Support #49544
closedSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
Will also be running teuthology jobs
2) Desired Username: amathuri
3) Alternate e-mail address(es) we can reach you at: amathuri@redhat.com
mathuria@bu.edu
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
Josh Durgin
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ3ch+pU88/tX5TVVFl/1pPief8drYLRkK4BtfJk+xVNxX9qkDtOtiLAU+OugYF1/xk9hE9zTbm3UBL23unrzhlR80t8f2FiF1YFhHVzeZ/p/OunmkU0RFQzkMVuwKVOUNulw9FwpEZ/0Bjfxvaims0SBWaCzBgE5g0R+Ofdq/bVF82K8vU5Laa3KZ/cCdGzFgW00cBvPAKIpQ93g8TRqsCsFvR37nY9v5SU1hJ9araEp6LRA86tUt3EFtxD2tRcmqKGtCb0kOr+rRXWVGiaUBiedHxFudIy0+TNj4fNrJwpoC0hcBO9ek4Bh6hM7Zqzum9HpkPGlz84jkm+r+xMThaZCh8iFkgxyK+bw8B8smaVJD04ob9Wb4RYoFYfQ7TEkPkO9gr+UsSesbP9fWfucemUqwK0htOOtpc1YRwdOPcdPJWAfx9J5+YVL8BTWYBaTdmHslOKeUGM5fCob6QxC6Er9xweys9jh7MXttSpe013bY7P4ZDRF8uWvygpsytPE= amathuri@redhat.com
6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
amathuri@thinkpad 5H//Tz6a0uBQDJiYlp9bIA 5ad4213c5f177c9d3586e58770208dd3e18f57d78f12d5d1a9dfa541d5c5c957
Updated by adam kraitman about 3 years ago
- Status changed from New to In Progress
- Assignee set to adam kraitman
Hey Aishwarya, Are these new/additional or replacement credentials ?
Thanks,
Adam
Updated by Aishwarya Mathuria about 3 years ago
adam kraitman wrote:
Hey Aishwarya, Are these new/additional or replacement credentials ?
Thanks,
Adam
Hey Adam, these are new credentials because I have received a new laptop.
Regards,
Aishwarya
Updated by adam kraitman about 3 years ago
Hi Aishwarya Mathuria,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh amathuri@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks
Updated by Aishwarya Mathuria about 3 years ago
adam kraitman wrote:
Hi Aishwarya Mathuria,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh amathuri@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_configMost developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks
Hi Adam,
I am able to connect to the VPN however ssh into teuthology is not working. I have followed the steps in the ssh config page you have mentioned as well.
Should I wait for sometime and try again?
Thanks
Updated by adam kraitman about 3 years ago
Which error you see when you try to ssh ?
And also paste the output of:
sudo systemctl status openvpn@sepia
sudo systemctl status openvpn-client@sepia
Updated by Aishwarya Mathuria about 3 years ago
adam kraitman wrote:
Which error you see when you try to ssh ?
And also paste the output of:
sudo systemctl status openvpn@sepia
sudo systemctl status openvpn-client@sepia
The connection just times out.
Output:
[amathuri@localhost ~]$ sudo systemctl status openvpn-client@sepia
● openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Fri 2021-03-05 16:38:05 IST; 2 days ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 125551 (code=exited, status=0/SUCCESS)
Status: "Pre-connection initialization successful"
CPU: 24ms
Mar 05 16:38:02 localhost.localdomain openvpn125551: VERIFY KU OK
Mar 05 16:38:02 localhost.localdomain openvpn125551: Validating certificate extended key usage
Mar 05 16:38:02 localhost.localdomain openvpn125551: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 05 16:38:02 localhost.localdomain openvpn125551: VERIFY EKU OK
Mar 05 16:38:02 localhost.localdomain openvpn125551: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
Mar 05 16:38:04 localhost.localdomain openvpn125551: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
Mar 05 16:38:04 localhost.localdomain openvpn125551: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Mar 05 16:38:05 localhost.localdomain openvpn125551: AUTH: Received control message: AUTH_FAILED
Mar 05 16:38:05 localhost.localdomain openvpn125551: SIGTERM[soft,auth-failure] received, process exiting
Mar 05 16:38:05 localhost.localdomain systemd1: openvpn-client@sepia.service: Succeeded.
Updated by adam kraitman about 3 years ago
Hey Aishwarya,
If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.
