Support #64967
openSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
I need VPN access and will also be running teuthology jobs.
2) Desired Username:
soumyakoduri
3) Alternate e-mail address(es) we can reach you at:
skoduri@redhat.com
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
https://github.com/ceph/ceph/pull/35100
https://github.com/ceph/ceph/pull/31454
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuGyEOD+7nmCuGh6N+nqBnhZEWqGDjjjYRiYv5lPKVLg+p2hTlgxCAXCqo4ylI7B+9R8F4Bx4T93SzYmuoirPT12anrkvrPQ56tRnB/86Fu6AGfKBhv6ttkuO//ET9+sot7WvMXdxFN+tytT0C+SGQP4JDESiQ7OuHnXsNraFnVo3mWNP8NI56Dlof+c0zKToK1iB9+ph7hgHgEJg803F3c0TEeBiv9tTeDrfFl9R3GQcVhayf5D7qRAPEN3ftLm9Bt2TJeNp/grOAqGjLlc+8Xg/2CxgBy/SAPbWaUUDhjuBfrVdEPqGwTFitfDwE9DsF8n3GN8oZr1WuHRR8amJSHUJ0r9QTNs/Pa4Y7ufPFZEGFffAT+/mzuAzIOcj7MSVk4/7jhXPtPstWRrQFBIW45YFngPddAYdrCV2LIBrQX6y4+9fozGuLFcn2vbF2FrA4cA/hzGaljcyucg7/PSiW0ChX48+pd1XCR9d07zfWkhfRk1t0KU1dDRnLVnurVRU= skoduri@li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com
6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
skoduri@localhost nFLji2lSZ4l4lD+ElGRU5Q 6fb271a147b3f0194a8f10dd7379bfb1e4bfad7ee45f400b0035e0b6a898cae7
Updated by adam kraitman about 1 month ago
- Category set to User access
- Status changed from New to In Progress
- Assignee set to adam kraitman
Updated by adam kraitman 24 days ago
Hey soumyakoduri, Are these new/additional or replacement credentials?
Updated by Soumya Koduri 24 days ago
adam kraitman wrote:
Hey soumyakoduri, Are these new/additional or replacement credentials?
Hi Adam,
These are additional credentials.
Updated by adam kraitman 23 days ago
Hey Soumya Koduri,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh soumyakoduri@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
If you plan on scheduling tests, one of the options you'll need to set with teuthology-suite is -p, --priority. Please refrain from using a priority lower than 101 (lower number = higher priority). When a high priority is used, it locks up too many testnodes at once and prevents other developers from testing changes.
Thanks.
Updated by Soumya Koduri 23 days ago
Hi Adam,
I still get AUTH_FAILED error.
skoduri:~$ systemctl status openvpn-client@sepia.service
○ openvpn-client@sepia.service - OpenVPN tunnel for sepia
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: inactive (dead) since Fri 2024-04-05 19:12:48 IST; 29min ago
Duration: 3.832s
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 17115 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.conf (code=exited, status=0/SUCCESS)
Main PID: 17115 (code=exited, status=0/SUCCESS)
Status: "Pre-connection initialization successful"
CPU: 30ms
Apr 05 19:12:46 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 05 19:12:46 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
Apr 05 19:12:46 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: VERIFY KU OK
Apr 05 19:12:46 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: Validating certificate extended key usage
Apr 05 19:12:46 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: NOTE: --mute triggered...
Apr 05 19:12:47 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: 4 variation(s) on previous 10 message(s) suppressed by --mute
Apr 05 19:12:47 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Apr 05 19:12:48 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: AUTH: Received control message: AUTH_FAILED
Apr 05 19:12:48 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com openvpn17115: SIGTERM[soft,auth-failure] received, process exiting
Apr 05 19:12:48 li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com systemd1: openvpn-client@sepia.service: Deactivated successfully.
Even unable to connect to sepia VPN. I followed instructions outlined in https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access. But it keeps throwing password prompt saying invalid (I copied from second line of /etc/openvpn/client/sepia/secret file as mentioned in the wiki.
Please let me know how I can troubleshoot this error.
Updated by adam kraitman 17 days ago
Hey If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.
Updated by Soumya Koduri 16 days ago
adam kraitman wrote in #note-6:
Hey If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it and still have the output, we'll need the new string it printed. If you don't have the output, please re-run it again and send the new string.
I hadn't re-run new-client script. But anyways to start afresh I ran it again now with the actual hostname set on my laptop -
skoduri@li-1542d04c-27dd-11b2-a85c-e8459f08bc94.ibm.com r+FHs1JrSRsu8eEX60Zcrw fb70b70df927608fdd585fd65672986aac2e9c8588f4f6ea42766ac268717be7
<<<<
please let me know once access is granted.
Updated by Soumya Koduri 9 days ago
Hi Adam,
Please update if these new creds have been granted access. Thanks!