Installation procedure for OpenOnDemand on OCI HPC Cluster
In High-Performance Computing (HPC) environments, users have traditionally relied on Linux command-line interfaces (CUI). Some commercial products and HPC cloud SaaS offerings provide GUI-based access.
This article introduces the installation procedure for OpenOnDemand, an open-source solution enabling such functionality. While the base environment here is an OCI HPC Cluster (Slurm cluster), the same steps apply to other Slurm clusters as well.
OpenOnDemand (https://openondemand.org/) is an open-source web portal for HPC clusters that use job schedulers (Slurm, PBS, LSF, etc.) as their backend. Through a web browser, users can perform the following interactive operations:
These features provide intuitive and secure access to HPC clusters, which previously required CLI-only operation.
An HPC Cluster is a Terraform+Ansible-based script that enables quick deployment of HPC workloads on OCI.
OCI provides “Resource Manager,” a Terraform-as-a-Service, allowing easy deployment via a web-based wizard.
https://github.com/oracle-quickstart/oci-hpc
Follow this reference:
https://qiita.com/itokazu/items/63d2e3cebdcdda5afce0
ssh opc@<Public IP>
sudo dnf install epel-release
sudo yum-config-manager --enable ol8_codeready_builder
sudo yum-config-manager --enable ol8_developer_EPEL
sudo dnf -y module enable ruby:3.3 nodejs:20
sudo dnf install -y https://yum.osc.edu/ondemand/4.0/ondemand-release-web-4.0-1.el8.noarch.rpm
sudo dnf install -y ondemand mod_authnz_pam
sudo systemctl enable --now httpd
sudo vi /etc/httpd/conf.modules.d/55-authnz_pam.conf
# LoadModule authnz_pam_module modules/mod_authnz_pam.so
↓ Change to:
LoadModule authnz_pam_module modules/mod_authnz_pam.so
PRIVATE_IP="<Private IP of Login Node>"
sudo openssl req -new -newkey rsa:4096 -nodes -x509 -sha256 -days 825 -keyout /etc/pki/tls/private/ood-ip.key -out /etc/pki/tls/certs/ood-ip.crt -subj "/CN=${IP}" -addext "subjectAltName = IP:${PRIVATE_IP}"
sudo cp /etc/pki/tls/certs/ood-self.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
Replace <Public IP of Login Node> before running.
sudo mkdir -p /etc/ood/config
cat <<'EOF' | sudo tee /etc/ood/config/ood_portal.yml
servername: "<Public IP of Login Node>"
ssl:
- 'SSLCertificateFile "/etc/pki/tls/certs/ood-ip.crt"'
- 'SSLCertificateKeyFile "/etc/pki/tls/private/ood-ip.key"'
auth:
- 'AuthType Basic'
- 'AuthName "Open OnDemand"'
- 'AuthBasicProvider PAM'
- 'AuthPAMService ood'
- 'Require valid-user'
EOF
sudo cp /etc/pam.d/sshd /etc/pam.d/ood
sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
sudo systemctl enable --now httpd
Replace <Private IP of Login Node>.
sudo mkdir -p /etc/ood/config/clusters.d
cat <<'EOF' | sudo tee /etc/ood/config/clusters.d/myslurm.yml
---
v2:
metadata:
title: "OCI HPC Cluster"
login:
host: "<Private IP of Login Node>"
job:
adapter: "slurm"
bin: "/usr/bin"
conf: "/etc/slurm/slurm.conf"
copy_environment: false
EOF
The HPC Cluster includes an LDAP server.
Register users in LDAP:
https://qiita.com/itokazu/items/25ace87c5c6851f1c11f
Allow inbound connections on port 443 in the Subnet’s Security List.
Example uses 0.0.0.0/0 (all IPs), but adjust as needed.
Access in the browser:
https://<Public IP of Login Node>
A warning screen appears. Click “Proceed to 132.145.xx.xx (Not Secure)”.
A login prompt will appear. Enter the LDAP username and password.
Upon success, the OOD portal screen is displayed.
With these steps, OpenOnDemand is successfully installed on an OCI HPC Cluster.
End users can manage jobs and files through a browser without relying on a login shell, enabling easier collaboration and documentation within teams.