User Guide - Remote Execution

Prerequisites

Before you begin, ensure you have the following:

Python ≥ 3.9

Required to install and run the ndp_ep library.

Bearer Token

An NDP identity token to authenticate against the NDP Endpoint. Obtain one from your NDP Endpoint provider.

NDP Endpoint URL

The URL of an NDP Endpoint instance that has Rexec enabled. Your sysadmin provides this.

Jupyter (optional)

Recommended for interactive use. Any Jupyter Notebook environment works (local, JupyterHub, VS Code).

Installation

The recommended path is installing ndp_ep with the rexec extra, which pulls in both the NDP Endpoint client and the SciDx-rexec library as a dependency.

pip install ndp_ep[rexec]

⚠️

zsh glob expansion In zsh, square brackets are interpreted as glob patterns. Wrap extras in double quotes.

pip install "ndp_ep[rexec]"

# Create and activate a fresh environment first
conda create -n rexec-env python=3.11 -y
conda activate rexec-env
pip install "ndp_ep[rexec]"

ℹ️

What gets installed ndp_ep (the NDP Endpoint Python client) and scidx-rexec (the Rexec client library, pulled in as a dependency).

Verify installation

python -c "import ndp_ep; print('ndp_ep OK'); import rexec; print('rexec OK')"

What You Need From Your Sysadmin

💡

Before running jobs, ask your NDP Endpoint Provider (sysadmin) for:

The Endpoint URL (e.g. https://ndp-endpoint.example.org/api)
Your Bearer token (obtained from the identity provider)
Confirmation that Rexec is enabled on the endpoint (REXEC_CONNECTION=True)

Using Rexec via NDP Endpoint

The primary way to use Rexec is through the ndp_ep library, which orchestrates authentication, server provisioning, and job dispatch in one place.

Connect to an Endpoint

from ndp_ep import APIClient, remote_func

ndp_ep_client = APIClient(
    base_url="https://ndp-endpoint.example.org/api",
    token="<your-bearer-token>"
)

Provision the Remote Environment(rexec server)

ndp_ep_client.setup_rexec_environment( requirements="input_requirements.txt" )

Define and Send a Remote Function

@remote_func
def compute_pi(n: int) -> float:
    """Estimate pi using Leibniz series."""
    pi = 0.0
    for i in range(n):
        pi += (-1)**i / (2*i + 1)
    return 4 * pi

# Simply invoke the function, it serialized the wrapped func and send it to remote Rexec server
result = compute_pi(n=10000000)
print(f"π ≈ {result}")

Example Notebooks

Two example notebooks are included in the repository to help you get started:

📓

`rexec_quickstart.ipynb`

The recommended starting point. Walks through connecting to an NDP Endpoint, authenticating, and submitting jobs using the ndp_ep library.

View on GitHub ↗

📓

`search_dataset.ipynb`

Shows how to search for and work with datasets through the NDP Endpoint, demonstrating dataset discovery and retrieval workflows.

View on GitHub ↗

💡

Open in Jupyter Download the notebooks and open them locally: jupyter notebook rexec_quickstart.ipynb

💡

Contributing or testing the rexec library directly? See the Developer Guide → Testing scidx-rexec directly for how to use remote_func without the NDP Endpoint layer.

Authentication

All requests are authenticated via Bearer tokens. The NDP identity provider issues these tokens. The token is validated by the broker, deploy API, and NDP Endpoint API, all using the same AUTH_API_URL.

Component	How Auth is Used
Rexec Broker	Validates token before routing messages
Deploy API	Validates token; checks group membership if ACL enabled
NDP EP API	Validates token; returns Rexec spawn API URL to client

ℹ️

Test token For initial testing you can use the test IDP at https://idp-test.nationaldataplatform.org/temp/information. Ask your sysadmin whether the endpoint uses the production or test IDP.

Troubleshooting

Connection timeout

If remote func invocation hangs or times out, check that:

The Rexec broker NodePort (30001) is reachable from your network
Your token is valid and not expired
The NDP Endpoint has REXEC_CONNECTION=True in its configuration

ModuleNotFoundError: scidx_rexec

pip install "ndp_ep[rexec]"  # re-install with the rexec extra

zsh: no matches found: ndp_ep[rexec]

Wrap the package name in double quotes so zsh doesn't interpret the brackets as globs:

pip install "ndp_ep[rexec]"

Authentication error (401 / 403)

Ensure your token hasn't expired — obtain a fresh token from your identity provider
If using group-based access: confirm your account belongs to the configured group

FAQ

Do I need to manage the server pod myself?

No. When using the NDP Endpoint path, the Deploy API automatically provisions and tears down a dedicated server pod for your session. You never interact with Kubernetes directly.

Can I use Rexec from a plain Python script (not a notebook)?

Yes. ndp_ep and scidx-rexec are plain Python libraries and work in any Python environment — scripts, notebooks, or CI pipelines.

What Python packages are available on the remote server?

This depends on the container image configured by your sysadmin for the rexec-server pods. Ask your NDP Endpoint Provider which images and pre-installed packages are available.

Is my code sent over the network unencrypted?

The ZeroMQ transport between client and broker is token-authenticated. Whether TLS is applied depends on the broker's NodePort configuration. For production deployments, sysadmins should terminate TLS at the Ingress or use a secure tunnel.