add vscode guide

docs/access/index.md

@@ -26,4 +26,10 @@ This documentation guides users through the process of accessing CSCS systems an
 
     [:octicons-arrow-right-24: SSH][access-ssh]
 
+-   :fontawesome-solid-layer-group: __VSCode__
+
+    How to connect VSCode IDE on your laptop with Alps
+
+    [:octicons-arrow-right-24: SSH][access-vscode]
+
 </div>

docs/access/vscode.md

@@ -1,8 +1,161 @@
-[](){#vscode}
+[](){#access-vscode}
 # Connecting with VSCode
 
+[Visual Studio Code](https://code.visualstudio.com/) provides flexible support for remote development.
+VSCode's [remote tunnel feature](https://code.visualstudio.com/docs/remote/tunnels) starts a server on a remote system, and connects the editor to this server.
+There are two ways to set up the connection:
+
+* using the code CLI: the most flexible method if using containers or uenv.
+* using the VSCode interface: VSCode will connect onto the system, download and start the server
+
+The main challenge with using VSCode is that the most convenient method for starting a remote session is to start a remote tunnel from the VS Code GUI.
+This approach starts a session in the standard login environment on that node, however this won't work if you want to be developing in a container, in a uenv, or on a compute node.
+
+## Flexible method: remote server
+
+The most flexible method for connecting VSCode is to log in to the Alps system, set up your environment (start a container or uenv, start a session on a compute node), and start the remote server in that environment pre-configured.
+
+!!! note
+    This approach requires that you have a GitHub account, and that the GitHub account is configured with your VS Code editor.
+
+The first step is to download the VS Code CLI tool `code`, which CSCS provides for easy download.
+There are two executables, one for using on systems with x86 or ARM CPUs respectively.
+
+=== "`aarch64` nodes (daint, clariden, santis)"
+    ```
+    wget https://jfrog.svc.cscs.ch/artifactory/uenv-sources/vscode/vscode_cli_alpine_arm64_cli.tar.gz
+    tar -xf vscode_cli_alpine_arm64_cli.tar.gz
+    ```
+
+=== "`x86_64` nodes (eiger, bristen)"
+    ```
+    wget https://jfrog.svc.cscs.ch/artifactory/uenv-sources/vscode/vscode_cli_alpine_x64_cli.tar.gz
+    tar -xf vscode_cli_alpine_x64_cli.tar.gz
+    ```
+
+Alternatively, download the CLI tool from the [VS Code site](https://code.visualstudio.com/Download) -- take care to select either x86 or Arm64 version that matches the target system.
+
+After downloading, copy the `code` executable to a location in your PATH, so that it is available for future sessions.
+
+??? note "guidance on where to put architecture-specific executables"
+    The home directory can be shared by multiple clusters that might have different micro-architectures, so it is important to separate executables for x86 and aarch64 (ARM) targets.
+
+    In `~/.bashrc`, add the following line (you will need to log in again for this to take effect):
+    ```
+    export PATH=$HOME/.local/$(uname -m)/bin:$PATH
+    ```
+    The `uname -m` command will print `aarch64` or `x86_64`, according to the microarchitecture of the node it is run on.
+
+    Then create the path, and copy the `code` executable to the architecture-specific path:
+    ```
+    mkdir -p $HOME/.local/$(uname -m)/bin
+    cp ./code $HOME/.local/$(uname -m)/bin
+    ```
+
+To set up a remote server on the target system,
+run the `code` executable that you downloaded the `tunnel` argument.
+You will be asked to choose whether to log in to Microsoft or GitHub (we have tested with GitHub):
+
+```
+> code tunnel
+...
+? How would you like to log in to Visual Studio Code? ›
+  Microsoft Account
+❯ GitHub Account
+```
+
+You will be requested to go to [github.com/login/device](https://github.com/login/device) and enter an 8-digit code.
+Once you have finished registering the service with GitHub, in VSCode on your PC/laptop open the "remote explorer" pane on the left hand side of the main window, and the connection will be visible under REMOTES (TUNNELS/SSH) -> Tunnels.
+
+!!! note "first time setting up a remote service"
+    If this is the first time you have followed this procedure, you may have to sign in to GitHub in VSCode.
+    Click on the Remote Explorer button on the left hand side, and then find the following option:
+
+    ```
+    REMOTES(TUNNELS/SSH)
+     Tunnels
+        Sign in to tunnels registered with GitHub
+    ```
+
+    If you have not signed in to GitHub with VS Code editor, you will be redirected to the browser to sign in.
+
+    After signing in and authorizing VSCode, the open tunnel should be visible under REMOTES (TUNNELS/SSH) -> Tunnels.
+
+### Using with uenv
+
+To use a uenv with VSCode, the uenv must be started before calling `code tunnel`.
+Log into the target system and start the uenv, then start the remote server, for example:
+```
+# log into daint (this could be any other Alps cluster)
+ssh daint
+# start a uenv session on the login node
+uenv start --view=default prgenv-gnu/24.11:v1
+# then start the tunnel
+code tunnel
+```
+
+Alternatively, you can execute `code tunnel` directly in the environment:
+```
+ssh daint
+uenv run --view=default prgenv-gnu/24.11:v1 -- code tunnel
+```
+
+Once the tunnel is configured, you can access it from VSCode.
+
+!!! warning
+    If you plan to do any intensive work: repeated compilation of large projects or running python code in Jupyter, please see the guide to running on a compute node below.
+    Running intensive workloads on login nodes, which are shared resources between all users, is against CSCS [fair usage][policies-fair-use] of Shared Resources policy.
+
+### Using with containers
+
 !!! todo
-    how to connect VSCode
+    write a guide
+
+### Running on a compute node
+
+If you plan to do computation using your VSCode, then you should first allocate resources on a compute node and set up your environment there.
+
+!!! example "directly create the tunnel using srun"
+    You can directly execute the `code tunnel` command using srun:
+    ```
+    ssh daint
+    srun --uenv=prgenv-gnu/24.11:v1 --view=default -t120 -n1 --pty code tunnel
+    ```
 
