I recently figured out the steps for accessing a launchpad via an ssh tunnel and thought I’d post here, since this question has come up a few times in the past
(see SSH Tunnel with Fireworks and Is it possible to have an ssh tunnel in my_launchpad.yaml file?)
I’ll use the example of accessing a Mongo database hosted by NERSC.
Step 1
In my_launchpad.yaml
, instead of your database server (in my example, mongodb07.nersc.gov), set the host to localhost
:
host: localhost # without the ssh tunnel, this would be mongodb07.nersc.gov
port: 27017
name: <your database name>
username: <your username>
password: <your password>
logdir: null
strm_lvl: INFO
Step 2
Use an ssh tunnel to forward requests from local port 27017 to port 27017 on the remote server:
ssh -f -o ExitOnForwardFailure=yes -L 27017:mongodb07.nersc.gov:27017 <your username>@cori.nersc.gov sleep 60
See this article for a full explanation of the command options I used here. Briefly:
-
-f
forks the ssh process into the background so you can use your terminal to interact with your launchpad -
-o ExitOnForwardFailure
ensures that the command will fail if there’s a problem forwarding the port -
-L 27017:mongodb07.nersc.gov:27017
maps the local port 27017 specified inmy_launchpad.yaml
to the remote port 27017 on the database server -
<your username>@cori.nersc.gov
is your authentication server. This is whatever you would normally put in thessh
command to connect, e.g.ssh <your username>@cori.nersc.gov
-
sleep 60
is a command to execute before closing the background ssh session. In this case, the tunnel is kept open for 60 seconds, or until all processes disconnect from the forwarded port. You can instead add-N
to keep the tunnel open permanently (see linked article).
The first time you execute this command you will have to authenticate with your ssh
server. After that, you’ll be returned to the terminal
Step 3
You can now issue lpad
commands that should communicate with your database on the secure server. Note that because of the sleep 60
command, you will only have 60 seconds to work before the connection is closed. Obviously this command can be modified as needed or omitted if you want a permanently open connection.
I hope this helps anyone that’s trying to accomplish this. Please reply if I’ve missed anything.
A related question for @Anubhav_Jain - is there a setting somewhere that determines how frequentlyrlaunch
pings the database? Perhaps that could be used to keep a tunnel open and then allow it to close when all the launches are finished?