Let me in – Bitnami, Keychain and SSH on Mac

I have ended up looking at a couple of bitnami created servers both running on Amazon EC2 (Part of amazons cloud service). Bitnami create open source bundles, preconfigured and ready to run in various operating system flavours and with common applications like Drupal and wordpress. With services like Amazon EC2 the cloud service is able to bring up a virtual server for you based on a pre bundled configuration and you are ready to run on seconds. Both these servers required a little bit of extra to and fro to get access to the file system and use the various tools I have for things like Databases. They rely not on user name and passwords but on ownership of a key file called a pem. In a time when most people are getting used to rich user interfaces, touch displays, gesture control etc there is still a time when you have to drop to a much more archaic, but much loved by techies, command line. Yes you type commands in, whatever next? 😉 These can be hard to remember and also tricky if you miss out implicit little pieces of knowledge that you only retain by constantly performing the tasks.
This level of security is important for servers of course, but it does make life awkward when you are have not been tapping away long incantations of linux commands for a while.
Photo on 03-05-2012 at 10.07

 

To connect to one of these servers I had to first of all get the pem file (the key) on my Mac. However then in order to use it you need to startup the terminal. In order to connect to a server you have to first of all use the terminal and type something along the lines of

ssh -i whateverthekeyis.pem ausername@aservername.amazonaws.com

That opens up another terminal command line but this time a secure encrypted one to the actual machine where the -i indicates which key file you are using. Oh, but it is of course not that simple, no the file permissions have to be tightened up, again with a command line. Chmod changes the read/write access to the file so that only certain users on your machine, i.e. you can use the key at all.

chmod 600 file.pem

This is great if you are just doing command line but if you want another useful Mac application to be able to connect, something like Expandrive (which just makes the file system look like it is part of the mac) then you have to do some other incantations.

My initial thought was that sure the keychain application on the Mac is the place that it will keep all these keys for all the higher end applications to use. When you have something like expandrive and it is expecting to type a user name and password into it to connect you can’t easily tell it to use this PEM file instead. The same goes for Sequel Pro. So I tried to import the PEM file into the keychain, something it does automatically if you double click the PEM. it failed though.

A quick bit of googling later and it turns out that these ones have to be done manually with an

ssh-add -K whatever.pem

That pops the key in a mini cache that anything that is doing SSH under the covers will look at for a userid. Dead simple, once you know or expect to do it. As with all these things it is the not knowing what to ask, or why you would even bother asking that gets in the way.

Once added it meant that I could simply access the file system in a normal finder tree. Whilst I could tap away linux commands in the command line it is very much quicker and easier to have a visual clue as to where things are as you bounce form server to server. As much as a like typing file transfer commands and lots of paths and dots and dashes (It reminds me of the techie I am) I also just want to get on with things.

The same goes for the database. On bitnami the mysql database was accessible with the web tool PHPadmin, but… in order to access the web front end, again for secure reasons you had to create a tunnel on the command line. Again on the command line you had to try something along the lines of

sh -N -L 8888:127.0.0.1:80 -i bitnami_hosting.pem bitnami@xyz.bitnamiapp.com

This is telling the Mac to map and route certain network requests through a secure connection. It will last as long as the terminal window is active. So the command will just hang there. The net result is you can then use a web browser to talk to you own machine, but the tunnel passes you onto the remote machine

http://127.0.0.1:8888/phpmyadmin

So using 127.0.0.1 mean this machine, and port 8888 means a different communication channel really, so the web browser thinks what it is using is on a web server running locally when in fact it is off in the cloud.

This seemed a bit of a pain when I had a great tool like Sequel Pro. This lets me access multiple tables and pieces of data and structure in a similar but less clunky way to phpadmin. Luckily with the key added (as above) you the pem key will automatically be used. However it did not work first time. I had to go into the file system and edit the MYSQL config file my.cnf that was in MYSQL directory to comment out the local binding to that machine.

bind-address = 127.0.0.1 becomes
#bind-address = 127.0.0.1

I found/was reminded of that in the bitnami documents (which are great when you know what you are looking for) but I initially comment it out with a // not a # as thats what lots of code is. Yes I know it’s obvious as its a Mysql config file, except its not when a little detail like the comment character to use is missed out. This then let the Mysql client on my Mac connect to the database using the secure key doing all the tunnelling etc itself. So once set up things are quite straight forward and identical to the way I access the same things on my local development server.

All techies have different preferences and ways to get to things. If you are a constant sys admin the command line, and all the variants of clever piping of commands work. I used to tend to do that too. When you are an occasional user across multiple different flavours of system (I have slicehosts/rackspace servers too) then it gets difficult to remember it all.

In addition when you are also building and maintaining the applications on top of that, remembering how to configure and administer Drupal for instance, what your application is doing, how the git repository is accessed etc, or providing extra code and modules that drive those applications. Mixing that up with richer front ends like unity3d and running open source virtual worlds like Opensim the number of “all you have to do is this simple x,y or z” balloons.

It is one reason that in large companies there is a separation of systems admin, database admin, architecture, software development, testing, runtime production, design, research and development and project management. However as a small company it is important to be able to do a little bit of all of that in order to major on any one of those for a project.
So whilst I really don’t like sysadmin, mainly because things are never quite the same in each place, especially in opensource land, I do find I have to do this to remind me of the complexity of the tech we have to deal with and how great it is that so many things can hide this away from us when we really don’t need to know.

I wrote this all down here a I know I will bump into this again and will have forgotten, so in making notes for future confused self I thought it may help anyone else who is stuck and googling for similar things. Of course the hardcore techies will probably laugh at my apparent lack of knowledge (which was less lacking and more filed away and need to be recalled from HSM. Something we had in the olden days when I started on green screen terminals. You would ask for a file and you would have to wait for a mechanical arm somewhere to find the right disk/tape and spin it up, a sort of mechanical cloud) Anyone else who feels worried about doing any deeper techie stuff may also be put off. However those who wander the technical plains finding adventure may just benefit.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

EubXSuLAu JZ

Please type the text above:

This site uses Akismet to reduce spam. Learn how your comment data is processed.