Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 ----------------------------------------------------------------------------------------------------------------------- ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221
And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022
Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022
Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
(c) You have OpenSSH < 5.4 Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers? - Do we need Jenkins anymore?
As always, questions appreciated.
Best regards -Tobias
On Wed, Sep 28, 2016 at 11:31 AM Tobias Pape Das.Linux@gmx.de wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
=======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22 Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'sshandreas.squeak.org'
variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org And then say 'ssh andreas.squeak.org' (b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p104.130.6.82" YOURNAME@10.176.200.8
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org And then say 'ssh andreas.squeak.org'
2b works like a charm! Thanks :)
(c) You have OpenSSH < 5.4 Use variant (1)We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
I would need webteam/webserver access.
- Do we need Jenkins anymore?
We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.
As always, questions appreciated.
Best regards -Tobias
CC to Frank because he may not be following these discussions.
On Wed, Sep 28, 2016 at 10:03:41AM +0000, Fabio Niephaus wrote:
On Wed, Sep 28, 2016 at 11:31 AM Tobias Pape Das.Linux@gmx.de wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
<snip>
- Do we need Jenkins anymore?
We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.
I have still been using a couple of test projects on build.squeak.org but overall it is not maintained, and I do not think that we should continue to make it publicly visible (links from squeak.org) in that condition.
My suggestion is that we should copy /var/lib/jenkins directory to Rackspace if space permits, so that we do not lose it in the move. Aside from that, I don't think it is something we need to spend time on for the move. If we want to put it back on line, we can do that later if and when a volunteer steps forward.
If the real CI work is happening on TravisCI now, then we should see if we can point build.squeak.org at that system.
Dave
I think using TravisCI instead of our solution is a fabulous idea, and wholeheartedly support the move to same.
frank
On 29 September 2016 at 05:20, David T. Lewis lewis@mail.msen.com wrote:
CC to Frank because he may not be following these discussions.
On Wed, Sep 28, 2016 at 10:03:41AM +0000, Fabio Niephaus wrote:
On Wed, Sep 28, 2016 at 11:31 AM Tobias Pape Das.Linux@gmx.de wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
<snip>
- Do we need Jenkins anymore?
We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.
I have still been using a couple of test projects on build.squeak.org but overall it is not maintained, and I do not think that we should continue to make it publicly visible (links from squeak.org) in that condition.
My suggestion is that we should copy /var/lib/jenkins directory to Rackspace if space permits, so that we do not lose it in the move. Aside from that, I don't think it is something we need to spend time on for the move. If we want to put it back on line, we can do that later if and when a volunteer steps forward.
If the real CI work is happening on TravisCI now, then we should see if we can point build.squeak.org at that system.
Dave
Hi all,
I also favour Travis.
But I kindly ask you all to bear with me with - first moving all our services and - bring them up to some extent and - only _after_ that, selectively retiring those services.
That would mean here, please lets move jenkins over, machine with enough space is already provisioned. Also, please lets get it running for now. I know there are some services out there that depend on some deep links into jenkins. No, this is not nice, and I really want to get rid of that, but please _after_ the move :D
Best regards -Tobias
On 29.09.2016, at 19:29, Frank Shearar frank.shearar@gmail.com wrote:
I think using TravisCI instead of our solution is a fabulous idea, and wholeheartedly support the move to same.
frank
On 29 September 2016 at 05:20, David T. Lewis lewis@mail.msen.com wrote: CC to Frank because he may not be following these discussions.
On Wed, Sep 28, 2016 at 10:03:41AM +0000, Fabio Niephaus wrote:
On Wed, Sep 28, 2016 at 11:31 AM Tobias Pape Das.Linux@gmx.de wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
<snip>
- Do we need Jenkins anymore?
We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.
I have still been using a couple of test projects on build.squeak.org but overall it is not maintained, and I do not think that we should continue to make it publicly visible (links from squeak.org) in that condition.
My suggestion is that we should copy /var/lib/jenkins directory to Rackspace if space permits, so that we do not lose it in the move. Aside from that, I don't think it is something we need to spend time on for the move. If we want to put it back on line, we can do that later if and when a volunteer steps forward.
If the real CI work is happening on TravisCI now, then we should see if we can point build.squeak.org at that system.
Dave
Thanks Tobias,
I am not able to connect with variant (1). Probably I am doing something wrong, as I have little experience with ssh tunneling. This is what I see:
lewis@lewis-Gazelle-Pro:~$ ssh -p1022 -lssh 104.130.6.82 restrict shell, no commands # restrict shell, no commands # ssh -AN -L22221:10.176.197.150:22 -p1022 -lssh 104.130.6.82 restrict shell, no commands # ssh -ldavidlewis -p22221 localhost restrict shell, no commands # ls restrict shell, no commands #
Can you tell what I am doing wrong?
Thanks, Dave
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022
Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022
Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
(c) You have OpenSSH < 5.4 Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards -Tobias
Hi Dave, I think the first command establishes the tunnel to a port on your localhost.
So enter the last command in a separate terminal window on your machine instead of in the tunneling window, which does not accept commands.
On Wed, Sep 28, 2016 at 6:53 PM, David T. Lewis lewis@mail.msen.com wrote:
Thanks Tobias,
I am not able to connect with variant (1). Probably I am doing something wrong, as I have little experience with ssh tunneling. This is what I see:
lewis@lewis-Gazelle-Pro:~$ ssh -p1022 -lssh 104.130.6.82 restrict shell, no commands # restrict shell, no commands # ssh -AN -L22221:10.176.197.150:22 -p1022 -lssh 104.130.6.82 restrict shell, no commands # ssh -ldavidlewis -p22221 localhost restrict shell, no commands # ls restrict shell, no commands #
Can you tell what I am doing wrong?
