Versions Compared

Old Version 60

changes.mady.by.user Blazej Krzeminski

Saved on

compared with

New Version 61

changes.mady.by.user Blazej Krzeminski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The timeline and server load functionality currently doesn't work

Connecting to restricted ecFlow servers

Servers with username-based access control

Many ecFlow servers at the Centre use a whitelist to only allow authorized users in. This creates a problem when connecting remotely. Typically, your username on the laptop will be different from your ECMWF username and these servers will not be visible in your ecflow_ui.

...

Code Block
languagetext
#!/bin/bash
set -e
# --------------------------------------------------------------
# A script for starting SSH SOCKS proxy and ecFlow UI as another user.
# Prerequisites:
#   * User named "myecuser" must exist on the laptop
#   * "myecuser" has set up their Teleport client to access ECMWF.
# --------------------------------------------------------------

ECMWF_USER=myecuser              # your ECMWF username
ECMWF_HOST=myecworkstation       # your ECMWF workstation name

xhost + || :
sudo -i -u "$ECMWF_USER" -- sh << SUDO

    set -e

    # Starting ssh-agent for $ECMWF_USER.
    # Teleport service requires ssh-agent running.

    ssh-agent -- sh << SSH_AGENT

        set -e

        # "tsh login" will fetch SSH certificate from
        # shell.ecmwf.int and load it onto the ssh-agent.

        tsh login -d

        # "ssh -f" will start SSH tunnel in the background.
        # The trap will terminate the tunnel on exit.

        trap 'pkill -f ssh.*-f' 0 1 2 3 15
        ssh -f -N -v -C -D9050 -J "$ECMWF_USER@shell.ecmwf.int" "$ECMWF_USER@$ECMWF_HOST"

        # finally, start the local ecFlow UI
        /Volumes/Macintosh\ HD/opt/miniconda3/bin/ecflow_ui
SUDO
SSH_AGENT

Servers with password-based access control

As an alternative to username-based access control, ecFlow offers password-based access control. See: Security(custom user).

...

Replace "myecworkstation" with a real ecFlow server hostname and "myecflowuser" with your authorised ecFlow username.

Known issues

  • Sometimes ecflow_ui fails to fetch the job output, job script and .sub files from the logserver. Refreshing the tab fixes the issue. The initial error looks like:
    "Output directory: [1] Failed to fetch from cca-log@9316 error: The remote host closed the connection. [2] No access to path on disk!"
  • For some suites the ecflow_ui cannot retrieve job output, job script and .sub files no matter what. It happens when the log server at the centre doesn't have access to these files. ecflow_uis running at the centre have direct access to the files on disk so no problem, but remote ecflow_ui cannot access them.

...