Closed
Bug 600607
Opened 14 years ago
Closed 14 years ago
Need vpn access for arpad.borsos@googlemail.com
Categories
(Infrastructure & Operations Graveyard :: Account Requests, task)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: Swatinem, Assigned: fox2mike)
References
Details
In order to access tbpl.mozilla.org, my ldap account needs to have vpn access to mpt.
Comment 1•14 years ago
|
||
vpn access is for moco employees. Can you give us some context for this? Or copy someone within moco that can vouch for you and describe what this is for and how it will be used?
Reporter | ||
Comment 2•14 years ago
|
||
As one of the most active tbpl developers I would like to be able to actually connect to tbpl.mozilla.org (see dependent bug) for which I have root access.
This is needed so I can deploy fixes to (the future, mozilla hosted) tbpl. Markus who currently hosts tbpl on his own server has a lot of other work to do and may not be there to deploy needed changes.
Ehsan can vouch for me, he also contributed quite a lot to tbpl.
Comment 3•14 years ago
|
||
I'll vouch for Arpad!
Comment 4•14 years ago
|
||
This is fine - we'll do this like we've done for other hosts (dm-oink01 or dp-dxr01 for instance). You'll have an LDAP based user login and can sudo to root.
Ideally you shouldn't even need to be root.
None of this requires VPN. The dependent bug is marked resolved - not sure if this bug morphs into "get access" or the other bug is reopened.
Reporter | ||
Comment 5•14 years ago
|
||
(In reply to comment #4)
> None of this requires VPN. The dependent bug is marked resolved - not sure if
> this bug morphs into "get access" or the other bug is reopened.
Well tbpl.m.o in not accessible from the outside yet. I’m fine with waiting until it is.
Comment 6•14 years ago
|
||
Another idea... what do you need to do -on- the box? Could you update your code in hg and have some process that pulls code automatically for you so you wouldn't ever need to be on the host?
Reporter | ||
Comment 7•14 years ago
|
||
(In reply to comment #6)
> Another idea... what do you need to do -on- the box? Could you update your
> code in hg and have some process that pulls code automatically for you so you
> wouldn't ever need to be on the host?
That would be most awesome. In the other bug it was said that we would get a minimal box with nothing on it that we install ourselves. But if everything works and the code from hg is automatically pulled then that it the best solution.
Updated•14 years ago
|
Assignee: server-ops → mrz
Reporter | ||
Comment 8•14 years ago
|
||
tbpl.mozilla.org has been alive for some time now, however its ssh port is not exposed to the public, so I can still not connect to it.
Doing an automatic hg pull as suggested in comment 6 seems like a nice idea, but it would mean that anybody with commit access can change the code that is run on the server, which does not seem like a desirable situation either.
So is this bug a WONTFIX then?
Assignee | ||
Comment 10•14 years ago
|
||
Arpad,
I'm not in favour of opening up ssh on tbpl.mozilla.org.
If you absolutely need to get on the box, I don't mind allowing ssh connections to the box from the world, or if you have a static host somewhere, I'd be more than happy to allow ssh into tbpl only from that box, makes it easier for us too.
You've got a point about automated hg pulls causing issues, I'm not sure if hg does tags or if you can setup a branch and auto pull from that, so that development can continue as well.
So to conclude, while I'm not happy opening up ssh to the world, if there is no other option, I'll do it.
Let me know?
Assignee: server-ops → shyam
Comment 11•14 years ago
|
||
Any reason why VPN access with a static route only for tbpl wouldn't work here? It's been done before for non-corporate employees that needed access to one (or more) box(en).
Reporter | ||
Comment 12•14 years ago
|
||
Nevermind, I guess I can just bug someone on irc to pull who has access to the box.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Comment 13•14 years ago
|
||
(In reply to comment #11)
> Any reason why VPN access with a static route only for tbpl wouldn't work here?
> It's been done before for non-corporate employees that needed access to one (or
> more) box(en).
We don't do that for anyone anymore. Too hard to maintain.
Updated•10 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•9 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•