Interactive Apps Requirements

equiros-sfwmd · July 22, 2022, 5:26pm

I am working on enabling interactive apps on my OOD setup.
I currently do not have SSL enabled on my OOD. Do I need it to run interactive apps?
Also, I am using local accounts (PAM) for my authentication.
Do I need to switch to another auth method?

jeff.ohrstrom · July 22, 2022, 5:47pm

Yes or you can follow this insecure hack. HTTP 422 Error / InvalidAuthenticityToken · Issue #1193 · OSC/ondemand · GitHub

Probably. The real question is, will your scheduler recognize that local user?

equiros-sfwmd · July 22, 2022, 6:03pm

Hi Jeff. Thanks for your help !

Ok, I am working on getting the SSL going. I needed to do that anyway!
We are waiting on the dev team to release the new Identity Manager, so we are stuck with local accounts.
That being said, Yes, the scheduler does submit jobs as the correct user. Users are local on all the nodes involved (login node, comp node, head nodes). I was able to submit jobs with OOD, so no problem there.

equiros-sfwmd · July 22, 2022, 6:34pm

Working on the SSL, I am getting this error. I don’t understand what it’s complaining about.
Does the server name need to be indented? Do the certs need to be named as the FQDN?
I am not using a virtual host here. this is a native apache installation.

[root@log01 config]# /opt/ood/ood-portal-generator/sbin/update_ood_portal
(/etc/ood/config/ood_portal.yml): 
did not find expected key while parsing a block mapping at line 16 column 1

This is a snippet of the ood_portal.yml file referenced above

 12 # The server name used for name-based Virtual Host
 13 # Example:
 14 #     servername: 'www.example.com'
 15 # Default: null (don't use name-based Virtual Host)
 16 servername: whqhpc-login01p.sfwmd.gov
 17 ssl:
 18   - 'SSLCertificateFile "/etc/pki/tls/certs/login.crt"'
 19   - 'SSLCertificateKeyFile "/etc/pki/tls/private/login.key"'
 20   - 'SSLCertificateChainFile "/etc/pki/tls/certs/login-chain.crt"'

jeff.ohrstrom · July 22, 2022, 7:07pm

YAML looks OK - that error is specifically about YAML formatting so it’s off somehow. Maybe Windows keys or maybe indent

Or maybe try indenting the ssl options to the left? It’s an indentation problem or funny characters if you copy pasted it (quotes come to mind here).

servername: 'whqhpc-login01p.sfwmd.gov'
ssl:
- 'SSLCertificateFile "/etc/pki/tls/certs/login.crt"'
- 'SSLCertificateKeyFile "/etc/pki/tls/private/login.key"'
- 'SSLCertificateChainFile "/etc/pki/tls/certs/login-chain.crt"'

equiros-sfwmd · July 22, 2022, 7:22pm

I put single quotes on the server name. I missed that first time around.
I indented the block starting with ssl:
That seems to have done it.

system · January 18, 2023, 7:23pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"headless" interactive app? Get Help question	2	26	April 13, 2025
Authentication with PAM or pwauth and Symantec VIP token Get Help	5	930	May 26, 2022
Eval OnDemand with local user and PAM auth Get Help	5	1184	May 26, 2022
Several questions about new Ubuntu 20.04 install of Ondemand Get Help question	19	1824	February 8, 2023
Problems securing OOD Get Help	17	511	April 15, 2024

Interactive Apps Requirements

Related topics