Update_ood_portal does not work

I have an issue very similar to this one Update_ood_portal script does not work

I’m trying to setup reverse proxy and the following lines in my ood-portal.yml file
host_regex: ‘[\w.-]+.gsu.edu’
node_uri: ‘/node’
rnode_uri: ‘/rnode’

when i run update_ood_portal it complains about different checksum. If I use --force option it creates me httpd.conf file w/o any of my custom settings. It doesn’t have my ssl info or mellon authentication.

<VirtualHost :>

RewriteEngine On
RewriteCond %{REQUEST_URI} !/public/need_auth.html
RewriteRule ^.*$ /public/need_auth.html [R=301,L]

Only public assets enabled in this mode.

If you’re reading this message you need to setup authentication: 2. Authentication — Open OnDemand 3.0.0 documentation

Alias “/public” “/var/www/ood/public”
<Directory “/var/www/ood/public”>
Options FollowSymLinks
AllowOverride None
Require all granted

Can you please advise.
Sofya

You need to add mellon authentication before the system can proceed.

I have mellon authentication and it’s working. I’m trying to do some other settings like revers proxy to create an interactive app.

OK, as long as you have something in the auth section - the installation/configuration can move forward. This was to force folks to setup authentication first before anything else.

I don’t have problems with the dashboard or installation. My problem that Update_ood_portal script is not working. Should I just stop using it and manually edit my http conf file?

Can you share your ood_portal.yml? I see from the first comment there’s no auth section. There needs to be an auth section for update_ood_portal to present any conf file that is not the one you’re looking at.

No because bouncing apache is going to use this program as well.

What I posted in the begining it’s what I get if I run update_ood_portal. My ood_portal.yml is below. I removed all comments. Is spacing important? Maybe it cannot read my ood_portal.yml file?


servername 'ondemand'
 ssl:
   - 'SSLCertificateFile "/etc/pki/tls/certs/ondemand.cert"'
   - 'SSLCertificateKeyFile "/etc/pki/tls/private/ondemand.key"'

logroot: '/var/log/ondemand-nginx'
errorlog: 'error.log'
accesslog: 'access.log'
frame-ancestors https://*.example.com 'self'
user_map_match: 'EXAMPLE([^@]+)\'
auth:
    - 'AuthType Mellon'
    - 'Require valid-user'
 host_regex: '[\w.-]+\.example\.com'
 node_uri: '/node'  
 rnode_uri: '/rnode'

I was able to modify my apache conf for reverse proxy and I can connect to VNC but I have to manually add domain at the end of the node name in the link to make it work. I’m not sure why it url generates w/o domain. Here are mine settings in cluster yml file:
batch_connect:


basic:
  script_wrapper: |
    module purge
    %s
  set_host: "host=$(hostname -A | awk '{print $1}')"
vnc:
  script_wrapper: |
    module purge
    export PATH="/opt/TurboVNC/bin:$PATH"
    export WEBSOCKIFY_CMD="/cluster/apps/websockify/run"
    %s

This my http conf:


<LocationMatch "^/node/(?<host>[\w.-]+\.example\.com)/(?<port>\d+)">
AuthType Mellon
Require valid-user

# ProxyPassReverse implementation
Header edit Location "^[^/]+//[^/]+" ""

# ProxyPassReverseCookieDomain implemenation
Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""

# ProxyPassReverseCookiePath implementation
Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
Header edit  Set-Cookie "^([^;]+)" "$1; Path=/node/%{MATCH_HOST}e/%{MATCH_PORT}e"

LuaHookFixups node_proxy.lua node_proxy_handler
<LocationMatch "^/rnode/(?<host>[\w.-]+\.example\.com)/(?<port>\d+)(?<uri>/.*|)">
AuthType Mellon
Require valid-user

# ProxyPassReverse implementation
Header edit Location "^([^/]+//[^/]+)|(?=/)" "/rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"

# ProxyPassReverseCookieDomain implemenation
Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""

# ProxyPassReverseCookiePath implementation
Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
Header edit  Set-Cookie "^([^;]+)" "$1; Path=/rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"

LuaHookFixups node_proxy.lua node_proxy_handler

Can you advise me how to generate link which is working but doesn’t generate automatically when I press Launch remote desktop:

https://ht-hpc-ondemand8/pun/sys/dashboard/noVNC-1.3.0/vnc.html?autoconnect=true&path=rnode%2Fhpc-node-106.example.com%2F58970%2Fwebsockify&resize=remote&password=0BhLRp19&compressionsetting=6&qualitysetting=2&commit=Launch+Hawthorne+Desktop

vs:

which is generated automatically, but not working if I don’t append domain after node name:

https://ht-hpc-ondemand8/pun/sys/dashboard/noVNC-1.3.0/vnc.html?autoconnect=true&path=rnode%2Fhpc-node-106%2F58970%2Fwebsockify&resize=remote&password=0BhLRp19&compressionsetting=6&qualitysetting=2&commit=Launch+Hawthorne+Desktop

This is the relevant piece for your current issue. I would get a shell session to one of your compute nodes and inspect what hostname -A | awk '{print $1}' returns. Modify this section in your cluster config such that the command being issued returns the FQDN (fully qualified domain name) and not the partial domain name.

and/or just hard code the rest of the domain like

set_host: "host=$(hostname -A | awk '{print $1}').osc.edu"

This command
hostname -A | awk '{print $1}'
actually returns FQDN on the node and even if I add domain in my cluster.yml file and restart httpd VNC link still generates without domain. It seems like it get stripped somewhere somehow

When you issue the same command - where you on a compute node?

#!/bin/bash
# delme.sh

hostname -A | awk '{print $1}'

If you submit this script to your scheduler through sbatch delme.sh or similar - what’s the output? This command is being issued during a job’s execution on a compute node. That’s important to remember when you test for the same.

It returns FQDN!
Maybe something is in my Apache config is wrong? I was trying to send reverse proxy traffic through just a hostname w/o domain but that was not working either.

OK that’s super weird. I don’t think it has to do with apache configs.

Alright, when you start a brand new VNC application - what’s in your connection.yml? You can find this in the same directory with all the other logs for the job like output.log and so on.

It’s what I have in connection.yml Just a hostname not FQDN

host: hpc-node-106
port: 5901
password: MnqBji7F
display: 1
websocket: 18502
spassword: say5sEjz

I knew it was something obvious that I overlooked - this is what I overlooked: You need to define set_host in both basic and vnc sections

basic:
  script_wrapper: |
    module purge
    %s
  set_host: "host=$(hostname -A | awk '{print $1}')"
vnc:
  script_wrapper: |
    module purge
    export PATH="/opt/TurboVNC/bin:$PATH"
    export WEBSOCKIFY_CMD="/cluster/apps/websockify/run"
    %s

  # this piece is missing and defaulting to just 'hostname'
  set_host: "host=$(hostname -A | awk '{print $1}')"

I added this line

batch_connect:
basic:
script_wrapper: |
module purge
%s
set_host: “host=$(hostname -A | awk ‘{print $1}’).spacex.corp”
vnc:
script_wrapper: |
module purge
export PATH=“/opt/TurboVNC/bin:$PATH”
export WEBSOCKIFY_CMD=“/cluster/apps/websockify/run”
%s
set_host: “host=$(hostname -A | awk ‘{print $1}’)”

and restated http. No luck. In my new connection.yml file I still see a hostname not FQDN

So you should only need to

  • restart your webserver (in the help menu at the top right)
  • start a brand new desktop job

The first makes sure you pick up the new configs. The second makes sure the new scripts will use the new configs.

It worked! Thank you so much!

Awesome! glad to hear it.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.