fedora-infrastructure

Clone
Source Code
GIT

#9391 Cannot get root on retrace-stg.aws.fedoraproject.org
Closed: Fixed 3 years ago by kevin. Opened 3 years ago by msuchy.

Closed: Fixed
Reopen Issue

While we (ABRT team) are trying find why the retracing on production server does not work, we wanted to test some things on staging server.
retrace-stg.aws.fedoraproject.org
I can ssh there as msuchy. But sudo bash is failing for me and for other team members. I run the playbook to be sure, that everything is set up correctly, but nothing changed.
I triple check I am entering correct password and 2fa token from stg, but still no luck.
Can you help me and unblock me please?

I am trying to see why this is happening. I don't even see a log for someone trying to sudo in messages and such.

OK the problem is that the box is trying to use fas-stg for authentication because it is a staging box. We do not have FAS in staging as we move to noggin so this won't work. I have hand edited for it to use the working fas... and will see what fix needs to be done in ansible.

OK the problem is the following. retrace-stg is listed in the staging group but the file files/2fa/pam_url.conf.j2

{
        settings:
        {
                {% if env == 'staging' %}
                url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";       # URI to fetch
                {% elif datacenter == 'iad2' %}
                url = "https://fas-all.iad2.fedoraproject.org:8443/";   # URI to fetch
                {% else %}
                url = "https://fas-all.vpn.fedoraproject.org:8443/";    # URI to fetch
                {% endif %}

will default all staging to using a) the wrong data-center and b) a place a server outside of internal networks could not get to. The solution would seem to be to take retrace-stg outside of the staging group in ansible reorder the logic in that file. I have to go do other things so need someone to fix.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops
3 years ago

Your ssh key should be set on root now, so you should just be able to ssh in as root.

We will refix this once staging auth is setup and working with noggin. :)

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None

medium-gain ops medium-trouble

None
None
Waiting on Assignee
Boards 1
ops Status: Done
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.