I recently figured out the steps for accessing a launchpad via an ssh tunnel and thought I’d post here, since this question has come up a few times in the past
I’ll use the example of accessing a Mongo database hosted by NERSC.
my_launchpad.yaml, instead of your database server (in my example, mongodb07.nersc.gov), set the host to
host: localhost # without the ssh tunnel, this would be mongodb07.nersc.gov port: 27017 name: <your database name> username: <your username> password: <your password> logdir: null strm_lvl: INFO
Use an ssh tunnel to forward requests from local port 27017 to port 27017 on the remote server:
ssh -f -o ExitOnForwardFailure=yes -L 27017:mongodb07.nersc.gov:27017 <your username>@cori.nersc.gov sleep 60
See this article for a full explanation of the command options I used here. Briefly:
-fforks the ssh process into the background so you can use your terminal to interact with your launchpad
-o ExitOnForwardFailureensures that the command will fail if there’s a problem forwarding the port
-L 27017:mongodb07.nersc.gov:27017maps the local port 27017 specified in
my_launchpad.yamlto the remote port 27017 on the database server
<your username>@cori.nersc.govis your authentication server. This is whatever you would normally put in the
sshcommand to connect, e.g.
ssh <your username>@cori.nersc.gov
sleep 60is a command to execute before closing the background ssh session. In this case, the tunnel is kept open for 60 seconds, or until all processes disconnect from the forwarded port. You can instead add
-Nto keep the tunnel open permanently (see linked article).
The first time you execute this command you will have to authenticate with your
ssh server. After that, you’ll be returned to the terminal
You can now issue
lpad commands that should communicate with your database on the secure server. Note that because of the
sleep 60 command, you will only have 60 seconds to work before the connection is closed. Obviously this command can be modified as needed or omitted if you want a permanently open connection.
I hope this helps anyone that’s trying to accomplish this. Please reply if I’ve missed anything.
A related question for @Anubhav_Jain - is there a setting somewhere that determines how frequently
rlaunch pings the database? Perhaps that could be used to keep a tunnel open and then allow it to close when all the launches are finished?