Ubuntu HPC Meeting Notes: 2024/3/6

High Performance Computing
,
1

Meeting participants:

@nuccitheboss, @jedel, @jamesbeedy, Jaime F. de Souza, Tucker Beck, Quinn, @billy-olsen

Network File System and Active Directory

  • Discussed how to use NFS home directories with AD. Conversation was around how to enable the automatic creation of home directories for AD users, as well as authenticate them using Kerberos.
    • Mentioned the pam-auth-update --enable mkhomedir command when used with SSSD.
    • Going to do further experimentation/implementation deep dive for next week to understand what challenges there are with automatically provisioning AD user home directories on NFS shares.

Open OnDemand snap

  • Status update for the ongoing development of the Open OnDemand snap package:
    • Solved issues with update-ood-portal utility. Now using custom wrapper script to set output directories for generated configuration files.
    • Completed installation flow for Open OnDemand. Once snap is installed, default configurations are generated and Apache is started. Once user navigates to localhost, they will be shown the need_auth.html page and will be directed to set up authentication for their Apache instance.
    • Now working on setting up OIDC provider for Open OnDemand. Going to start initial testing with Dex since a local binary can be used. Work on nginx_stage will be resumed once we can log into the OnDemand dashboard.

ondemandutils

  • Created library for managing Open OnDemand configuration inside the snap. Functionally similar to slurmutils, but with some extra features that we are planning to add to slurmutils.
    • Have initial data models for OODPortalConfig, NginxStageConfig, and DexConfig, but will add more as more models are identified as needed.

snap_daemon and privilege escalation

  • Brief discussion on using the snap_daemon user for Apache inside the Open OnDemand snap. Apache typically has a dedicated user apache, but in snap’s case this user is snap_daemon. For Open OnDemand, snap_daemon is required to have sudo access to start nginx processes for various user applications.
    • Scoped out work that needs to be done to enable Open OnDemand to start user jobs from inside the snap. Will likely need classic confinement like the Slurm snap since Open OnDemand requires the ability to escalate and drop privileges.

MAAS and cloud-init

  • Brief discussion on debugging some cloud-init issues with machines provisioned by MAAS.

UbuCon @ SCaLE 21x

  • HPC community is going to SCaLE 21x. Will be giving some talks and workshops + will be at the Ubuntu Community booth throughout the weekend. Dates are March 14th-17th in Pasadena, California. Hope to see you there!

Getting involved

Next Ubuntu HPC community is next Wednesday, March 13th, at 17:30 UTC over Jitsi. Want to get involved or just generally interested in our community? Join our Matrix server!