I’m trying to setup OOD for a simply demo on a virtual server.

lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS

apt list installed ondemand

Listing… Done
ondemand/stable,now 3.0.3 amd64 [installed]

Initially I was getting the default Ubuntu Apache web page as mentioned in the installation notes. I removed 000-default.conf from the sites-enabled and was able to bring up the OOD web page that says I need to configure authentication.

Since this is only for a Proof of Concept demo I’m trying to set it up with ‘AuthType mod_auth_basic’. I edited the ood_portal.yml file adding the following:

List of Apache authentication directives

NB: Be sure the appropriate Apache module is installed for this

Default: (see below, uses OIDC auth with Dex)

auth:

• ‘AuthType mod_auth_basic’
• ‘AuthName "OnDemand POC’
• 'AuthUserFile /etc/apache2/.htpasswd"
• ‘Require valid-user’

I ran the update_ood_portal command and it was successful. I have a single test user in /etc/apache2/.htpasswd. I now get the following page:

image1051×222 10.3 KB

Questions:

Can I setup OOD using mod_auth_basic?

I have a single user, ravi, in the .htpasswd file. I have a local account setup on the Ubuntu server for ravi. Is there a simple way to set up mapping?

Thanks in advance,

Pete Kain

What’s the error you see in /var/log/apache2?

Jeff,

Not much in the Apache logs. After adding the auth entry to ood_portal.yml, running update_ood_portal and restarting Apache I was expecting to see a prompt to login. Perhaps I need to set up mapping first?

ls -l /etc/apache2/sites-enabled/

total 0
lrwxrwxrwx 1 root root 34 Oct 9 16:11 ood-portal.conf → …/sites-available/ood-portal.conf

/etc/apache2/enabled-available/ood-portal.conf

…
ErrorLog “/var/log/apache2/bofh.rip_error.log”
CustomLog “/var/log/apache2/bofh.rip_access.log” combined

==> bofh.rip_error.log <==
[Mon Nov 06 22:45:07.078768 2023] [authn_core:error] [pid 1847:tid 140613093631552] [client 108.185.177.94:56503] AH01796: AuthType mod_auth_basic configured without corresponding module

==> bofh.rip_access.log <==
108.185.177.94 - - [06/Nov/2023:22:45:07 +0000] “GET /pun/sys/dashboard HTTP/1.1” 500 865 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36”
108.185.177.94 - - [06/Nov/2023:22:45:07 +0000] “GET /favicon.ico HTTP/1.1” 404 555 “http://ondemand.bofh.rip/pun/sys/dashboard” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36”

image.png831×447 24.1 KB

Sincerely,

Pete Kain
c - 818-282-0911

OK - how about /var/log/ondemand-nginx/$USER/error.log and or another error_log in ondemand-nginx.

There’s nothing under /var/log/ondemand-nginx.

root@bofh:/var/log/ondemand-nginx# ls -l /var/log/ondemand-nginx/
total 0

Pete

Jeff,

This may help. After rebooting the server and using a private window in firefox I see the following messages in the access/error logs. I see some hits in my Google search that I’ll start reviewing, but I wanted to share this with you as well.

Ubuntu 22.04 OS.

/etc/ood/config/ood_portal.yml

This is my entry in the ood_portaly.yml file:

List of Apache authentication directives

NB: Be sure the appropriate Apache module is installed for this

Default: (see below, uses OIDC auth with Dex)

auth:

• ‘AuthType mod_auth_basic’
• ‘AuthName "OnDemand Demo’
• ‘AuthUserFile /etc/apache2/.htpasswd’
• ‘Require valid-user’

==> /var/log/apache2/bofh.rip_error.log <==
[Tue Nov 07 08:34:51.888568 2023] [lua:debug] [pid 734:tid 140680328320576] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.888643 2023] [lua:debug] [pid 734:tid 140680328320576] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.888650 2023] [lua:debug] [pid 734:tid 140680328320576] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.888656 2023] [lua:debug] [pid 734:tid 140680328320576] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table

==> /var/log/apache2/bofh.rip_access.log <==
108.185.177.94 - - [07/Nov/2023:08:34:51 -0800] “GET / HTTP/1.1” 302 635 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0”

==> /var/log/apache2/bofh.rip_error.log <==
[Tue Nov 07 08:34:51.960300 2023] [authn_core:error] [pid 734:tid 140680319927872] [client 108.185.177.94:49819] AH01796: AuthType mod_auth_basic configured without corresponding module
[Tue Nov 07 08:34:51.960989 2023] [lua:debug] [pid 734:tid 140680319927872] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.961033 2023] [lua:debug] [pid 734:tid 140680319927872] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.961041 2023] [lua:debug] [pid 734:tid 140680319927872] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:51.961046 2023] [lua:debug] [pid 734:tid 140680319927872] lua_request.c(1882): [client 108.185.177.94:49819] AH01486: request_rec->dispatching subprocess_env → apr table

==> /var/log/apache2/bofh.rip_access.log <==
108.185.177.94 - - [07/Nov/2023:08:34:51 -0800] “GET /pun/sys/dashboard HTTP/1.1” 500 865 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0”

