Issue #9565: copr hypervisor: configure 2fa sudo access - fedora-infrastructure

fedora-infrastructure

#9565 copr hypervisor: configure 2fa sudo access

Closed: Fixed 3 years ago by mobrien. Opened 3 years ago by praiskup.

Affected people: sysadmin-copr group
Host: vmhost-x86-copr01.rdu-cc.fedoraproject.org

We suspect that it is preferred to have 2fa+sudo access on that
hypervisor, rather than direct root access. But playbook run from
batcave fails -- it requires

2fa host key generated on batcave, so the playbook can install it on the host, aka import_tasks: "{{ tasks_path }}/2fa_client.yml"
and probably openvpn certificate, so playbook can install it (guessed by ansible.git retrace commit 1cf024e37fad6870156bfa2843545f4738ba5e64, with copr it will be similar), aka role openvpn/client

Can the certificates be prepared on batcave for us, so we can start
hacking on the playbook?

Since we can edit and run the playbook - alternatively we can setup
a direct root access (using ssh keys) to that host. Let me know if that's
an acceptable variant.

mobrien commented 3 years ago

Those certs have been created on the batcave for you now.

If there is any issue feel free to reopen the ticket.

Metadata Update from @mobrien:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Needs Review

fedora-infrastructure

Source Code

#9565 copr hypervisor: configure 2fa sudo access Closed: Fixed 3 years ago by mobrien. Opened 3 years ago by praiskup.

Metadata

#9565 copr hypervisor: configure 2fa sudo access

Closed: Fixed 3 years ago by mobrien. Opened 3 years ago by praiskup.