I’ve got an installation working, and want to test things out with the “ood” user. However, upon logging in with “ood@localhost” and “password” (as directed in the setup guide) I get the following error message:
Home directory not found
Your home directory appears to be missing. The home directory mount may be unavailable, or your home directory may need to still be created. Please contact support for help and attempt to restart your web server by clicking below when the problem has been fixed.
I have checked that the “ood” user has the correct home directory:
[root@dev-ood1 ood]# grep ood /etc/passwd
And that the home directory exists and has correct permissions:
[root@dev-ood1 ood]# ls -lah /home/ood/
drwx------. 2 ood ood 62 Sep 11 14:29 .
drwxr-xr-x. 3 root root 17 Sep 11 14:29 …
-rw-r–r--. 1 ood ood 18 Apr 1 10:17 .bash_logout
-rw-r–r--. 1 ood ood 193 Apr 1 10:17 .bash_profile
-rw-r–r--. 1 ood ood 231 Apr 1 10:17 .bashrc
I’ll check back after the weekend to see if I can solve this, but if anyone has a solution in the meantime I will be very happy
I haven’t attempted anything in the “Authentication” section of INSTALL yet, although I’m not quite sure where to start in that.
Do you have SELinux enabled? That’s the only reason I can think the home directory would be inaccessible when clearly it’s setup correctly.
For Authentication, how do your users authenticate with your systems? If they use LDAP then you’d want to follow the instructions for setting up LDAP with OnDemand using ondemand-dex. OnDemand supports all the methods for authentication supported by Apache so what to configure really depends on how you want users authenticating with OnDemand.
Yes, I have SELinux enabled, but I also have ondemand-selinux installed.
We will be using LDAP authentication but I wasn’t planning on setting that up just yet.
/home is not on an NFS share, perhaps I need to turn on
ondemand_manage_user_home_dir is likely what you need as that’s intended to allow OnDemand to access local, non-NFS home directories.
Production deployments of OnDemand typically use some sort of shared filesystem like NFS as the users using OnDemand have to have their $HOME accessible on the OnDemand node as well as the HPC clusters. If you’re using NFS then you’ll want to enable the
ondemand_use_nfs SELinux boolean, which should have been enabled by default so maybe nothing needed there unless it got turned off.
Great, I’ll give it a shot. Thanks
I think the plan is to use LDAP and NFS-hosted home directories (as we already do on our production clusters), but I’m not at the stage of testing that with OOD just yet - trying to start simple as we haven’t used OOD before.
Great, everything appears working after setting that SELinux boolean.
I’m a little confused as the Authentication section doesn’t explicitly talk about LDAP - if I follow the directions in https://osc.github.io/ood-documentation/latest/installation/add-ldap.html do I need to do anything else?
Currently we just have LDAP, nothing like Shibboleth… I’m curious about the benefits of having something “more robust” hinted at by that page.
“More robust” mostly refers to more complex authentication systems that support things like SSO and Logout and multi-factor auth. Some of that language is left over from when LDAP support with OnDemand required using Basic Auth which was replaced by Dex based LDAP authentication. For Dex we get logout support using mod_auth_openidc features but the actual Dex program itself doesn’t support Logout.
Once you’ve done this: https://osc.github.io/ood-documentation/latest/authentication/dex.html#dex-ldap (linked from your linked page) then you should be good to go with LDAP authentication using Dex.