Getting Started with Port Forwarding on OpenShift

When developing database driven applications, it is essential that you have access to connect to your database in both your development and production environments.  Doing this without opening yourself up to security concerns is often a place where developers that are not intimately familiar with system administration and firewall configuration may stumble.

Enter OpenShift PaaS and yet another feature that will help you focus more on your code and less on system management duties.  With OpenShift port forwarding, developers are now able to connect to their remote services while using local client tools without having to worry about the details of configuring complicated firewall rules.

If you want to watch a video demonstrating how to use port forwarding on OpenShift, check out this video.

When developing database driven applications, it is essential that you have access to connect to your database in both your development and production environments.  Doing this without opening yourself up to security concerns is often a place where developers that are not intimately familiar with system administration and firewall configuration may stumble.

Enter OpenShift PaaS and yet another feature that will help you focus more on your code and less on system management duties.  With OpenShift port forwarding, developers are now able to connect to their remote services while using local client tools without having to worry about the details of configuring complicated firewall rules.

If you want to watch a video demonstrating how to use port forwarding on OpenShift, check out this video.

Step 1
In order to take full advantage of the "rhc port-forward" tool, make sure that you have the latest version of the client tools.  On systems with the client tools installed via ruby gem, enter the following command:
$ sudo gem update rhc

If you are using an rpm based installation, perform the following command:
$ sudo yum update rhc

Step 2

Now that you have the latest client tools installed, you should have access to the "rhc port-forward" command.  Once the command is invoked, the client tools will scan your deployed application and look for any embedded services available to forward.  The client tools will then configure your local system to be able to connect to the available services for your remote application.
$ rhc port-forward -a applicationName

Once the command is issued, you should see a list of services that are being forwarded and the associated ip address and port to use for connections.

In the above screenshot, you can see that I am forwarding a mysql database that has been embedded in my application named ‘port’. 

Note:  At the time of this writing, there is an extra step to enable port forwarding on MacOS based systems.  You will need to create an alias on your loopback device for the IP address of your OpenShift server.  In the example above, my IP address is 127.1.23.130.  Given that, I would issue the following command at a terminal prompt:
$ sudo ifconfig lo0 alias 127.1.23.130

This should be resolved in a future update to the rhc client tools but you can use the above workaround in the meantime.

Step 3

Now that you have your services forward, you can connect to them using your local client tools.  For instance, the connect to the mysql databases that I forwarded in step 2, I would enter the following command:
$ mysql -uadmin -p -h 127.1.23.130

The mysql client will then prompt me for the admin password and will then connect me to my mysql database running on my OpenShift server.

Note: The database username and password are displayed once you embed the service into your application.  It is always good practice to make a note of these.

Nice feature. I found this useful for importing data into mongoDB directly from my local system.

$ mongoimport --headerline --type csv --host 127.4.1.129 --port 27017 --collection teams --db guestbook --username myuser --password mypass --file Teams.csv

connected to: 127.4.1.129:27017
imported 2656 objects

$

For some reason when I use port forwarding on my mac with osx lion it tends to drop my connection to openshift after a short while. This can be very annoying especially when i am developing because it requires me to restart my server(JBoss AS7). Is there a reason why this is happening? Only thing I can think of is that the ssh session expires and drops my connection.

When I run the rhc-port-forward I get:

C:>rhc-port-forward -a fundaber Password: ********

Checking available ports...

No available ports to forward

I'm running in a windows xp, with the firewall off.

Hi @cesarsmerling;

Is your app running? What type of application is it?

Thanks;
~Nam

hi i got the error on port forwarding..

i m using window 64bit.. i have turnoff UAC , and firewalls.. any help?

D:/Ruby193/lib/ruby/gems/1.9.1/gems/net-ssh-2.6.0/lib/net/ssh/service/forward.rb:68:in `initialize': Permission denied - bind(2) (Errno::EACCES)

Port forwarding requires that each of those ports be open on your local client. Can you check to see if ports 8080 or 5432 are available? (e.g., stop your local postgres instance of you have one running).

HTHs; ~Nam

The connection appears to get reset by the peer after 5-10 minutes of inactivity. The only solution I see is to set my browser to reload the page every 5 minutes on the localhost (the one connecting through the ports).

Is there an easier or more simple way?

Thanks - Ben

There is a suggestion on this site that may help: http://ocaoimh.ie/2008/12/10/how-to-fix-ssh-timeout-problems/

Please let us know if it works out for you.
Thanks;
~Nam

Your a Legend Nam, that worked perfect. For anyone else encountering this problem, I used the client-side solution of appending the line ClientAliveInterval 60 to my /etc/ssh/sshd_config file The connection then remained open because it sent a message to the server every 60 seconds to keep it open.

When it comes to IP isue, you need to be specific about what you have to do and what now. I have come with lot of isues to my ip cctv, when i choose a dynamic IP...

Thanks a lot, useful article. Only one entreaty.

After you enter the command rhc-port-forward , you will see warning message in your console: "Command is deprecated and will be removed in the future. Please use 'rhc port-forward' instead." Please, fix the article.

Any help appreciated. I can't get past this error on windows 7 64-bit. All sw including rhc are up to date.

C:\wamp\bin\mysql\mysql5.5.16>rhc port-forward -a md Password: *******

Checking available ports... Binding httpd -> 127.12.63.129:8080... Binding httpd -> 127.12.63.130:8080... Binding mysqld -> 127.12.63.129:3306... Forwarding ports, use ctl + c to stop C:/Ruby193/lib/ruby/gems/1.9.1/gems/net-ssh-2.6.2/lib/net/ssh/service/forward.rb:68:in in itialize': Permission denied - bind(2) (Errno::EACCES) from C:/Ruby193/lib/ruby/gems/1.9.1/gems/net-ssh-2.6.2/lib/net/ssh/service/forward .rb:68:innew' from C:/Ruby193/lib/ruby/gems/1.9.1/gems/net-ssh-2.6.2/lib/net/ssh/service/forward .rb:68:in `local'

From Eduard's comments at https://www.openshift.com/forums/openshift/another-issue-with-rhc-port-forward-command-on-windows-7-client-running-cygwin ... I was able to solve the problem by taking these steps: 1. disable mysqld (running with wampserver) 2. Run the rhc port-forward command in a windows command prompt.

However, two problems remain: a) The forwarding appears to be temporary. You have to leave the command prompt open. After forwarding it say: C:\wamp\bin\mysql\mysql5.5.16>rhc port-forward -a md Password: ******* Checking available ports... Binding httpd -> 127.12.63.129:8080... Binding httpd -> 127.12.63.130:8080... Binding mysqld -> 127.12.63.129:3306... Forwarding ports, use ctl + c to stop

If you ^c then the forwarding is terminated.

Question: Is there a way from Windows 7 to tell rhc to make the forwarding permanent, or do you just need to activate it every time that you want to use a mysql client?

I use sqlyog and it works great when forwarding is active. Also, if I enable mysqld locally on my PC, it works fine after I add the bind item to my.ini as Eduardo suggested.

Thanks! Norm

Hi, I'm running RHEL 6 on my workstation. 1 question, 1 issue.

Question: since the port-forward runs in the foreground, is it suggested to background it, run in a separate console, or?

Issue: When I port-forward, I cannot connect to mysqld - however I CAN connect to httpd. This is on an enterprise setup, not on hosted.

Adding 'mysql-5.1' to application 'expenses' Success

mysql-5.1

Properties ========== Database Name = expenses Username = admin Password = Au_GaRyLgww1 Connection URL = mysql://127.0.250.1:3306/

$ rhc port-forward expenses Password: ******

Checking available ports... Forwarding ports Service Connect to Forward to ====== ================ ==== ================ httpd 127.0.250.1:8080 => 127.0.250.1:8080 mysqld 127.0.250.1:3307 => 127.0.250.1:3306 Press CTRL-C to terminate port forwarding

$ mysql -uadmin -pAu_GaRyLgww1 -h 127.0.250.1 -P 3306 ERROR 1045 (28000): Access denied for user 'admin'@'127.0.250.1' (using password: YES)

$ rhc cartridge status mysql Password: ******

RESULT: MySQL is running

-> On the node:

mysql -uadmin -pAu_GaRyLgww1 -h 127.0.250.1 -P 3306

Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.1.66 Source distribution

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

-> Port fwd works for httpd

$ wget 127.0.250.1:8080 --2012-12-22 13:59:57-- http://127.0.250.1:8080/ Connecting to 127.0.250.1:8080... connected. HTTP request sent, awaiting response... 200 OK Length: 549 [text/html] Saving to: “index.html”

100%[======================================>] 549 --.-K/s in 0s

2012-12-22 13:59:57 (140 MB/s) - “index.html” saved [549/549]

Any suggestions? Thanks!

If you are a collaborator for the app you have to add the flag: --namespace