Interactive Apps Requirements

I am working on enabling interactive apps on my OOD setup.
I currently do not have SSL enabled on my OOD. Do I need it to run interactive apps?
Also, I am using local accounts (PAM) for my authentication.
Do I need to switch to another auth method?

Yes or you can follow this insecure hack. HTTP 422 Error / InvalidAuthenticityToken · Issue #1193 · OSC/ondemand · GitHub

Probably. The real question is, will your scheduler recognize that local user?

Hi Jeff. Thanks for your help !

Ok, I am working on getting the SSL going. I needed to do that anyway! :grinning:
We are waiting on the dev team to release the new Identity Manager, so we are stuck with local accounts.
That being said, Yes, the scheduler does submit jobs as the correct user. Users are local on all the nodes involved (login node, comp node, head nodes). I was able to submit jobs with OOD, so no problem there.

Working on the SSL, I am getting this error. I don’t understand what it’s complaining about.
Does the server name need to be indented? Do the certs need to be named as the FQDN?
I am not using a virtual host here. this is a native apache installation.

[root@log01 config]# /opt/ood/ood-portal-generator/sbin/update_ood_portal
(/etc/ood/config/ood_portal.yml): 
did not find expected key while parsing a block mapping at line 16 column 1

This is a snippet of the ood_portal.yml file referenced above

 12 # The server name used for name-based Virtual Host
 13 # Example:
 14 #     servername: 'www.example.com'
 15 # Default: null (don't use name-based Virtual Host)
 16 servername: whqhpc-login01p.sfwmd.gov
 17 ssl:
 18   - 'SSLCertificateFile "/etc/pki/tls/certs/login.crt"'
 19   - 'SSLCertificateKeyFile "/etc/pki/tls/private/login.key"'
 20   - 'SSLCertificateChainFile "/etc/pki/tls/certs/login-chain.crt"'

YAML looks OK - that error is specifically about YAML formatting so it’s off somehow. Maybe Windows keys or maybe indent

Or maybe try indenting the ssl options to the left? It’s an indentation problem or funny characters if you copy pasted it (quotes come to mind here).

servername: 'whqhpc-login01p.sfwmd.gov'
ssl:
- 'SSLCertificateFile "/etc/pki/tls/certs/login.crt"'
- 'SSLCertificateKeyFile "/etc/pki/tls/private/login.key"'
- 'SSLCertificateChainFile "/etc/pki/tls/certs/login-chain.crt"'

I put single quotes on the server name. I missed that first time around.
I indented the block starting with ssl:
That seems to have done it.