[Box-Admins] squeaksource.com move to Rackspace
Tobias Pape
Das.Linux at gmx.de
Mon Oct 10 23:30:39 UTC 2016
Hi David.
On 07.10.2016, at 04:08, David T. Lewis <lewis at mail.msen.com> wrote:
> Levente, Tobias:
>
> The squeaksource.com service seems to be working reliably on the new
> Rackspace server dan. It has run for a number of days now, and I have
> confirmed that when I kill the VM process, the service is reliably
> restarted by supervise.
Great.
>
> When we do the final switchover to Rackspace, I would like to be
> responsible for synchronizing the data files and image to ensure
> that no updates are lost during the transition. Currently the image
> and files on Rackspace are updated as of today, but I will want to
> do an additional update right before the actual DNS record change,
> and I will also check afterwards to make sure nothing is lost during
> the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS.
(but not before 2016-10-11 9:00 CEST, I'm going to bed now)
>
> I am not familiar with how to active the web server (currently
> on port 8888) on the standard port 80, and I cannot update the
> DNS records, so I am hoping that someone else can do those two
> things.
This will not be done.
What is being done (and I just did that and verified) is, that
alan will proxy for dan:
--- HTTP / 80 ---> alan ---- HTTP / 8888 ----> dan
I took care of the config, we've just got to switch the DNS.
squeaksource.com will point to alan's public IP.
I welcome the first completely migrated service :)
Best regards
-Tobias
>
> What would be a good time for us to complete the conversion? I
> may be quite busy for the next few days so some time after that
> would be best from my point of view.
>
> Thanks,
>
> Dave
>
> On Tue, Oct 04, 2016 at 11:09:37PM -0400, David T. Lewis wrote:
>> The squeaksource.com service is now running on dan.box.squeak.org,
>> and under the control of supervise. See notes in /root/admin-log.txt
>> and /srv/squeaksourcecom/README for details.
>>
>> I would like to leave this running for a few days to make sure it
>> stays healthy, but I anticipate no problems.
>>
>> The final switchover will require a refresh of recently updated
>> files from box3, as well as DNS record switchover. We can probably
>> pick a time to do this in the next week or so.
>>
>> The web service is on port 8888, and the VNC service is display 1
>> on port 5901. Note that VNC connection also requires sending SIGUSR2
>> to the VM process, see the README.
>>
>> Dave
>>
>>
>> On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
>>>
>>> On 04.10.2016, at 12:35, David T. Lewis <lewis at mail.msen.com> wrote:
>>>
>>>> Tobias,
>>>>
>>>> Thanks for your patient explanation.
>>>>
>>>> To summarize in case anyone else needs this for reference:
>>>>
>>>> 1) I made a .ssh/config file containing the following:
>>>>
>>>> Host ssh.squeak.org
>>>> User ssh
>>>> Port 1022
>>>>
>>>> Host *.box.squeak.org
>>>> User davidlewis
>>>> ProxyCommand ssh -W %h:%p ssh.squeak.org
>>>>
>>>> 2) I connected to the 'dan' server with the following command, which makes
>>>> and interactive login to dan, and also sets up the port forwarding for the
>>>> two additional ports (8888 and 5900) that I wanted to test:
>>>>
>>>> ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
>>>>
>>>> 3) With the above shell session active, I can connect to the web server
>>>> on port 8888 on server dan with http://localhost:8080, and I can connect
>>>> to a VNC server on dan by connecting to VNC display 0 on localhost.
>>>>
>>>> (Note - the actual squeaksource.com image will use VNC display 1, so
>>>> port 5901 rather than 5900)
>>>>
>>>
>>> Thanks for the summary. It's completely correct.
>>>
>>> Best regards
>>> -Tobias
>>>
>>>> Thanks,
>>>> Dave
>>>>
>>>>
>>>> On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
>>>>> Hi Dave
>>>>>
>>>>>
>>>>> On 04.10.2016, at 03:49, David T. Lewis <lewis at mail.msen.com> wrote:
>>>>>
>>>>>> Hi Tobias,
>>>>>>
>>>>>> I am now running a test image on 'dan' that is listening for http connections
>>>>>> on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so
>>>>>> that I can verify that both listening ports are active on the server. But
>>>>>> I am unable to make TCP connections to either port from an outside machine.
>>>>>
>>>>> That is expected.
