Rails - Sep 2005 - using ssh port-forwarding in switchtower

I''m using Switchtower to deploy my Rails app to webservers in my
datacenter.  The machine that executes Switchtower is also running our
SVN server.  Unfortunately, it is behind a VPN, so the webservers
cannot access SVN directly.  If I run SSH manually from the SVN server
to each web server, I can establish port-fowards allowing the
webservers to connect to SVN.  After this is done, I can successfully
run switchtower to deploy my application.  Ideally, I''d like to modify
Switchtower''s remote_exec call so that it sets up the port forwards
itself.  Browsing the Net:SSH documentation, it seems like this is
possible, but I''m not clear on how to set this up in Switchtower.  Is
this already supported?  If not, I can look into writing a patch.

Note: the Switchtower docs mention gateway support, but it doesn''t
seem to apply to this configuration.

Thanks,

Tyler

On Sep 26, 2005, at 12:35 AM, Tyler Kovacs wrote:
> I''m using Switchtower to deploy my Rails app to webservers in my
> datacenter.  The machine that executes Switchtower is also running our
> SVN server.  Unfortunately, it is behind a VPN, so the webservers
> cannot access SVN directly.  If I run SSH manually from the SVN server
> to each web server, I can establish port-fowards allowing the
> webservers to connect to SVN.  After this is done, I can successfully
> run switchtower to deploy my application.  Ideally, I''d like to
modify
> Switchtower''s remote_exec call so that it sets up the port
forwards
> itself.  Browsing the Net:SSH documentation, it seems like this is
> possible, but I''m not clear on how to set this up in Switchtower. 
Is
> this already supported?  If not, I can look into writing a patch.
>
> Note: the Switchtower docs mention gateway support, but it doesn''t
> seem to apply to this configuration.
SwitchTower makes the assumption that your SVN repository is directly  
accessible by your target machines. If this is not the case, there is  
no easy way (currently) to do what you are wanting (as you discovered).

The gateway setting is for when your target machines are not  
accessible by your local machine. It allows you to specify a machine  
that sits on the boundary of your VPN, through which you can tunnel  
SSH connections to your target machines. (If you can easily connect  
your local machine to your VPN, then there probably isn''t much value  
for you in the gateway setting.) There isn''t currently support for a  
kind of "reverse gateway", though, allowing you to tunnel  
specifically from the remote machines to an external host.

Feel free to put together a patch that supports this, though. It  
would certainly be useful.

- Jamis

I use this reverse gateway setup by executing ssh directly inside a thread.
All my attempts to get net-ssh forwarding working failed when running
inside a thread, for some reason. It''s a few lines in the
recipe''s
"update_code" task
either way, though:

Thread.new do
`ssh -n -q -C -T -R3690:localhost:3690
user-1TPiO38ME6t8Ww12eurC+Q@public.gmane.org`
end
sleep(5) # this gives ssh some time to open the ports
source.checkout(self)

Trying this inside the thread didn''t work for me:

Net::SSH.start( ''production.host'', {:username =>
''user'', :verbose =>
''debug''} ) do |session|
session.forward.remote_to( 3690, ''localhost'', 3690,
''0.0.0.0<http://0.0.0.0>''
)
session.loop
end

Joshua


On 9/26/05, Jamis Buck <jamis-uHoyYlH2B+GakBO8gow8eQ@public.gmane.org>
wrote:
>
> On Sep 26, 2005, at 12:35 AM, Tyler Kovacs wrote:
>
> > I''m using Switchtower to deploy my Rails app to webservers in
my
> > datacenter. The machine that executes Switchtower is also running our
> > SVN server. Unfortunately, it is behind a VPN, so the webservers
> > cannot access SVN directly. If I run SSH manually from the SVN server
> > to each web server, I can establish port-fowards allowing the
> > webservers to connect to SVN. After this is done, I can successfully
> > run switchtower to deploy my application. Ideally, I''d like
to modify
> > Switchtower''s remote_exec call so that it sets up the port
forwards
> > itself. Browsing the Net:SSH documentation, it seems like this is
> > possible, but I''m not clear on how to set this up in
Switchtower. Is
> > this already supported? If not, I can look into writing a patch.
> >
> > Note: the Switchtower docs mention gateway support, but it
doesn''t
> > seem to apply to this configuration.
>
> SwitchTower makes the assumption that your SVN repository is directly
> accessible by your target machines. If this is not the case, there is
> no easy way (currently) to do what you are wanting (as you discovered).
>
> The gateway setting is for when your target machines are not
> accessible by your local machine. It allows you to specify a machine
> that sits on the boundary of your VPN, through which you can tunnel
> SSH connections to your target machines. (If you can easily connect
> your local machine to your VPN, then there probably isn''t much
value
> for you in the gateway setting.) There isn''t currently support for
a
> kind of "reverse gateway", though, allowing you to tunnel
> specifically from the remote machines to an external host.
>
> Feel free to put together a patch that supports this, though. It
> would certainly be useful.
>
> - Jamis
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails