ecFlow's documentation is now on readthedocs!

Please go to https://ecflow.readthedocs.io/en/latest/index.html

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

DRAFT!!!

You can use the native ecFlowUI client to access remote servers via an SSH tunnel. The recommended way is using dynamic port forwarding.

You can install ecFlowUI on Mac OS using Brew.


This will require at least ecFlow version 5.7.0. 

Some advanced features are only available in version 5.9.0, but it is not yet released and only available from git as the develop branch.

Dynamic port forwarding

Authenticate via teleport

First you need to authenticate via Teleport on your End User device.

Set up dynamic port forwarding

The next step is to start dynamic port forwarding using the SOCKS (Secure Socket) protocol. Let us suppose the target host you want to access is hpc-login. In a terminal on your End User device type:

ssh -v -C -N -D 9050 -J myecuser@jump.ecmwf.int myecuser@hpc-login

and keep it running. This will forward all network traffic from local port 9050 to the target SOCKS host (hpc-login). The proxy jump option (-J) was chosen according to the Teleport setup. The port does not have to be 9050, but this is the default port used by the proxychains tool (see below) so it is the most convenient option for us.

Run ecFlowUI via proxychains

Applications which want to use dynamic port forwarding must speak SOCKS protocol. ecFlowUI can be SOCKS-ified using a third party tool called proxychains.

Installing proxychains

You need to install proxychains in your  End User device. On MacOS, you can do it with "brew install proxychains-ng". Some Linux distributions come with proxychains tool pre-installed.

Start ecFLowUI

Start ecFlowUI with this command:

ecflow_ui -cmd proxychains4

ecFlowUI is now behaving (in terms of client/server communication) as if it were running on the SOCKS host (hpc-login in this case) and you should be able to interact with all the ecFlow servers available from that host.

Configure ecFlowUI for local file access (only in version >= 5.9.0)

ecFlowUI accesses certain local files (e.g. output and server logs in the Output, Timeline and Server Load panels) directly (standard file I/O) without using the ecFlow client-server communication. This poses a limitation if it is running via proxychains because these files are only local on the remote hosts so ecFlowUI cannot access them. To overcome this difficulty you need to use ecFlowUI version >= 5.9.0 and edit the network settings in Tools→ Configure->Network:

These settings must match the proxy jump and SOCSK host settings you used in your dynamic port forwarding command. With this ecFlowUI will behave exactly as if it were running on the SOCKS host as far as client/server communication and log file access is concerned.

Comments

  • when running ecFlowUI via proxychains local ecFlow servers are inaccessible.
  • the dynamic port forwarding sometimes stops/hangs and as a result ecFlowUI loses connection to the servers (it is indicated by the orange strip on the left and the dotted background (TODO: this should be improved because it is barely visible on a Mac)):

If it happens just go to the terminal where the dynamic port forwarding was started up, terminate it if it still running and run the command again. You do not need to exit ecflowUI, just refresh the servers and the connection will be re-established.

Questions

  • It is not clear if ecFlowUI should have support for local port forwarding. Is this something that some people would still prefer over dynamic port forwarding?



  • No labels