Support #37709
closedSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
I'm going to need access to Teuthology and to the lab's k8s cluster.
2) Desired Username:
swagner
3) Alternate e-mail address(es) we can reach you at:
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre
tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDh9bzZJulXGES+l9Xh6Aq15RZ8uQCGuDNhlNQtDblE1ISKJ/DqGYXp6wUW54+oVNA7eZiXz+fi3mq5pPEtZZOfd3ixEDzDJ4E3cVXoDZCqeWEmea6KvybeY10YxvB56TEI8U2KKAd56PRl20klXpLCjzXNqG7n0aXFcpCMbXDu369VX6lOk24K/7++7Wc5SttcvVu19sT2kqzsB/S1Y5cxiE6RM6wVtqBoksp/kRCIA16ruNwx3GUabDfbEoUGXlkkUP7+TZgAbHtBsYy6mCQhwi0S2+WG+HhHDUPjHhV+MdN9ffibCtOEGo52itVLVky09VeBocuA6H22JDGXPBgjcgf2NsZIqcKqGHhUkXmH92fhRSFOBLKHstrBq8jWRP/mNrgj8cQksDsakQYQbDg5dyabp+M0/iL2Q3YVq7erZI8aZMA7ZF3WgoQNYZg5E7oejM8URIlFP3x1ne2ClRC9a74phSCxeU/NVamGN3G3dImzEXGOSNyRggHJ4jGrIGc7tLPCzmI5OkomcB5OxReqf0r1TNXuUAqw8M4EoWt+0xoAmH5zVlUHf+psUCJIEV/4pbgtoJiSNq+LVY4jyDEFbvTAL7MqyXorMV7Tqlj+/3d7RXfhW9lR/SHb1Z3jcHvz4ZzYMzKWeJEjz+Y0NwIdFDhcPmUOYtEDmuRRrgYiSQ== sebstian.wagner@it-novum.com
6) Paste your hashed VPN credentials between the pre
tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword
)
swagner@ubuntu HKUxZQFMdbrCq3VhYt+jDQ d0ad7e9f21a90d2c51fee2ef5e87ce9b13b13c2fa81dbaf3361c827ebb9b045a
Updated by David Galloway over 5 years ago
- Status changed from New to 4
- Assignee set to David Galloway
Hi Sebastian,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh swagner@teuthology.front.sepia.ceph.com
using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Sebastian Wagner over 5 years ago
Getting AUTH_FAILED :-( :
$ sudo openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 Tue Jan 8 10:57:00 2019 us=17092 WARNING: file 'sepia/tlsauth' is group or others accessible Tue Jan 8 10:57:00 2019 us=17146 Current Parameter Settings: Tue Jan 8 10:57:00 2019 us=17156 config = '/etc/openvpn/sepia.conf' Tue Jan 8 10:57:00 2019 us=17163 mode = 0 Tue Jan 8 10:57:00 2019 us=17170 persist_config = DISABLED Tue Jan 8 10:57:00 2019 us=17177 persist_mode = 1 Tue Jan 8 10:57:00 2019 us=17184 show_ciphers = DISABLED Tue Jan 8 10:57:00 2019 us=17191 show_digests = DISABLED Tue Jan 8 10:57:00 2019 us=17198 show_engines = DISABLED Tue Jan 8 10:57:00 2019 us=17204 genkey = DISABLED Tue Jan 8 10:57:00 2019 us=17211 key_pass_file = '[UNDEF]' Tue Jan 8 10:57:00 2019 us=17218 NOTE: --mute triggered... Tue Jan 8 10:57:00 2019 us=17232 270 variation(s) on previous 10 message(s) suppressed by --mute Tue Jan 8 10:57:00 2019 us=17240 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018 Tue Jan 8 10:57:00 2019 us=17255 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 Tue Jan 8 10:57:00 2019 us=17962 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 8 10:57:00 2019 us=17990 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jan 8 10:57:00 2019 us=18000 LZO compression initializing Tue Jan 8 10:57:00 2019 us=18156 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] Tue Jan 8 10:57:00 2019 us=20901 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Tue Jan 8 10:57:00 2019 us=20983 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' Tue Jan 8 10:57:00 2019 us=20992 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' Tue Jan 8 10:57:00 2019 us=21451 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194 Tue Jan 8 10:57:00 2019 us=21488 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Jan 8 10:57:00 2019 us=21496 UDP link local: (not bound) Tue Jan 8 10:57:00 2019 us=21503 UDP link remote: [AF_INET]8.43.84.129:1194 Tue Jan 8 10:57:00 2019 us=21509 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay WRTue Jan 8 10:57:00 2019 us=130075 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=fac62b30 04c0e8c4 WTue Jan 8 10:57:00 2019 us=130154 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this WRTue Jan 8 10:57:00 2019 us=253457 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia Tue Jan 8 10:57:00 2019 us=253709 VERIFY KU OK Tue Jan 8 10:57:00 2019 us=253722 Validating certificate extended key usage Tue Jan 8 10:57:00 2019 us=253731 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Jan 8 10:57:00 2019 us=253739 VERIFY EKU OK Tue Jan 8 10:57:00 2019 us=253746 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia WRWRWRWTue Jan 8 10:57:01 2019 us=564322 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA Tue Jan 8 10:57:01 2019 us=564359 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Tue Jan 8 10:57:02 2019 us=812650 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1) WRRTue Jan 8 10:57:02 2019 us=924107 AUTH: Received control message: AUTH_FAILED Tue Jan 8 10:57:02 2019 us=924230 TCP/UDP: Closing socket Tue Jan 8 10:57:02 2019 us=924256 SIGTERM[soft,auth-failure] received, process exiting
Updated by David Galloway over 5 years ago
Do you still have the terminal open where you ran new-client
? If so, can you make sure the string provided is the same?
If not, no problem. Just run the script again and paste the new credential.
Updated by Sebastian Wagner over 5 years ago
ok. new new-client is here:
swagner@ubuntu 64V1h0Se0FmBQNH7KLibbQ ad7c91e9e2f7f3999492d5e41fbbc993327d37929bd09606227367d75e5556ba
Updated by Sebastian Wagner over 5 years ago
I just manually verified the username, password, secret file location, the hash and the openvpn config: Everything is in order. And I'm still getting AUTH: Received control message: AUTH_FAILED
:-(
Updated by David Galloway over 5 years ago
- Status changed from 4 to Resolved
I forgot to remove the old credential from the users file. Sebastian confirmed via IRC the new one is working.