xjrc
commented
8 years ago As of April 20th, the client-side tunnel automation service has only one missing feature: the ability to automatically authenticate the user with the host machine on which a service is running. There are a number of ways around this issue (e.g. requesting password inputs on connection requests, pre-authentication with expected remote host machines, et cetera), but we would like a solution that solves this problem with as little user interaction as possible. One solution that fits this billing involves integrating Todd Gamblin's automatic SSH tunneling solution for the LC systems (see his CZ Confluence article for details) into the client automation script to facilitate automated access to remote jobs after a user establishes SSH keys. Implementing this solution should be attempted first with a fallback solution (e.g. requesting password inputs) being implemented if it proves to be too difficult.
The current process for connecting with a remote service through Lorenz should be improved by creating a client-side service that automatically establishes tunnels with newly registered services. This service should be implemented as a simple Python script that polls the Lorenz "run a command" endpoint and opens the proper communication tunnels when it discovers that new services have been registered. In order to integrate this service into the existing workflow, the registered services portlet should be changed so that it utilizes the connections established by the client-side polling service and opens SSL-compatible connections with remote services in new browser tabs.
Once this task is completed, a user should be able to automate the process of establishing tunnels to remote services by launching a local service (written as a simple Python script), which will make it possible for them to open connections to these services through the Lorenz interface by simply clicking on the service name in the registered services portlet.