After a while messing around with edX platform source code (I decided to run the platform using the recommended way, the Vagrant way.I followed the instructions from the edx-platform repo: But, there're something I had to do to make it work:0. My computer (CPU) has to support virtualization technology or the vagrant environment will not run or hang forever:D. So, CPU core i3, i5 +. Is fine.My system that run successfully the edX-platform is:Host machine:- Recommended core i5 CPU, Ubuntu 12.04 32bit.- My laptop: AMD Turion x2, Ubuntu 13.04 64bit1. Before doing anything, install NFS:$ sudo apt - get install nfs - common nfs - kernel - server2. Install Virtualbox version 4.2.12 (+extension pack), and Vagrant version 1.2.2 or laterI tried install the newer version of Virtualbox (4.2.16) but It's a pain in the ass, so you shouldn't.Update: Use this link to download Virtualbox 4.2.12 for Ubuntu 13.04 x64 + extension pack:+ VirtualBox:+ Extension pack:3.
After cloned the edx-platform repo, open /edx-platform/requirements/edx/github.txt and change all the Third-party repos section from:-e git://.to-e git+example:# Third-party:-e git+git+git+git+git+And now I can proceed to vagrant up step (from step #7):#########################################################Installation - The first timeThe following instructions will help you to download and setup a virtual machinewith a minimal amount of steps, using Vagrant.
.Updated May 21, 2014: Clarified that for the Mac, the private key is stored in memory and the passphrase in the keychain.Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key can be forwarded to your destination. Another user on the system with the ability to modify files could potentially use this key to authenticate as you. See the SSH manual for more details.In an, Ryan Holland, a Principal Partner Solutions Architect in AWS, showed how to secure access to multiple Amazon EC2 Windows instances running behind a Windows Remote Desktop Gateway acting as a bastion host.
Ryan returns this week with a post that focuses on bastion hosts for Linux instances in private Amazon VPC subnets.In this post, I’ll look at how to use SSH agent forwarding to allow administrators to securely connect to Linux instances in private Amazon VPC subnets. Using this configuration improves security because you don’t have to expose the management ports of your Linux instances to the Internet or to other subnets in your VPC. SSH and bastion serversBy default, Linux instances in EC2 use SSH key files for authentication instead of SSH usernames and passwords. Using key files can reduce the chance of somebody trying to guess the password to gain access to the instance.
But using key pairs with a bastion host can present a challenge—connecting to instances in the private subnets requires a private key, but you should never store private keys on the bastion.One solution is to use SSH agent forwarding (ssh-agent) on the client. This allows an administrator to connect from the bastion to another instance without storing the private key on the bastion. That’s the approach I’ll discuss in this post.
Configuring ssh-agentThe first step in using SSH agent forwarding with EC2 instances is to configure a bastion in your VPC. We suggest that the instance you use for your bastion be purpose-built and that you use it only as a bastion and not for anything else. The bastion should also be set up with a security group that’s configured to listen only on the SSH port (TCP/22). For additional security, you can harden the instance further. It’s beyond the scope of this post to discuss hardening in detail, but doing so involves tasks like enabling SELinux, using a remote syslog server for logs, and configuring host-based intrusion detection. For more in-depth information, see on the etutorials.org site.Always remember the following when configuring your bastion:. Never place your SSH private keys on the bastion instance.
Instead, use SSH agent forwarding to connect first to the bastion and from there to other instances in private subnets. This lets you keep your SSH private key just on your computer. Configure the security group on the bastion to allow SSH connections (TCP/22) only from known and trusted IP addresses. Always have more than one bastion.
Vagrant Web Social Button Download From Kindle Fire
You should have a bastion in each availability zone (AZ) where your instances are. If your deployment takes advantage of a VPC VPN, also have a bastion on premises. Configure Linux instances in your VPC to accept SSH connections only from bastion instances.Configuring ssh-agent on a MacFor Mac users, ssh-agent is already installed as part of the OS. You can add your private keys to the keychain application by using the ssh-add command with the -K option and the.pem file for the key, as shown in the following example. The agent prompts you for your passphrase, if there is one, and stores the private key in memory and the passphrase in your keychain. Ssh-add -K myPrivateKey.pemEnter passphrase for myPrivateKey.pem:Passphrase stored in keychain: myPrivateKey.pemIdentity added: myPrivateKey.pem (myPrivateKey.pem)Adding the key to the agent lets you use SSH to connect to an instance without having to use the –i option when you connect. If you want to verify the keys available to ssh-agent, use the ssh-add command with the -L option.
The agent displays the keys it has stored, as shown in the following example: ssh-add –Lssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDHEXAMPLErl25NOrbhgIGQzyO+TYyqbbYEueiELcXtOQHgEFpMAb1Nb8SSnlxMxiCXwTKd5/lVnmgcbDwBpe7ayQ6idzjHfvoxPsFrI3QSJVQgyNcx0RylX9IjcvJOyw myPrivateKey.pemAfter the key is added to your keychain, you can connect to the bastion instance with SSH using the –A option. This option enables SSH agent forwarding and lets the local SSH agent respond to a public-key challenge when you use SSH to connect from the bastion to a target instance in your VPC.For example, to connect to an instance in a private subnet, enter the following command to enable SSH agent forwarding using the bastion instance: ssh –A user@When you first connect to the instance, you should verify that the RSA key fingerprint that the bastion presents matches what is displayed in the instance’s console output. (For instructions on how to check the fingerprint, se the ).After you’re connected to the bastion instance, use SSH to connect to a specific instance using a command like this: ssh user@ Note that ssh-agent does not know which key it should use for a given SSH connection. Therefore, ssh-agent will sequentially try all the keys that are loaded in the agent.
Because instances terminate the connection after five failed connection attempts, make sure that the agent has five or fewer keys. Because each administrator should have only a single key, this is rarely a problem for most deployments.
For details about how to manage the keys in ssh-agent, use the man ssh-agent command. Configuring ssh-agent on WindowsIn Windows, you can connect to Linux VPC instances using PuTTY. To get SSH agent functionality, you can use Pageant, which is available from the PuTTY. When Pageant is installed, you can use the agent forwarding option in PuTTY to connect to instances in private subnets.To use Pageant, you need to convert your private key from PEM format to PuTTY format using PuTTYGen (available from the PuTTY ). In PuTTYGen, choose Conversions Import Key and select your PEM-formatted private key. Enter a passphrase and then click Save private key, as shown in the following screenshot. Save the key as a.ppk file.After you convert the private key, open Pageant, which runs as a Windows service.
To import the PuTTY-formatted key into Pageant, double-click the Pageant icon in the notification area and then click Add Key.