Support #43518
closedSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
VPN access
2) Desired Username:
xiubli
3) Alternate e-mail address(es) we can reach you at:
xiubli@redhat.com
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzVa77kg0qGGE3IpMZgSYJ+UwQiDEOg3Lji470V/sQ/R7g6/v7FZpaYqGn1wG3XeUp2gGACxNKLQfGV9EGU66NvfQYqn9A8dXRpTpZuGWN8EcKK98YrSAq0s0WzeiEzVT86RHzVHIqL6/Zn4B1p9sIeY9Hb+bfKOdtYkRBDoFELtiMRzHPFaiIJFnXl+EhH8wceYqXVNNvCuOUBMnOiDYLDtujvYdPt+ff7rvXuOzbwcAKoINFM1C4FtoUEYriKlsxJ2rr7AblfDm/WIrCZcqRBU4JcudtvZOtHhvN4uL6WgzuzuhIQFyePAeIHFUn6AiwKC/MApq7z1Qj+N3pN/Nz root@fedora1
6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
xiubli@fedora1 RYbu6kdXmsBtrtAkph0lIg b4a266ab604d320ab175070a427f4ce486f65cde25c5ac248e8316e3fd2f2435
Updated by adam kraitman over 4 years ago
- Status changed from New to In Progress
- Priority changed from High to Normal
Updated by adam kraitman over 4 years ago
- Category set to User access
- Assignee set to adam kraitman
Updated by adam kraitman over 4 years ago
Hi Xiubo Li,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh xiubli@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Xiubo Li over 4 years ago
Hi adam kraitman
Thanks very much.
I tried to ssh, but it refused:
# ssh xiubli@teuthology.front.sepia.ceph.com
ssh: connect to host teuthology.front.sepia.ceph.com port 22: Connection refused
Have followed those docs and will check it more later.
BRs
Updated by adam kraitman over 4 years ago
Hey Xiubo Li,
Can you please paste the output of:
systemctl status openvpn-client@sepia.service
or
systemctl status openvpn@sepia
Thanks
Updated by Xiubo Li about 4 years ago
Hi adam,
Sorry for late due the in holiday. After I run the ssh command the service get stopped.
# systemctl status openvpn-client@sepia.service
● openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-02-05 03:25:22 EST; 1s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 31637 (openvpn)
Status: "Pre-connection initialization successful"
Tasks: 1 (limit: 8292)
Memory: 2.7M
CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@sepia.service
└─31637 /usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.conf
Feb 05 03:25:22 fedora1 openvpn[31637]: WARNING: file 'sepia/tlsauth' is group or others accessible
Feb 05 03:25:22 fedora1 openvpn[31637]: OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2019
Feb 05 03:25:22 fedora1 openvpn[31637]: library versions: OpenSSL 1.1.1d FIPS 10 Sep 2019, LZO 2.08
Feb 05 03:25:22 fedora1 systemd[1]: Started OpenVPN tunnel for sepia.
Feb 05 03:25:22 fedora1 openvpn[31637]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 05 03:25:22 fedora1 openvpn[31637]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 05 03:25:24 fedora1 openvpn[31637]: TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
Feb 05 03:25:24 fedora1 openvpn[31637]: UDP link local: (not bound)
Feb 05 03:25:24 fedora1 openvpn[31637]: UDP link remote: [AF_INET]8.43.84.129:1194
Feb 05 03:25:24 fedora1 openvpn[31637]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
# ssh xiubli@teuthology.front.sepia.ceph.com
ssh: connect to host teuthology.front.sepia.ceph.com port 22: Connection refused
# systemctl status openvpn-client@sepia.service
● openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Wed 2020-02-05 03:25:59 EST; 40s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 31637 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.conf (code=exited, status=0/SUCCESS)
Main PID: 31637 (code=exited, status=0/SUCCESS)
Status: "Pre-connection initialization successful"
Feb 05 03:25:27 fedora1 openvpn[31637]: VERIFY KU OK
Feb 05 03:25:27 fedora1 openvpn[31637]: Validating certificate extended key usage
Feb 05 03:25:27 fedora1 openvpn[31637]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb 05 03:25:27 fedora1 openvpn[31637]: VERIFY EKU OK
Feb 05 03:25:27 fedora1 openvpn[31637]: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
Feb 05 03:25:57 fedora1 openvpn[31637]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
Feb 05 03:25:57 fedora1 openvpn[31637]: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Feb 05 03:25:59 fedora1 openvpn[31637]: AUTH: Received control message: AUTH_FAILED
Feb 05 03:25:59 fedora1 openvpn[31637]: SIGTERM[soft,auth-failure] received, process exiting
Feb 05 03:25:59 fedora1 systemd[1]: openvpn-client@sepia.service: Succeeded.
Thanks.
Updated by adam kraitman about 4 years ago
Hi Xiubo Li, I suspect it's related to authentication from the output, are you using your password + OTP to authenticate ?
Thanks
Updated by Xiubo Li about 4 years ago
adam kraitman wrote:
Hi Xiubo Li, I suspect it's related to authentication from the output, are you using your password + OTP to authenticate ?
Hi adam
I'm using my RH password + OTP on my machine. There running some fedora VMs and I'm trying this on one VM. I have tried to disconnect the RH VPN on the machine beforehand, but still couldn't work.
Thanks,
Updated by adam kraitman about 4 years ago
Hi Xiubo Li,
I suspect that maybe you ran the new-client script twice by accident
I would ask you to please run:
rm -rf /etc/openvpn/*sepia* /etc/openvpn-client/*sepia*
And do the process again https://wiki.sepia.ceph.com/doku.php?id=vpnaccess
then paste your new hashed VPN credentials
Thanks
Updated by Xiubo Li about 4 years ago
Hi adam
The new one:
xiubli@fedora1 vosB15bA3uALkBrmjcKFUg 4ef5cb132c30563fd5fb9e4e9352786ad0d2258e41ed63f91c1f65f69b54d50d
Thanks.
Updated by adam kraitman about 4 years ago
Please try now, You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh xiubli@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Xiubo Li about 4 years ago
Hi adam
It works now, thanks very much.
BRs
Xiubo
Updated by adam kraitman about 4 years ago
- Status changed from In Progress to Resolved