Jump to content

Talk:Data Platform/Systems/Jupyter

From Wikitech
Latest comment: 1 month ago by JSherman (WMF) in topic adding a tunnel shortcut to ssh_config

adding a tunnel shortcut to ssh_config

I began editing to add this, but I wasn't sure if it would muddy the waters. Do you think such a shortcut would be helpful?

Once you have this access, first open a SSH tunnel to one of the analytics clients by running the following command in your computer's terminal:

$ ssh -N stat1008.eqiad.wmnet -L 8880:127.0.0.1:8880

If you prefer have a shortcut for tunneling, you may add the following to the ssh configuration used for production access:

Match host=!*.*,stat10*
        SessionType none
        HostName %h.eqiad.wmnet
        LocalForward 8880 127.0.0.1:8880

Now you may open a SSH tunnel to one of the analytics clients by running the following command in your computer's terminal:

$ ssh stat1008

In either case, you can replace stat1008 with the name of another analytics client if you prefer. JSherman (WMF) (talk) 15:04, 1 November 2024 (UTC)Reply

Generally, I think this would be very useful to add to the page!
Specifically, it's sometime necessary to open a plain SSH connection to the hosts since there are some commands (like `sudo`) that don't work in the Jupyter terminal. With this approach, it seems that it become impossible to do that. Do you know if there's any way to handle this in the SSH config?
What I've done is use a similar technique in my SSH config to enable using e.g. `stat1008` as a shorthand and then separate set up a shell function (for Fish, in my case) to streamline opening a tunnel for Jupyter:
function jup
    # Fish only supports running a single external command as a background job
   # https://stackoverflow.com/questions/62864458/fish-shell-chaining-commands-to-be-run-as-a-background-job
    fish --command "sleep 3; open -a Firefox http://localhost:8880" &
    ssh -N $argv -L 8880:127.0.0.1:8880
end
Neil Shah-Quinn (WMF) (talk) 20:06, 1 November 2024 (UTC)Reply
As written, the config I made still allows regular shell access via the full name:
eg `ssh stat1008.eqiad.wmnet`
but it won't have the tunnel. You could drop the SessionType line and have an interactive session with the tunnel.
If you want to locally launch a browser and the tunnel at the same time, that may also be accomplished with ssh config so long as you have PermitLocalCommand yes set in /etc/ssh/ssh_config
Match host=!*.*,stat10*
        SessionType none
        HostName %h.eqiad.wmnet
        LocalForward 8880 127.0.0.1:8880
        LocalCommand open -a Firefox http://localhost:8880
JSherman (WMF) (talk) 22:36, 1 November 2024 (UTC)Reply
Neat! Thank you very much for sharing.
I'd say go ahead and add your original snippet, and just add a footnote mentioning that you can still use the full address for plain SSH. Having a shortcut command is super useful, and it's even better when it doesn't require messing around with shell functions, while needing plain SSH is a fairly niche situation. Neil Shah-Quinn (WMF) (talk) 01:49, 2 November 2024 (UTC)Reply
done! JSherman (WMF) (talk) 15:21, 5 November 2024 (UTC)Reply