Sepia Lab Wiki

User Tools

Site Tools

Trace:
services:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
services:openvpn [2016/08/30 19:34]
dgalloway [Adding Users] 		services:openvpn [2020/10/27 19:22] (current)
djgalloway old revision restored (2020/10/27 17:55)
Line 7: Line 7:
 The process for requesting lab access is documented [[https://​ceph.github.io/​sepia/​adding_users/#​requesting-lab-access|here]]. The process for requesting lab access is documented [[https://​ceph.github.io/​sepia/​adding_users/#​requesting-lab-access|here]].
  
-===== Adding Users =====+===== Ops Tasks ===== 
 +==== Adding Users ====
 A ticket should be filed for paper trail purposes. ​ Put the ticket in the commit messages for the PRs created below. A ticket should be filed for paper trail purposes. ​ Put the ticket in the commit messages for the PRs created below.
  
 To grant a new user access to the VPN, To grant a new user access to the VPN,
   - Add the user's public key to the [[https://​github.com/​ceph/​keys|keys.git]] repo. ((This step is not required for non-humans or humans that don't need access to schedule runs.))   - Add the user's public key to the [[https://​github.com/​ceph/​keys|keys.git]] repo. ((This step is not required for non-humans or humans that don't need access to schedule runs.))
-  - Add their crededentials ​to the [[https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml|ceph-sepia-secrets.git repo]].+  - Add their credentials ​to the [[https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml|ceph-sepia-secrets.git repo]].
     - If they **only** need VPN access, add them to ''​openvpn_users''​ ((This will not create an SSH user account on any lab hosts including teuthology.front. ​ It only grants VPN access. ​ An example of this use case would be for accessing the Reference Architecture lab in Sepia.))     - If they **only** need VPN access, add them to ''​openvpn_users''​ ((This will not create an SSH user account on any lab hosts including teuthology.front. ​ It only grants VPN access. ​ An example of this use case would be for accessing the Reference Architecture lab in Sepia.))
     - Otherwise, add their username (''​name''​) and ''​ovpn''​ credentials to ''​lab_users''​     - Otherwise, add their username (''​name''​) and ''​ovpn''​ credentials to ''​lab_users''​
Line 19: Line 20:
 <​code>​ansible-playbook gateway.yml --tags="​users"</​code>​ <​code>​ansible-playbook gateway.yml --tags="​users"</​code>​
  
-===== fail2ban ​=====+==== fail2ban ====
 fail2ban is configured via the gateway role.  It's configured to work with firewalld. ​ Run ''​ipset list''​ to see list of currently banned IPs. fail2ban is configured via the gateway role.  It's configured to work with firewalld. ​ Run ''​ipset list''​ to see list of currently banned IPs.
  
Line 27: Line 28:
 ^%(__prefix_line)sReceived disconnect from <​HOST>:​ 11: (Bye Bye)? \[preauth\]$ ^%(__prefix_line)sReceived disconnect from <​HOST>:​ 11: (Bye Bye)? \[preauth\]$
 </​code>​ </​code>​
 +
 +==== Updating sepia-vpn-client.tar.gz ====
 +This shouldn'​t need to happen often but was necessary when python3 came out.
 +
 +  - ''​%%ssh www.ceph.com%%''​
 +  - ''​sudo -i''​
 +  - ''​cd /​var/​www/​ceph.com/​sage/''​
 +  - ''​mkdir wip && cp sepia-vpn-client.tar.gz wip/ && cd wip && tar xzf sepia-vpn-client.tar.gz''​
 +  - Make your edits in the sepia dir
 +  - When you're done, ''​tar -czvf sepia-vpn-client.tar.gz sepia''​
 +  - ''​mv sepia-vpn-client.tar.gz /​var/​www/​ceph.com/​sage/''​
 +  - ''​chown dgalloway:​www-data /​var/​www/​ceph.com/​sage/​sepia-vpn-client.tar.gz''​
 +  - ''​rm -rf /​var/​www/​ceph.com/​sage/​wip''​
 +
 +===== Troubleshooting =====
 +==== ValueError: need more than 2 values to unpack ====
 +
 +**Resolution:​** You likely forgot a space in a user's hashed credential. ​ Check recent commits in ceph-sepia-secrets.git and make sure all users have three values per ''​ovpn''​ key.
  
 ===== To-Do ===== ===== To-Do =====
services/openvpn.1472585654.txt.gz · Last modified: 2016/08/30 19:34 by dgalloway

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki