In some situations, a LifeKeeper cluster is placed behind a corporate firewall and administrators wish to run the LifeKeeper GUI from a remote system outside the firewall.
LifeKeeper uses Remote Method Invocation (RMI) to communicate between the GUI server and client. The RMI client must to be able to make connections in each direction. Because the RMI client uses dynamic ports, you can not use preferential ports for the client.
One solution is to use ssh to tunnel through the firewall as follows:
- Make sure your IT department has opened the secure shell port on the corporate firewall sufficiently to allow you to get behind the firewall. Often the machine IT allows you to get to is not actually a machine in your cluster but an intermediate one from which you can get into the cluster. This machine must be a Unix or Linux machine.
- Make sure both the intermediate machine and the LifeKeeper server are running sshd (the secure shell daemon) and that X11 port forwarding is enabled (this is usually the line `X11Forwarding yes’ in /etc/ssh/sshd_config, but if you are unsure, have your IT do this for you.
- From your Unix client in X, tunnel to the intermediate machine using:
ssh -X -C <intermediate machine>
The -C means `compress the traffic’ and is often useful when coming in over slower internet links.
- From the intermediate machine, tunnel to the LifeKeeper server using:
ssh -X <LifeKeeper server>
You should not need to compress this time since the intermediate machine should have a reasonably high bandwidth connection to the LifeKeeper server.
- If all has gone well, when you issue the command:
it should be set to something like `localhost:10.0’. If it is not set, it is likely that X11 forwarding is disabled in one of the sshd config files.
- Verify that you can pop up a simple xterm from the LifeKeeper server by issuing the command:
- If the xterm appears, you’re ready to run lkGUIapp on the LifeKeeper server using the following command:
- Wait (and wait some more). Java uses a lot of graphics operations which take time to propagate over a slow link (even with compression), but the GUI console should eventually appear.
Post your comment on this topic.