-    * with a container
-    * with a uenv
+    * `--uenv` and `--view` set up the uenv
+    * `-t120` requests a 2 hour (120 minute) reservation
+    * `-n1` requests a single rank - only one rank/process is required for VSCode
+    * `--pty` allows forwarding of terminal I/O, regired to sign in to Github
+
+    Once the job allocation is granted, you will be prompted to log into GitHub, the same as starting a session on the login node.
+    If you don't want to use a uenv, the command is even simpler:
+    ```
+    ssh daint
+    srun -t120 -n1 --pty code tunnel
+    ```
+
+!!! example "log into a node before starting"
+    It is also possible to log into a compute node before executing the `code tunnel` command, if that suits your workflow:
+    ```
+    # log into daint
+    ssh daint
+
+    # start an interactive shell session
+    srun -t120 -n1 --pty bash
+
+    # set up the environment before starting the tunnel
+    uenv start prgenv-gnu/24.11:v1 --view=default
+    code tunnel
+    ```
+
+    * `-t120` requests a 2 hour (120 minute) reservation
+    * `-n1` requests a single rank - only one rank/process is required for VSCode
+    * `--pty` allows forwarding of terminal I/O, for bash to work interactively
+
+## Connecting via VSCode UI
+
+!!! warning
+    This approach is not recommended, because while it may be easier to connect via the VS Code UI, it is much more difficult to configure the connection so that you can use uenv, containers or compute nodes.
+
+!!! todo
+    Write the guide

docs/policies/index.md

@@ -0,0 +1,30 @@
+# CSCS User Policies
+
+The CSCS [code of conduct](code-of-conduct.md) outlines the responsibilities and proper practices for the CSCS user community.
+
+The [User Regulations](regulations.md) define the basic guidelines for the usage of CSCS computing resources. The right to access CSCS resources may be revoked to whoever breaches any of the user regulations.
+
+## Computing Budget
+
+Compute time on Alps systems is accounted in node hours; computing time on CSCS systems that allow node sharing will be accounted in core hours.
+
+Please note that resources at CSCS are assigned over three-months windows
+
+* Quotas are reset on April 1st, July 1st, October 1st and January 1st
+* Please make sure to use thoroughly your quarterly compute budget within the corresponding time frame
+* Resources unused in the three-month periods are not transferred to the next allocation period but are forever lost
+
+## Data Retention Policies
+
+Data belonging to active projects in the filesystems /users, /project, /store are under backup. There is no backup for data under the scratch filesystem, therefore no data recovery is possible in case of accidental loss or for data deleted due to the cleaning policy implemented on this filesystem.
+
+Please note that the long term storage service is granted as long as your project is active, and the data will be removed without further notice 3 months after the expiration of the project: please check the applicable filesystem policies for the grace period granted after the expiration of the project.
+
+Furthermore, as soon as your project expires, the backup of the data belonging to the project will be disabled immediately: therefore no data backup will be available after the final data removal.
+
+[](){#policies-fair-use}
+## Fair Usage of Shared Resources
+
+The [Slurm][slurm] scheduling system is a shared resource that can handle a limited number of batch jobs and interactive commands simultaneously. Therefore users should not submit hundreds of Slurm jobs and commands at the same time, as doing so would infringe our fair usage policy.
+
+Let us also remind you that **running compute or memory intensive applications on the login nodes is forbidden**. Please submit batch jobs with the Slurm scheduler, in order to allocate and run your processes on compute nodes: compute or memory intensive processes affecting the performance of login nodes will be terminated without warning.

docs/policies/regulations.md

@@ -0,0 +1,15 @@
+# User Regulations
+
+The User Regulations define the basic guidelines for the usage of CSCS computing resources.
+The right to access CSCS resources may be revoked to whoever breaches any of the user regulations.
+
+These are the Terms & Conditions, which users need to follow in order to access CSCS computing resources.
+
+* Access to CSCS facilities is granted on an individual basis. An account is usable by the applicant only and only for the exlpicit purposes stated in the project application. CSCS does not allow sharing of accounts.
+* The applicant is not permitted to give any other person (project member or otherwise), organization or representative of any organization access to CSCS facilities explicitly or implicitly, through negligence or carelessness. Revealing of passwords or identification protocols through verbal, written or electronic means is strictly prohibited. Any such activity is considered a breach of CSCS security, the contract between the applicant and CSCS at the moment the Account Application Form is submitted and approved, and the established contracts between CSCS and its computer vendors. Should such activity occur, the applicant will be immediately barred from all present and future use of CSCS facilities and is fully liable for all consequences arising from the infraction.
+* Any indication of usage or requests for runs which give rise to serious suspicion will be further investigated and escalated to the appropriate authorities if necessary.
+* Access to and use of data of other accounts on CSCS systems without prior consent from the principal investigator to which project the user account pertains is strictly prohibited. The terms and conditions for use of data from other accounts must be directly agreed to by the data owner.
+* The applicant confirms that all information provided on his/her Account Application Form is true and accurate, and that she/he has not knowingly misrepresented him/herself.
+* The principal investigator should promptly and proactively notify CSCS as soon as the applicants (i.e. the future account owner) should be suspended.
+
+All CSCS account holders are fully bound to obey by the [ETH Zurich Acceptable Use Policy for Telematics Resources](https://rechtssammlung.sp.ethz.ch/Dokumente/203.21en.pdf) (“BOT”).

mkdocs.yml

@@ -74,6 +74,8 @@ nav:
     - 'Long Term Storage': storage/longterm.md
     - 'Object Storage': storage/object.md
   - 'Policies':
+    - policies/index.md
+    - 'User Regulations': policies/regulations.md
     - 'Code of Conduct': policies/code-of-conduct.md
     - 'UserLab Support Policy': policies/support.md
     - 'Slack Code of Conduct': policies/slack.md