# SciAuth End-to-End Environment Tutorial

### Requirements

* [Register in COmanage](https://registry.cilogon.org/registry/co_petitions/start/coef:405) for the tutorial. You will be asked to confirm your email address.

  If you have used OSG services before, e.g., the Open Science Pool, the previous link might give you an error. In that case, [use this alternative registration form](https://registry.cilogon.org/registry/co_petitions/start/coef:409).

## Architecture of the End-to-End Environment

The end-to-end environment is a [Docker Compose](https://docs.docker.com/compose/) setup that incorporates [JupyterHub](https://jupyter.org/hub), a [lightweight token issuer](https://github.com/scitokens/scitokens-oauth2-server), and an [HTCondor](https://htcondor.org) pool. By default, and for this tutorial, authentication is provided [CILogon](https://www.cilogon.org/). The source code for the end-to-end environment is [available on GitHub](https://github.com/SciAuth/sciauth-lightweight-environment).

<img src="images/04-arch.png" width="750px">

## Log into the Demo VM

For this tutorial, we have set up a VM where you will do much of your work.

To log into the VM, first [log into COmanage](https://registry.cilogon.org/registry/) with the same identity as you did to register, select the menu in the upper right corner, and view your profile.

<img src="images/02-link.png" width="500px">

On your profile, locate your "OSG username".

<img src="images/03-profile.png" width="500px">

Then use SSH log into the VM with that username:

    ssh username@login.pearc23.sciauth.org

You can use a terminal from within this Jupyter instance (File > New > Terminal), or any other SSH client of your choosing. When prompted, visit the cilogon.org URL, and log in with the same identity as you did to register.

## Aside: Naming Conventions

For the remainder of this tutorial, in order to keep your work distinct from that of others using the tutorial's VM, we will use your username **with periods replaced by dashes** as prefix to the names of various resources. (Periods do not interact well with the wildcard TLS certificates that were created for this tutorial.)

For example, the username `brian.aydemir.19` shown above would become `brian-aydemir-19`.

## Quick Reference

### Links

* JupyterHub instance:

  `https://username-with-dashes.pearc23.sciauth.org/`

* Token management service:

  `https://username-with-dashes.pearc23.sciauth.org/services/scitokens/`
  
* Looking up your CILogon User Identifier:

  `https://cilogon.org/`

### Building the End-to-End Environment

```
$ cd username-with-dashes-sciauth-env
$ make build
$ cp templates/oauth.env secrets/
$ make build
```

### Starting and Stopping the End-to-End Environment

```
$ docker compose up -d
$ docker compose down
```

### Testing the HTCondor CLI

```
$ condor_q
$ condor_q -debug
$ condor_status
$ condor_status -debug
```

### Making a SciToken available to the HTCondor CLI

```
$ nano token
...paste in the SciToken and save the file...
$ export BEARER_TOKEN_FILE=${PWD}/token
```

### Script to Run as an HTCondor Job

Save this into a file named `demo.sh`, and then make it executable with `chmod +x dmeo.sh`.

```
#!/bin/sh

echo "Hello, World!"
date
hostname
```

### Job Description File for HTCondor

Save this into a file named `demo.sub`.

```
executable = demo.sh

log = demo.log
output = demo.out
error = demo.err

request_cpus = 1
request_memory = 16M
request_disk = 16M

queue
```

### Submitting and Monitoring the HTCondor Job

```
$ condor_submit -spool demo.sub
$ condor_q
$ condor_transfer_files <job_id>
```