#9391 Cannot get root on retrace-stg.aws.fedoraproject.org
Closed: Fixed 7 days ago by kevin. Opened 11 days ago by msuchy.

While we (ABRT team) are trying find why the retracing on production server does not work, we wanted to test some things on staging server.
retrace-stg.aws.fedoraproject.org
I can ssh there as msuchy. But sudo bash is failing for me and for other team members. I run the playbook to be sure, that everything is set up correctly, but nothing changed.
I triple check I am entering correct password and 2fa token from stg, but still no luck.
Can you help me and unblock me please?


I am trying to see why this is happening. I don't even see a log for someone trying to sudo in messages and such.

OK the problem is that the box is trying to use fas-stg for authentication because it is a staging box. We do not have FAS in staging as we move to noggin so this won't work. I have hand edited for it to use the working fas... and will see what fix needs to be done in ansible.

OK the problem is the following. retrace-stg is listed in the staging group but the file files/2fa/pam_url.conf.j2

{
        settings:
        {
                {% if env == 'staging' %}
                url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";       # URI to fetch
                {% elif datacenter == 'iad2' %}
                url = "https://fas-all.iad2.fedoraproject.org:8443/";   # URI to fetch
                {% else %}
                url = "https://fas-all.vpn.fedoraproject.org:8443/";    # URI to fetch
                {% endif %}

will default all staging to using a) the wrong data-center and b) a place a server outside of internal networks could not get to. The solution would seem to be to take retrace-stg outside of the staging group in ansible reorder the logic in that file. I have to go do other things so need someone to fix.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

11 days ago

Your ssh key should be set on root now, so you should just be able to ssh in as root.

We will refix this once staging auth is setup and working with noggin. :)

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 days ago

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Done