Thanks, Dave
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22 Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org And then say 'ssh andreas.squeak.org' (b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME@10.176.200.8 Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org And then say 'ssh andreas.squeak.org' (c) You have OpenSSH < 5.4 Use variant (1)We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards -Tobias
On 29.09.2016, at 04:53, Chris Muller asqueaker@gmail.com wrote:
Hi Dave, I think the first command establishes the tunnel to a port on your localhost.
So enter the last command in a separate terminal window on your machine instead of in the tunneling window, which does not accept commands.
Exactly. Sorry for not being clear enough.
Best regards -Tobias
On Wed, Sep 28, 2016 at 09:53:43PM -0500, Chris Muller wrote:
Hi Dave, I think the first command establishes the tunnel to a port on your localhost.
So enter the last command in a separate terminal window on your machine instead of in the tunneling window, which does not accept commands.
Thanks Chris, works fine. Sorry for my confusion.
Dave
Hey Tobias,
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
...
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22
(10.176.200.8 is alan, not andreas and 222221 is not a valid port number, but I got your point).
Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
However, my access failed:
======================= ssh andreas.squeak.org The authenticity of host '[localhost]:22221 ([127.0.0.1]:22221)' can't be established. ECDSA key fingerprint is a3:05:db:9d:51:b0:53:a9:4e:98:94:df:ff:34:09:2a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:22221' (ECDSA) to the list of known hosts. Permission denied (publickey). ========================
Could you double check my ssh key?
... We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
I assume you will not carry forward the chroot directory structure from "box3". Are you planning to collaborate with the volunteers or do some kind of hand-off after the rsync or take everything completely across the finish-line?
[ACTION REQUIRED]
- Who needs access to which servers?
I would like access, including sudo, to dan and ted, please.
- Chris
Hey Chris,
On 29.09.2016, at 05:10, Chris Muller asqueaker@gmail.com wrote:
Hey Tobias,
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
...
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22(10.176.200.8 is alan, not andreas and 222221 is not a valid port number, but I got your point).
Yes, sorry, you're right in both instance. I noticed too late.
Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'However, my access failed:
======================= ssh andreas.squeak.org The authenticity of host '[localhost]:22221 ([127.0.0.1]:22221)' can't be established. ECDSA key fingerprint is a3:05:db:9d:51:b0:53:a9:4e:98:94:df:ff:34:09:2a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:22221' (ECDSA) to the list of known hosts. Permission denied (publickey). ========================
Could you double check my ssh key?
My bad. I had actually forgotten to create that account. I created it now, please re-check.
... We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
I assume you will not carry forward the chroot directory structure from "box3".
I would rather be in favour to pour down a full bottle of Lagavulin down the drain than trying to piggyback boxes again without need :D
Are you planning to collaborate with the volunteers or do some kind of hand-off after the rsync or take everything completely across the finish-line?
I (or we?) will surely help where possible.
[ACTION REQUIRED]
- Who needs access to which servers?
I would like access, including sudo, to dan and ted, please.
Ted because of map and wiki, right? Can you please explain why dan? Is the sudo necessary for anything else than installing packages? (Sorry for asking, but I'd like to have not too many sudoers on the machines during the moves. Not because of distrust but because of losing track).
Anyway, thanks for stepping forward and helping. :)
Best regards -Tobias
- Chris
Hi,
On 28.09.2016, at 11:31, Tobias Pape Das.Linux@gmx.de wrote:
Dear all
here's an update to the previous ssh process:
I have changed the DNS to point to the following:
ssh.squeak.org 104.130.6.82 ian.box.squeak.org 10.208.225.29 alan.box.squeak.org 10.176.200.8 adele.box.squeak.org 10.208.160.56 andreas.box.squeak.org 10.208.161.222 dan.box.squeak.org 10.176.197.150 ted.box.squeak.org 10.176.130.111 david.box.squeak.org 10.208.194.45 scott.box.squeak.org 10.176.199.169
Note that anything *.box.squeak.org are internal IPs just set up for convenience.
Or in your .ssh/config you can put
Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022
Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
Now the ~/.ssh/config can just contain:
Host ssh.squeak.org User ssh Port 1022 Host *.box.squeak.org User YOURUSER ProxyCommand ssh -W %h:%p ssh.squeak.org
And you can happily ssh to alan.box.squeak.org :)
Hope this helps.
Best regards -Tobias
On Fri, Sep 30, 2016 at 10:11 AM, Das.Linux@gmx.de wrote:
Now the ~/.ssh/config can just contain:
Host ssh.squeak.org User ssh Port 1022 Host *.box.squeak.org User YOURUSER ProxyCommand ssh -W %h:%p ssh.squeak.org
And you can happily ssh to alan.box.squeak.org :)
Works like a charme. And no hard-coded ip addresses anymore. Good job :)
If you are forgetful like me you can additionally set up an alias like this:
host squeak-www user YOURUSER proxycommand ssh -W alan.box.squeak.org:%p ssh.squeak.org
... and then simply "ssh squeak-www".
- Bert -
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
<snip>
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
Account request:
In addition to server #dan, I would like to request a davidlewis account on #andreas and #david.
Reasons: I want to work with Chris so I can update squeaksource.com as compatibly as possible with source.squeak.org from an administrative point of view (updating the squeaksource.com image will have to wait). And I may spend some time on Jenkins if everything else gets done on time.
Suggestion:
It would be a good idea to pick the UID assignments for the various admin accounts in advance, so they will be unique across the servers and distinct from any user UIDs. Thus for example if we will have accounts for squeakmap, jenkins, source.squeak.org and squeaksource.com services, their files can later be migrated from box to box without fear of UID confusion.
When I originally set up squeaksource.com on box3, I put it in a normal user account (ssdotcom with UID 1008). That is not good practice, in part because 1008 might end up being the UID for some user account on another box. (This actually happened in the box2 migration to box3, so the source.squeak.org files now accidentally appear to be owned by "davidlewis" rather than whatever ID they originally had on box2.)
For squeaksource.com, I am not worried if the files get copied with correct ownership and permissions, because I can easily fix this later (with /bin/find). Chris, if there are problems with this for source.squeak.org, I can lend a hand sorting it out.
Dave
Hi,
On 30.09.2016, at 14:16, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
<snip>
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
Account request:
In addition to server #dan, I would like to request a davidlewis account on #andreas and #david.
'andreas' granted. (As 'dan' for chris (sorry chris for seeming hesitant here…))
Reasons: I want to work with Chris so I can update squeaksource.com as compatibly as possible with source.squeak.org from an administrative point of view (updating the squeaksource.com image will have to wait).
ACK
And I may spend some time on Jenkins if everything else gets done on time.
Great. Please coordinate with Craig here.
Suggestion:
It would be a good idea to pick the UID assignments for the various admin accounts in advance, so they will be unique across the servers and distinct from any user UIDs. Thus for example if we will have accounts for squeakmap, jenkins, source.squeak.org and squeaksource.com services, their files can later be migrated from box to box without fear of UID confusion.
When I originally set up squeaksource.com on box3, I put it in a normal user account (ssdotcom with UID 1008). That is not good practice, in part because 1008 might end up being the UID for some user account on another box. (This actually happened in the box2 migration to box3, so the source.squeak.org files now accidentally appear to be owned by "davidlewis" rather than whatever ID they originally had on box2.)
I don't this that is too much of a problem, I did it anyway I will send around the 'known users' mapping shortly :)
For squeaksource.com, I am not worried if the files get copied with correct ownership and permissions, because I can easily fix this later (with /bin/find). Chris, if there are problems with this for source.squeak.org, I can lend a hand sorting it out.
The files are already there and have right perms :)
Dave
Best -Tobias
On 03.10.2016, at 20:39, Tobias Pape Das.Linux@gmx.de wrote:
Hi,
On 30.09.2016, at 14:16, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
<snip>
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
Account request:
In addition to server #dan, I would like to request a davidlewis account on #andreas and #david.
'andreas' granted. (As 'dan' for chris (sorry chris for seeming hesitant here…))
'david', too now
Reasons: I want to work with Chris so I can update squeaksource.com as compatibly as possible with source.squeak.org from an administrative point of view (updating the squeaksource.com image will have to wait).
ACK
And I may spend some time on Jenkins if everything else gets done on time.
Great. Please coordinate with Craig here.
Suggestion:
It would be a good idea to pick the UID assignments for the various admin accounts in advance, so they will be unique across the servers and distinct from any user UIDs. Thus for example if we will have accounts for squeakmap, jenkins, source.squeak.org and squeaksource.com services, their files can later be migrated from box to box without fear of UID confusion.
When I originally set up squeaksource.com on box3, I put it in a normal user account (ssdotcom with UID 1008). That is not good practice, in part because 1008 might end up being the UID for some user account on another box. (This actually happened in the box2 migration to box3, so the source.squeak.org files now accidentally appear to be owned by "davidlewis" rather than whatever ID they originally had on box2.)
I don't this that is too much of a problem, I did it anyway I will send around the 'known users' mapping shortly :)
For squeaksource.com, I am not worried if the files get copied with correct ownership and permissions, because I can easily fix this later (with /bin/find). Chris, if there are problems with this for source.squeak.org, I can lend a hand sorting it out.
The files are already there and have right perms :)
Dave
Best -Tobias
On 30.09.2016, at 14:16, David T. Lewis lewis@mail.msen.com wrote:
When I originally set up squeaksource.com on box3, I put it in a normal user account (ssdotcom with UID 1008). That is not good practice, in part because 1008 might end up being the UID for some user account on another box. (This actually happened in the box2 migration to box3, so the source.squeak.org files now accidentally appear to be owned by "davidlewis" rather than whatever ID they originally had on box2.)
Here's the known-users-list:
Known users UID ssh 100000 squeaksourcecom 100001 sourcesqueakorg 100002 squeakwiki 100003 squeakmap 100004 jenkins 100005
Of these, ssh, squeaksourcecom, sourcesqueakorg and jenkins have already been created on their respective servers.
Best regards -Tobias
Excellent, thank you!
Dave
On 30.09.2016, at 14:16, David T. Lewis lewis@mail.msen.com wrote:
When I originally set up squeaksource.com on box3, I put it in a normal user account (ssdotcom with UID 1008). That is not good practice, in part because 1008 might end up being the UID for some user account on another box. (This actually happened in the box2 migration to box3, so the source.squeak.org files now accidentally appear to be owned by "davidlewis" rather than whatever ID they originally had on box2.)
Here's the known-users-list:
Known users UID ssh 100000 squeaksourcecom 100001 sourcesqueakorg 100002 squeakwiki 100003 squeakmap 100004 jenkins 100005
Of these, ssh, squeaksourcecom, sourcesqueakorg and jenkins have already been created on their respective servers.
Best regards -Tobias
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I would like to make sure that we bring the bugs.squeak.org Mantis system over to Rackspace. I don't know much about how it works, but it is important to me for historical tracking of Squeak and VM issues.
If no one else has done so, I will volunteer to do the move.
