-
Notifications
You must be signed in to change notification settings - Fork 41
Adding docs on SSH tunnel to a service #276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 9 commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
43ba03f
Adding docs on SSH tunnel to a service
fcruzcscs c9f56ac
Update docs/access/ssh.md
fcruzcscs b1df11d
Update docs/access/ssh.md
fcruzcscs cc5770e
Update docs/access/ssh.md
fcruzcscs 8760f84
Update docs/access/ssh.md
fcruzcscs 62f24cc
Update docs/access/ssh.md
fcruzcscs 52d2944
Update docs/access/ssh.md
fcruzcscs 792c824
Update docs/access/ssh.md
fcruzcscs a2ffa17
Update ssh.md
fcruzcscs d7bee84
Update docs/access/ssh.md
fcruzcscs 061c160
Update docs/access/ssh.md
fcruzcscs 7d11b06
Update docs/access/ssh.md
fcruzcscs 1014229
Update docs/access/ssh.md
fcruzcscs e605fd1
Merge branch 'main' into patch-1
bcumming 540bd8f
Apply suggestion from @msimberg
msimberg File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -174,6 +174,56 @@ ssh -A [email protected] | |
| ssh daint.cscs.ch | ||
| ``` | ||
|
|
||
| ## SSH tunnel to a service on Alps compute nodes via ela | ||
|
|
||
| If you have a server listening on a compute node in an Alps cluster and want to reach it from your local computer, you can do the following: allocate a node, start your server bound to `localhost`, open an SSH tunnel that jumps through `ela` to the cluster, then use `http://localhost:PORT` locally. | ||
| Details on how to achieve this are below. | ||
|
|
||
| Before starting, make sure you: | ||
| - [Have SSH keys loaded in your agent][ref-ssh-agent]. | ||
| - Have your CSCS username handy (replace `MYUSER` below). | ||
| - Have your server running on a compute node on Alps. | ||
| See the [Slurm documentation][ref-slurm] for help on how to allocate a node and start your server on a compute node. | ||
| - Know the compute node ID (e.g., `nid006554`) and the port of your running server. | ||
|
|
||
| !!! warning "Fast fixes when starting a server or before tunneling" | ||
| - Port already in use locally: pick another PORT (e.g., 6007) in both your server and the tunnel command below. | ||
| - Auth prompts loop: verify your SSH MFA to CSCS and that your SSH agent is correctly set up and loaded with your keys. | ||
fcruzcscs marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| !!! tip "Binding to `127.0.0.1` ensures the service is only reachable via your tunnel" | ||
|
|
||
| To open the tunnel from your local computer: | ||
|
|
||
| ```bash | ||
| MYUSER=cscsusername # your username at CSCS | ||
| NODE=nid006554 # obtained from salloc or srun | ||
| PORT=6006 # example port | ||
| CLUSTER=daint # cluster you want to reach | ||
|
|
||
| ssh -N -J ${MYUSER}@ela.cscs.ch,${MYUSER}@${CLUSTER}.alps.cscs.ch -L ${PORT}:localhost:${PORT} ${MYUSER}@${NODE} | ||
| ``` | ||
|
|
||
| The command blocks while the tunnel is open (that is expected). | ||
|
|
||
| !!! info The first run may ask to trust the node's host key---type `yes`. | ||
msimberg marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| With the service running and the tunnel open, you can now reach your service locally: | ||
|
|
||
| - Browser: `http://localhost:PORT` | ||
| - Terminal: `curl localhost:PORT` | ||
|
|
||
| !!! warning "Fast fix if the service doesn’t respond locally" | ||
| - Service not responding: ensure the server binds to 127.0.0.1 and is running on the compute node; confirm NODE matches your current Slurm allocation. | ||
fcruzcscs marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| To clean up afterwards: | ||
fcruzcscs marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| - Stop the server (Ctrl-C on the compute node shell). | ||
| - End the Slurm allocation: | ||
| ```bash | ||
| scancel $SLURM_JOB_ID | ||
| ``` | ||
| - Close the tunnel (Ctrl-C in the tunnel terminal). | ||
|
|
||
|
|
||
| [](){#ref-ssh-faq} | ||
| ## Frequently encountered issues | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.