[Box-Admins] squeaksource.com move to Rackspace
David T. Lewis
lewis at mail.msen.com
Fri Oct 7 02:08:44 UTC 2016
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new
Rackspace server dan. It has run for a number of days now, and I have
confirmed that when I kill the VM process, the service is reliably
restarted by supervise.
When we do the final switchover to Rackspace, I would like to be
responsible for synchronizing the data files and image to ensure
that no updates are lost during the transition. Currently the image
and files on Rackspace are updated as of today, but I will want to
do an additional update right before the actual DNS record change,
and I will also check afterwards to make sure nothing is lost during
the time it may take for the DNS updates to propagate.
I am not familiar with how to active the web server (currently
on port 8888) on the standard port 80, and I cannot update the
DNS records, so I am hoping that someone else can do those two
things.
What would be a good time for us to complete the conversion? I
may be quite busy for the next few days so some time after that
would be best from my point of view.
Thanks,
Dave
On Tue, Oct 04, 2016 at 11:09:37PM -0400, David T. Lewis wrote:
> The squeaksource.com service is now running on dan.box.squeak.org,
> and under the control of supervise. See notes in /root/admin-log.txt
> and /srv/squeaksourcecom/README for details.
>
> I would like to leave this running for a few days to make sure it
> stays healthy, but I anticipate no problems.
>
> The final switchover will require a refresh of recently updated
> files from box3, as well as DNS record switchover. We can probably
> pick a time to do this in the next week or so.
>
> The web service is on port 8888, and the VNC service is display 1
> on port 5901. Note that VNC connection also requires sending SIGUSR2
> to the VM process, see the README.
>
> Dave
>
>
> On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
> >
> > On 04.10.2016, at 12:35, David T. Lewis <lewis at mail.msen.com> wrote:
> >
> > > Tobias,
> > >
> > > Thanks for your patient explanation.
> > >
> > > To summarize in case anyone else needs this for reference:
> > >
> > > 1) I made a .ssh/config file containing the following:
> > >
> > > Host ssh.squeak.org
> > > User ssh
> > > Port 1022
> > >
> > > Host *.box.squeak.org
> > > User davidlewis
> > > ProxyCommand ssh -W %h:%p ssh.squeak.org
> > >
> > > 2) I connected to the 'dan' server with the following command, which makes
> > > and interactive login to dan, and also sets up the port forwarding for the
> > > two additional ports (8888 and 5900) that I wanted to test:
> > >
> > > ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
> > >
> > > 3) With the above shell session active, I can connect to the web server
> > > on port 8888 on server dan with http://localhost:8080, and I can connect
> > > to a VNC server on dan by connecting to VNC display 0 on localhost.
> > >
> > > (Note - the actual squeaksource.com image will use VNC display 1, so
> > > port 5901 rather than 5900)
> > >
> >
> > Thanks for the summary. It's completely correct.
> >
> > Best regards
> > -Tobias
> >
> > > Thanks,
> > > Dave
> > >
> > >
> > > On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
> > >> Hi Dave
> > >>
> > >>
> > >> On 04.10.2016, at 03:49, David T. Lewis <lewis at mail.msen.com> wrote:
> > >>
> > >>> Hi Tobias,
> > >>>
> > >>> I am now running a test image on 'dan' that is listening for http connections
> > >>> on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so
> > >>> that I can verify that both listening ports are active on the server. But
> > >>> I am unable to make TCP connections to either port from an outside machine.
> > >>
> > >> That is expected.
> > >> BTW: You can use netstat to see who is listening where:
> > >>
> > >> # netstat -neptl
> > >> Active Internet connections (only servers)
> > >> Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
> > >> tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd
> > >> tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm
> > >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4
> > >> tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm
> > >> tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
> > >>
> > >> Next, ufw will tell you which ports are open:
> > >>
> > >> # ufw status verbose
> > >> Status: active
> > >> Logging: on (low)
> > >> Default: deny (incoming), allow (outgoing)
> > >> New profiles: skip
> > >>
> > >> To Action From
> > >> -- ------ ----
> > >> 10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8
> > >> 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
> > >>
> > >>
> > >>>
> > >>> I assume that I am missing some sort of port forwarding configuration, but
> > >>> nothing I have tried so far has worked. Ideally I would like to connect to
> > >>> the web server with http://104.130.170.38:8888 and use SSH local forwards
> > >>> for the VNC connection.
> > >>
> > >> The web server variant via http://104.130.170.38:8888 is not intended.
> > >> Please lets have as few ports open to the public as possible.
> > >> But there's help:
> > >>
> > >>>
> > >>> Could you please try making connections to those two ports on 'dan' and
> > >>> let me know the specific ssh port forwarding commands that made it work?
> > >>
> > >> so, this works for me:
> > >>
> > >> ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
> > >>
> > >> (given the ssh config outlined some days ago, otherwise it is
> > >>
> > >> ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss at ssh.squeak.org:10225" 10.176.197.150
> > >> )
> > >>
> > >> you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
> > >>
> > >> Best regards
> > >> -Tobias
> > >>
> > >>
> > >>
> > >>
> > >>>
> > >>> Thanks,
> > >>> Dave
> > >>>
> > >>> On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
> > >>>>
> > >>>> On 03.10.2016, at 01:25, David T. Lewis <lewis at mail.msen.com> wrote:
> > >>>>
> > >>>>> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
> > >>>>>>
> > >>>>>> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
> > >>>>>> Here's the overview:
> > >>>>>>
> > >>>>>> =======================================================================================================================
> > >>>>>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
> > >>>>>> -----------------------------------------------------------------------------------------------------------------------
> > >>>>>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
> > >>>>>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
> > >>>>>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
> > >>>>>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
> > >>>>>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
> > >>>>>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
> > >>>>>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
> > >>>>>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
> > >>>>>> =======================================================================================================================
> > >>>>>
> > >>>>>
> > >>>>> I installed a new interpreter VM on dan, with the deb in /root/localdebs and
> > >>>>> notes added to /root/admin-log.txt:
> > >>>>>
> > >>>>> ========================
> > >>>>> 20161002 davidlewis
> > >>>>>
> > >>>>> Install 64-bit interpreter VM for squeaksource.com. This is an up to date
> > >>>>> VM compiled on my personal Ubuntu laptop according to instructions at
> > >>>>> http://wiki.squeak.org/squeak/6354, with "make deb" to create the local
> > >>>>> debian package installed here.
> > >>>>>
> > >>>>> The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
> > >>>>>
> > >>>>> The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs
> > >>>>> that are expected to be installed as /usr/bin/squeak.
> > >>>>>
> > >>>>> ========================
> > >>>>>
> > >>>>> This is the same as used on box3, except that it is a 64-bit VM to suit
> > >>>>> the new Rackspace server.
> > >>>>>
> > >>>>> The squeaksource.com image serves on local port 8888 (not 8080). I would
> > >>>>> prefer to keep that convention so that the image can be copied directly
> > >>>>> from box3 without modification.
> > >>>>>
> > >>>>
> > >>>> 8888 is there now. 8080 gone.
> > >>>>
> > >>>>> Is it possible to open some local ports on server dan during the transition
> > >>>>> period? It would be helpful if I could connect to 8888, 5900, and 5901 for
> > >>>>> the next couple of weeks or so.
> > >>>>
> > >>>> Please use SSH local forwards for that.
> > >>>>
> > >>>> like this:
> > >>>> ssh -L5901:localhost:5901 dan.box.squeak.org
> > >>>>
> > >>>> and then connect you VNC-viewer to Display 1 on localhost.
> > >>>>
> > >>>>
> > >>>>>
> > >>>>> Thanks,
> > >>>>> Dave
> > >>>>>
More information about the Box-Admins
mailing list