==> /var/log/apache2/bofh.rip_error.log <==
[Tue Nov 07 08:34:52.024558 2023] [lua:debug] [pid 734:tid 140680303142464] lua_request.c(1882): [client 108.185.177.94:49820] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:52.024635 2023] [lua:debug] [pid 734:tid 140680303142464] lua_request.c(1882): [client 108.185.177.94:49820] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:52.024644 2023] [lua:debug] [pid 734:tid 140680303142464] lua_request.c(1882): [client 108.185.177.94:49820] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:34:52.024649 2023] [lua:debug] [pid 734:tid 140680303142464] lua_request.c(1882): [client 108.185.177.94:49820] AH01486: request_rec->dispatching subprocess_env → apr table

==> /var/log/apache2/bofh.rip_access.log <==
108.185.177.94 - - [07/Nov/2023:08:34:52 -0800] “GET / HTTP/1.1” 302 635 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0”

==> /var/log/apache2/bofh.rip_error.log <==
[Tue Nov 07 08:35:01.729118 2023] [authn_core:error] [pid 735:tid 140680568055360] [client 108.185.177.94:49831] AH01796: AuthType mod_auth_basic configured without corresponding module
[Tue Nov 07 08:35:01.729946 2023] [lua:debug] [pid 735:tid 140680568055360] lua_request.c(1882): [client 108.185.177.94:49831] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:35:01.729989 2023] [lua:debug] [pid 735:tid 140680568055360] lua_request.c(1882): [client 108.185.177.94:49831] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:35:01.729996 2023] [lua:debug] [pid 735:tid 140680568055360] lua_request.c(1882): [client 108.185.177.94:49831] AH01486: request_rec->dispatching subprocess_env → apr table
[Tue Nov 07 08:35:01.730000 2023] [lua:debug] [pid 735:tid 140680568055360] lua_request.c(1882): [client 108.185.177.94:49831] AH01486: request_rec->dispatching subprocess_env → apr table

==> /var/log/apache2/bofh.rip_access.log <==
108.185.177.94 - - [07/Nov/2023:08:35:01 -0800] “GET /pun/sys/dashboard HTTP/1.1” 500 865 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0”

Sincerely,

Pete Kain

Jeff,

I think I found my mistake. I had set the AuthType to “mod_auth_basic” when it should have been “Basic”. I now get a login prompt. I’m able to log in with my test user “ravi” but receive a blank dashboard.

I have set up a single test user in my .htpasswd “ravi” but I’m not sure how to map “ravi” to his Linux account “ravi”.

ravi:x:1000:1000:,:/home/ravi:/bin/bash

WORKING BROKEN

List of Apache authentication directives # List of Apache authentication directives

NB: Be sure the appropriate Apache module is installed for # NB: Be sure the appropriate Apache module is installed for

Default: (see below, uses OIDC auth with Dex) # Default: (see below, uses OIDC auth with Dex)

auth: auth:

• 'AuthType Basic’ | - 'AuthType mod_auth_basic’
• ‘AuthName "OnDemand Demo’ - ‘AuthName "OnDemand Demo’
• ‘AuthUserFile /etc/apache2/.htpasswd’ - ‘AuthUserFile /etc/apache2/.htpasswd’
• ‘Require valid-user’ - ‘Require valid-user’

Sincerely,

Pete Kain

User mapping happens through this config user_map_match. Though it looks like the default should just work for you.

Seeing a blank screen is odd for sure, seems like you should see some error message. In any case - /var/log/apache2, /var/log/ondemand-nginx and ``/var/log/ondemand-nginx/$USER` are the locations you should be looking in to find more information about what’s going on.

https://osc.github.io/ood-documentation/latest/reference/files/ood-portal-yml.html?highlight=user_map_match

Jeff,

You’re right about the default mapping. I saw this in the logs.

ondemand.bofh.rip_error.log:[Tue Nov 07 11:04:11.410763 2023] [lua:debug] [pid 738:tid 140573784655424] @/opt/ood/mod_ood_proxy/lib/ood/user_map.lua(21): [client 108.185.177.94:57928] Mapped ‘ravi’ => ‘ravi’ [0.006 ms], referer: http://ondemand.bofh.rip/pun/sys/dashboard/activejobs

When I tested logging in with “ravi” using another browser, Edge, I got the Authorization error below. I checked the nginx logs under and found the following error:

App 2289 output: [2023-11-07 10:40:44 -0800 ] 
ERROR "[ActionDispatch::HostAuthorization::DefaultResponseApp] Blocked host: ondemand.bofh.rip"

Adding the FQDN for the server to the ood_config.yml file and generating a new Apache config seems to have fixed the problem. 

image.png822×489 24.4 KB

image.png822×489 23.7 KB

<img src="upload://9WEnd7K1HDPRfhdsfQrb7kFzPio.png" alt="image.png" width="528" height="165">

Sincerely, 

Pete Kain 

OK - that makes more sense. Did you set the servername or are you trying to access this through an IP?

If you set the servername directly in ood_portal.yml it should start to work. Maybe even if you set the servername to the ip. I think there’s a bug here where we didn’t account for ips - we assumed everyone would be using FQDNs directly.

If you are forced to use the IP and setting the servername to the IP doesn’t work, you can follow the instructions in the first comment of this issue and edit a source file in /var/www to set config.hosts = nil.

Hi Jeff,

Looks like the next step is to setup a cluster. Is it a good practice to install OnDemand on a separate VM rather than a compute node. Right now we only have one Super Micro server with another coming in. As I said earlier, it’s more a POC right now.

Thank you for all your help,

Sincerely,

Pete Kain

Typically yes you’d want it in a VM - or in the very least on a login node. I think compute node is the last place you’d want it - but for a POC, well it should be just fine.

Glad to hear you made progress!

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.