Archive

Hosting a web development environment on the cloud

Share this post:

By Andrew Low

The Eclipse Orion project has the tag line: “Tools for the web, on the web.” The project is still in its early days yet shows great promise — being able to do code development directly from any browser is liberating in the same way that moving to a web-based email system is. This post describes how to set up Orion on the IBM SmartCloud Enterprise.

Orion is available as a hosted solution, but can also be installed locally. In our case, local is the cloud, but we‘ll use firewall rules to make it available only to specific machines.

First, we need a Linux instance running on the cloud — you could use a scripted approach to doing this as described in my last article (“Revisiting use of the Java API for IBM SmartCloud Enterprise“), or simply make use of the web UI. For this example I used the “Red Hat Enterprise Linux 6.2 (32-bit)(RTP)” image from the IBM SmartCloud catalog. When configuring the instance for provisioning, you’ll want to make certain you capture the private key data when you create the key. The web UI prompts you to save the data, or if you’re doing this through a scripted solution, you need to capture the return value from generateKeyPair(). Here is a code snippet that shows how to make use of the Java REST API Client (see also RESTful API) to capture the private key data:

String keyName = "A Key";
// Check the key doesn't exist
try {
	client.describeKey( keyName );
} catch (UnknownKeyException e) {
	// Create the key - this will return the private key
	Key privateKey = client.generateKeyPair( keyName );
	
	// Fetch the key - this will return the public key
	Key publicKey = client.describeKey( keyName );
	
	// Print out the key values
	System.out.println( "Public Key: " + publicKey.getMaterial() );
	System.out.println( "Private Key: " + privateKey.getMaterial() );
}

There is no second chance to grab the private key data. The public key isn’t needed for this example, and can be retrieved at any time. See the complete working example of the java code.

After the instance becomes active, we need to connect through
SSH. There is a helpful video covering this process, but I’ll repeat it here for clarity. We need to know two things:

  • The public IP of our instance
  • The private key value associated with this instance

Because I use PuTTY on my development machine, it is necessary to convert the private key format using PuTTYgen. This is a simple process of loading the private we downloaded (PuTTYgen will automatically convert the foreign key) and saving the modified private key. I saved the modified key as Orion.ppk, allowing me to launch PuTTY with the following command line:

putty -i Orion.ppk idcuser@170.224.162.36 

You will need to modify the IP address to match your public IP; idcuser is the default user name created automatically for you by the IBM SmartCloud Enterprise.

Now that you have a Linux instance running in the cloud with SSH access you can start the process of installing Orion. I found it easiest to navigate the download pages in my web browser, and then use PSCP (the PuTTY Secure Copy client) to copy it up to the Linux instance. After you have a copy of Orion, extract the .zip file and launch.

$ unzip eclipse-orion-I20120620-2230-linux.gtk.x86.zip
$ ./eclipse/orion

After launching, you should see the OSGi console start up; it is normal to see several informational and warning messages, as you see in the following several example lines of the output:

14:56:55,597 |-INFO in ch.qos.logback.classic.LoggerContext[default] - 
Found resource [logback.xml] at [bundleresource://2.fwk32956236:1/logback.xml]
14:56:55,609 |-INFO in 
14:56:55,730 |-WARN in ch.qos.logback.core.ConsoleAppender[STDOUT] - 
See also http://logback.qos.ch/codes.html#layoutInsteadOfEncoder for details
2012-06-21 14:56:55.739 [Start Level Event Dispatcher] INFO  
org.eclipse.orion.server.config - No server configuration file found at: 
/home/idcuser/orion.conf
'/home/idcuser/serverworkspace/
.metadata/.plugins/org.eclipse.orion.server.core.search/data/index' 
doesn't exist. Creating new index...
osgi>

The output finishes with an OSGi console prompt. After you’ve demonstrated you can run it cleanly, use the exit command and accept the default “y” (yes) answer:

osgi> exit
Really want to stop Equinox? (y/n; default=y)

With Orion installed and working, we need to modify the firewall rules to allow access to port 8080 so we can interact with it. The operating system is configured, by default, to allow only SSH port (22) to be visible to the network. This is a security feature of IBM SmartCloud Enterprise. We can verify this by using the iptables command:

$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

We want to add an entry to iptables that allows only the IP address of the machine we’re using to access Orion server we’re running. The netstat command executed on our Linux instance helps us figure out what IP address the incoming SSH connection is using (the following example shows two SSH sessions connected).

$ netstat --numeric-hosts -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 170.224.162.36:ssh          129.42.208.173:62356        ESTABLISHED
tcp        0    232 170.224.162.36:ssh          129.42.208.173:45579        ESTABLISHED

We can now create a firewall rule to allow traffic from the foreign address obtained by the netstat command and the port on which Orion is running:

$ sudo iptables -A INPUT -s 129.42.208.173 -p tcp --dport 8080 -j ACCEPT 

Don’t forget to re-launch Orion after you put in place the firewall rules you want. Alternatively you can leave Orion running from your initial launch, and use a second SSH session to modify the firewall rules.

If we want to reset the rules effectively blocking the port we just opened, we restart the service:

$ sudo service iptables restart 

Or we can make the changes permanent by adding the following line to the /etc/sysconfig/iptables file:

-A INPUT -s 129.42.208.173/32 -p tcp -m tcp --dport 8080 -j ACCEPT 

Of course, if your source machine is behind a NAT firewall, the IP address your traffic comes from will be shared by all of the other people behind the NAT firewall with you.

A simple solution to this issue is to create the accounts you want, and then disable the creation of user accounts by creating a server configuration file (orion.conf) and adding the following line:

orion.auth.user.creation=admin 

You can choose to run without an admin user, or create one that will have the power to create new users. You’ll need to shut down and restart Orion to pick up any configuration changes.

At this point, you should be set to dive into Orion in earnest. A good getting started guide is available that covers some of the basic code editing and source control features of Orion. The FAQ is also worth checking out.

The basic patterns described in this article to get Orion up and running will work for many development tools.

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Archive Stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, 16.0.0.4. It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading