I was trying to check what were the servers I was allowed to access, but it seems I cannot on a few of them.
Not sure if it is only my public key or if it is more general with the fi-apprentice group, or if there are works in progress after the authentification changes.
Most are stg servers, and a few others openqa/copr/smtp/etc.
blockerbugs01.stg.iad2.fedoraproject.org Failed copr-fe-dev.aws.fedoraproject.org Failed datagrepper01.stg.iad2.fedoraproject.org Failed koji01.stg.iad2.fedoraproject.org Failed memcached01.stg.iad2.fedoraproject.org Failed oci-candidate-registry01.stg.iad2.fedoraproject.org Failed oci-registry01.stg.iad2.fedoraproject.org Failed openqa-a64-worker01.iad2.fedoraproject.org Failed openqa-a64-worker02.iad2.fedoraproject.org Failed openqa-a64-worker03.iad2.fedoraproject.org Failed openqa-p09-worker01.iad2.fedoraproject.org Failed osbs-aarch64-node01.stg.iad2.fedoraproject.org Failed osbs-aarch64-node02.stg.iad2.fedoraproject.org Failed osbs-master01.stg.iad2.fedoraproject.org Failed osbs-node01.stg.iad2.fedoraproject.org Failed osbs-node02.stg.iad2.fedoraproject.org Failed proxy01.stg.iad2.fedoraproject.org Failed proxy02.stg.iad2.fedoraproject.org Failed proxy06.fedoraproject.org Failed proxy09.fedoraproject.org Failed proxy13.fedoraproject.org Failed proxy33.fedoraproject.org Failed resultsdb01.iad2.fedoraproject.org Failed resultsdb01.stg.iad2.fedoraproject.org Failed smtp-mm-cc-rdu01.fedoraproject.org Failed smtp-mm-ib01.fedoraproject.org Failed smtp-mm-osuosl01.fedoraproject.org Failed sundries01.stg.iad2.fedoraproject.org Failed value01.stg.iad2.fedoraproject.org Failed wiki01.stg.iad2.fedoraproject.org Failed
fi-apprentice does not allow access everywhere. Some servers are not open to that group.
As for .stg. you need to set up your SSH key on https://accounts.stg.fedoraproject.org
The list of servers I took was from batcave01, running: ./scripts/hosts_with_var_set -i inventory/ -o fas_client_groups=fi-apprentice, from the ansible git I cloned there.
I have added my ssh public key in accounts.stg. , thanks for the info.
I have now: copr-fe-dev.aws.fedoraproject.org Failed -> public key
oci-candidate-registry01.stg.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
oci-registry01.stg.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
openqa-a64-worker01.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
openqa-a64-worker02.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
openqa-a64-worker03.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
openqa-p09-worker01.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
proxy06.fedoraproject.org Failed -> Cannot assign requested address
proxy09.fedoraproject.org Failed -> Cannot assign requested address
proxy13.fedoraproject.org Failed -> Connection timed out
resultsdb01.iad2.fedoraproject.org Failed -> Connection closed by UNKNOWN port 65535
smtp-mm-cc-rdu01.fedoraproject.org Failed -> public key
smtp-mm-ib01.fedoraproject.org Failed -> Connection closed by 152.19.134.143 port 22
smtp-mm-osuosl01.fedoraproject.org Failed -> Cannot assign requested address
Metadata Update from @smooge: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue private status set to: False (was: True) - Issue tagged with: low-gain, low-trouble, ops
I think that many of these need to be updated in their variables for whether or not they allow apprentices to log in. Several of the ones above (like openqa and copr) should have that turned off.
Also, it looks like there have been a few changes since we moved to Noggin/IPA for the accounts system.
Try ./scripts/hosts_with_var_set -i inventory/ -o ipa_client_shell_groups=fi-apprentice
I tried this script (and the old one), but both seems to return nothing.
i have the same issue since migration.
@heldwin have you tried a git pull recently? I tried ./scripts/hosts_with_var_set -i inventory/ -o ipa_client_shell_groups=fi-apprentice
And it shows a list
[nb@mymachine fedora-ansible]$ ./scripts/hosts_with_var_set -i inventory/ -o ipa_client_shell_groups=fi-apprentice [WARNING]: * Failed to parse /home/nebebout/git-repos/fedora-ansible/inventory/zzz-inventory.config with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is reserved to provide a port. [WARNING]: Unable to parse /home/nebebout/git-repos/fedora-ansible/inventory/zzz-inventory.config as an inventory source hosts with variable ipa_client_shell_groups matching fi-apprentice value batcave01.iad2.fedoraproject.org batcave13.rdu2.fedoraproject.org blockerbugs01.iad2.fedoraproject.org blockerbugs01.stg.iad2.fedoraproject.org datagrepper01.iad2.fedoraproject.org datagrepper01.stg.iad2.fedoraproject.org datagrepper02.iad2.fedoraproject.org debuginfod01.iad2.fedoraproject.org debuginfod01.stg.iad2.fedoraproject.org koji01.stg.iad2.fedoraproject.org log01.iad2.fedoraproject.org memcached01.iad2.fedoraproject.org memcached01.stg.iad2.fedoraproject.org openqa-lab01.iad2.fedoraproject.org openqa01.iad2.fedoraproject.org osbs-aarch64-master01.iad2.fedoraproject.org osbs-aarch64-master01.stg.iad2.fedoraproject.org osbs-aarch64-node01.iad2.fedoraproject.org osbs-aarch64-node01.stg.iad2.fedoraproject.org osbs-aarch64-node02.iad2.fedoraproject.org osbs-aarch64-node02.stg.iad2.fedoraproject.org osbs-control01.iad2.fedoraproject.org osbs-control01.stg.iad2.fedoraproject.org osbs-master01.iad2.fedoraproject.org osbs-master01.stg.iad2.fedoraproject.org osbs-node01.iad2.fedoraproject.org osbs-node01.stg.iad2.fedoraproject.org osbs-node02.iad2.fedoraproject.org osbs-node02.stg.iad2.fedoraproject.org proxy01.iad2.fedoraproject.org proxy01.stg.iad2.fedoraproject.org proxy02.fedoraproject.org proxy02.stg.iad2.fedoraproject.org proxy03.fedoraproject.org proxy04.fedoraproject.org proxy05.fedoraproject.org proxy06.fedoraproject.org proxy09.fedoraproject.org proxy10.iad2.fedoraproject.org proxy101.iad2.fedoraproject.org proxy11.fedoraproject.org proxy110.iad2.fedoraproject.org proxy12.fedoraproject.org proxy13.fedoraproject.org proxy14.fedoraproject.org proxy30.fedoraproject.org proxy31.fedoraproject.org proxy32.fedoraproject.org proxy33.fedoraproject.org proxy34.fedoraproject.org proxy35.fedoraproject.org proxy36.fedoraproject.org proxy37.fedoraproject.org proxy38.fedoraproject.org proxy39.fedoraproject.org proxy40.fedoraproject.org resultsdb01.stg.iad2.fedoraproject.org secondary01.iad2.fedoraproject.org sundries01.iad2.fedoraproject.org sundries01.stg.iad2.fedoraproject.org sundries02.iad2.fedoraproject.org torrent02.fedoraproject.org value01.iad2.fedoraproject.org value01.stg.iad2.fedoraproject.org wiki01.iad2.fedoraproject.org wiki01.stg.iad2.fedoraproject.org wiki02.iad2.fedoraproject.org zabbix01.stg.iad2.fedoraproject.org
hum weird. Yes I tried to pull it several times, with no update. Both on batcave01 and on my machine.
I have deleted the clone, and cloned it again on my machine, and now it lists the same as you.
EDIT: my bad, I was pulling on master and not main it seems... It was able to find something for a branch named master though. If I pull on batcave01 for main, it find updates.
So, what is the current list of hosts you cannot reach?
Keep in mind that stg may require you to login to https://accounts.stg.fedoraproject.org, confirm your ssh key is right and that you are in the fi-apprentice group.
I can login to every servers the script returns, except these ones I cannot reach:
batcave13.rdu2.fedoraproject.org;Failed;Name or service not known proxy06.fedoraproject.org;Failed:Cannot assign requested address proxy09.fedoraproject.org;Failed;Cannot assign requested address proxy13.fedoraproject.org;Failed;Connection timed out
I can login to every servers the script returns, except these ones I cannot reach: batcave13.rdu2.fedoraproject.org;Failed;Name or service not known
batcave13.rdu2.fedoraproject.org;Failed;Name or service not known
This one should actually be on the vpn, but isn't (yet). It also needs re-installing. I'll fix it soon.
proxy06.fedoraproject.org;Failed:Cannot assign requested address proxy09.fedoraproject.org;Failed;Cannot assign requested address proxy13.fedoraproject.org;Failed;Connection timed out
So, these should all be reachable on the vpn. So 'proxy06.vpn.fedoraproject.org' they may be rejecting ssh except for from batcave01's external ip and vpn.
So, I think we are all done here then with that?
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
For me yes, thanks
Log in to comment on this ticket.