Giters

eth-cscs / firecrest

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Setting up a Demo

komraad opened this issue · comments

commented

Hello I want to test the demo file but i proceed after log in,
prompting "invalid parameter: redirecting_uri"

Help on this. I'm doing this on a solo virtual machine, not on a HPC.

commented

Hi @scavenqqer,

I'm assuming you are using the docker-compose file as explained in https://github.com/eth-cscs/firecrest/tree/master/deploy/demo, and that you are trying to run the client web application in your own VM.

If this is the case, the issue could be that the OIDC client firecrest-sample is not configured to point to your demo client URL.
By default, this value points to http://localhost:7000 but this is only for local deployment.

In order to change that go to your browser to the demo Keycloak dashboard (which should be deployed in your VM in port 8080), use the default admin credentials (see in README), select Clients, and firecrest-sample, and look for the field * Valid Redirect URIs and set your demo client URL.

Remember that this redirection is done from your browser to the demo client URL, so, it can't be localhost since from what you explained you are deploying this in a VM. Therefore, I assume you should have an IP or a DNS for that host (ie, http://your-vm-dns:7000`)

Hope this helps,
Cheers

commented

Thank you very much for this help. I was able to test it.
I actually setup this on my VM and I want to test it with my slurm server, which connection should be changed? or in which part ? It's like my VM is the front-end and it will pass through my slurm server which is on the other server.
Hope for your repsonse on this. Thank you

commented

You have to configure SSH in the machine that you have SLURM.
If you look at demo cluster SSH configuration here

firecrest/deploy/test-build/cluster/ssh/sshd_config

Line 100 in 028edf3

# Only trusted certificate from this network
it is configured to accept only SSH certificates that have been signed with that public key (/etc/ssh/ca-key.pub).
That public key is the same one that is configured in the certificator microservice (

firecrest/deploy/demo/docker-compose.yml

Line 27 in 028edf3

certificator:
).

Hope this helps,
Cheers.

commented

Thank you for the help.

Is docker-compose is the only way for the FirecREST to be setup ? or it should be on different machine ?
Should it be on the front-end ?
I'm very curios for the setup of this.

Hope to be answered.
Thank you.

commented

Hi @scavenqqer,

I'm assuming you are using the docker-compose file as explained in https://github.com/eth-cscs/firecrest/tree/master/deploy/demo, and that you are trying to run the client web application in your own VM.

If this is the case, the issue could be that the OIDC client firecrest-sample is not configured to point to your demo client URL. By default, this value points to http://localhost:7000 but this is only for local deployment.

In order to change that go to your browser to the demo Keycloak dashboard (which should be deployed in your VM in port 8080), use the default admin credentials (see in README), select Clients, and firecrest-sample, and look for the field * Valid Redirect URIs and set your demo client URL.

Remember that this redirection is done from your browser to the demo client URL, so, it can't be localhost since from what you explained you are deploying this in a VM. Therefore, I assume you should have an IP or a DNS for that host (ie, http://your-vm-dns:7000`)

Hope this helps, Cheers

Hello, about this. Can this create a new account and have a multiple users ?
Thank you.

commented

Thank you for the help.

Is docker-compose is the only way for the FirecREST to be setup ? or it should be on different machine ? Should it be on the front-end ? I'm very curios for the setup of this.

Hope to be answered. Thank you.

Hi there,

It is certantly not the only way.
If you look at https://github.com/eth-cscs/firecrest/tree/master/deploy you also have a Kubernetes version of FirecREST in order to deploy in your own K8s cluster.
At the same time, you can use containers in https://github.com/eth-cscs/firecrest/tree/master/deploy/docker and set Ansible playbooks or whatever orchestrator you want.

The configuration will depend on your requirements and resources. Though all containers can be running in the same machine, we suggest one machine for the gateway (Kong) since it is the entry point of requests and must be secured, and another machine for FirecREST microservices (compute, status, storage, tasks, taskpersistence (redis), and utilities). In the latter, you can also set jaeger, but it is not mandatory.
We also suggest a third machine only for the certificator microservice.

Hello, about this. Can this create a new account and have a multiple users ?
Thank you.

The idea is that your Keycloak database is synchronized with your users in the cluster. If not, then you can add them with the administrator interface as shown here: https://www.keycloak.org/docs/latest/server_admin/#proc-creating-user_server_administration_guide

Hope this helps, cheers

commented

Thanks much for the response and help.

I'm building it on one machine(FirecREST , KEYCLOAK, KONG) without using the Docker or Kurbenetes.
Would it work ?

commented

Yes, as I mentioned in the comment above, that can be set without problems.
Just be aware that Kong should be the only entry point for requests from outside the machine, and not interface FirecREST directly to external networks, only through the gateway.

Cheers

commented

Hi @scavenqqer,

Can this issue be closed?

Thanks,

Cheers

commented

Hi @jpdorsch,

Yes, Thanks for the help and cooperation,
Thank you very much.