Bug #14267
closed
ceph-post-file doesn't work
Added by Sage Weil over 8 years ago.
Updated over 7 years ago.
Description
drop.ceph.com needs to accept sftp and be able to write to the lab cluster (/ceph/post)
postfile@drop.ceph.com user exists.
i think it just needs a symlink in the home dir from post -> /ceph/post
- Category set to DC ops
- Status changed from New to In Progress
- Assignee set to David Galloway
- % Done changed from 0 to 30
A temporary solution is in place (gitbuilder-archive has VPN tunnel to the lab with long running cluster mounted) but we aim to move the service to a dedicated host as a permanent solution.
- Priority changed from Urgent to Normal
- Category changed from DC ops to Infrastructure Hardware
- Category changed from Infrastructure Hardware to Infrastructure Service
Will move to physical host with public IP and access to LRC
Filed PR to get ceph-post-file switched to RSA key. RSA pubkey has been put in authorized_keys
on gitbuilder-archive and on new drop.ceph.com VM.
https://github.com/ceph/ceph/pull/10800
Still need to get public IP assigned and DNS switched over.
- Status changed from In Progress to Resolved
Service moved to new VM with ifaces on front VLAN (drop.front.sepia.ceph.com) and WAN (drop.ceph.com).
Tested and working!
$ ./ceph-post-file.in /tmp/dgalloway-new
args: -- /tmp/dgalloway-new
./ceph-post-file.in: upload tag 1a8b5a81-5e1a-48bc-bf42-69fc236f89d0
./ceph-post-file.in: user: dgalloway@w541
./ceph-post-file.in: will upload file /tmp/dgalloway-new
sftp> mkdir post/1a8b5a81-5e1a-48bc-bf42-69fc236f89d0_dgalloway@w541_746ae882-235f-42a7-97b0-6c165fc36b38
sftp> cd post/1a8b5a81-5e1a-48bc-bf42-69fc236f89d0_dgalloway@w541_746ae882-235f-42a7-97b0-6c165fc36b38
sftp> put /tmp/tmp.vmBpn5LMIA user
sftp> put /tmp/dgalloway-new
./ceph-post-file.in: copy the upload id below to share with a dev:
ceph-post-file: 1a8b5a81-5e1a-48bc-bf42-69fc236f89d0
(tmp file deleted)
Does this need to get backported to the stable branches? When will the old keys stop working?
Ken Dreyer wrote:
Does this need to get backported to the stable branches? When will the old keys stop working?
The old key will already not work if coming from a workstation running OpenSSH 7.0+ (unless the user modifies their local ssh config).
From the server-side perspective, I have the new drop.ceph.com VM set up to allow the DSA key for auth and don't see an immediate need to disable it any time soon.
- Status changed from Resolved to Pending Backport
- Backport set to jewel
- Project changed from sepia to Ceph
- Category deleted (
Infrastructure Service)
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF