{{ section.section }}

  1. Connecting to Holistics
  2. Set Up Reverse SSH Tunnels Using Automated Script

Setting up Reverse SSH Tunnel Using Automated Script

A. Introduction

With our automated bash script, connecting Holistics to your data source using reverse tunnel is much faster and more convenient. NOTE: The script supports Debian and RHEL based distros. For other systems, please see this doc on setting up tunnel manually.

Before, users have to go through many steps to set up a reverse tunnel (as described here). In this doc, we are going to show you how this hasslesome process can be done by executing a single command!

(To learn more about reverse tunnel, please also refer to this doc.)

B. Guide

  1. Enter the Display Name of the data source and choose your Database Type
  2. Choose Use reverse tunnel

  3. Fill in the Host and Port where your database can be accessed from your proxy server
    Create reverse tunnel data source

  4. Click Generate Script and wait for the script to be generated
    Reverse tunnel command 4

  5. Copy the command and execute it on your proxy/bastion server. You will be asked for sudo privileges to install packages and set up system service. See the last section to know all actions that the script carries out. Run reverse tunnel command 3

  6. Read the script introduction and follow the script execution

  7. Return to your browser when this message appears: Script started tunnel

  8. The database configurations will now appear on your form. Fill in and click Test Connection Dbconfig form

  9. If the connection is successful, you can save the data source by clicking Save Data Source
    Save data source

  10. After the data source is saved, the reverse tunnel will be running in a system service called h_autossh. Note that the display of the status varies between systems. H autossh status

C. h_autossh service

As described in Script Operation / Final steps below, the reverse tunnel script creates a service for you to manage all tunnel connections to Holistics, and start them automatically on startup.

Using service

  • to start all Holistics tunnels, run sudo service h_autossh start
  • to stop all Holistics tunnels, run sudo service h_autossh stop
  • to restart all Holistics tunnels, run sudo service h_autossh restart
  • to see the status of Holistics tunnels service, run sudo service h_autossh status

Removing service

To remove the service quickly and conveniently, please see the section Removeing Reverse Tunnel section below.

D. Removing Reverse Tunnel

You should only want to remove the reverse tunnel when you remove a data source.

For data sources using reverse tunnel connection, when you click Delete, we will generate another script for you to execute on the proxy server.
Remove reverse tunnel data source
This script removes the reverse tunnel (associated with the chosen data source) from h_autossh and restart the service.
If the reverse tunnel being removed is the last tunnel in h_autossh (i.e. you do not have any other reverse tunnel), the h_autossh service will also be removed.
Finally, the data source will be deleted.

E. Script Operation (Automated)

The script takes the following actions (in order)

1. Create Holistics Directory

Creates a directory to store all files related to the whole process.
Full path: $HOME/.holistics

2. Install Packages

The script tries to install two main packages:

  • curl
    Used to communicate with Holistics web server.
    nss is also updated if possible so that curl can handle ssl connection properly

  • autossh
    The program to handle the tunnel connection and keep the connection persistent. For distros using yum package manager, autossh is not always available (such as in RHEL 6). In this case, gcc and make will also be installed to compile autossh from its source. If you want to install autossh by yourself instead, please install it prior to the script execution, and the script will not try to install again.

3. Generate RSA key pair and submit public key to Holistics

A new key pair will be generated in Holistics directory using ssh-keygen. If the key pair exists, for example when you have already set up another tunnel, the existing key pair will be used. Then, the public key is submitted to Holistics web server. Holistics will add your public key to the tunnel server so that ssh connection can be established, and also assign a specific port on the tunnel server for your new connection.

4. Start the reverse tunnel

The script creates an reverse tunnel ssh connection from your proxy server to our tunnel server. The port on the tunnel server will be the one assigned by Holistics, and the port on your server is the one you configured in the data source form. Afterward, the script will notify Holistics web server about the running tunnel.

5. Create/Update h_autossh service

At the point the scripts tells you to return to the browser, it starts waiting for your data source result. If the data source is saved successfully, the script will stop the reverse tunnel that was made previously. Then, it creates a new service called h_autossh, which is stored in /etc/init.d/ and contains the command to run the reverse tunnel. If the service exists, the script will update it to include the new tunnel configuration. The service is also enabled to run on startup.