Tag: jboss

Port-Forwarding on OpenShift

Hi,

In this article we will discuss about port forwarding and how to do it on OpenShift. Port forwarding allows remote computers to connect to a specific computer or service within a private local-area network.

In a typical residential network, nodes obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device’s external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.

When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. For eg:

– Running a public HTTP server within a private LAN
– Accessing apllication server consoles
– Permitting Secure Shell access to a host on the private LAN from the Internet
– For monitoring applications or services using sniffing tools such as wily, Nagios
– Permitting FTP access to a host on a private LAN from the Internet

Usually only one of the private hosts can use a specific forwarded port at one time, but configuration is sometimes possible to differentiate access by the originating host’s source address.

Unix-like operating systems sometimes use port forwarding where port numbers smaller than 1024 can only be created by software running as the root user. Running with superuser privileges (in order to bind the port) may be a security risk to the host, therefore port forwarding is used to redirect a low-numbered port to another high-numbered port, so that application software may execute as a common operating system user with reduced privileges.

We can achieve port-forwarding in OpenShift as well. We can port forward JBoss AS admin console, mysql, JBoss remoting and AJP ports to our local machinne and can use them for monitoring and management purpose. All we need to do is to create an application and then forward the ports to local box. Below are the steps:

Step-1 : Create an OpenShift application using :

rhc app create -a $application-name -t jbossas-7 -l $userid

for eg:

..
[userone@userone OpenShift]# rhc app create -a testapp -t jbossas-7 -l openshift-id@blah.com
Password: 
Creating application: testapp in mydomain

MESSAGES:
OpenShift is currently being upgraded, some services may be unavailable.

Now your new domain name is being propagated worldwide (this might take a minute)...
Warning: Permanently added the RSA host key for IP address '207.246.174.134' to the list of known hosts.
Enter passphrase for key '/userone/.ssh/libra_id_rsa': 
Confirming application 'testapp' is available:  Success!

testapp published:  http://testapp-mydomain.rhcloud.com/
git url:  ssh://pqrs7b6d3cf24ce12345a1ec3c1b7d98@testapp-mydomain.rhcloud.com/~/git/testapp.git/
Successfully created application: testapp
..

Step-2 : Forward the ports :

rhc-port-forward -a $application-name -l $userid

for eg:

..
[userone@userone OpenShift]$ rhc-port-forward -a testapp -l openshift-id@blah.com
Password: ********

Checking available ports...

Binding httpd -> 127.3.77.9:8080...
Binding java -> 127.3.77.8:3528...
Binding java -> 127.3.77.8:4447...
Binding java -> 127.3.77.8:5445...
Binding java -> 127.3.77.8:5455...
Binding java -> 127.3.77.8:8080...
Binding java -> 127.3.77.8:9990...
Binding java -> 127.3.77.8:9999...
Binding mysqld -> 127.3.77.8:3306...
Use ctl + c to stop
..

Step-3 : Now you can tru to use services available through forwarded ports.

for eg: Accessing JBoss AS 7 admin console :

type below in address bar of your browser :

127.3.77.9:9990

Note : If you want to forward only a particular port not all of them, due to some security or management reasons. for eg. only port 9990, try below command :

ssh -N -L 127.3.77.9:9990:127.3.77.9:9990 $ssh-key@$app-name-$namespace.rhcloud.com

Cheers,
Middleware Magic Team 🙂


How to manage SSH keys on OpenShift

Hi,

Nikhil Mone

Nikhil Mone

In this article we will discuss about how to authenticate with the server, generate new SSH keys, and manage multiple SSH keys for OpenShift user accounts.OpenShift uses the Secure Shell (SSH) network protocol to authenticate your account credentials to the OpenShift servers for secure communication. Successful authentication is necessary to manage your cloud environment, and OpenShift supports both RSA and DSA keys.

Here we will discuss about a newly created user “testuser” and a machine that has never communicated to OpenShift server, and the requirement is to manage the Cloud apps from this new machine.

How to create a new key and authenticate with OpenShift server :

Step-1 : Manually generate a new pair of keys:

$ ssh-keygen -t <key type>

where <key type> is the type of key you want to generate, either dsa or rsa.

For example :

..
[testuser@testuser ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
9e:96:1c:b2:a6:6a:c2:92:d5:c6:67:c3:87:70:b1:21 testuser@testuser.csb
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|    E o          |
|     . +         |
|    . o          |
|   o +..S        |
|  . + *=.+       |
|.o . ooo*        |
|+..  o .         |
|.o...            |
+-----------------+

In above the command asks to “Enter file in which to save the key (/home/testuser/.ssh/id_rsa):” just hit enter to keep it blank.
================

Step-2 : Add the new public key to the user account:

$ rhc sshkey add -i <key name> -k <key path>

where <key path> is the path and filename of the public key that you want to add, and <key name> is a name that you specify to identify this key.

for eg:

..
[testuser@testuser ~]$ rhc sshkey add -i mytest -k /home/testuser/.ssh/id_rsa.pub -l openshiftuserid@blah.com
Password: ********

MESSAGES:
OpenShift is currently being upgraded. See https://openshift.redhat.com/app/status for more information.
..

