Bug #14267
closedceph-post-file doesn't work
30%
Description
drop.ceph.com needs to accept sftp and be able to write to the lab cluster (/ceph/post)
postfile@drop.ceph.com user exists.
i think it just needs a symlink in the home dir from post -> /ceph/post
Updated by David Galloway about 8 years ago
- Category set to DC ops
- Status changed from New to In Progress
- Assignee set to David Galloway
- % Done changed from 0 to 30
A temporary solution is in place (gitbuilder-archive has VPN tunnel to the lab with long running cluster mounted) but we aim to move the service to a dedicated host as a permanent solution.
Updated by David Galloway about 8 years ago
- Priority changed from Urgent to Normal
Updated by David Galloway about 8 years ago
- Category changed from DC ops to Infrastructure Hardware
Updated by David Galloway about 8 years ago
- Category changed from Infrastructure Hardware to Infrastructure Service
Will move to physical host with public IP and access to LRC
Updated by David Galloway over 7 years ago
Filed PR to get ceph-post-file switched to RSA key. RSA pubkey has been put in authorized_keys
on gitbuilder-archive and on new drop.ceph.com VM.
https://github.com/ceph/ceph/pull/10800
Still need to get public IP assigned and DNS switched over.
Updated by David Galloway over 7 years ago
- Status changed from In Progress to Resolved
Service moved to new VM with ifaces on front VLAN (drop.front.sepia.ceph.com) and WAN (drop.ceph.com).
Tested and working!
$ ./ceph-post-file.in /tmp/dgalloway-new args: -- /tmp/dgalloway-new ./ceph-post-file.in: upload tag 1a8b5a81-5e1a-48bc-bf42-69fc236f89d0 ./ceph-post-file.in: user: dgalloway@w541 ./ceph-post-file.in: will upload file /tmp/dgalloway-new sftp> mkdir post/1a8b5a81-5e1a-48bc-bf42-69fc236f89d0_dgalloway@w541_746ae882-235f-42a7-97b0-6c165fc36b38 sftp> cd post/1a8b5a81-5e1a-48bc-bf42-69fc236f89d0_dgalloway@w541_746ae882-235f-42a7-97b0-6c165fc36b38 sftp> put /tmp/tmp.vmBpn5LMIA user sftp> put /tmp/dgalloway-new ./ceph-post-file.in: copy the upload id below to share with a dev: ceph-post-file: 1a8b5a81-5e1a-48bc-bf42-69fc236f89d0
(tmp file deleted)
Updated by Ken Dreyer over 7 years ago
Does this need to get backported to the stable branches? When will the old keys stop working?
Updated by David Galloway over 7 years ago
Ken Dreyer wrote:
Does this need to get backported to the stable branches? When will the old keys stop working?
The old key will already not work if coming from a workstation running OpenSSH 7.0+ (unless the user modifies their local ssh config).
From the server-side perspective, I have the new drop.ceph.com VM set up to allow the DSA key for auth and don't see an immediate need to disable it any time soon.
Updated by Loïc Dachary over 7 years ago
- Status changed from Resolved to Pending Backport
- Backport set to jewel
Updated by Loïc Dachary over 7 years ago
- Project changed from sepia to Ceph
- Category deleted (
Infrastructure Service)
Updated by Loïc Dachary over 7 years ago
- Copied to Backport #17787: jewel: ceph-post-file doesn't work added
Updated by Loïc Dachary over 7 years ago
- Status changed from Pending Backport to Resolved