>>>>> BTW: You can use netstat to see who is listening where:
>>>>>
>>>>> # netstat -neptl
>>>>> Active Internet connections (only servers)
>>>>> Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
>>>>> tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd
>>>>> tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm
>>>>> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4
>>>>> tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm
>>>>> tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
>>>>>
>>>>> Next, ufw will tell you which ports are open:
>>>>>
>>>>> # ufw status verbose
>>>>> Status: active
>>>>> Logging: on (low)
>>>>> Default: deny (incoming), allow (outgoing)
>>>>> New profiles: skip
>>>>>
>>>>> To Action From
>>>>> -- ------ ----
>>>>> 10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8
>>>>> 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
>>>>>
>>>>>
>>>>>>
>>>>>> I assume that I am missing some sort of port forwarding configuration, but
>>>>>> nothing I have tried so far has worked. Ideally I would like to connect to
>>>>>> the web server with http://104.130.170.38:8888 and use SSH local forwards
>>>>>> for the VNC connection.
>>>>>
>>>>> The web server variant via http://104.130.170.38:8888 is not intended.
>>>>> Please lets have as few ports open to the public as possible.
>>>>> But there's help:
>>>>>
>>>>>>
>>>>>> Could you please try making connections to those two ports on 'dan' and
>>>>>> let me know the specific ssh port forwarding commands that made it work?
>>>>>
>>>>> so, this works for me:
>>>>>
>>>>> ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
>>>>>
>>>>> (given the ssh config outlined some days ago, otherwise it is
>>>>>
>>>>> ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss at ssh.squeak.org:10225" 10.176.197.150
>>>>> )
>>>>>
>>>>> you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
>>>>>
>>>>> Best regards
>>>>> -Tobias
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Dave
>>>>>>
>>>>>> On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
>>>>>>>
>>>>>>> On 03.10.2016, at 01:25, David T. Lewis <lewis at mail.msen.com> wrote:
>>>>>>>
>>>>>>>> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
>>>>>>>>>
>>>>>>>>> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
>>>>>>>>> Here's the overview:
>>>>>>>>>
>>>>>>>>> =======================================================================================================================
>>>>>>>>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
>>>>>>>>> -----------------------------------------------------------------------------------------------------------------------
>>>>>>>>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
>>>>>>>>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
>>>>>>>>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
>>>>>>>>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
>>>>>>>>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
>>>>>>>>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
>>>>>>>>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
>>>>>>>>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
>>>>>>>>> =======================================================================================================================
>>>>>>>>
>>>>>>>>
>>>>>>>> I installed a new interpreter VM on dan, with the deb in /root/localdebs and
>>>>>>>> notes added to /root/admin-log.txt:
>>>>>>>>
>>>>>>>> ========================
>>>>>>>> 20161002 davidlewis
>>>>>>>>
>>>>>>>> Install 64-bit interpreter VM for squeaksource.com. This is an up to date
>>>>>>>> VM compiled on my personal Ubuntu laptop according to instructions at
>>>>>>>> http://wiki.squeak.org/squeak/6354, with "make deb" to create the local
>>>>>>>> debian package installed here.
>>>>>>>>
>>>>>>>> The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
>>>>>>>>
>>>>>>>> The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs
>>>>>>>> that are expected to be installed as /usr/bin/squeak.
>>>>>>>>
>>>>>>>> ========================
>>>>>>>>
>>>>>>>> This is the same as used on box3, except that it is a 64-bit VM to suit
>>>>>>>> the new Rackspace server.
>>>>>>>>
>>>>>>>> The squeaksource.com image serves on local port 8888 (not 8080). I would
>>>>>>>> prefer to keep that convention so that the image can be copied directly
>>>>>>>> from box3 without modification.
>>>>>>>>
>>>>>>>
>>>>>>> 8888 is there now. 8080 gone.
>>>>>>>
>>>>>>>> Is it possible to open some local ports on server dan during the transition
>>>>>>>> period? It would be helpful if I could connect to 8888, 5900, and 5901 for
>>>>>>>> the next couple of weeks or so.
>>>>>>>
>>>>>>> Please use SSH local forwards for that.
>>>>>>>
>>>>>>> like this:
>>>>>>> ssh -L5901:localhost:5901 dan.box.squeak.org
>>>>>>>
>>>>>>> and then connect you VNC-viewer to Display 1 on localhost.
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Dave
>>>>>>>>
More information about the Box-Admins
mailing list