Sepia Lab Wiki

User Tools

Site Tools

Trace: openvpn

Sidebar

General Lab Info (Mainly for Devs)

Hardware

Lab Infrastructure Services

Misc Admin Tasks
These are infrequently completed tasks that don't fit under any specific service

Production Services

OVH = OVH
RHEV = Sepia RHE instance
Baremetal = Host in Sepia lab

The Attic/Legacy Info

services:openvpn

This is an old revision of the document!

Table of Contents

WIP - OpenVPN

Summary

Users access the sepia lab by tunnelling through an OpenVPN server run at gw.sepia.ceph.com. It's a Highly Available VM living in RHEV.

Managed by Ansible using the gateway role in ceph-cm-ansible.

The process for requesting lab access is documented here.

Adding Users

A ticket should be filed for paper trail purposes. Put the ticket in the commit messages for the PRs created below.

To grant a new user access to the VPN,

  1. Add the user's public key to the keys.git repo. 1)
  2. Add their username and hashed password to lab_users in the ceph-sepia-secrets.git repo.
  3. Once your PR has been merged, run the gateway role in ceph-cm-ansible to push the new user entry to the server.
ansible-playbook gateway.yml --tags="users"

Historical Info

Detailed information on our particular setup (how auth works and such) can be found in the old cookbook-gw.git repo.

1)
This step is not required for non-humans or humans that don't need access to schedule runs.
services/openvpn.1467331288.txt.gz · Last modified: 2016/07/01 00:01 by dgalloway

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki