Although the title seems little strange and scary I will explain to you in this article why it's needed, it's advantages and how you can setup easily without much changes. Being an Administrator and Support Engineer throughout my career i haven't seen an single I.T department having an exact replica of the production and testing/staging environment, there is always some difference between those environments like the most common is the amount of production data is not same as that of staging data which changes the equation of how the application behaves. There are situations where production support engineers won't even have access to staging/testing environments because it's either managed by a different vendor, or because of SOX compliance or due to various security reasons. Being an administrator , the application is kind of a black box compared to the developers where you might not have had much chance to play with it and understand how it really works, most of them you will come know from the word of mouth from the developers which sometimes may not be true in terms of how it's behaving in a production as they are aware only in terms how it worked in their development environment which is usually a standalone server compared to a usual cluster environment in production. During outages, you are more focused on bringing the server backup up instead of finding what caused the issue and most of the time it's too late or you don't have enough time to collect the data. Hence it is necessary in my opinion to have your own production copy , so that you can turn on traces , understand how the application works, understand the symptoms if some services breaks and find ways to fix it, so that when the real problem comes you will be prepared for it and tackle the problem quickly with little or no down time. Although many will disagree and you might want to explain the benefits which out weighs the problems.
You are basically going to run the server with a system proxifier like
proxychains and tunneling all connections through the SSH proxy from your dekstop with ease without much modifications due to firewall restrictions. Here are some suggested steps,
1) Tar up your production server installation directory and untar it up in your desktop.
2) Make sure you create any directories or symbolic links that the server references that is not
included as a part of installation directory, like log and config directories.
3) Download and Install system proxifier
proxychain .
4) Configure /etc/proxychains.conf to point to the socks server. (e.g)
socks5 127.0.0.1 9050
5) If there are DNS name resolution issues follow the instructions
Performing UDP tunneling through an SSH connection to setup local dns proxy server or enable proxy_dns property in /etc/proxychains.conf
6) Run a SSH proxy from your desktop , (e.g)
ssh -D 9050 user@prod-servername.7) start the server with proxychains or modify the startup script to include proxychains (e.g)
proxychain /root/Desktop/jdk1.6.0_16//bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-6.0.20/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/apache-tomcat-6.0.20/endorsed -classpath :/opt/apache-tomcat-6.0.20/bin/bootstrap.jar -Dcatalina.base=/opt/apache-tomcat-6.0.20 -Dcatalina.home=/opt/apache-tomcat-6.0.20 -Djava.io.tmpdir=/opt/apache-tomcat-6.0.20/temp org.apache.catalina.startup.Bootstrap start
you can get the process string by doing ps -auxww after you normaly started the server. Now your server should be able to start and able to connect through the SSH proxy and proxychains output will show how the connections are made ,
(e.g)
ProxyChains-3.1 (http://proxychains.sf.net)
S-chain-<>-127.0.0.1:9050-<--timeout INFO: Mon Aug 31 22:37:41 PDT 2009: PlatformDetector detected platform: tomcat
S-chain-<>-127.0.0.1:9050-<>--10.23.23.11:1521--<>8) website's domain/virtualhost mapping to your local ip to access the website in /etc/hosts. (e.g)
www.example.com 127.0.0.1
