18816a2e3bcfe11d9771ab709625afb66735f71a
wiki/info/landscape/olympic-setup.md
| ... | ... | @@ -60,12 +60,60 @@ The tunnel configurations are established and configured using a set of scripts, |
| 60 | 60 | |
| 61 | 61 | On sap-p1-1 two SSH connections are maintained, with the following default port forwards, assuming sap-p1-1 is the local master: |
| 62 | 62 | |
| 63 | -* tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com:15672; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10201<--10201; 18122<--22; 443:security-service.sapsailing.com:443; 8888<--8888 |
|
| 63 | +* tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com:15672; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10201<--10201; 18122<--22; 443:security-service.sapsailing.com:443; 8888<--8888; 9443<--9443 |
|
| 64 | 64 | * sap-p1-2: 10202-->10202; 5674-->5672; 15674-->15672; 10201<--10201; 5674<--5672; 15674<--15672 |
| 65 | 65 | |
| 66 | 66 | On sap-p1-2, the following SSH connections are maintained, assuming sap-p1-2 is the local replica: |
| 67 | 67 | |
| 68 | -- tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10202<--10202; 15674<--15672 |
|
| 68 | +- tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10202<--10202; 15674<--15672; 9444<--9443 |
|
| 69 | + |
|
| 70 | +A useful set of entries in your personal ``~/.ssh/config`` file for "off-site" use may look like this: |
|
| 71 | + |
|
| 72 | +``` |
|
| 73 | +Host tokyo |
|
| 74 | + Hostname tokyo-ssh.sapsailing.com |
|
| 75 | + User ec2-user |
|
| 76 | + ForwardAgent yes |
|
| 77 | + ForwardX11Trusted yes |
|
| 78 | + LocalForward 18122 localhost:18122 |
|
| 79 | + LocalForward 18222 localhost:18222 |
|
| 80 | + LocalForward 9443 localhost:9443 |
|
| 81 | + LocalForward 9444 localhost:9444 |
|
| 82 | + |
|
| 83 | +Host sap-p1-1 |
|
| 84 | + Hostname localhost |
|
| 85 | + Port 18122 |
|
| 86 | + User sailing |
|
| 87 | + ForwardAgent yes |
|
| 88 | + ForwardX11Trusted yes |
|
| 89 | + |
|
| 90 | +Host sap-p1-2 |
|
| 91 | + Hostname localhost |
|
| 92 | + Port 18222 |
|
| 93 | + User sailing |
|
| 94 | + ForwardAgent yes |
|
| 95 | + ForwardX11Trusted yes |
|
| 96 | +``` |
|
| 97 | + |
|
| 98 | +It will allow you to log on to the "jump host" ``tokyo-ssh.sapsailing.com`` with the simple command ``ssh tokyo`` and will establish the port forwards that will then allow you to connect to the two laptops using ``ssh sap-p1-1`` and ``ssh sap-p1-2``, respectively. Of course, when on site and with the two laptops in direct reach you may adjust the host entries for ``sap-p1-1`` and ``sap-p1-2`` accordingly, and you may then wish to establish only an SSH connection to ``sap-p1-1`` which then does the port forwards for HTTPS ports 9443/9444. This could look like this: |
|
| 99 | + |
|
| 100 | +``` |
|
| 101 | +Host sap-p1-1 |
|
| 102 | + Hostname 10.1.3.195 |
|
| 103 | + Port 22 |
|
| 104 | + User sailing |
|
| 105 | + ForwardAgent yes |
|
| 106 | + ForwardX11Trusted yes |
|
| 107 | + LocalForward 9443 localhost:9443 |
|
| 108 | + LocalForward 9444 10.1.3.197:9443 |
|
| 109 | + |
|
| 110 | +Host sap-p1-2 |
|
| 111 | + Hostname 10.1.3.197 |
|
| 112 | + Port 22 |
|
| 113 | + User sailing |
|
| 114 | + ForwardAgent yes |
|
| 115 | + ForwardX11Trusted yes |
|
| 116 | +``` |
|
| 69 | 117 | |
| 70 | 118 | #### Operations with sap-p1-1 failing: master on sap-p1-2, with Internet / Cloud connection |
| 71 | 119 |