Dave
On Sat, 1 Oct 2016, David T. Lewis wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I would like to make sure that we bring the bugs.squeak.org Mantis system over to Rackspace. I don't know much about how it works, but it is important to me for historical tracking of Squeak and VM issues.
It's planned to be hosted on scott. The database already has its own, special, publicly not visible server (rock).
Levente
If no one else has done so, I will volunteer to do the move.
Dave
On Sun, Oct 02, 2016 at 03:23:09AM +0200, Levente Uzonyi wrote:
On Sat, 1 Oct 2016, David T. Lewis wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I would like to make sure that we bring the bugs.squeak.org Mantis system over to Rackspace. I don't know much about how it works, but it is important to me for historical tracking of Squeak and VM issues.
It's planned to be hosted on scott. The database already has its own, special, publicly not visible server (rock).
Levente
Excellent, thank you!
Dave
If no one else has done so, I will volunteer to do the move.
Dave
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Thanks, Dave
Hi Dave, can 64-bit VM run the 32-bit image or are you planning to run a conversion on the image..?
On Sun, Oct 2, 2016 at 6:25 PM, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Thanks, Dave
Hi Chris,
No conversion, it is exactly as on box3 except that the Rackspace servers are 64-bit, and box3 was a 32-bit OS, so I compiled it for native 64-bit.
Dave
Hi Dave, can 64-bit VM run the 32-bit image or are you planning to run a conversion on the image..?
On Sun, Oct 2, 2016 at 6:25 PM, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Thanks, Dave
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From -- ------ ---- 10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
1) I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
2) I connected to the 'dan' server with the following command, which makes and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
3) With the above shell session active, I can connect to the web server on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
On 04.10.2016, at 12:35, David T. Lewis lewis@mail.msen.com wrote:
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
- I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
- I connected to the 'dan' server with the following command, which makes
and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
- With the above shell session active, I can connect to the web server
on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks for the summary. It's completely correct.
Best regards -Tobias
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
The squeaksource.com service is now running on dan.box.squeak.org, and under the control of supervise. See notes in /root/admin-log.txt and /srv/squeaksourcecom/README for details.
I would like to leave this running for a few days to make sure it stays healthy, but I anticipate no problems.
The final switchover will require a refresh of recently updated files from box3, as well as DNS record switchover. We can probably pick a time to do this in the next week or so.
The web service is on port 8888, and the VNC service is display 1 on port 5901. Note that VNC connection also requires sending SIGUSR2 to the VM process, see the README.
Dave
On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
On 04.10.2016, at 12:35, David T. Lewis lewis@mail.msen.com wrote:
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
- I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
- I connected to the 'dan' server with the following command, which makes
and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
- With the above shell session active, I can connect to the web server
on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks for the summary. It's completely correct.
Best regards -Tobias
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote: > > with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. > Here's the overview: > > ======================================================================================================================= > Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 > ----------------------------------------------------------------------------------------------------------------------- > ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 > alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 > adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 > andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 > dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 > ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 > david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 > scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 > =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
8888 is there now. 8080 gone.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
Thanks, Dave
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
I am not familiar with how to active the web server (currently on port 8888) on the standard port 80, and I cannot update the DNS records, so I am hoping that someone else can do those two things.
What would be a good time for us to complete the conversion? I may be quite busy for the next few days so some time after that would be best from my point of view.
Thanks,
Dave
On Tue, Oct 04, 2016 at 11:09:37PM -0400, David T. Lewis wrote:
The squeaksource.com service is now running on dan.box.squeak.org, and under the control of supervise. See notes in /root/admin-log.txt and /srv/squeaksourcecom/README for details.
I would like to leave this running for a few days to make sure it stays healthy, but I anticipate no problems.
The final switchover will require a refresh of recently updated files from box3, as well as DNS record switchover. We can probably pick a time to do this in the next week or so.
The web service is on port 8888, and the VNC service is display 1 on port 5901. Note that VNC connection also requires sending SIGUSR2 to the VM process, see the README.
Dave
On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
On 04.10.2016, at 12:35, David T. Lewis lewis@mail.msen.com wrote:
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
- I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
- I connected to the 'dan' server with the following command, which makes
and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
- With the above shell session active, I can connect to the web server
on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks for the summary. It's completely correct.
Best regards -Tobias
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote:
On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote:
> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote: >> >> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. >> Here's the overview: >> >> ======================================================================================================================= >> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 >> ----------------------------------------------------------------------------------------------------------------------- >> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 >> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 >> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 >> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 >> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 >> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 >> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 >> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 >> ======================================================================================================================= > > > I installed a new interpreter VM on dan, with the deb in /root/localdebs and > notes added to /root/admin-log.txt: > > ======================== > 20161002 davidlewis > > Install 64-bit interpreter VM for squeaksource.com. This is an up to date > VM compiled on my personal Ubuntu laptop according to instructions at > http://wiki.squeak.org/squeak/6354, with "make deb" to create the local > debian package installed here. > > The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb > > The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs > that are expected to be installed as /usr/bin/squeak. > > ======================== > > This is the same as used on box3, except that it is a 64-bit VM to suit > the new Rackspace server. > > The squeaksource.com image serves on local port 8888 (not 8080). I would > prefer to keep that convention so that the image can be copied directly > from box3 without modification. >
8888 is there now. 8080 gone.
> Is it possible to open some local ports on server dan during the transition > period? It would be helpful if I could connect to 8888, 5900, and 5901 for > the next couple of weeks or so.
Please use SSH local forwards for that.
like this: ssh -L5901:localhost:5901 dan.box.squeak.org
and then connect you VNC-viewer to Display 1 on localhost.