Step-3 : Add the new public key to the SSH agent:

$ ssh-add <KeyPath>

for eg:

..
[testuser@testuser ~]$ ssh-add /home/testuser/.ssh/id_rsa
Enter passphrase for /home/testuser/.ssh/id_rsa:
Identity added: /home/testuser/.ssh/id_rsa (/home/testuser/.ssh/id_rsa)
..

Step -4 : Authenticate your keys with the OpenShift server:

$ rhc domain status -l openshiftuserid@blah.com

for eg :

..
[testuser@testuser ~]$ rhc domain status -l openshiftuserid@blah.com
Password: ********

Analyzing system
..Enter PEM pass phrase:
.....
=========================================================
||  Congratulations, your system has passed all tests  ||
=========================================================
..

Step-5 : Now lets list all the ssh keys associated to our domain :

$ rhc sshkey list -l openshiftuserid@blah.com

for eg :

..
$ rhc sshkey list -l openshiftuserid@blah.com

[testuser@testuser ~]$ rhc sshkey list -l openshiftuserid@blah.com
Password: ********

SSH keys
========
       Name: default
       Type: ssh-rsa
Fingerprint: 9e:96:1c:b2:a6:6a:c2:92:d5:c6:67:c3:87:70:b1:21

       Name: 18junetest
       Type: ssh-rsa
Fingerprint: e3:8a:6b:24:2f:b2:e6:ce:bc:3c:fa:34:fa:4a:0b:05

       Name: mytest
       Type: ssh-rsa
Fingerprint: ca:0f:e1:3f:ec:13:2a:9e:ce:de:55:40:7b:01:de:d3

       Name: testdomain
       Type: ssh-rsa
Fingerprint: b6:e3:c8:f3:37:f6:53:3c:cb:9b:b7:c8:a6:d5:fa:28
..

Step-6 : We can confirm that our keys are working by running simple rhc command.

$ rhc domain show -l openshiftuserid@blah.com

for eg:

..
[testuser@testuser ~]$ rhc domain show -l openshiftuserid@blah.com
Password: ********

MESSAGES:
OpenShift is currently being upgraded. See https://openshift.redhat.com/app/status for more information.

User Info
=========
Namespace: testdomain
  RHLogin: openshiftuserid@blah.com

Application Info
================
log4jtest
    Framework: jbossas-7
     Creation: 2012-06-17T12:02:56-04:00
         UUID: 722be2a5e3574f5b90da0754977bc176
      Git URL: ssh://722be2a5e3574f5b90da0754977bc176@log4jtest-testdomain.rhcloud.com/~/git/log4jtest.git/
   Public URL: http://log4jtest-testdomain.rhcloud.com/

 Embedded:
      None
..

Above shows it is working fine, so now you can manage your cloud apps from any machine, provided that you have the client tool installed.

Thanks,

MiddlewareMagic team 🙂


How to connect to Openshift Server from command line ??


Nikhil Mone

Nikhil Mone

It is easier to deploy the applications on Openshift, but at times we need to see/alter the configuration/setup for our application/server. Command line is one of the fastest and orthodox way for all the application admins. So lets try to navigate through Openshift Server. This article assumes that you host an application on Openshift and have gone through previous articles.

You can directly SSH to your application as below

Step-1 : Login to “openshift.redhat.com” and go to “My Applications” tab.

Step-2 : Click on the application, of which you want to see configuration/check logs etc. Look for the GIT Repository.

Step-3 : Copy from the ‘ssh-key’ to ‘rhcloud.com’

<ssh-key>@<application name>-<namespace/domain name>.rhcloud.com

for example :

HGFWDHGW878c2c535skejw34w3r@myTestApp-mydomain.rhcloud.com

Step-4 : Open a terminal(for linux) Cygwin terminal for (windows) and type below command :

ssh   <ssh-key>@<application name>-<namespace/domain name>.rhcloud.com

for example :

ssh HGFWDHGW878c2c535skejw34w3r@myTestApp-mydomain.rhcloud.com

This will prompt you for passphrase, enter it and get through.

[root@nikhil ~]# ssh HGFWDHGW878c2c535skejw34w3rg@myTestApp-mydomain.rhcloud.com
Enter passphrase for key '/root/.ssh/libra_id_rsa':

Welcome to OpenShift shell

This shell will assist you in managing OpenShift applications.

