Open-Ondemand Portal

TrinityX incorporates the Open-Ondemand framework for offering access to (optional) on-the-web available puns but also custom and in-house developed puns for cluster management. This framework is typically delivered through the headnode or controller of the cluster.

How are things connected?

To be able to access the actual portal, it is important to understand how things are connected.

A typical cluster configuration:

   +-----+
   | DNS |    ___________                                 ___________     ___ node001
   +-----+   /           \         +------------+        /           \   /
 ------------|  external |---------| controller |--------|  internal |------- node002
       /     |   net     |       ^ +------------+        |    net    |   \
 +---------+ \___________/       |                       \___________/    --- node003
 | pc w/   |                     |                  
 | browser |             trix_external_fqdn               10.141.x.x
 +---------+

The Open-Ondemand portal is listening on port 8080 on the external interface of the controller and is normally reachable by https://<trix_external_fqdn>:8080. Trix_external_fqdn can be set during trinityX installation, or is alternatively detemined by the fqdn of the controller. It is important that what is set for trix_external_fqdn, can be resolved by the pc with browser.

Example: If trix_external_fqdn was configured as headnode01.cluster02.uni.lan, this name should be registered in the external DNS server.

Note: The controller itself also needs to be able to resolve trix_external_fqdn. If the cluster DNS configuration (e.g. forwarder to external DNS) is not able to resolve, an entry should be added to /etc/hosts:

# /etc/hosts:
...
...
a.b.c.d   headnode01.cluster02.uni.lan

Loging in

To make use of the Open-Ondemand environment, you need to be able to login. By default no user is created during the installation of trinityX, so it is important to create at least one.

Creating an admin user:

# obol user add -P --groups admins testadmin

Creating a regular user:

# obol user add -P testuser

Permissions and segragation

Please note that the Open-Ondemand structure is by default configured to segragate functionality or roles based on the membership of the group. It accomplishes this by granting access to puns based on read access to the directories in the Open-Ondemand root:

# ls -la /trinity/local/ondemand/3.0/
total 156
drwxr-xr-x. 23 root admins  4096 Apr  2 22:47 .
drwxr-xr-x.  3 root root    4096 Apr  2 22:47 ..
drwxr-x---.  4 root admins  4096 Feb  9 15:48 bmcsetup
drwxr-x---.  4 root admins  4096 Feb  9 15:48 cluster
drwxr-xr-x.  2 root root    4096 Apr  2 22:47 config
drwxr-x---.  4 root admins  4096 Feb  9 15:48 control
drwxr-x---.  4 root admins  4096 Feb  9 15:48 dns
drwxr-x---.  4 root admins  4096 Feb  9 15:48 group
drwxr-x---.  5 root admins  4096 Feb  9 15:48 infiniband
-rw-r--r--.  1 root root   32601 Oct  6  2023 LICENSE.txt
-rw-r--r--.  1 root root    6950 Feb  9 15:48 MANIFEST.in
drwxr-x---.  4 root admins  4096 Feb  9 15:48 monitor
drwxr-x---.  4 root admins  4096 Feb  9 15:48 network
drwxr-x---.  4 root admins  4096 Feb  9 15:48 node
drwxr-x---.  4 root admins  4096 Feb  9 15:48 osimage
drwxr-x---.  4 root admins  4096 Feb  9 15:48 osimagetag
drwxr-x---.  4 root admins  4096 Feb  9 15:48 otherdev
-rw-r--r--.  1 root root    1066 Feb  9 15:48 PKG-INFO
drwxr-x---.  4 root admins  4096 Feb  9 15:48 rack
-rw-r--r--.  1 root root     707 Oct  6  2023 README.md
-rw-r--r--.  1 root root     172 Oct  6  2023 requirements.txt
drwxr-x---.  4 root admins  4096 Feb  9 15:48 secrets
drwxr-xr-x.  5 root admins  4096 Feb  9 15:48 sensu
drwxr-x---.  4 root admins  4096 Feb  9 15:48 service
-rw-r--r--.  1 root root      38 Feb  9 15:48 setup.cfg
-rw-r--r--.  1 root root    3359 Oct  9  2023 setup.py
drwxr-x---.  5 root admins  4096 Feb  9 15:48 slurm
drwxr-x---.  4 root admins  4096 Feb  9 15:48 switch
drwxr-xr-x.  2 root root    4096 Feb  9 15:48 trinityx_ood.egg-info
drwxr-x---.  5 root admins  4096 Feb  9 15:48 users
-rw-r--r--.  1 root root      14 Feb  9 15:48 VERSION.txt

This allows for very granular configurations where different departments have access to specific puns. The above example is a default configuration where the group admins are granted to more access for management purposes.