> > Thanks, > Dave >
Hi David. On 07.10.2016, at 04:08, David T. Lewis lewis@mail.msen.com wrote:
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
Great.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS. (but not before 2016-10-11 9:00 CEST, I'm going to bed now)
I am not familiar with how to active the web server (currently on port 8888) on the standard port 80, and I cannot update the DNS records, so I am hoping that someone else can do those two things.
This will not be done.
What is being done (and I just did that and verified) is, that alan will proxy for dan:
--- HTTP / 80 ---> alan ---- HTTP / 8888 ----> dan
I took care of the config, we've just got to switch the DNS. squeaksource.com will point to alan's public IP.
I welcome the first completely migrated service :)
Best regards -Tobias
What would be a good time for us to complete the conversion? I may be quite busy for the next few days so some time after that would be best from my point of view.
Thanks,
Dave
On Tue, Oct 04, 2016 at 11:09:37PM -0400, David T. Lewis wrote:
The squeaksource.com service is now running on dan.box.squeak.org, and under the control of supervise. See notes in /root/admin-log.txt and /srv/squeaksourcecom/README for details.
I would like to leave this running for a few days to make sure it stays healthy, but I anticipate no problems.
The final switchover will require a refresh of recently updated files from box3, as well as DNS record switchover. We can probably pick a time to do this in the next week or so.
The web service is on port 8888, and the VNC service is display 1 on port 5901. Note that VNC connection also requires sending SIGUSR2 to the VM process, see the README.
Dave
On Tue, Oct 04, 2016 at 02:24:47PM +0200, Tobias Pape wrote:
On 04.10.2016, at 12:35, David T. Lewis lewis@mail.msen.com wrote:
Tobias,
Thanks for your patient explanation.
To summarize in case anyone else needs this for reference:
- I made a .ssh/config file containing the following:
Host ssh.squeak.org User ssh Port 1022
Host *.box.squeak.org User davidlewis ProxyCommand ssh -W %h:%p ssh.squeak.org
- I connected to the 'dan' server with the following command, which makes
and interactive login to dan, and also sets up the port forwarding for the two additional ports (8888 and 5900) that I wanted to test:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
- With the above shell session active, I can connect to the web server
on port 8888 on server dan with http://localhost:8080, and I can connect to a VNC server on dan by connecting to VNC display 0 on localhost.
(Note - the actual squeaksource.com image will use VNC display 1, so port 5901 rather than 5900)
Thanks for the summary. It's completely correct.
Best regards -Tobias
Thanks, Dave
On Tue, Oct 04, 2016 at 09:26:45AM +0200, Tobias Pape wrote:
Hi Dave
On 04.10.2016, at 03:49, David T. Lewis lewis@mail.msen.com wrote:
Hi Tobias,
I am now running a test image on 'dan' that is listening for http connections on port 8888, and for VNC connections on 5900. I installed telnet on 'dan' so that I can verify that both listening ports are active on the server. But I am unable to make TCP connections to either port from an outside machine.
That is expected. BTW: You can use netstat to see who is listening where:
# netstat -neptl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 10.176.197.150:22 0.0.0.0:* LISTEN 0 20788 7726/sshd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1003 566790 30950/squeakvm tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17561 6275/exim4 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1003 546769 30950/squeakvm tcp6 0 0 ::1:25 :::* LISTEN 0 17562 6275/exim4
Next, ufw will tell you which ports are open:
# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
To Action From
10.176.197.150 22/tcp ALLOW IN 10.0.0.0/8 10.176.197.150 8888/tcp ALLOW IN 10.0.0.0/8
I assume that I am missing some sort of port forwarding configuration, but nothing I have tried so far has worked. Ideally I would like to connect to the web server with http://104.130.170.38:8888 and use SSH local forwards for the VNC connection.
The web server variant via http://104.130.170.38:8888 is not intended. Please lets have as few ports open to the public as possible. But there's help:
Could you please try making connections to those two ports on 'dan' and let me know the specific ssh port forwarding commands that made it work?
so, this works for me:
ssh -L8888:localhost:8888 -L5900:localhost:5900 dan.box.squeak.org
(given the ssh config outlined some days ago, otherwise it is
ssh -L8888:localhost:8888 -L5900:localhost:5900 -o ProxyCommand "ssh -W %h:%p ss@ssh.squeak.org:10225" 10.176.197.150 )
you can then see squeaksource on localhost:8888 and the VNC on Display 0 on localhost.
Best regards -Tobias
Thanks, Dave
On Mon, Oct 03, 2016 at 08:40:30PM +0200, Tobias Pape wrote: > > On 03.10.2016, at 01:25, David T. Lewis lewis@mail.msen.com wrote: > >> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote: >>> >>> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. >>> Here's the overview: >>> >>> ======================================================================================================================= >>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4 >>> ----------------------------------------------------------------------------------------------------------------------- >>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 >>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 >>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 >>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 >>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 >>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 >>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 >>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 >>> ======================================================================================================================= >> >> >> I installed a new interpreter VM on dan, with the deb in /root/localdebs and >> notes added to /root/admin-log.txt: >> >> ======================== >> 20161002 davidlewis >> >> Install 64-bit interpreter VM for squeaksource.com. This is an up to date >> VM compiled on my personal Ubuntu laptop according to instructions at >> http://wiki.squeak.org/squeak/6354, with "make deb" to create the local >> debian package installed here. >> >> The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb >> >> The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs >> that are expected to be installed as /usr/bin/squeak. >> >> ======================== >> >> This is the same as used on box3, except that it is a 64-bit VM to suit >> the new Rackspace server. >> >> The squeaksource.com image serves on local port 8888 (not 8080). I would >> prefer to keep that convention so that the image can be copied directly >> from box3 without modification. >> > > 8888 is there now. 8080 gone. > >> Is it possible to open some local ports on server dan during the transition >> period? It would be helpful if I could connect to 8888, 5900, and 5901 for >> the next couple of weeks or so. > > Please use SSH local forwards for that. > > like this: > ssh -L5901:localhost:5901 dan.box.squeak.org > > and then connect you VNC-viewer to Display 1 on localhost. > > >> >> Thanks, >> Dave >>
On Tue, Oct 11, 2016 at 01:30:39AM +0200, Tobias Pape wrote:
Hi David. On 07.10.2016, at 04:08, David T. Lewis lewis@mail.msen.com wrote:
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
Great.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS. (but not before 2016-10-11 9:00 CEST, I'm going to bed now)
I just finished another sync, updated as of Tue Oct 11 00:27:55 UTC 2016.
We should probably put out an official notice on the squeak/pharo lists, but to be honest I don't think anyone will even notice the change.
I will be away, returning in about 24 hours. If you are able to do the DNS switch during this time frame, I will check back afterwards and do any final refresh that may be needed if people have been updating squeaksource.com during that time.
Note that there usually are not too many updates to squeaksource.com during any 24 hour period, and I can find and fix any missed updates after the switch.
Just in case there are problems, I am attaching my notes on how I did the refresh from box3 to dan.box today.
Thanks! Dave
--- Refresh dan.box from box3 ---
Check time stamp of last update on the dan.box copy. Look at last entry in ss/ss.log, and the file mod time of the squeaksource.4.image that was previously copied from box3.
davidlewis@dan:~$ sudo su - squeaksourcecom [sudo] password for davidlewis: squeaksourcecom@dan:~$ ls -l SqueakSource/squeaksource.4.* -rw-r--r-- 1 squeaksourcecom www-data 16105802 Oct 7 01:16 SqueakSource/squeaksource.4.changes -rw-r--r-- 1 squeaksourcecom www-data 166831012 Oct 7 01:17 SqueakSource/squeaksource.4.image squeaksourcecom@dan:~$ date Tue Oct 11 00:00:58 UTC 2016 squeaksourcecom@dan:~$
Thus - we want to update with anything that has changed in the last 5 days (to be safe and avoid figuring out exact time zones and so forth).
Next, go to box3 and get the latest.
ssdotcom@box3-squeak:~$ pwd /home/ssdotcom ssdotcom@box3-squeak:~$ cd SqueakSource ssdotcom@box3-squeak:~/SqueakSource$
Save all the recently changed files. Find all regular files changed within the last 5 days, and save them in an archive file /tmp/ss.tgz:
ssdotcom@box3-squeak:~/SqueakSource$ tar czvf /tmp/ss.tgz `find . -type f -mtime -5`
Now go back to dan.box.squeak.org. Copy the /tmp/ss.tgz file into a convenient place. Working as user ID sourcesqueakorg, unpack the ss.tgz archive, adding new files and updating any that have changed. Among the files that will be updated are the ss/ss.log file and the squeaksource.4.image and squeaksource.4.changes files.
squeaksourcecom@dan:~/SqueakSource$ cd /tmp squeaksourcecom@dan:/tmp$ scp ssdotcom@squeaksource.com:/tmp/ss.tgz . The authenticity of host 'squeaksource.com (173.246.101.237)' can't be established. RSA key fingerprint is 6d:c3:8f:4c:53:53:ad:90:21:ba:27:e0:b5:c5:aa:31. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'squeaksource.com' (RSA) to the list of known hosts. ssdotcom@squeaksource.com's password: ss.tgz 100% 80MB 2.3MB/s 00:34 squeaksourcecom@dan:/tmp$ cd squeaksourcecom@dan:~$ pwd /srv/squeaksourcecom squeaksourcecom@dan:~$ cd SqueakSource squeaksourcecom@dan:~/SqueakSource$ id uid=100001(squeaksourcecom) gid=33(www-data) groups=33(www-data) squeaksourcecom@dan:~/SqueakSource$
Note: The squeaksource.4.image is the image copied directly from box3. I leave that alone, but copy it to a new working version called squeaksource.5.image. Therefore, we are about to replace the old squeaksource.4.image that I copied in a few days ago, and we will then copy the new one to squeaksource.5.image, which will become the newly updated image that will be run by supervise.
squeaksourcecom@dan:~/SqueakSource$ ls -l squeaksource.*.image -rw-r--r-- 1 squeaksourcecom www-data 166831012 Oct 7 01:17 squeaksource.4.image -rw-r--r-- 1 squeaksourcecom www-data 166830960 Oct 10 23:29 squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$
Now unpack the new files over the old:
squeaksourcecom@dan:~/SqueakSource$ pwd /srv/squeaksourcecom/SqueakSource squeaksourcecom@dan:~/SqueakSource$ tar xzvf /tmp/ss.tgz
And copy the updated image to squeaksource.5.image:
squeaksourcecom@dan:~/SqueakSource$ cp squeaksource.4.image squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$ cp squeaksource.4.changes squeaksource.5.changes squeaksourcecom@dan:~/SqueakSource$
Kill the running image and allow supervise to restart with the newly updated squeaksource.5.image
squeaksourcecom@dan:~/SqueakSource$ ps -aef | grep squeakvm squeaks+ 12179 9064 0 00:25 pts/0 00:00:00 grep squeakvm squeaks+ 21595 9625 8 Oct08 ? 05:52:14 /usr/local/lib/squeak/4.15.8-3749/squeakvm -vm-display-null /srv/squeaksourcecom/SqueakSource/squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$ kill -9 21595 squeaksourcecom@dan:~/SqueakSource$ date Tue Oct 11 00:27:55 UTC 2016 squeaksourcecom@dan:~/SqueakSource$
Wait a couple of minutes and make sure squeaksource.com is back on line :-)
Hi all
On 11.10.2016, at 02:50, David T. Lewis lewis@mail.msen.com wrote:
On Tue, Oct 11, 2016 at 01:30:39AM +0200, Tobias Pape wrote:
Hi David. On 07.10.2016, at 04:08, David T. Lewis lewis@mail.msen.com wrote:
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
Great.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS. (but not before 2016-10-11 9:00 CEST, I'm going to bed now)
I just finished another sync, updated as of Tue Oct 11 00:27:55 UTC 2016.
