The Eclipse Orion project has the tag line: “Tools for the web, on the web.” The project is still in its early days yet shows great promise — being able to do code development directly from any browser is liberating in the same way that moving to a web-based email system is. This post describes how to set up Orion on the IBM SmartCloud Enterprise.
Orion is available as a hosted solution, but can also be installed locally. In our case, local is the cloud, but we‘ll use firewall rules to make it available only to specific machines.
First, we need a Linux instance running on the cloud — you could use a scripted approach to doing this as described in my last article (“Revisiting use of the Java API for IBM SmartCloud Enterprise“), or simply make use of the web UI. For this example I used the “Red Hat Enterprise Linux 6.2 (32-bit)(RTP)” image from the IBM SmartCloud catalog. When configuring the instance for provisioning, you’ll want to make certain you capture the private key data when you create the key. The web UI prompts you to save the data, or if you’re doing this through a scripted solution, you need to capture the return value from generateKeyPair(). Here is a code snippet that shows how to make use of the Java REST API Client (see also RESTful API) to capture the private key data:
String keyName = "A Key";
// Check the key doesn't exist
try {
client.describeKey( keyName );
} catch (UnknownKeyException e) {
// Create the key - this will return the private key
Key privateKey = client.generateKeyPair( keyName );
// Fetch the key - this will return the public key
Key publicKey = client.describeKey( keyName );
// Print out the key values
System.out.println( "Public Key: " + publicKey.getMaterial() );
System.out.println( "Private Key: " + privateKey.getMaterial() );
}
There is no second chance to grab the private key data. The public key isn’t needed for this example, and can be retrieved at any time. See the complete working example of the java code.
After the instance becomes active, we need to connect through
SSH. There is a helpful video covering this process, but I’ll repeat it here for clarity. We need to know two things:
- The public IP of our instance
- The private key value associated with this instance
Because I use PuTTY on my development machine, it is necessary to convert the private key format using PuTTYgen. This is a simple process of loading the private we downloaded (PuTTYgen will automatically convert the foreign key) and saving the modified private key. I saved the modified key as Orion.ppk, allowing me to launch PuTTY with the following command line:
putty -i Orion.ppk idcuser@170.224.162.36 You will need to modify the IP address to match your public IP; idcuser is the default user name created automatically for you by the IBM SmartCloud Enterprise.
Now that you have a Linux instance running in the cloud with SSH access you can start the process of installing Orion. I found it easiest to navigate the download pages in my web browser, and then use PSCP (the PuTTY Secure Copy client) to copy it up to the Linux instance. After you have a copy of Orion, extract the .zip file and launch.
$ unzip eclipse-orion-I20120620-2230-linux.gtk.x86.zip
$ ./eclipse/orion
After launching, you should see the OSGi console start up; it is normal to see several informational and warning messages, as you see in the following several example lines of the output:
14:56:55,597 |-INFO in ch.qos.logback.classic.LoggerContext[default] -
Found resource [logback.xml] at [bundleresource://2.fwk32956236:1/logback.xml]
14:56:55,609 |-INFO in
14:56:55,730 |-WARN in ch.qos.logback.core.ConsoleAppender[STDOUT] -
See also http://logback.qos.ch/codes.html#layoutInsteadOfEncoder for details
2012-06-21 14:56:55.739 [Start Level Event Dispatcher] INFO
org.eclipse.orion.server.config - No server configuration file found at:
/home/idcuser/orion.conf
'/home/idcuser/serverworkspace/
.metadata/.plugins/org.eclipse.orion.server.core.search/data/index'
doesn't exist. Creating new index...
osgi>
The output finishes with an OSGi console prompt. After you’ve demonstrated you can run it cleanly, use the exit command and accept the default “y” (yes) answer:
osgi> exit
Really want to stop Equinox? (y/n; default=y)
With Orion installed and working, we need to modify the firewall rules to allow access to port 8080 so we can interact with it. The operating system is configured, by default, to allow only SSH port (22) to be visible to the network. This is a security feature of IBM SmartCloud Enterprise. We can verify this by using the iptables command:
$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
We want to add an entry to iptables that allows only the IP address of the machine we’re using to access Orion server we’re running. The netstat command executed on our Linux instance helps us figure out what IP address the incoming SSH connection is using (the following example shows two SSH sessions connected).
$ netstat --numeric-hosts -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 170.224.162.36:ssh 129.42.208.173:62356 ESTABLISHED
tcp 0 232 170.224.162.36:ssh 129.42.208.173:45579 ESTABLISHED
We can now create a firewall rule to allow traffic from the foreign address obtained by the netstat command and the port on which Orion is running:
$ sudo iptables -A INPUT -s 129.42.208.173 -p tcp --dport 8080 -j ACCEPT Don’t forget to re-launch Orion after you put in place the firewall rules you want. Alternatively you can leave Orion running from your initial launch, and use a second SSH session to modify the firewall rules.
If we want to reset the rules effectively blocking the port we just opened, we restart the service:
$ sudo service iptables restart Or we can make the changes permanent by adding the following line to the /etc/sysconfig/iptables file:
-A INPUT -s 129.42.208.173/32 -p tcp -m tcp --dport 8080 -j ACCEPT Of course, if your source machine is behind a NAT firewall, the IP address your traffic comes from will be shared by all of the other people behind the NAT firewall with you.
A simple solution to this issue is to create the accounts you want, and then disable the creation of user accounts by creating a server configuration file (orion.conf) and adding the following line:
orion.auth.user.creation=admin You can choose to run without an admin user, or create one that will have the power to create new users. You’ll need to shut down and restart Orion to pick up any configuration changes.
At this point, you should be set to dive into Orion in earnest. A good getting started guide is available that covers some of the basic code editing and source control features of Orion. The FAQ is also worth checking out.
The basic patterns described in this article to get Orion up and running will work for many development tools.
you blog very good information on your websites
The scary part is that, as promising as it already is, the project is still in its infancy. I can barely begin to imagine how much better and more efficient things can possibly get in a few years.