You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/openondemand.README.md
+7-5Lines changed: 7 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -30,11 +30,10 @@ The above functionality is configured by running the `ansible/portal.yml` playbo
30
30
31
31
See the [ansible/roles/openondemand/README.md](../ansible/roles/openondemand/README.md) for more details on the variables described below.
32
32
33
-
At minimum the following must be defined:
34
-
-`openondemand_servername` - this must be defined for both `openondemand` and `grafana` hosts (when Grafana is enabled). It is suggested to place it groupvars for `all`.
35
-
-`openondemand_auth` and any corresponding options.
36
-
-`openondemand_desktop_partition` and `openondemand_jupyter_partition` if the corresponding inventory groups are defined.
37
-
-`openondemand_host_regex` if `openondemand_desktop` or `openondemand_jupyter` inventory groups are defined and/or proxying Grafana via Open Ondemand is required.
33
+
The following variables have been given default values to allow OOD to run in a newly created environment without additional configuration, but are likely to be overriden with site-specific values:
34
+
-`openondemand_servername` - this must be defined for both `openondemand` and `grafana` hosts (when Grafana is enabled). It is suggested to place it groupvars for `all`. Defaults to the IP address of the first host in the `openondemand` group.
35
+
-`openondemand_auth` and any corresponding options. Defaults to `basic_pam`.
36
+
-`openondemand_desktop_partition` and `openondemand_jupyter_partition` if the corresponding inventory groups are defined. Defaults to the first compute group defined in the `compute` Terraform variable in `environments/{ENV}/terraform`.
38
37
39
38
It is also recommended to set:
40
39
-`openondemand_dashboard_support_url`
@@ -45,3 +44,6 @@ If shared filesystems other than `$HOME` are available, add paths to `openondema
45
44
The appliance automatically configures Open Ondemand to proxy Grafana and adds a link to it on the Open Ondemand dashboard. This means no external IP (or SSH proxying etc) is required to access Grafana (which by default is deployed on the control node). To allow users to authenticate to Grafana, the simplest option is to enable anonymous (View-only) login by setting `grafana_auth_anonymous` (see [environments/common/inventory/group_vars/all/grafana.yml](../environments/common/inventory/group_vars/all/grafana.yml)[^1]).
46
45
47
46
[^1]: Note that if `openondemand_auth` is `basic_pam` and anonymous Grafana login is enabled, the appliance will (by default) configure Open Ondemand's Apache server to remove the Authorisation header from proxying of all `node/` addresses. This is done as otherwise Grafana tries to use this header to authenticate, which fails with the default configuration where only the admin Grafana user `grafana` is created. Note that the removal of this header in this configuration means it cannot be used to authenticate proxied interactive applications - however the appliance-deployed remote desktop and Jupyter Notebook server applications use other authentication methods. An alternative if using `basic_pam` is not to enable anonymous Grafana login and to create Grafana users matching the local users (e.g. in `environments/<env>/hooks/post.yml`).
47
+
48
+
# Access
49
+
By default the appliance authenticates against OOD with basic auth through PAM. If the `basic_users` group is enabled, by default it will create a user with username `ood_user` and its password is found under `vault_openondemand_default_user` in the appliance secrets store in `environments/{ENV}/inventory/group_vars/all/secrets.yml`. Other users can be defined by overriding the variables in `environments/common/inventory/group_vars/all/basic_users.yml`.
0 commit comments