Setting up a Demo
komraad opened this issue · comments
Hello I want to test the demo file but i proceed after log in,
prompting "invalid parameter: redirecting_uri"
Help on this. I'm doing this on a solo virtual machine, not on a HPC.
Hi @scavenqqer,
I'm assuming you are using the docker-compose
file as explained in https://github.com/eth-cscs/firecrest/tree/master/deploy/demo, and that you are trying to run the client
web application in your own VM.
If this is the case, the issue could be that the OIDC client firecrest-sample
is not configured to point to your demo client URL.
By default, this value points to http://localhost:7000
but this is only for local deployment.
In order to change that go to your browser to the demo Keycloak dashboard (which should be deployed in your VM in port 8080), use the default admin credentials (see in README
), select Clients
, and firecrest-sample
, and look for the field * Valid Redirect URIs
and set your demo client URL.
Remember that this redirection is done from your browser to the demo client URL, so, it can't be localhost
since from what you explained you are deploying this in a VM. Therefore, I assume you should have an IP or a DNS for that host (ie, http://your-vm-dns:7000`)
Hope this helps,
Cheers
Thank you very much for this help. I was able to test it.
I actually setup this on my VM and I want to test it with my slurm server, which connection should be changed? or in which part ? It's like my VM is the front-end and it will pass through my slurm server which is on the other server.
Hope for your repsonse on this. Thank you
You have to configure SSH in the machine that you have SLURM.
If you look at demo cluster SSH configuration here
/etc/ssh/ca-key.pub
).That public key is the same one that is configured in the
certificator
microservice (firecrest/deploy/demo/docker-compose.yml
Line 27 in 028edf3
Hope this helps,
Cheers.
Thank you for the help.
Is docker-compose is the only way for the FirecREST to be setup ? or it should be on different machine ?
Should it be on the front-end ?
I'm very curios for the setup of this.
Hope to be answered.
Thank you.
Hi @scavenqqer,
I'm assuming you are using the
docker-compose
file as explained in https://github.com/eth-cscs/firecrest/tree/master/deploy/demo, and that you are trying to run theclient
web application in your own VM.If this is the case, the issue could be that the OIDC client
firecrest-sample
is not configured to point to your demo client URL. By default, this value points tohttp://localhost:7000
but this is only for local deployment.In order to change that go to your browser to the demo Keycloak dashboard (which should be deployed in your VM in port 8080), use the default admin credentials (see in
README
), selectClients
, andfirecrest-sample
, and look for the field* Valid Redirect URIs
and set your demo client URL.Remember that this redirection is done from your browser to the demo client URL, so, it can't be
localhost
since from what you explained you are deploying this in a VM. Therefore, I assume you should have an IP or a DNS for that host (ie, http://your-vm-dns:7000`)Hope this helps, Cheers
Hello, about this. Can this create a new account and have a multiple users ?
Thank you.
Thank you for the help.
Is docker-compose is the only way for the FirecREST to be setup ? or it should be on different machine ? Should it be on the front-end ? I'm very curios for the setup of this.
Hope to be answered. Thank you.
Hi there,
It is certantly not the only way.
If you look at https://github.com/eth-cscs/firecrest/tree/master/deploy you also have a Kubernetes version of FirecREST in order to deploy in your own K8s cluster.
At the same time, you can use containers in https://github.com/eth-cscs/firecrest/tree/master/deploy/docker and set Ansible playbooks or whatever orchestrator you want.
The configuration will depend on your requirements and resources. Though all containers can be running in the same machine, we suggest one machine for the gateway (Kong) since it is the entry point of requests and must be secured, and another machine for FirecREST microservices (compute
, status
, storage
, tasks
, taskpersistence
(redis), and utilities
). In the latter, you can also set jaeger
, but it is not mandatory.
We also suggest a third machine only for the certificator
microservice.
Hello, about this. Can this create a new account and have a multiple users ?
Thank you.
The idea is that your Keycloak database is synchronized with your users in the cluster. If not, then you can add them with the administrator interface as shown here: https://www.keycloak.org/docs/latest/server_admin/#proc-creating-user_server_administration_guide
Hope this helps, cheers
Thanks much for the response and help.
I'm building it on one machine(FirecREST , KEYCLOAK, KONG) without using the Docker or Kurbenetes.
Would it work ?
Yes, as I mentioned in the comment above, that can be set without problems.
Just be aware that Kong should be the only entry point for requests from outside the machine, and not interface FirecREST directly to external networks, only through the gateway.
Cheers
Hi @scavenqqer,
Can this issue be closed?
Thanks,
Cheers