Differences

This shows you the differences between two versions of the page.

--- vpnaccess [2023/05/11 11:14]
akraitman [Linux]
+++ vpnaccess [2024/12/20 01:01] (current)
dmick [VPN Client Access]
@@ Line 3: / Line 3: @@
 To request access to the Sepia lab,
   - Generate login credentials by following directions under **VPN Client Access** below.
-  - [[http://tracker.ceph.com/projects/lab/issues/new?issue[tracker_id]=3|File a ticket]].  Select **Sepia Lab Access Request** for the Issue Template.
+  - [[http://tracker.ceph.com/projects/lab/issues/new?issue[tracker_id]=3|File a ticket]].  Select **Sepia Lab Access Request** and ***copy those questions and answer them in the ticket.***
+<code>
+) Do you just need VPN access or will you also be running teuthology jobs?
+) Desired Username:
+) Alternate e-mail address(es) we can reach you at:
+) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
+If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
+a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
+b) Paste a link to an accepted pull request for a major patch or feature.
+c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
+) Paste your SSH public key(s) between the pre tags
+) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
 For details on our particular OpenVPN server setup, see [[services:openvpn|OpenVPN]].
+</code>
 ===== VPN Client Access =====
 Follow the instructions corresponding to your workstation's operating system below.
+==== The 'secret' file ====
+The new-client script will generate a secret in a file named 'secret'.  This is your secret VPN password.  Do not share this in any way to anyone.  Do not overwrite it for any reason.  It is precious unrecoverable data, and losing it will lose your access to the VPN.
+==== The 'secret.hash' file: ====
+new-client will also generate a file named 'secret.hash', which corresponds to, but is not the same as, 'secret'.  new-client also prints out this secret.hash.  This is public information, derived from your secret, but not your secret.  This is what you put in the tracker ticket to be added to the OpenVPN server.
+==== The secrets tarball: ====
+new-client will also generate a tarball named 'secrets.YYMMDD_HHMMSS.tar.gz' (where YYMMDD_HHMMSS represents the current date and time) containing both secret and secret.hash files.  Since they go together, this will help track problems in their creation and use.
 **NOTE:** You will need VPN credentials for each machine/workstation you intend to connect to the Sepia VPN.  **Client credentials can not be used on more than one machine at a time!**
@@ Line 25: / Line 62: @@
 cd /etc/openvpn
-## filedump.ceph.com is temporarily unavailable; contact akraitma@redhat.com or dmick@redhat.com regarding this file - sepia-vpn-client.tar.gz
-wget https://filedump.ceph.com/sepia-vpn-client.tar.gz
+sudo wget https://filedump.ceph.com/sepia-vpn-client.tar.gz
 sudo tar zxvf sepia-vpn-client.tar.gz
-# Ubuntu Bionic and later (or any python3-only distro)
-sudo apt-get -y install python2-minimal; sed -i 's|/usr/bin/python|/usr/bin/python2|g' sepia/new-client
 # Generate client credentials
@@ Line 85: / Line 120: @@
 === Troubleshooting ===
-To troubleshoot your VPN connection, try running the following command to determine where the connection is failing:
+Please disable SELinux on rhel clients
-Please disable SELinux on rhel clients
+To troubleshoot your VPN connection, try running the following command to determine where the connection is failing:
 <code>
@@ Line 129: / Line 164: @@
 cd /etc/openvpn
 wget https://filedump.ceph.com/sepia-vpn-client.tar.gz
-sudo tar zxvf sepia-vpn.client.tar.gz
+sudo tar zxvf sepia-vpn-client.tar.gz
 # Generate client credentials
@@ Line 158: / Line 193: @@
     - **Tls-Auth:** ta.key
   - When connecting to the VPN for the first time,
-    - Enter your ''USER@HOST'' combination as the username
+    - Enter your ''USER@HOST'' combination as the username(the username is the first line in secret file)
-    - Enter the second line of ''sepia/secret'' as the password
+    - Enter the second line of ''sepia/secret'' as the password(the password is the second line in secret file)
   - Save the credentials to your keychain
   - You can now delete any downloaded and created files (except ca.crt)

Sepia Lab Wiki

User Tools

Site Tools

Differences

Page Tools