[Box-Admins] squeaksource.com move to Rackspace
David T. Lewis
lewis at mail.msen.com
Wed Oct 5 03:09:37 UTC 2016
The squeaksource.com service is now running on dan.box.squeak.org,
and under the control of supervise. See notes in /root/admin-log.txt
and /srv/squeaksourcecom/README for details.
I would like to leave this running for a few days to make sure it
stays healthy, but I anticipate no problems.
The final switchover will require a refresh of recently updated
files from box3, as well as DNS record switchover. We can probably
pick a time to do this in the next week or so.
The web service is on port 8888, and the VNC service is display 1
on port 5901. Note that VNC connection also requires sending SIGUSR2
to the VM process, see the README.
Dave
On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
>
> On 04.10.2016, at 12:35, David T. Lewis <lewis at mail.msen.com> wrote:
>
> > Tobias,
> >
> > Thanks for your patient explanation.
> >
> > To summarize in case anyone else needs this for reference:
> >
> > 1) I made a .ssh/config file containing the following:
> >
> > Host ssh.squeak.org
> > User ssh
> > Port 1022
> >
> > Host *.box.squeak.org
> > User davidlewis
> > ProxyCommand ssh -W %h:%p ssh.squeak.org
> >
> > 2) I connected to the 'dan' server with the following command, which makes
> > and interactive login to dan, and also sets up the port forwarding for the
> > two additional ports (8888 and 5900) that I wanted to test:
> >
> > ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
> >
> > 3) With the above shell session active, I can connect to the web server
> > on port 8888 on server dan with http://localhost:8080, and I can connect
> > to a VNC server on dan by connecting to VNC display 0 on localhost.
> >
> > (Note - the actual squeaksource.com image will use VNC display 1, so
> > port 5901 rather than 5900)
> >
>
> Thanks for the summary. It's completely correct.
>
> Best regards
> -Tobias
>
> > Thanks,
> > Dave
> >
> >
> > On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
> >> Hi Dave
> >>
> >>
> >> On 04.10.2016, at 03:49, David T. Lewis <lewis at mail.msen.com> wrote:
> >>
> >>> Hi Tobias,
> >>>
> >>> I am now running a test image on 'dan' that is listening for http connections
> >>> on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so
> >>> that I can verify that both listening ports are active on the server. But
> >>> I am unable to make TCP connections to either port from an outside machine.
> >>
> >> That is expected.
> >> BTW: You can use netstat to see who is listening where:
> >>
> >> # netstat -neptl
> >> Active Internet connections (only servers)
> >> Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
> >> tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd
> >> tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm
> >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4
> >> tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm
> >> tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
> >>
> >> Next, ufw will tell you which ports are open:
> >>
> >> # ufw status verbose
> >> Status: active
> >> Logging: on (low)
> >> Default: deny (incoming), allow (outgoing)
> >> New profiles: skip
> >>
> >> To Action From
> >> -- ------ ----
> >> 10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8
> >> 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
> >>
> >>
> >>>
> >>> I assume that I am missing some sort of port forwarding configuration, but
> >>> nothing I have tried so far has worked. Ideally I would like to connect to
> >>> the web server with http://104.130.170.38:8888 and use SSH local forwards
> >>> for the VNC connection.
> >>
> >> The web server variant via http://104.130.170.38:8888 is not intended.
> >> Please lets have as few ports open to the public as possible.
> >> But there's help:
> >>
> >>>
> >>> Could you please try making connections to those two ports on 'dan' and
> >>> let me know the specific ssh port forwarding commands that made it work?
> >>
> >> so, this works for me:
> >>
> >> ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
> >>
> >> (given the ssh config outlined some days ago, otherwise it is
> >>
> >> ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss at ssh.squeak.org:10225" 10.176.197.150
> >> )
> >>
> >> you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
> >>
> >> Best regards
> >> -Tobias
> >>
> >>
> >>
> >>
> >>>
> >>> Thanks,
> >>> Dave
> >>>
> >>> On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
> >>>>
> >>>> On 03.10.2016, at 01:25, David T. Lewis <lewis at mail.msen.com> wrote:
> >>>>
> >>>>> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
> >>>>>>
> >>>>>> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
> >>>>>> Here's the overview:
> >>>>>>
> >>>>>> =======================================================================================================================
> >>>>>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
> >>>>>> -----------------------------------------------------------------------------------------------------------------------
> >>>>>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
> >>>>>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
> >>>>>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
> >>>>>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
> >>>>>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
> >>>>>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
> >>>>>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
> >>>>>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
> >>>>>> =======================================================================================================================
> >>>>>
> >>>>>
> >>>>> I installed a new interpreter VM on dan, with the deb in /root/localdebs and
> >>>>> notes added to /root/admin-log.txt:
> >>>>>
> >>>>> ========================
> >>>>> 20161002 davidlewis
> >>>>>
> >>>>> Install 64-bit interpreter VM for squeaksource.com. This is an up to date
> >>>>> VM compiled on my personal Ubuntu laptop according to instructions at
> >>>>> http://wiki.squeak.org/squeak/6354, with "make deb" to create the local
> >>>>> debian package installed here.
> >>>>>
> >>>>> The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
> >>>>>
> >>>>> The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs
> >>>>> that are expected to be installed as /usr/bin/squeak.
> >>>>>
> >>>>> ========================
> >>>>>
> >>>>> This is the same as used on box3, except that it is a 64-bit VM to suit
> >>>>> the new Rackspace server.
> >>>>>
> >>>>> The squeaksource.com image serves on local port 8888 (not 8080). I would
> >>>>> prefer to keep that convention so that the image can be copied directly
> >>>>> from box3 without modification.
> >>>>>
> >>>>
> >>>> 8888 is there now. 8080 gone.
> >>>>
> >>>>> Is it possible to open some local ports on server dan during the transition
> >>>>> period? It would be helpful if I could connect to 8888, 5900, and 5901 for
> >>>>> the next couple of weeks or so.
> >>>>
> >>>> Please use SSH local forwards for that.
> >>>>
> >>>> like this:
> >>>> ssh -L5901:localhost:5901 dan.box.squeak.org
> >>>>
> >>>> and then connect you VNC-viewer to Display 1 on localhost.
> >>>>
> >>>>
> >>>>>
> >>>>> Thanks,
> >>>>> Dave
> >>>>>
More information about the Box-Admins
mailing list