How to access Fireworks launchpad via ssh tunnel

FireWorks
1

I recently figured out the steps for accessing a launchpad via an ssh tunnel and thought I’d post here, since this question has come up a few times in the past

(see SSH Tunnel with Fireworks and Is it possible to have an ssh tunnel in my_launchpad.yaml file?)

I’ll use the example of accessing a Mongo database hosted by NERSC.

Step 1
In my_launchpad.yaml, instead of your database server (in my example, mongodb07.nersc.gov), set the host to localhost:

host: localhost  # without the ssh tunnel, this would be mongodb07.nersc.gov
port: 27017
name: <your database name>
username: <your username>
password: <your password>
logdir: null
strm_lvl: INFO

Step 2

Use an ssh tunnel to forward requests from local port 27017 to port 27017 on the remote server:

 ssh -f -o ExitOnForwardFailure=yes -L 27017:mongodb07.nersc.gov:27017 <your username>@cori.nersc.gov sleep 60

See this article for a full explanation of the command options I used here. Briefly:

  • -f forks the ssh process into the background so you can use your terminal to interact with your launchpad
  • -o ExitOnForwardFailure ensures that the command will fail if there’s a problem forwarding the port
  • -L 27017:mongodb07.nersc.gov:27017 maps the local port 27017 specified in my_launchpad.yaml to the remote port 27017 on the database server
  • <your username>@cori.nersc.gov is your authentication server. This is whatever you would normally put in the ssh command to connect, e.g. ssh <your username>@cori.nersc.gov
  • sleep 60 is a command to execute before closing the background ssh session. In this case, the tunnel is kept open for 60 seconds, or until all processes disconnect from the forwarded port. You can instead add -N to keep the tunnel open permanently (see linked article).

The first time you execute this command you will have to authenticate with your ssh server. After that, you’ll be returned to the terminal

Step 3

You can now issue lpad commands that should communicate with your database on the secure server. Note that because of the sleep 60 command, you will only have 60 seconds to work before the connection is closed. Obviously this command can be modified as needed or omitted if you want a permanently open connection.

I hope this helps anyone that’s trying to accomplish this. Please reply if I’ve missed anything.

A related question for @Anubhav_Jain - is there a setting somewhere that determines how frequentlyrlaunch pings the database? Perhaps that could be used to keep a tunnel open and then allow it to close when all the launches are finished?

3 Likes