!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Shell access is quite powerful and it is possible for you to
accidentally damage your application.  Proceed with care!
If worse comes to worst, destroy your application with 'rhc app destroy'
and recreate it
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

Type "help" for more info.

[myTestApp-mydomain.rhcloud.com ~]> pwd
/var/lib/stickshift/HGFWDHGW878c2c535skejw34w3rg
[myTestApp-mydomain.rhcloud.com ~]> ls -ltra
ls: cannot access .ssh: Permission denied
total 40
d??????????  ? ?                                ?                                   ?            ? .ssh
drwxr-xr-x.  2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 .java
drwxr-xr-x.  3 root                             root                             4096 May 17 06:27 git
-rw-r--r--.  1 root                             root                               56 May 17 06:27 .gitconfig
drwxr-xr-x.  8 root                             root                             4096 May 17 06:27 myTestApp
drwxr-xr-x.  3 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 .m2
d---------.  3 root                             root                             4096 May 17 06:27 .tmp
drwxr-x---. 10 root                             HGFWDHGW878c2c535skejw34w3rg 4096 May 17 09:45 .
drwxr-xr-x.  8 root                             root                             4096 May 17 09:45 mysql-5.1
drwxr-x---.  3 root                             HGFWDHGW878c2c535skejw34w3rg 4096 May 17 09:45 .env
drwxr-x--x. 93 root                             root                             4096 May 21 00:48 ..

Checking the configuration :

[myTestApp-mydomain.rhcloud.com myTestApp]> ls -ltra
total 36
drwxr-xr-x.  2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 tmp
drwxr-xr-x.  2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 data
drwxr-xr-x.  2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 ci
lrwxrwxrwx.  1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg   12 May 17 06:27 repo -> runtime/repo
drwxr-xr-x.  4 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 jbossas-7
lrwxrwxrwx.  1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg   24 May 17 06:27 logs -> jbossas-7/standalone/log
drwxr-xr-x.  8 root                             root                             4096 May 17 06:27 .
-rwxr-xr-x.  1 root                             root                              180 May 17 06:27 myTestApp_ctl.sh
drwxr-xr-x.  3 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 runtime
drwxr-xr-x.  2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 4096 May 17 06:27 run
drwxr-x---. 10 root                             HGFWDHGW878c2c535skejw34w3rg 4096 May 17 09:45 ..

[myTestApp-mydomain.rhcloud.com configuration]> pwd
/var/lib/stickshift/HGFWDHGW878c2c535skejw34w3rg/myTestApp/jbossas-7/standalone/configuration

[myTestApp-mydomain.rhcloud.com configuration]> ls -ltra
total 60
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg   837 May 17 06:27 mgmt-users.properties
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg   813 May 17 06:27 application-users.properties
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg   787 May 17 06:27 application-roles.properties
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg  2042 May 17 06:27 logging.properties
drwxr-xr-x. 6 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg  4096 May 17 06:27 ..
lrwxrwxrwx. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg    95 May 17 10:11 modules -> /var/lib/stickshift/HGFWDHGW878c2c535skejw34w3rg/myTestApp/repo/.openshift/config/modules
drwxr-xr-x. 7 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg  4096 May 17 10:12 standalone_xml_history
drwxr-xr-x. 3 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg  4096 May 17 10:12 .
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 25605 May 17 10:12 standalone.xml



[myTestApp-mydomain.rhcloud.com myTestApp]> cd jbossas-7/
bin/               jboss-modules.jar  modules/           standalone/

As we can see from the above OpenShift only supports standalone profile (though JBoss AS7 has both standalone and domain profiles)

To tail the logs you can navigate to logs dir :

[myTestApp-mydomain.rhcloud.com log]> pwd
/var/lib/stickshift/HGFWDHGW878c2c535skejw34w3rg/myTestApp/jbossas-7/standalone/log
[myTestApp-mydomain.rhcloud.com log]> ls -ltra
total 6892
drwxr-xr-x. 6 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg    4096 May 17 06:27 ..
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg    8209 May 17 10:11 boot.log
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 1394863 May 17 23:57 server.log.2012-05-17
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 1817851 May 18 23:59 server.log.2012-05-18
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 1839824 May 19 23:58 server.log.2012-05-19
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg 1810795 May 20 23:59 server.log.2012-05-20
drwxr-xr-x. 2 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg    4096 May 21 00:01 .
-rw-r--r--. 1 HGFWDHGW878c2c535skejw34w3rg HGFWDHGW878c2c535skejw34w3rg  141596 May 21 01:51 server.log

Cheers !! 🙂
Middleware Magic Team


Copyright © 2010-2012 Middleware Magic. All rights reserved. |