{
    "componentChunkName": "component---src-templates-markdown-doc-tsx",
    "path": "/2025.1.3/installation/license_server",
    "result": {"data":{"mdx":{"id":"7f060e4b-bc67-5817-acd6-d7a139b32a4c","frontmatter":{"title":"","images":null},"body":"var _excluded = [\"components\"];\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n/* @jsxRuntime classic */\n/* @jsx mdx */\n\nvar _frontmatter = {};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n    props = _objectWithoutProperties(_ref, _excluded);\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"h1\", null, \"License Server\"), mdx(\"p\", null, \"The various pieces of \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Salvus\"), \" need to communicate with one of Mondaic's\\nservers to ensure a valid license. Please make sure outgoing HTTPS connections\\nfrom whichever machine \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Salvus\"), \" runs on are allowed to this server:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"URL: \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"https://l.mondaic.com\")), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Port: \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"443\"), \" (HTTPS)\")), mdx(\"h2\", null, \"License File\"), mdx(\"p\", null, \"Your license credentials are stored in \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"~/.salvus-licenses.toml\"), \" (please note\\nthe leading dot), which is a TOML file with the following group for each\\nlicensed product:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-toml\"\n  }, \"[[license]]\\nproduct = \\\"SomeProduct\\\"\\nproduct_license_version = \\\"1.2.3\\\"\\nserver_url = \\\"https://l.mondaic.com/licensing_server\\\"\\nusername = \\\"SomeUser\\\"\\npassword = \\\"SomePassword\\\"\\ngroup = \\\"SomeGroup\\\"\\n\")), mdx(\"p\", null, \"You can create this file yourself, otherwise Mondaic's downloader will offer to\\ncreate it for you and auto-fill it.\"), mdx(\"h2\", null, \"No Internet Connection (Dark Sites)\"), mdx(\"p\", null, \"If you have no internet connection you can still run \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Salvus\"), \" on dark machines\\nusing one of two solutions:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SalvusFlow\"), \" can mint one-time use tokens to run \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SalvusCompute\"), \" on dark\\nsites. This requires \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SalvusFlow\"), \" to run on machines with internet access\\n(i.e. your laptop or workstation). This is a fully integrated and supported\\nsolution, and is the recommended approach. See \\\"Tokenized Licensing\\\" below.\")), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, \"Proxy the internet connection.\"))), mdx(\"p\", null, \"Both possibilities are described in the detail in the following.\"), mdx(\"h3\", null, \"Tokenized Licensing\"), mdx(\"p\", null, \"In this scenario, \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SalvusFlow\"), \" would communicate with the license server to\\ngenerate a single-use token to run \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SalvusCompute\"), \" on dark sites. This is fully\\nautomatic and to activate it just use the following setting in the site's\\nconfiguration:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-toml\"\n  }, \"use_license_tokens = true\\n\")), mdx(\"p\", null, \"The only downside to this approach is the requirement to specify a wall-time\\nfor each run. Otherwise this works the same as normal Salvus runs.\"), mdx(\"h3\", null, \"Proxy the Connection\"), mdx(Message, {\n    warning: true,\n    header: \"Clarify with your Admin\",\n    content: mdx(\"div\", null, mdx(\"p\", null, \"Please make sure this is acceptable at your local compute site by talking to your admin. This recipe will open a SOCKS5 proxy to the internet either on the login node or on a compute node which might\", ' ', mdx(\"b\", null, \"violate the policy of some compute centers\"), \".\"), mdx(\"p\", null, mdx(\"b\", null, \"USE AT YOUR OWN RISK!\"))),\n    mdxType: \"Message\"\n  }), mdx(\"p\", null, \"Most newer SSH implementations can open SOCKS5\\n(\", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://de.wikipedia.org/wiki/SOCKS\"\n  }, \"https://de.wikipedia.org/wiki/SOCKS\"), \")\\nproxies over the SSH connection. Thus local internet access can be shared\\nwith remote resources that do not have internet access. All of Salvus as well\\nas \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"pip\"), \" and \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"conda\"), \" do support it so if applicable it is very convenient.\"), mdx(\"h4\", null, \"Proxy internet to the login node\"), mdx(\"p\", null, \"The following command will open a proxy on port 12345 so that \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"remote_site\"), \"\\ncan access the local internet. SSH can usually only open a proxy from remote\\nto local so we first create a SOCKS5 proxy on localhost to localhost and then\\nforward that port. It is a complicated command but the end result is that\\nthere it now a SOCKS5 proxy available on \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"remote_site\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-shell\"\n  }, \"$ ssh -t -D 12345 localhost ssh -R 12345:localhost:12345 remote_site\\n\")), mdx(\"p\", null, \"One requirement for that command is that you can SSH into your own computer.\\nOn Linux this usually means installing the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"openssh-server\"), \" package, on OSX\\nit means enabling remote login in the sharing preferences.\"), mdx(\"p\", null, \"The only thing left to do is to set the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"all_proxy\"), \" environment variable on\\n\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"remote_site\"), \":\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-shell\"\n  }, \"export all_proxy=socks5://localhost:12345\\n\")), mdx(\"h4\", null, \"Proxy of login node to compute node\"), mdx(\"p\", null, \"In the common environment where the login nodes have internet access but the\\ncompute nodes do not, the compute nodes can oftentimes SSH to the login nodes\\nto create a SOCKS proxy. The following recipe should get you started.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-shell\"\n  }, \"#  Make sure there is an ssh keypair on the machine. Agent forwarding will\\n#  not work on the compute nodes.\\n#\\n#  Make one for example with:\\n#\\n#  $ ssh-keygen -t rsa -b 4096 -C \\\"your_email@example.com\\\"\\n#\\n#  Also copy the key and make sure there is a setting in ~/.ssh/config!\\n#\\n#  $ ssh-copy-id LOGIN_NODE_HOST_NAME\\n\\nexport LOGIN_NODE_HOST_NAME=...\\nexport PORT=9123\\n\\n# Socks proxy to log-in node.\\nssh -fNM -D $PORT $LOGIN_NODE_HOST_NAME\\n\\n# Store process id of ssh connection.\\nps -x | grep \\\"ssh -fNM -D $PORT $LOGIN_NODE_HOST_NAME\\\" | \\\\\\n    grep -v grep  | cut -d \\\" \\\" -f1 > pid.txt\\n\\n# Use it.\\nexport all_proxy=socks5://localhost:$PORT\\n\\n# Launch some piece of Salvus.\\npython -c 'import salvus_mesh'\\n\\n# Kill the ssh process again. Otherwise the job will run until it hits the wall\\n# time.\\nkill `cat pid.txt`\\n\")), mdx(\"h2\", null, \"Troubleshooting\"), mdx(\"h3\", null, \"CA Store Issues\"), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Salvus\"), \" communicates with the server over HTTPS - thus some central authority\\n(CA) deciding which certificates to trust is needed. Operating systems usually\\nhave this - \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Salvus\"), \" tries its best to find the CA cert store of the systems it\\nruns on - if it fails you might have to manually provide it via the\\n\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SALVUS_CA_BUNDLE_PATH\"), \" env variable:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-shell\"\n  }, \"# If your operating system provides no CA file, download for example the curl\\n# one. This is a converted version of Firefox' CA cert store. If you are\\n# security concious (which you should be) please clarify this with your local\\n# admin.\\n$ wget https://curl.haxx.se/ca/cacert.pem\\n\\n# Set the environment variable to the filename.\\n$ export SALVUS_CA_BUNDLE_PATH=cacert.pem\\n\\n# Salvus will now use this CA file.\\n$ ./salvus compute ...\\n\")));\n}\n;\nMDXContent.isMDXComponent = true;"},"site":{"siteMetadata":{"salvusDocVersions":{"current":"2026.5.0"}}}},"pageContext":{"id":"7f060e4b-bc67-5817-acd6-d7a139b32a4c"}},
    "staticQueryHashes": ["1756726491","1865182279","3419370438","3597190305","4112489441","519097329"]}