DRAFT!!!
You can use the native ecFlowUI client to access remote servers via an SSH tunnel. The recommended way is using dynamic port forwarding.
This will require at least ecFlow version 5.7.0, but using version >= 5.9.0 is recommended.
Dynamic port forwarding
Authenticate via teleport
First you need to authenticate via Teleport on your End User device.
Set up dynamic port forwarding
The next step is to start dynamic port forwarding using the SOCKS (Secure Socket) protocol. Let us suppose the target host you want to access is hpc-login. In a terminal on your End User device type:
ssh -v -C -N -D 9050 -J myecuser@jump.ecmwf.int myecuser@hpc-login
and keep it running. This will forward all network traffic from local port 9050 to the target SOCKS host (hpc-login). The proxy jump option (-J
) was chosen according to the Teleport setup. The port does not have to be 9050, but this is the default port used by the proxychains
tool (see below) so it is the most convenient option for us.
Run ecFlowUI via proxychains
Applications which want to use dynamic port forwarding must speak SOCKS protocol. ecFlowUI can be SOCKS-ified using a third party tool called proxychains.
Installing proxychains
You need to install proxychains
in your End User device. On MacOS, you can do it with "brew install proxychains-ng
". Some Linux distributions come with proxychains
tool pre-installed.
Start ecFLowUI
Start ecFlowUI with this command:
ecflow_ui -cmd proxychains4
ecFlowUI is now behaving as if it were running on the SOCKS host (hpc-login in this case) and you should be interact with all the ecFlow servers available from that host.
Configure ecFlowUI for local file access
ecFlowUI accesses certain local files (e.g. output and server logs in the Output, Timeline and Server Load panels) directly (standard file I/O) without using the ecFlow client-server communication. This poses a limitation if it is running via proxychains
because these files are only local on the remote hosts so ecFlowUI cannot access them. To overcome this difficulty you need to use ecFlowUI version >= 5.9.0 and edit the network settings in Tools→ Configure->Network:
These settings must match the proxy jump and SOCSK host settings you used in your dynamic port forwarding command. With this ecFlowUI will behave exactly as if it were running on the SOCKS host.