Need vpn access for arpad.borsos@googlemail.com

RESOLVED WONTFIX

Status

Infrastructure & Operations Graveyard
Account Requests
RESOLVED WONTFIX
7 years ago
2 years ago

People

(Reporter: Swatinem, Assigned: fox2mike)

Tracking

Details

(Reporter)

Description

7 years ago
In order to access tbpl.mozilla.org, my ldap account needs to have vpn access to mpt.
vpn access is for moco employees.  Can you give us some context for this?  Or copy someone within moco that can vouch for you and describe what this is for and how it will be used?
(Reporter)

Comment 2

7 years ago
As one of the most active tbpl developers I would like to be able to actually connect to tbpl.mozilla.org (see dependent bug) for which I have root access.

This is needed so I can deploy fixes to (the future, mozilla hosted) tbpl. Markus who currently hosts tbpl on his own server has a lot of other work to do and may not be there to deploy needed changes.

Ehsan can vouch for me, he also contributed quite a lot to tbpl.

Comment 3

7 years ago
I'll vouch for Arpad!

Comment 4

7 years ago
This is fine - we'll do this like we've done for other hosts (dm-oink01 or dp-dxr01 for instance).  You'll have an LDAP based user login and can sudo to root.

Ideally you shouldn't even need to be root.

None of this requires VPN.  The dependent bug is marked resolved - not sure if this bug morphs into "get access" or the other bug is reopened.
(Reporter)

Comment 5

7 years ago
(In reply to comment #4)
> None of this requires VPN.  The dependent bug is marked resolved - not sure if
> this bug morphs into "get access" or the other bug is reopened.

Well tbpl.m.o in not accessible from the outside yet. I’m fine with waiting until it is.

Comment 6

7 years ago
Another idea... what do you need to do -on- the box?  Could you update your code in hg and have some process that pulls code automatically for you so you wouldn't ever need to be on the host?
(Reporter)

Comment 7

7 years ago
(In reply to comment #6)
> Another idea... what do you need to do -on- the box?  Could you update your
> code in hg and have some process that pulls code automatically for you so you
> wouldn't ever need to be on the host?

That would be most awesome. In the other bug it was said that we would get a minimal box with nothing on it that we install ourselves. But if everything works and the code from hg is automatically pulled then that it the best solution.

Updated

7 years ago
Assignee: server-ops → mrz
(Reporter)

Comment 8

7 years ago
tbpl.mozilla.org has been alive for some time now, however its ssh port is not exposed to the public, so I can still not connect to it.
Doing an automatic hg pull as suggested in comment 6 seems like a nice idea, but it would mean that anybody with commit access can change the code that is run on the server, which does not seem like a desirable situation either.

So is this bug a WONTFIX then?

Comment 9

7 years ago
fox2mike, ideas how to best accomplish this?
Assignee: mrz → server-ops
(Assignee)

Comment 10

7 years ago
Arpad,

I'm not in favour of opening up ssh on tbpl.mozilla.org.

If you absolutely need to get on the box, I don't mind allowing ssh connections to the box from the world, or if you have a static host somewhere, I'd be more than happy to allow ssh into tbpl only from that box, makes it easier for us too.

You've got a point about automated hg pulls causing issues, I'm not sure if hg does tags or if you can setup a branch and auto pull from that, so that development can continue as well.

So to conclude, while I'm not happy opening up ssh to the world, if there is no other option, I'll do it. 

Let me know?
Assignee: server-ops → shyam
Any reason why VPN access with a static route only for tbpl wouldn't work here? It's been done before for non-corporate employees that needed access to one (or more) box(en).
(Reporter)

Comment 12

7 years ago
Nevermind, I guess I can just bug someone on irc to pull who has access to the box.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
(In reply to comment #11)
> Any reason why VPN access with a static route only for tbpl wouldn't work here?
> It's been done before for non-corporate employees that needed access to one (or
> more) box(en).

We don't do that for anyone anymore.  Too hard to maintain.
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.