The default stack is an optional set of items that you can use to manage user authentication and secure access to the machines inside the EWC. These items are available in the EWC Community Hub as Hub items:

If you want to automatically enrol machines in LDAP through morpheus you also need this item: IPA Client Enroll Automation Configuration | The European Weather Cloud

If you simply want to enrol machines, you can use these items respectively:

You can learn about Community Hub here: EWC Community Hub - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki

You can learn how to deploy the items here: Community Hub Tooling - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki. In particular we suggest the use of the EWCCLI: Deploying via ewccli - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki. We are happy to get feedback and support if needed. You can always reach out in the #peer-support channel of the EWC Discussion Platform: EWC Discussion Platform - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki or open a support ticket for official support.

Below you can find generic description of the default stack items.

SSH proxy

 The SSH proxy is the barrier between your internal machines and the public internet. With the SSH proxy, you'll have an extra layer of security on top of your VMs. It's equipped with fail2ban, automatic security updates and more. 

To connect to a VM hidden behind the proxy, specify the jump flag -J when connecting via SSH:

ssh -J user@ssh-proxy user@internal-vm

Where ssh-proxy is the public IP of your SSH proxy, and internal-vm is the private IP of the VM you want to connect to.

Remote Desktop

The remote desktop is a regular Ubuntu VM equipped with X2GO; enables you to access a graphical desktop of a computer over a low bandwidth (or high bandwidth) connection. 

This means that you can connect to it via the x2goclient to enjoy a regular desktop experience. To connect, launch x2go and create a new session and specify that you want to connect through your SSH proxy as shown below. Be sure to select "MATE" as your Session Type on the bottom.


FreeIPA  LDAP

The LDAP serves both as a user management system and as your internal DNS nameserver. The best way to get familiar with it is to connect to it.

  1. Start by launching connecting to your Remote Desktop with the username assigned to your ldap tenancy. The admin name and password are located in Morpheus under Tools > Cypher. → ipaadmin_username and ipaadmin_password
  2. Once you're in, launch Firefox and visit the IP of your LDAP server. You'll find the LDAP IP in Morpheus under Provisioning > Instances.
    If you're not automatically logged in, log in with the tenancy specific admin user (under ipaadmin_username in  Tools > Cypher, with the password as before (ipaadmin_password again in Tools > Cypher)
  3. Once you're in the LDAP, you can browse around and check out the features.
  4. Try creating a new user by clicking + Add. You can then click on the user and insert SSH keys, reset its password and more. 


If you decide to use the integrated version with Morpheus of the default stack, you can conveniently add users to the LDAP by navigating to the LDAP VM within Morpheus and running the workflow Create a new LDAP user which allows you to fill in values without having to log in via the X2GO. If you use LDAP without Morpheus integration, you can follow this page Configure LDAP, on the commands you can use to create users and more.