Foreign nationals: Completing the Foreign National Access Program (FNAP) Registration Form is required before your PPPL computer account can be approved and created.

  2. Contribute to development (optional)

    If you plan to contribute code, you can request access to the private TRANSP GitHub repository. Please follow the steps described here: Contributor access instructions.

    In most cases you will also need a PPPL account because TRANSP depends on several third-party packages that are not developed at PPPL and cannot be redistributed broadly by us. It is still possible to build/run TRANSP without these external packages, but functionality will be limited.

  3. Run TRANSP with Docker (optional)

    You can run TRANSP in a containerized environment. See: TRANSP Docker instructions.

About certificates (required for submitting runs)

To submit TRANSP jobs on PPPL clusters you must authenticate with an X.509 user certificate:

  • New users: request a PPPL-issued certificate via transp_support@pppl.gov.
  • Existing CILogon users: migrate your CILogon certificate to a PPPL certificate by following the “Migrate TRANSP Certificate from CILogon to PPPL CA” steps provided below on this page.

Migrate TRANSP Certificate from CILogon to PPPL CA

CILogon has retired its x.509 certificate issuance service and therefore new certificates will not be issued, and existing certificates cannot be renewed. PPPL has created a certificate authority to issue certificates for users to continue to authenticate and utilize TRANSP at PPPL. This requires replacing your existing usercert.pem and userkey.pem files, as well as installing the PPPL CA certificates on the machine you will be submitting from.

Replacing CILogon Certificates

PPPL has issued new certificate pairs for all TRANSP users at PPPL and will be delivering them as CILogon certificates expire. Please contact TRANSP support for more information on obtaining your new certificate pair. This will be delivered via PPPL’s NextCloud server (https://nc.pppl.gov).

  1. Download the tarball (.tar.gz) from the link provided by the TRANSP team.
  1. Typically the password for the download is your PPPL username followed by 072025. Example: auser_072025
    * This username will not be prefixed with tr_
  1. Copy the tarball to the machine you will be submitting TRANSP jobs from.
  2. Backup your existing user certificates:
mv ~/.globus/usercert.pem ~/.globus/usercert.pem.cilogon
mv ~/.globus/userkey.pem ~/.globus/userkey.pem.cilogon
  1. Extract the tarball to your .globus directory and set the correct permissions for your private key. Replace <username> with your username and reference the file path to wherever you downloaded the tarball.
tar -zxvf <username>.tar.gz -C ~/.globus/
chmod 600 ~/.globus/userkey.pem

Installing PPPL Certificate Authorities

In order to fully trust PPPL’s new certificate infrastructure, the certificate authority certificates need to be installed as well. This can be done on a per user basis, or for an entire server (if you have root/sudo privileges).

Install for currently logged-on user

curl -o /tmp/PPPL-CA-Globus.tar.gz https://nc.pppl.gov/index.php/s/EyG6PRMStNK6fbe/download
mkdir -p ~/.globus/certificates && tar -zxvf /tmp/PPPL-CA-Globus.tar.gz -C ~/.globus/certificates/
Install for entire server (root/sudo access required)
curl -o /tmp/PPPL-CA-Globus.tar.gz https://nc.pppl.gov/index.php/s/EyG6PRMStNK6fbe/download
sudo tar -xvf /tmp/PPPL-CA-Globus.tar.gz -C /etc/grid-security/certificates/