Thank you. The DNS of squeaksource.om www.squeaksource.com now points alan
For some days, as a backup old.squeaksource.com points to box3.squeak.org
Thanks for the move!
We should probably put out an official notice on the squeak/pharo lists, but to be honest I don't think anyone will even notice the change.
We _could_ do that, but I'd rather have a complete statement afterwards. The short TTL of the DNS somewhat ensures that, if we notice problems after dns switches, we can switch back immediately without much service interruption.
I will be away, returning in about 24 hours. If you are able to do the DNS switch during this time frame, I will check back afterwards and do any final refresh that may be needed if people have been updating squeaksource.com during that time.
As said, done :)
Note that there usually are not too many updates to squeaksource.com during any 24 hour period, and I can find and fix any missed updates after the switch.
Thanks.
Just in case there are problems, I am attaching my notes on how I did the refresh from box3 to dan.box today.
(we ought to find a place to put all that new found information)
best regards -Tobias
Thanks! Dave
--- Refresh dan.box from box3 ---
Check time stamp of last update on the dan.box copy. Look at last entry in ss/ss.log, and the file mod time of the squeaksource.4.image that was previously copied from box3.
davidlewis@dan:~$ sudo su - squeaksourcecom [sudo] password for davidlewis: squeaksourcecom@dan:~$ ls -l SqueakSource/squeaksource.4.* -rw-r--r-- 1 squeaksourcecom www-data 16105802 Oct 7 01:16 SqueakSource/squeaksource.4.changes -rw-r--r-- 1 squeaksourcecom www-data 166831012 Oct 7 01:17 SqueakSource/squeaksource.4.image squeaksourcecom@dan:~$ date Tue Oct 11 00:00:58 UTC 2016 squeaksourcecom@dan:~$
Thus - we want to update with anything that has changed in the last 5 days (to be safe and avoid figuring out exact time zones and so forth).
Next, go to box3 and get the latest.
ssdotcom@box3-squeak:~$ pwd /home/ssdotcom ssdotcom@box3-squeak:~$ cd SqueakSource ssdotcom@box3-squeak:~/SqueakSource$
Save all the recently changed files. Find all regular files changed within the last 5 days, and save them in an archive file /tmp/ss.tgz:
ssdotcom@box3-squeak:~/SqueakSource$ tar czvf /tmp/ss.tgz `find . -type f -mtime -5`
Now go back to dan.box.squeak.org. Copy the /tmp/ss.tgz file into a convenient place. Working as user ID sourcesqueakorg, unpack the ss.tgz archive, adding new files and updating any that have changed. Among the files that will be updated are the ss/ss.log file and the squeaksource.4.image and squeaksource.4.changes files.
squeaksourcecom@dan:~/SqueakSource$ cd /tmp squeaksourcecom@dan:/tmp$ scp ssdotcom@squeaksource.com:/tmp/ss.tgz . The authenticity of host 'squeaksource.com (173.246.101.237)' can't be established. RSA key fingerprint is 6d:c3:8f:4c:53:53:ad:90:21:ba:27:e0:b5:c5:aa:31. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'squeaksource.com' (RSA) to the list of known hosts. ssdotcom@squeaksource.com's password: ss.tgz 100% 80MB 2.3MB/s 00:34 squeaksourcecom@dan:/tmp$ cd squeaksourcecom@dan:~$ pwd /srv/squeaksourcecom squeaksourcecom@dan:~$ cd SqueakSource squeaksourcecom@dan:~/SqueakSource$ id uid=100001(squeaksourcecom) gid=33(www-data) groups=33(www-data) squeaksourcecom@dan:~/SqueakSource$
Note: The squeaksource.4.image is the image copied directly from box3. I leave that alone, but copy it to a new working version called squeaksource.5.image. Therefore, we are about to replace the old squeaksource.4.image that I copied in a few days ago, and we will then copy the new one to squeaksource.5.image, which will become the newly updated image that will be run by supervise.
