ecFlow's documentation is now on readthedocs!

Please go to https://ecflow.readthedocs.io/en/latest/index.html

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

DRAFT!!!

You can use the native ecFlowUI client to access remote servers via an SSH tunnel. The recommended way is using dynamic port forwarding.

This will require at least ecFlow version 5.7.0, but version >= 5.9.0 is recommended.

Dynamic port forwarding

Authenticate via teleport

First you need to authenticate via Teleport on your End User device.

Set up dynamic port forwarding

The next step is to start dynamic port forwarding using the SOCKS (Secure Socket) protocol. Let us suppose the target host you want to access is hpc-login. In a terminal on your End User device type:

ssh -v -C -N -D 9050 -J myecuser@jump.ecmwf.int myecuser@hpc-login

and keep it running. This will forward all network traffic from local port 9050 to the target SOCKS host (hpc-login). The proxy jump option (-J) was chosen according to the Teleport setup. The port does not have to be 9050, but this is the default port used by the proxychains tool (see below) so it is the most convenient option for us.

Run ecFlowUI via proxychains

Applications which want to use dynamic port forwarding must speak SOCKS protocol. ecFlowUI can be SOCKS-ified using a third party tool called proxychains.

Installing proxychains

You need to install proxychains in your  End User device. On MacOS, you can do it with "brew install proxychains-ng". Some Linux distributions come with proxychains tool pre-installed.

Start ecFLowUI

Start ecFlowUI with this command:

ecflow_ui -cmd proxychains4

ecFlowUI is now behaving as if it were running on the SOCKS host (hpc-login in this case) and you should be interact with all the ecFlow servers available from that host.

Configure ecFlowUI for local file access

ecFlowUI accesses certain local files (e.g. output and server logs in the Output, Timeline and Server Load panels) directly (standard file I/O) without using the ecFlow client-server communication. This poses a limitation if it is running via proxychains because these files are only local on the remote hosts so ecFlowUI cannot access them. To overcome this difficulty you need to use ecFlowUI version >= 5.9.0 and edit the network settings in Tools→ Configure->Network:

These settings must match the proxy jump and SOCSK host settings you used in your dynamic port forwarding command. With this ecFlowUI will behave exactly as if it were running on the SOCKS host.


  • No labels