Securing ClusterODM

smathermather · 25 March 2020 18:32

What’s the best way to secure a ClusterODM instance? With NodeODM, we can use --token, but ClusterODM doesn’t forward that portion of the API.

I can, of course, put WebODM in front of it, and this secures it nicely, but then I can’t use it with PyODM or CloudODM. I could just use the tutorial at WebODM.org as well.

pierotofy · 25 March 2020 19:04

You could create or modify LocalCloudProvider to check for a particular token:

github.com

OpenDroneMap/ClusterODM/blob/master/libs/cloud-providers/LocalCloudProvider.js#L26


*  along with this program.  If not, see <https://www.gnu.org/licenses/>.
*/
const AbstractCloudProvider = require('../classes/AbstractCloudProvider');


module.exports = class LocalCloudProvider extends AbstractCloudProvider{
   constructor(){
       super();
   }


   // Always return OK
   async validate(token){
       return {
           valid: true,
           limits: [] // No limits
       };
   }


   // Always approve
   async approveNewTask(token, imagesCount){
       return {approved: true, error: ""};
   }

Admittedly this was part of the original design of LocalCloudProvider, but didn’t get around to implement a --token command line option. Would be a cool PR addition!

Karl_Keller · 1 July 2020 12:29

I’ve made all of the requests like telnet restricted to my AWS security group. Additionally, I run clusterODM out of webODM and connect to the linux box running webODM using putty tunneling with VNC.