Open-Ondemand Portal
TrinityX incorporates the Open-Ondemand framework for offering access to (optional) on-the-web available puns but also custom and in-house developed puns for cluster management. This framework is typically delivered through the headnode or controller of the cluster.
How are things connected?
To be able to access the actual portal, it is important to understand how things are connected.
A typical cluster configuration:
+-----+
| DNS | ___________ ___________ ___ node001
+-----+ / \ +------------+ / \ /
------------| external |---------| controller |--------| internal |------- node002
/ | net | ^ +------------+ | net | \
+---------+ \___________/ | \___________/ --- node003
| pc w/ | |
| browser | trix_external_fqdn 10.141.x.x
+---------+
The Open-Ondemand portal is listening on port 8080 on the external interface of the controller and is normally reachable by https://<trix_external_fqdn>:8080.
Trix_external_fqdn can be set during trinityX installation, or is alternatively detemined by the fqdn of the controller.
It is important that what is set for trix_external_fqdn, can be resolved by the pc with browser.
Example: If trix_external_fqdn was configured as headnode01.cluster02.uni.lan, this name should be registered in the external DNS server.
Note: The controller itself also needs to be able to resolve trix_external_fqdn. If the cluster DNS configuration (e.g. forwarder to external DNS) is not able to resolve, an entry should be added to /etc/hosts:
# /etc/hosts:
...
...
a.b.c.d headnode01.cluster02.uni.lan
Loging in
To make use of the Open-Ondemand environment, you need to be able to login. By default no user is created during the installation of trinityX, so it is important to create at least one.
Creating an admin user:
# obol user add -P --groups admins testadmin
Creating a regular user:
# obol user add -P testuser
Permissions and segragation
Please note that the Open-Ondemand structure is by default configured to segragate functionality or roles based on the membership of the group. It accomplishes this by granting access to puns based on read access to the directories in the Open-Ondemand root:
# ls -la /trinity/local/ondemand/3.0/
total 156
drwxr-xr-x. 23 root admins 4096 Apr 2 22:47 .
drwxr-xr-x. 3 root root 4096 Apr 2 22:47 ..
drwxr-x---. 4 root admins 4096 Feb 9 15:48 bmcsetup
drwxr-x---. 4 root admins 4096 Feb 9 15:48 cluster
drwxr-xr-x. 2 root root 4096 Apr 2 22:47 config
drwxr-x---. 4 root admins 4096 Feb 9 15:48 control
drwxr-x---. 4 root admins 4096 Feb 9 15:48 dns
drwxr-x---. 4 root admins 4096 Feb 9 15:48 group
drwxr-x---. 5 root admins 4096 Feb 9 15:48 infiniband
-rw-r--r--. 1 root root 32601 Oct 6 2023 LICENSE.txt
-rw-r--r--. 1 root root 6950 Feb 9 15:48 MANIFEST.in
drwxr-x---. 4 root admins 4096 Feb 9 15:48 monitor
drwxr-x---. 4 root admins 4096 Feb 9 15:48 network
drwxr-x---. 4 root admins 4096 Feb 9 15:48 node
drwxr-x---. 4 root admins 4096 Feb 9 15:48 osimage
drwxr-x---. 4 root admins 4096 Feb 9 15:48 osimagetag
drwxr-x---. 4 root admins 4096 Feb 9 15:48 otherdev
-rw-r--r--. 1 root root 1066 Feb 9 15:48 PKG-INFO
drwxr-x---. 4 root admins 4096 Feb 9 15:48 rack
-rw-r--r--. 1 root root 707 Oct 6 2023 README.md
-rw-r--r--. 1 root root 172 Oct 6 2023 requirements.txt
drwxr-x---. 4 root admins 4096 Feb 9 15:48 secrets
drwxr-xr-x. 5 root admins 4096 Feb 9 15:48 sensu
drwxr-x---. 4 root admins 4096 Feb 9 15:48 service
-rw-r--r--. 1 root root 38 Feb 9 15:48 setup.cfg
-rw-r--r--. 1 root root 3359 Oct 9 2023 setup.py
drwxr-x---. 5 root admins 4096 Feb 9 15:48 slurm
drwxr-x---. 4 root admins 4096 Feb 9 15:48 switch
drwxr-xr-x. 2 root root 4096 Feb 9 15:48 trinityx_ood.egg-info
drwxr-x---. 5 root admins 4096 Feb 9 15:48 users
-rw-r--r--. 1 root root 14 Feb 9 15:48 VERSION.txt
This allows for very granular configurations where different departments have access to specific puns. The above example is a default configuration where the group admins are granted to more access for management purposes.