OOD 2.0.27 and Rocky Linux 8.6 authentications and beyond

I’m building a node using ondemand 2.0.27 with Rocky Linux 8.6 and following the documentation I’m having some difficulties in some points about authentication.

I understand that there are three ways of settings, using PAM, DEX and Keycloak. For a login screen to appear for you you need the mod_auth_openidc module and mod_authnz_pam for PAM

Via PAM I got it without problems. By DEX too, but I haven’t used LDAP yet and only using the example user. Another option is the Keycloak that I couldn’t configure.

Are there other ways to configure authentication? Does the login screen from the customer’s point of view appear only with PAM or Keycloak models?

Hi Leonardo.

Thanks for the post, and welcome to the Open OnDemand Community.

We were wondering if there is some authentication system that you already use and want to tie into (i.e., campus wide auth)?

Thanks,
-gerald

Thank you, Gerald!

I work on the PUC-Rio campus and am in the process of implementing part of the infrastructure. So I have a freedom to choose what to use for CAS with LDAP or OIDC. I’ve been looking at keycloak and if implementing LDAP I’m leaning towards FreeIPA.
I’m open to different recommendations.

At the moment I implemented OOD with authentication via standard PAM with the popup login form. My implementation is in a container for provisioning a warewulf node (4.3.0). I have a warewulf cluster with OpenHPC Slurm.

Now I’m trying to implement Jupyter notebook and configure Jobs in Job Composer. In the “Cluster” dropdown I have ssh access normally.

On node OOD are installed Slurm and Munge is synchronized with all cluster nodes.

My questions are:

  • Does slurmd need to be UP or only Munge?
  • How to install and configure Jupyter in OOD?

In “Job Composer” in “Copy Template” when saving, I have an error page “The change you wanted was rejected.”

The error in “Job Composer” was resolved by configuring TLS certificates which is mandatory to work.