Project

General

Profile

Support #57930

Sepia Lab Access Request

Added by Yingxin Cheng 3 months ago. Updated about 1 month ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
User access
Target version:
-
% Done:

0%

Tags:
Reviewed:
Affected Versions:

Description

1) Do you just need VPN access or will you also be running teuthology jobs?
I will also be running teuthology jobs.

2) Desired Username:
yingxin

3) Alternate e-mail address(es) we can reach you at:

4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
I already have an established history of code contributions to Ceph.

5) Paste your SSH public key(s) between the pre tags

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDsEWNSRhmmMyzq0I5DlHR4tQzDHRBevnLSQCIbfP20lCLV3Uj/jfwipIYpG4zlAid9xTbPIHKpNExUvD9an9JOoVx/9JYY/Hv7XmJ2K5MULMrfxji/xrWUJMfVu2fLbypZV/ZwgfI/BWNltgA0gvorAcgz2Sd8dYonjyx0z1xsUEcvHVUPTkEkHEFTs2m+ZZiqEOHcDZL5NYgQAbGHvh0XiHC5iKJWW8vd+OIAJBeP5RVoKRJ2zCcCgvd3fs77w116bUTmDyRA13+3kC9f9jKuD7d44Y7mOdBtZ2nRbv688elKiQK3xh2I7/fxTK+8GE8eF6yqxYAQhFEB0Ia/wuE4KBnH/QxgFjZly3NTLzU+a5suC3XOZy7U/euBo/6v7dWOJX++jR3c4kQWB8o3vJTroDrVsff1q8jSL6nM/dBIkCsrZLL4+QAXzP64fghjz88zjlhmHC5vBR4+zLAIxGoLdHlnQDLQzkio+6ojfWXw3nTxXv2qCqrC6sMqduQ079E= cyx@otccldstore02

6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)

yingxin@otccldstore02 3oMD2hcKjYqChgB8mTyg3w 90efcd0365c5cebeb7910f00b232199746f06d3231b4e22d65d846ffd8f457ca

History

#1 Updated by adam kraitman 3 months ago

  • Category set to User access
  • Status changed from New to In Progress
  • Assignee set to adam kraitman

#2 Updated by adam kraitman 3 months ago

Hey Yingxin Cheng,

You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh using the private key matching the pubkey you provided.

Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config

Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html

If you plan on scheduling tests, one of the options you'll need to set with teuthology-suite is -p, --priority. Please refrain from using a priority lower than 101 (lower number = higher priority). When a high priority is used, it locks up too many testnodes at once and prevents other developers from testing changes.

Thanks.

#3 Updated by Yingxin Cheng about 2 months ago

Thanks! I'm still trying to find out a way to access the VPN behind proxy.

According to the OpenVPN documentation, there are two ways to connect through a proxy: http-proxy and socks-proxy.

It seems wrong to use http-proxy because it requires proto tcp, but the VPN server only supports udp from the error log:

  • without proxy, baseline:
    SIGUSR1[soft,tls-error] received, process restarting
    TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
    UDP link local: (not bound)
    UDP link remote: [AF_INET]8.43.84.129:1194
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    
  • with http-proxy:
    SIGUSR1[soft,tls-error] received, process restarting
    TCP/UDP: Preserving recently used remote address: [AF_INET] <http-proxy>
    Attempting to establish TCP connection with [AF_INET] <http-proxy> [nonblock]
    TCP connection established with [AF_INET] <http-proxy>
    Send to HTTP proxy: 'CONNECT vpn.sepia.ceph.com:1194 HTTP/1.0'
    Send to HTTP proxy: 'Host: vpn.sepia.ceph.com'
    HTTP proxy returned: 'HTTP/1.1 503 Service Unavailable'
    HTTP proxy returned bad status
    

I’m also not able to use socks-proxy with the following error logs.

  • with socks-proxy:
    SIGUSR1[soft,tls-error] received, process restarting
    TCP/UDP: Preserving recently used remote address: [AF_INET] <socks-proxy>
    Attempting to establish TCP connection with [AF_INET] <socks-proxy> [nonblock]
    TCP connection established with [AF_INET] <socks-proxy>
    UDP link local: (not bound)
    UDP link remote: [AF_INET]8.43.84.129:1194
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    

Both proxies are working properly because “telnet 8.43.84.129 1194” is successful with tcp. But “nmap -sU -p 1194 8.43.84.129” is always failed with udp.

#4 Updated by adam kraitman about 1 month ago

You must use a proxy? maybe let's configure it without a proxy first and later you can add a proxy

Also available in: Atom PDF