Support #24488
closedSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
Both.
2) Desired Username: rishabh
3) Alternate e-mail address(es) we can reach you at: rishabhddave@gmail.com
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
https://github.com/ceph/ceph/pull/21948
5) Paste your SSH public key(s) between the pre tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4NYxUHx8HMgbVIHadruN1kAJS5be0aZA9rvGtYDfwD5siKNfXFRyLG3thkjxtEi7DPYMxgbpFOXW9EQKh5sQ0ohsADZOi8FSIAfQlOQ+7HAEp7DjBtjxoqB31jJ1e293YtO+nqAhcOMyGfDx+71w5sS2EFqy7PscA9gD9aV2iMxIR/JD1LxXabiqj12jU5AOxr7ZQ1+gM9aroQuDpNxY4U8jBTxx5OtIYRkeI/aN2gQj1mXGMKGo0ItFn4lsXGLxGxMpa9K2UFw2dWQVTw9VNm79nixrCX+lC2nyaJPsRYZipXF1ID2NRk7oJ79dJ/uRBBXpunihlEC3aF+nOgEPH ridave@redhat.com
6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
rishabh@x220 F5CId3QXUahnqjgkTIRgag 2128eafd849c1ac9d42b30bf136f39d06c57c8de6b4ff6c0205b6db61879753b
Files
Updated by David Galloway almost 6 years ago
- Category set to User access
- Status changed from New to 4
- Assignee set to David Galloway
Hi Rishabh,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh rishabh@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Rishabh Dave almost 6 years ago
I can't access or ping teuthology.front.sepia.ceph.com. Regarding the steps mentioned here, I don't see openvpn service that could be restarted. I've got only two -
$ systemctl list-unit-files | grep vpn openvpn-client@.service enabled openvpn-server@.service disabled
Of these I couldn't restart the first (which is enabled) -
$ sudo systemctl restart openvpn-client@.service [sudo] password for rishabh: Failed to restart openvpn-client@.service: Unit name openvpn-client@.service is missing the instance name. See system logs and 'systemctl status openvpn-client@.service' for details.
Also, the steps under "Fedora NetworkManager GUI" were unclear. So I haven't tried the steps mentioned there.
Updated by David Galloway almost 6 years ago
The instructions say sudo systemctl restart openvpn@sepia
Updated by Rishabh Dave almost 6 years ago
I've tried that -
$ sudo systemctl restart openvpn@sepia [sudo] password for rishabh: Failed to restart openvpn@sepia.service: Unit openvpn@sepia.service not found.
Updated by David Galloway almost 6 years ago
Can you run tree in your /etc/openvpn dir please?
Updated by David Galloway almost 6 years ago
There's also a Troubleshooting section under the Linux instructions on the wiki that may help.
Updated by Rishabh Dave almost 6 years ago
- File ceph-sepia-issue ceph-sepia-issue added
$ tree /etc/openvpn/
/etc/openvpn/
├── client [error opening dir]
├── sepia
│ ├── ca.crt
│ ├── client.conf
│ ├── client.conf.bak
│ ├── new-client
│ ├── secret
│ └── tlsauth
├── sepia.conf -> sepia/client.conf
├── sepia-vpn-client.tar.gz
└── server [error opening dir]
3 directories, 8 files
Oddly, right now, I can ssh but only if the troubleshoot command1 is simultaneously running on a different terminal.
Also, I get an error while running "sudo systemctl restart openvpn-client@sepia.service". I have copied it's output as well as of "journalctl -xe" and "sudo systemctl status openvpn-client@sepia.service" in the attached file.
[1] Command menitoned in the troubleshoot section of sepia's wiki openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5
Updated by David Galloway almost 6 years ago
Okay, so if you can SSH with the troubleshooting command running, that means the config is fine. What OS and OpenVPN version are you running?
I apparently need to update my docs for whatever setup you have.
Can you run this and `cat` any files it finds?
find /etc/systemd -name '*openvpn*'
Updated by Rishabh Dave almost 6 years ago
I am using Fedora 27 and OpenVPN version 2.4.6.
Following is the output for openvpn --version (since it mention "compile time defines" I thought it might be usefukl) -
$ openvpn --version OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018 library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08 Originally developed by James Yonan Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
And output for the command you requested -
$ find /etc/systemd -name '*openvpn*' /etc/systemd/system/multi-user.target.wants/openvpn-client@.service $ cat /etc/systemd/system/multi-user.target.wants/openvpn-client@.service [Unit] Description=OpenVPN tunnel for %I After=syslog.target network-online.target Wants=network-online.target Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/client ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true KillMode=process [Install] WantedBy=multi-user.target
Updated by David Galloway almost 6 years ago
Ah, I think it's the WorkingDirectory=/etc/openvpn/client line that's the issue.
The easiest thing is probably to sudo mv /etc/openvpn/sepia* /etc/openvpn/client/ then try restarting openvpn-client@sepia.service
Updated by David Galloway almost 6 years ago
- Status changed from 4 to Resolved
I see you're connected to the VPN now. I'm assuming the systemd unit file was to blame here. I updated the wiki: https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#linux