Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
I am not familiar with how to active the web server (currently on port 8888) on the standard port 80, and I cannot update the DNS records, so I am hoping that someone else can do those two things.
What would be a good time for us to complete the conversion? I may be quite busy for the next few days so some time after that would be best from my point of view.
Thanks,
Dave
On Tue, Oct 04, 2016 at 11:09:37PM -0400, David T. Lewis wrote:
The squeaksource.com service is now running on dan.box.squeak.org, and under the control of supervise. See notes in /root/admin-log.txt and /srv/squeaksourcecom/README for details.
I would like to leave this running for a few days to make sure it stays healthy, but I anticipate no problems.
The final switchover will require a refresh of recently updated files from box3, as well as DNS record switchover. We can probably pick a time to do this in the next week or so.
The web service is on port 8888, and the VNC service is display 1 on port 5901. Note that VNC connection also requires sending SIGUSR2 to the VM process, see the README.
Dave
On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
On 04.10.2016, at 12:35, David T. Lewis lewis@mail.msen.com wrote:
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
- I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
- I connected to the 'dan' server with the following command, which makes
and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
- With the above shell session active, I can connect to the web server
on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks for the summary. It's completely correct.
Best regards -Tobias
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote: >> >> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. >> Here's the overview: >> >> ======================================================================================================================= >> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 >> ----------------------------------------------------------------------------------------------------------------------- >> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 >> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 >> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 >> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 >> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 >> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 >> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 >> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 >> ======================================================================================================================= > > > I installed a new interpreter VM on dan, with the deb in /root/localdebs and > notes added to /root/admin-log.txt: > > ======================== > 20161002 davidlewis > > Install 64-bit interpreter VM for squeaksource.com. This is an up to date > VM compiled on my personal Ubuntu laptop according to instructions at > http://wiki.squeak.org/squeak/6354, with "make deb" to create the local > debian package installed here. > > The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb > > The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs > that are expected to be installed as /usr/bin/squeak. > > ======================== > > This is the same as used on box3, except that it is a 64-bit VM to suit > the new Rackspace server. > > The squeaksource.com image serves on local port 8888 (not 8080). I would > prefer to keep that convention so that the image can be copied directly > from box3 without modification. >
8888 is there now. 8080 gone.
> Is it possible to open some local ports on server dan during the transition > period? It would be helpful if I could connect to 8888, 5900, and 5901 for > the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
> > Thanks, > Dave >