SSH into the Archivematica container hosts
Last updated
Last updated
It can be useful to SSH into the Archivematica container hosts for debugging.
There's an unmaintained script, or you can follow the instructions below.
The Archivematica container hosts aren't connected directly to the Internet; instead you have to go through the bastion host. There are only a handful of EC2 instances in the workflow account:
Steps:
Download the wellcomedigitalworkflow
SSH key from Secrets Manager in the platform account.
Identify the container/bastion hsot pair you want to SSH into. Let's suppose I want to log into the staging instance.
Select the bastion instance, then the "Security" tab. There should be two security groups:
full egress (which allows all outbound traffic from the instance)
SSH controlled ingress (which filters inbound traffic to the instance)
Select the SSH controlled ingress security group. In the security group console, add an inbound rule that allows SSH from your current IP address. Add your name and the current date to provide an audit trail.
Find the DNS names of the instances:
the public DNS name of the bastion instance
the private DNS name of the container instance
SSH through the instances. I feel like there's probably a way to do this a single tunneling command, but I find it easier to move keys around:
If you are trying to fix an issue with failing ingests, you may wish to look at these locations:
/ebs/pipeline-data/
: The folders containing "processing storage" for archivematica (including currentlyProcessing
)
/ebs/var/archivematica/storage_service/
: The archivematica-storage-service working storage