VSCode from the bbg-cluster¶
Description¶
The macgiver way of mounting the bbgcluster filesystem in our respective local computers is very inefficient when it comes to coding with VSCode, particularly with regards to git version control capabilities.
But there is a way to use full-fledged capabilities of VSCode for projects that are kept in the bbgcluster.
TL;DR¶
- Launch a vscode server in the bbgcluster.
- SSH tunnel to this session from a local terminal.
- Connect to the server using a browser.
- Do so while keeping everything secure.
Setting all up¶
For the time being this tutorial does not cover the set up part in depth. However, here there is a bundle of command lines that are needed for setting up the security part.
Become a certificate authority¶
# Generate private key
openssl genrsa -des3 -out myCA.key 2048
# Generate root certificate
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 825 -out myCA.pem
Create CA-signed certs¶
NAME=vscode # Use your own domain name
# Generate a private key
openssl genrsa -out $NAME.key 2048
# Create a certificate-signing request
openssl req -new -key $NAME.key -out $NAME.csr
# Create a config file for the extensions
>$NAME.ext cat <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $NAME # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
DNS.2 = bar.$NAME # Optionally, add additional domains (I've added a subdomain here)
IP.1 = 0.0.0.0 # Optionally, add an IP address (if the connection which you have planned requires it)
EOF
# Create the signed certificate
openssl x509 -req -in $NAME.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out $NAME.crt -days 825 -sha256 -extfile $NAME.ext
VSCode server in the bbgcluster¶
Screen¶
In the bbgcluster, either create
or access an existing vscode screenWarning
When opening a new screen, this should be done from the login01 node, since this guarantees that the screen will be constantly running and not shut down (which could happen if the screen is opened in one of the other nodes).
Interactive¶
Launch an interactive session within a given node, allocating some computing resources:
Conda activate vsc_node environment¶
Warning
the environment vsc_node is supposed to have been already created by the user; check this reference.
Launch vscode server¶
From your bbgcluster home do:
unset XDG_RUNTIME_DIR && \
code-server --port 8090 \
--bind-addr 0.0.0.0 \
--cert vscode.crt \
--cert-key vscode.key
Warning
--cert file vscode.crt --cert-key file vscode.key are supposed to be already generated by the user.
SSH tunnel¶
In a terminal of your local computer, do the following:
Warning
htop is just a dirty trick to ensure the SSH tunnel does not spontaneouly shut down.
Connect to the server¶
Type the following https address in the browser:
A password prompt will appear. Fullfill the password request with a password you must have generated during the security setup referred to above.
Reference¶
- Federica Brando
- Ferriol Calvet
- Ferran MuiƱos