Installing on Demand on Preexisting Login Servers?

Hello All,

We are looking to deploy OnDemand on our latest cluster at WVU. My apologies if I already missed this but is it recommended to deploy ondemand on its own dedicated “login host” or can we share login hosts we already have deployed? I know we can share but should we?

Thanks in advance!

Nate

Welcome Nate!

[Edit: this is my personal opinion about VMs. Installing it on an existing login node is OK. It seems to be a matter of organizational preference. Whatever the choice, the host machine (virtual or not) should be treated just like a login node from a security perspective - where any sensitive files/binaries/etc have to be locked down with the appropriate file permissions and ACLs.]

The best practice is to stand up a VM to install on for isolation reasons. Not only user/memory/network/process/maintenance isolation but also to isolate your login node from all the rpm installations.

The added benefit, just from VMs is, less resource usage. OSC’s login nodes are huge with 250 GB of RAM and 28 cores. OOD doesn’t need nearly that much, though someone else will have to chime in with what it does need. (I’m guessing out of thin air here that ~20-30 GB and ~4 cores is enough but again, just a guess, I’ll try to confirm what an appropriate size is).

Oh! and upgrades. A lot of folks have a prod and test instances, where they can test out configs or changes before deploying them to their users. Again, VM isolation is very good for this.

Like everything else in this world it’s a trade-off. You’re trading isolation for Hardware. Smaller sites may need to install directly on the login or head nodes simply because they can’t spare the hardware for a VM. The VM approach gives you isolation in all sorts of dimensions but at the cost of hardware and often underutilized resources.

Sizing seems to be dependent on the number of clients and your organizations willingness to provide buffer resources.

We use a 60GB VM but normal peaks tend to be around the 10GB spot. Obviously we have a lot of headroom, but we did go to the ~25GB mark once or twice. OOD is not super CPU intensive so you could probably get by with 4, though 6 or 8 may give you and your users a lot of comfort. OSC runs 16, but again, we have a lot of headroom and we top out at ~25% utilization.

Another bit about sizing though is the filesystems. It seems /tmp filesystem needs to be fairly large (50 GB) because that’s where uploads are processed.

So that’s sizing for a site that get’s a lot of use. Obviously, more or less users means more or less resource requirements. Hope that helps!

@negregg see Jeff’s edit to his response. I didn’t get an email from Discourse after he edited the response. Summary is that its okay to run OnDemand on the login node but take care of security concerns. See above for details.

Also for context to the VM resource details @johrstrom mentions, our OnDemand instance serves over 600 unique users each month and at any given time we usually have 60-100 Per User NGINX (PUNs) processes running. The Passenger apps that make up the core of OnDemand (that NGINX is configured with), are each killed after a short period of inactivity from the user, and when users are using NoVNC or connecting to Jupyter Notebook or RStudio on a compute node, Apache is proxying these users, bypassing the PUN completely. So it can happen that 60 PUNs are running but twice the number of users are actually being served.

Awesome info … thanks all! Great information and looking forward to getting this off the ground. Something that has been on our short list for a way too long!

Nate