Updated by Aishwarya Mathuria about 3 years ago
adam kraitman wrote:
Hey Aishwarya,
If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.
Hey Adam,
The VPN credentials I have mentioned here were obtained from running the command on the new laptop. Should I still re-run it?
Updated by Aishwarya Mathuria about 3 years ago
Aishwarya Mathuria wrote:
adam kraitman wrote:
Hey Aishwarya,
If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.Hey Adam,
The VPN credentials I have mentioned here were obtained from running the command on the new laptop. Should I still re-run it?
Hey Adam,
I restarted the service and here is the output of systemctl status openvpn-client@sepia:
sudo systemctl status openvpn-client@sepia
● openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-03-08 18:33:22 IST; 3s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 181925 (openvpn)
Status: "Pre-connection initialization successful"
Tasks: 1 (limit: 38188)
Memory: 2.3M
CPU: 18ms
CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@sepia.service
└─181925 /usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.confMar 08 18:33:23 localhost.localdomain openvpn181925: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mar 08 18:33:23 localhost.localdomain openvpn181925: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY KU OK
Mar 08 18:33:23 localhost.localdomain openvpn181925: Validating certificate extended key usage
Mar 08 18:33:23 localhost.localdomain openvpn181925: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY EKU OK
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
Mar 08 18:33:25 localhost.localdomain openvpn181925: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
Mar 08 18:33:25 localhost.localdomain openvpn181925: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Updated by Aishwarya Mathuria about 3 years ago
Aishwarya Mathuria wrote:
Aishwarya Mathuria wrote:
adam kraitman wrote:
Hey Aishwarya,
If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.Hey Adam,
The VPN credentials I have mentioned here were obtained from running the command on the new laptop. Should I still re-run it?Hey Adam,
I restarted the service and here is the output of systemctl status openvpn-client@sepia:
sudo systemctl status openvpn-client@sepia
● openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-03-08 18:33:22 IST; 3s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 181925 (openvpn)
Status: "Pre-connection initialization successful"
Tasks: 1 (limit: 38188)
Memory: 2.3M
CPU: 18ms
CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@sepia.service
└─181925 /usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.confMar 08 18:33:23 localhost.localdomain openvpn181925: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mar 08 18:33:23 localhost.localdomain openvpn181925: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY KU OK
Mar 08 18:33:23 localhost.localdomain openvpn181925: Validating certificate extended key usage
Mar 08 18:33:23 localhost.localdomain openvpn181925: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY EKU OK
Mar 08 18:33:23 localhost.localdomain openvpn181925: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
Mar 08 18:33:25 localhost.localdomain openvpn181925: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
Mar 08 18:33:25 localhost.localdomain openvpn181925: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Once I run the systemctl enable openvpn-client@sepia command and then check the status I get the output I had pasted before.
In case this helps.
Updated by adam kraitman about 3 years ago
From looking at the gateway logs it seems that you are using the wrong hashed VPN credentials
openvpn: ERROR:auth-openvpn:auth-openvpn: invalid auth for user 'amathuri@thinkpad'
please re-run the new-client script and send the new string
Updated by Aishwarya Mathuria about 3 years ago
adam kraitman wrote:
From looking at the gateway logs it seems that you are using the wrong hashed VPN credentials
openvpn: ERROR:auth-openvpn:auth-openvpn: invalid auth for user 'amathuri@thinkpad'please re-run the new-client script and send the new string
I have re-run the new-client script and the following are the VPN credentials:
amathuri@lenovothinkpad MhlrEG4X+iKq2d2GxwMbmA 812cfea500340140144ecb27f7851b86d8daff658f173189fceec8e61b59cbf2
Updated by Aishwarya Mathuria about 3 years ago
Aishwarya Mathuria wrote:
adam kraitman wrote:
From looking at the gateway logs it seems that you are using the wrong hashed VPN credentials
openvpn: ERROR:auth-openvpn:auth-openvpn: invalid auth for user 'amathuri@thinkpad'please re-run the new-client script and send the new string
I have re-run the new-client script and the following are the VPN credentials:
amathuri@lenovothinkpad MhlrEG4X+iKq2d2GxwMbmA 812cfea500340140144ecb27f7851b86d8daff658f173189fceec8e61b59cbf2
Hi Adam,
ssh is working now. Thank you!
Regards,
Aishwarya
Updated by adam kraitman almost 3 years ago
- Status changed from In Progress to Resolved