Cylc 7 read-only view to include GUI access to logs

Hello again!

Our primary use-case for monitoring Cylc suites is to have limited-permission users be able to run scans, open suites, and view logs via the GUI. So far scanning only works with --debug but cylc gscan works perfectly, and cylc mon/gcylc both work as well.

We’re hitting issues with the viewing logs portion because the Cylc GUI client tries to use ssh with the user running the suite, rather than the user running gcylc so naturally this causes permission denied messages with not log output.

Is there a configuration flag where I can tell Cylc to use a local filesystem path rather than ssh? We’re using a network filesystem for cylc-run so there really isn’t a need for ssh in our specific case.

How would Cylc 8 handle this, since it uses a web interface (running as say a dedicated web owner) to communicate with suites running as a different suite owner?


Edit: :man_facepalming: Found the “use login shell” setting in global.rc… Setting that to False did the trick!

With Cylc 8 the GUI has been split into the data-provisioning part (UI Server) and the display part (Web GUI).

  • The UI Server runs as the user running the workflow.
  • The web GUI pulls in data from the UI Server of the user running the workflow.
  • The URL of a workflow becomes something like hub/users/<user>/workflows/<workflow>.

You will be able to authorise other users to do different things e.g. view/control/edit the workflow. When other users look at your workflow they are connecting to your UI Server (which performs the authorisation).

The spawning and management of UI Servers can, optionally, be delegated to a “Hub” (jupyterhub) which would require elevated permissions in order to spawn the UI Server on your behalf. Otherwise the UI Servers will need to be started manually.