Project

General

Profile

Support #37709

Sepia Lab Access Request

Added by Sebastian Wagner almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
User access
Target version:
-
% Done:

0%

Tags:
Reviewed:
Affected Versions:

Description

1) Do you just need VPN access or will you also be running teuthology jobs?

I'm going to need access to Teuthology and to the lab's k8s cluster.

2) Desired Username:

swagner

3) Alternate e-mail address(es) we can reach you at:

4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?

https://github.com/ceph/ceph/commit/e0eb2dbd98d930eb0bd5b29b051f3639fc805c40#diff-5e08bfe65cc656745656d8042a5fd8b8

If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):

4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.

4b) Paste a link to an accepted pull request for a major patch or feature.

4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.

5) Paste your SSH public key(s) between the pre tags

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDh9bzZJulXGES+l9Xh6Aq15RZ8uQCGuDNhlNQtDblE1ISKJ/DqGYXp6wUW54+oVNA7eZiXz+fi3mq5pPEtZZOfd3ixEDzDJ4E3cVXoDZCqeWEmea6KvybeY10YxvB56TEI8U2KKAd56PRl20klXpLCjzXNqG7n0aXFcpCMbXDu369VX6lOk24K/7++7Wc5SttcvVu19sT2kqzsB/S1Y5cxiE6RM6wVtqBoksp/kRCIA16ruNwx3GUabDfbEoUGXlkkUP7+TZgAbHtBsYy6mCQhwi0S2+WG+HhHDUPjHhV+MdN9ffibCtOEGo52itVLVky09VeBocuA6H22JDGXPBgjcgf2NsZIqcKqGHhUkXmH92fhRSFOBLKHstrBq8jWRP/mNrgj8cQksDsakQYQbDg5dyabp+M0/iL2Q3YVq7erZI8aZMA7ZF3WgoQNYZg5E7oejM8URIlFP3x1ne2ClRC9a74phSCxeU/NVamGN3G3dImzEXGOSNyRggHJ4jGrIGc7tLPCzmI5OkomcB5OxReqf0r1TNXuUAqw8M4EoWt+0xoAmH5zVlUHf+psUCJIEV/4pbgtoJiSNq+LVY4jyDEFbvTAL7MqyXorMV7Tqlj+/3d7RXfhW9lR/SHb1Z3jcHvz4ZzYMzKWeJEjz+Y0NwIdFDhcPmUOYtEDmuRRrgYiSQ== sebstian.wagner@it-novum.com

6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)

swagner@ubuntu HKUxZQFMdbrCq3VhYt+jDQ d0ad7e9f21a90d2c51fee2ef5e87ce9b13b13c2fa81dbaf3361c827ebb9b045a

History

#1 Updated by Sage Weil over 1 year ago

+1

#2 Updated by David Galloway over 1 year ago

  • Status changed from New to 4
  • Assignee set to David Galloway

Hi Sebastian,

You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh swagner@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.

Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config

Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html

Thanks.

#3 Updated by Sebastian Wagner over 1 year ago

Getting AUTH_FAILED :-( :

$ sudo openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5
Tue Jan  8 10:57:00 2019 us=17092 WARNING: file 'sepia/tlsauth' is group or others accessible
Tue Jan  8 10:57:00 2019 us=17146 Current Parameter Settings:
Tue Jan  8 10:57:00 2019 us=17156   config = '/etc/openvpn/sepia.conf'
Tue Jan  8 10:57:00 2019 us=17163   mode = 0
Tue Jan  8 10:57:00 2019 us=17170   persist_config = DISABLED
Tue Jan  8 10:57:00 2019 us=17177   persist_mode = 1
Tue Jan  8 10:57:00 2019 us=17184   show_ciphers = DISABLED
Tue Jan  8 10:57:00 2019 us=17191   show_digests = DISABLED
Tue Jan  8 10:57:00 2019 us=17198   show_engines = DISABLED
Tue Jan  8 10:57:00 2019 us=17204   genkey = DISABLED
Tue Jan  8 10:57:00 2019 us=17211   key_pass_file = '[UNDEF]'
Tue Jan  8 10:57:00 2019 us=17218 NOTE: --mute triggered...
Tue Jan  8 10:57:00 2019 us=17232 270 variation(s) on previous 10 message(s) suppressed by --mute
Tue Jan  8 10:57:00 2019 us=17240 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Tue Jan  8 10:57:00 2019 us=17255 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Jan  8 10:57:00 2019 us=17962 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  8 10:57:00 2019 us=17990 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  8 10:57:00 2019 us=18000 LZO compression initializing
Tue Jan  8 10:57:00 2019 us=18156 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Jan  8 10:57:00 2019 us=20901 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Tue Jan  8 10:57:00 2019 us=20983 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Jan  8 10:57:00 2019 us=20992 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Jan  8 10:57:00 2019 us=21451 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
Tue Jan  8 10:57:00 2019 us=21488 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jan  8 10:57:00 2019 us=21496 UDP link local: (not bound)
Tue Jan  8 10:57:00 2019 us=21503 UDP link remote: [AF_INET]8.43.84.129:1194
Tue Jan  8 10:57:00 2019 us=21509 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
WRTue Jan  8 10:57:00 2019 us=130075 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=fac62b30 04c0e8c4
WTue Jan  8 10:57:00 2019 us=130154 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRTue Jan  8 10:57:00 2019 us=253457 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
Tue Jan  8 10:57:00 2019 us=253709 VERIFY KU OK
Tue Jan  8 10:57:00 2019 us=253722 Validating certificate extended key usage
Tue Jan  8 10:57:00 2019 us=253731 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jan  8 10:57:00 2019 us=253739 VERIFY EKU OK
Tue Jan  8 10:57:00 2019 us=253746 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WRWRWRWTue Jan  8 10:57:01 2019 us=564322 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
Tue Jan  8 10:57:01 2019 us=564359 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Tue Jan  8 10:57:02 2019 us=812650 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRRTue Jan  8 10:57:02 2019 us=924107 AUTH: Received control message: AUTH_FAILED
Tue Jan  8 10:57:02 2019 us=924230 TCP/UDP: Closing socket
Tue Jan  8 10:57:02 2019 us=924256 SIGTERM[soft,auth-failure] received, process exiting

#4 Updated by David Galloway over 1 year ago

Do you still have the terminal open where you ran new-client? If so, can you make sure the string provided is the same?

If not, no problem. Just run the script again and paste the new credential.

#5 Updated by Sebastian Wagner over 1 year ago

ok. new new-client is here:

swagner@ubuntu 64V1h0Se0FmBQNH7KLibbQ ad7c91e9e2f7f3999492d5e41fbbc993327d37929bd09606227367d75e5556ba

#6 Updated by David Galloway over 1 year ago

OK, try now?

#7 Updated by Sebastian Wagner over 1 year ago

I just manually verified the username, password, secret file location, the hash and the openvpn config: Everything is in order. And I'm still getting AUTH: Received control message: AUTH_FAILED :-(

#8 Updated by David Galloway over 1 year ago

  • Status changed from 4 to Resolved

I forgot to remove the old credential from the users file. Sebastian confirmed via IRC the new one is working.

Also available in: Atom PDF