[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Testbed-admins] Little hint for users of closed testbeds

To: testbed-admins@flux.utah.edu
From: Pat Gunn <pgunn@cs.cmu.edu>
Subject: [Testbed-admins] Little hint for users of closed testbeds
Date: Tue, 15 Dec 2009 17:53:26 -0500 (EST)

Hi all,
A quick hint for those of us who have private testbeds (where boss and ops
have internet access, but the nodes do not): If you ever need to update
your OSImages or grab a package or two, you might want to install 3proxy
on your ops node (it's in the ports tree). It's a zero-configuration proxy
for http, ftp, and SOCKS, and many linux distros can be configured to run
their package update software through one or more of those proxies.

I'm rolling a CentOS image that will become our new default image at
CMULab (and will later roll an Ubuntu image for a particular project) -
getting it up-to-date and tweaking the package set was as simple as:

ops:
	cd /usr/ports/net/3proxy
	make install ; make clean
	proxy -p9000 -i10.96.0.3
node:
	add "proxy=http://10.96.0.3:9000/"; to /etc/yum.conf
	yum update

Of course, if your package system can work entirely through SOCKS and
doesn't need a HTTP or FTP proxy, you can save some steps and just
use ssh's built in socks proxy as follows:

node:
	ssh -D 9000 -Nf ops
	(configure your package to use localhost:9000 as a socks proxy)

Note as well that if you set http_proxy as an environment variable,
recent versions of wget will pick that up and use it, meaning you can
do a clean install of emulab client software without manually fetching
the packages it normally wgets.

Slightly off-topic but generally useful - if you're often at coffeeshops
where you don't trust their internet, you might like to adapt the above
into a script, let's call it ~/bin/socksproxy_to :
----
#!/bin/sh

ssh -D 8080 -Nf $*
echo "Configure your browser to use a sock proxy on localhost port 8080"
-----

and then configure your browser to have that as an alternate with-proxy
configuration to shove all your web traffic through ssh. If you do this
and also use Firefox, you may want to set "network.proxy.socks_remote_dns"
under about:config to "true", which will cause all your browser's DNS
lookups to go through the tunnel as well (this is particularly good when
the coffeeshop either uses an icky DNS like OpenDNS or their DNS is
slow/unreliable).

(the numbers 8080 and 9000 I use are arbitrary and you can choose whatever
ports you like so long as you're consistent)

Hopefully this all is useful to some people.

--
Pat Gunn
Principal Research Programmer/Analyst, CMCL
School of Computer Science, Carnegie Mellon University

Prev by Date: Re: [Testbed-admins] [geni-dev] Virtual Nodes IPs
Next by Date: [Testbed-admins] Using HP ProLiant blades in Emulab
Previous by thread: Re: [Testbed-admins] [geni-dev] Virtual Nodes IPs
Next by thread: [Testbed-admins] Using HP ProLiant blades in Emulab
Index(es):
- Date
- Thread