- Configure SSL redirection for OOD
- Install the application on OOD
- Install and configure the ThinLinc server on the compute node
- Configure ThinLinc to start sessions under SLURM's control
- Set up PAM module pam_tlpasswd for automatic login
Chapter 1-2 are for the Open OnDemand login node and chapter 3-5 are for the compute nodes.
You need to set the SSL redirection sub-uri and the additional SSL settings for
the OOD reverse proxy in /etc/ood/config/ood_portal.yml:
secure_rnode_uri: '/secure-rnode'
ssl_proxy:
- 'SSLProxyCheckPeerCN Off'
- 'SSLProxyCheckPeerName Off'
custom_location_directives:
- '<If "%{REQUEST_URI} =~ m|^/secure-rnode/([^/]+)/(\d+)/connect/\1|">'
- ' AddOutputFilterByType SUBSTITUTE text/html application/javascript'
- ' Substitute "s|https://([^/:]+):(\d+)/|/secure-rnode/$1/$2/|i"'
- '</If>'
NOTE: Read about why the custom_location_directives is set in the README.
Should you want to enable Native client support, this custom virtual host directive will be needed to set the correct MIME-type for the ThinLinc profile. The native client will only work if users are able to establish a direct SSH connection to the compute node/ThinLinc server.
custom_vhost_directives:
- '<LocationMatch ".*\.tlclient$">'
- ' Header set Content-Type "application/thinlinc.client"'
- ' Header set Content-Disposition "attachment"'
- '</LocationMatch>'
When you have added these configurations to your ood_portal.yml config,
generate the new Apache config as such:
sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
To apply the new configurations made with update_ood_portal, you need to
restart the web server running the OOD instance.
-
Clone this repository into your applications folder for OOD.
-
Configure the
form.yml- You need to at least configure the clusters available to start the job on. These
clusters names are the ones specified in
/etc/ood/config/clusters.d/<clustername>.yml.
- You need to at least configure the clusters available to start the job on. These
clusters names are the ones specified in
-
Configure the
submit.yml.erb- This may or may not need configurations for resources such as GPU (sharing or no
sharing) or other devices/configuration changes made in
form.yml.
- This may or may not need configurations for resources such as GPU (sharing or no
sharing) or other devices/configuration changes made in
-
Configure the
view.html.erb- To enable the native client functionality, set the
enabled_clientvariable to eithernativefor native client-only support, orbothto enable the native client and the web client. - If you configured the
secure_rnode_urito something other than/secure-rnode, change thewebaccess_urlvariable to your value.
- To enable the native client functionality, set the
Download and install the latest ThinLinc server on the compute node.
Navigate to /opt/thinlinc/etc/xsession and overrwrite the file with the
contents in the provided xsession file. Also available
as a direct download.
This chapter contains two steps. Installing the PAM module, then installing a Slurm Epilog script to clean up the temporary password files created by the Open OnDemand job. Both of these steps are done on the Compute nodes.
-
Install the PAM module
pam_tlpasswd, you may need to reconfigure the target path to your PAM modules directory. The target path may differ depending on your distro.
sudo install pam_tlpasswd.so /lib64/security/pam_tlpasswd.so
- Configure
/etc/pam.d/sshdto add this in the top of the file:
auth [success=done ignore=ignore default=die] pam_tlpasswd.so
-
Download or scp the clean up script.
-
Install the clean up script. The target path may be any other place, just make sure it matches the path in step 3
sudo cp ood_thinlinc_cleanup.sh /etc/slurm/ood_thinlinc_cleanup.sh
- Edit
/etc/slurm/slurm.confto add the following line:
Epilog=/etc/slurm/ood_thinlinc_cleanup.sh
Debugging The Epilog clean up script:
sudo journalctl -t tlCleanupEpilog