squeaksourcecom@dan:~/SqueakSource$ ls -l squeaksource.*.image -rw-r--r-- 1 squeaksourcecom www-data 166831012 Oct 7 01:17 squeaksource.4.image -rw-r--r-- 1 squeaksourcecom www-data 166830960 Oct 10 23:29 squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$
Now unpack the new files over the old:
squeaksourcecom@dan:~/SqueakSource$ pwd /srv/squeaksourcecom/SqueakSource squeaksourcecom@dan:~/SqueakSource$ tar xzvf /tmp/ss.tgz
And copy the updated image to squeaksource.5.image:
squeaksourcecom@dan:~/SqueakSource$ cp squeaksource.4.image squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$ cp squeaksource.4.changes squeaksource.5.changes squeaksourcecom@dan:~/SqueakSource$
Kill the running image and allow supervise to restart with the newly updated squeaksource.5.image
squeaksourcecom@dan:~/SqueakSource$ ps -aef | grep squeakvm squeaks+ 12179 9064 0 00:25 pts/0 00:00:00 grep squeakvm squeaks+ 21595 9625 8 Oct08 ? 05:52:14 /usr/local/lib/squeak/4.15.8-3749/squeakvm -vm-display-null /srv/squeaksourcecom/SqueakSource/squeaksource.5.image squeaksourcecom@dan:~/SqueakSource$ kill -9 21595 squeaksourcecom@dan:~/SqueakSource$ date Tue Oct 11 00:27:55 UTC 2016 squeaksourcecom@dan:~/SqueakSource$
Wait a couple of minutes and make sure squeaksource.com is back on line :-)
On Tue, Oct 11, 2016 at 08:50:39AM +0200, Tobias Pape wrote:
Hi all
On 11.10.2016, at 02:50, David T. Lewis lewis@mail.msen.com wrote:
On Tue, Oct 11, 2016 at 01:30:39AM +0200, Tobias Pape wrote:
Hi David. On 07.10.2016, at 04:08, David T. Lewis lewis@mail.msen.com wrote:
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
Great.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS. (but not before 2016-10-11 9:00 CEST, I'm going to bed now)
I just finished another sync, updated as of Tue Oct 11 00:27:55 UTC 2016.
Thank you. The DNS of squeaksource.om www.squeaksource.com now points alan
For some days, as a backup old.squeaksource.com points to box3.squeak.org
To confirm: squeaksource.com running on Rackspace is fully up to date with all the commit updates from the old image, and no further re-sync is needed (*).
Dave
(*) But did someone update it for me? I looked at it quickly this morning and I thought that another refresh would be required. But now everything appears up to date, so maybe someone took care of it for me. Either way, the move is done and nobody seems to have noticed :-)
On 12.10.2016, at 00:33, David T. Lewis lewis@mail.msen.com wrote:
On Tue, Oct 11, 2016 at 08:50:39AM +0200, Tobias Pape wrote:
Hi all
On 11.10.2016, at 02:50, David T. Lewis lewis@mail.msen.com wrote:
On Tue, Oct 11, 2016 at 01:30:39AM +0200, Tobias Pape wrote:
Hi David. On 07.10.2016, at 04:08, David T. Lewis lewis@mail.msen.com wrote:
Levente, Tobias:
The squeaksource.com service seems to be working reliably on the new Rackspace server dan. It has run for a number of days now, and I have confirmed that when I kill the VM process, the service is reliably restarted by supervise.
Great.
When we do the final switchover to Rackspace, I would like to be responsible for synchronizing the data files and image to ensure that no updates are lost during the transition. Currently the image and files on Rackspace are updated as of today, but I will want to do an additional update right before the actual DNS record change, and I will also check afterwards to make sure nothing is lost during the time it may take for the DNS updates to propagate.
The TTL is short, propagation should take ~5min.
Please start the "final" sync, report back, and I'll change the DNS. (but not before 2016-10-11 9:00 CEST, I'm going to bed now)
I just finished another sync, updated as of Tue Oct 11 00:27:55 UTC 2016.
Thank you. The DNS of squeaksource.om www.squeaksource.com now points alan
For some days, as a backup old.squeaksource.com points to box3.squeak.org
To confirm: squeaksource.com running on Rackspace is fully up to date with all the commit updates from the old image, and no further re-sync is needed (*).
great!
Dave
(*) But did someone update it for me? I looked at it quickly this morning and I thought that another refresh would be required. But now everything appears up to date, so maybe someone took care of it for me. Either way, the move is done and nobody seems to have noticed :-)
Maybe I had done a dns switcheroo for testing for a few minutes, a race condition :)
Best regards -Tobias
Hi,
I would like to request access to the SqueakMap server which, according to the list below is running on "ted".
In the near-term, I am in process of helping Tim Johnson get his account fixed. Later, I plan work on upgrading the server.
Would someone please set me up with the same ssh keys as on andreas?
Thanks, Chris
---------- Forwarded message --------- From: David T. Lewis lewis@mail.msen.com Date: Sun, Oct 2, 2016 at 6:25 PM Subject: [Box-Admins] squeaksource.com move to Rackspace To: Squeak Hosting Support box-admins@lists.squeakfoundation.org
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
I installed a new interpreter VM on dan, with the deb in /root/localdebs and notes added to /root/admin-log.txt:
======================== 20161002 davidlewis
Install 64-bit interpreter VM for squeaksource.com. This is an up to date VM compiled on my personal Ubuntu laptop according to instructions at http://wiki.squeak.org/squeak/6354, with "make deb" to create the local debian package installed here.
The debian install package is /root/localdebs/squeakvm_4.15.8-3749-1_amd64.deb
The run script is /usr/local/bin/squeak, as distinct from Cog/Spur VMs that are expected to be installed as /usr/bin/squeak.
========================
This is the same as used on box3, except that it is a 64-bit VM to suit the new Rackspace server.
The squeaksource.com image serves on local port 8888 (not 8080). I would prefer to keep that convention so that the image can be copied directly from box3 without modification.
Is it possible to open some local ports on server dan during the transition period? It would be helpful if I could connect to 8888, 5900, and 5901 for the next couple of weeks or so.
Thanks, Dave
box-admins@lists.squeakfoundation.org
-
Bert Freudenberg -
Chris Muller -
Das.Linux@gmx.de -
David T. Lewis -
Fabio Niephaus -
Frank Shearar -
Levente Uzonyi -
Tobias Pape