618218 - Please forward VNC on talos-r3-w7-003 for loan outside of build-vpn

Status: RESOLVED INVALID

(mozilla.org Graveyard :: Server Operations, task)

Description

[Lukas Blakk [:lsblakk] use ?needinfo]

IP: 10.12.50.164
Needs to be usable by Clint Talbert without build-vpn for a short time.

Comment 1

[matthew zeier [:mrz]]

That's harder than just letting Clint, a trusted employee, have access to the build-vpn.  Can we do that?

Comment 2

[Chris AtLee [:catlee]]

(In reply to comment #1)
> That's harder than just letting Clint, a trusted employee, have access to the
> build-vpn.  Can we do that?

We're going to need to figure out a better way to loan these machines out to folks for a short period.  We need to do this semi regularly, and we go through the same back and forth about how to loan it out each time.

Comment 3

[Lukas Blakk [:lsblakk] use ?needinfo]

Can Derek weigh in here on what he's done in the past? My recollection is that it was not hard (in that he did it very quickly) to point a public IP to the build machine so outsiders could VNC in, and then removed that after they were done.

Comment 4

[matthew zeier [:mrz]]

Derek's moved machines in the past for non-MoCo folk.  That's entirely different and eats up a lot of people time.

Just granting Clint access is the way to go.  What's the risk?

(As a side note, we are working on an alternate way to do this but not until Q1.)

Comment 5

[cmtalbert]

Not sure if this is important or not, but I can log into the machine.  I'm logging into it from a machine off the office network that is connected to MPT.  FYI.  Thanks for the loaner guys, I appreciate it.  

Thought I'd mention this in case I *haven't* been granted access yet, cause that might mean there is a hole.

Comment 6

[Lukas Blakk [:lsblakk] use ?needinfo]

It's ok - we haven't officially locked them down yet, so this is a known hole.  Glad you found that Clint.