action #138488
closed[qe-core] Create production proxy connected to QE-Core AD server to allow ntlm authorization for installations from openQA
0%
Description
Motivation¶
Installations using ntlm stopped working a time ago (see #137666) getting stuck in this point:
https://openqa.suse.de/tests/12426861#step/bootloader_start/40 which looking at the openQA logs and searching for proxy= we can see where proxy is specified.
There is an additional document "ntlm.docx) that has been forwarded to Santiago via email (not sure if should be attached here due to password and other information) explaining the architecture and how to troubleshot it.
IPs of the two server are wrong in that document, as they change recently due to moving of the server, which it might be the cause of this architecture to stop working but might be other issues.
Those two VMs are VMs in server 10.168.192.198, "ad-proxy" and "ad-server'win2k19". Currently the proxy ip is change to 10.168.194.181, and ad server is 10.168.194.187.
In general, how it works, is that the machine in openQA specify a proxy pointing to that linux VM proxy and that proxy communicate with the AD server, but we should use the AD server maintained by QE-Core and not the current one which is really hard to say how was configured (it didn't have even a license when inspecting it...).
What was tried, but unsuccesfully was to try to connect the existing proxy to the QE-Core server but some proxy auth error was hit and didn't find the expertise to move forward.
The idea of this ticket would be to create in a similar fashion than exists a well-maintained QE-Core AD server (described here) to create a production proxy well maintained to be able to connect to QE-Core AD server and allow installations, so in the future we easily recover from some problem we find and we can still keep testing this requested feature.
Additional information¶
See this Slack thread with part of the investigation: https://suse.slack.com/archives/C02CANHLANP/p1697776437770419
Current QE-Core test module to connect to AD Server: https://openqa.suse.de/tests/12632174#step/samba_adcli/147
https://progress.opensuse.org/issues/108134
https://jira.suse.com/browse/SLE-22181
Updated by JERiveraMoya 6 months ago
- Related to action #137666: [security] Installation_ntlm_s390x_zkvm doesn't boot in any product added
Updated by JERiveraMoya 5 months ago
szarate wrote in #note-3:
Maybe we can take a look at this during a Wednesday session?
ok, let's try, feel free to attach the document I sent you by email if you think can be shared,
that would give others more context. Maybe the ticket needs to be private, idk.
Updated by JERiveraMoya 5 months ago
Do you know what is the standard way to create a proxy server in suse/openSUSE?, I could find doc about squid but for sle 12 sp5 only... SUSE Manager? I would be good to consider that point so the server can be recreated easily and even reuse for other scenarios needing a proxy.
Updated by leli 5 months ago
- Related to action #151567: Need configure one proxy server to do RMT proxy test. added
Updated by rfan1 5 months ago
- Status changed from Workable to In Progress
https://sd.suse.com/servicedesk/customer/portal/1/SD-141253 is filed to ask for static ip addr for my VM
Updated by rfan1 5 months ago
JERiveraMoya wrote in #note-7:
Do you know what is the standard way to create a proxy server in suse/openSUSE?, I could find doc about squid but for sle 12 sp5 only... SUSE Manager? I would be good to consider that point so the server can be recreated easily and even reuse for other scenarios needing a proxy.
I will try to crate a doc once everything works fine
Updated by rfan1 5 months ago · Edited
https://gitlab.suse.de/OPS-Service/salt/-/merge_requests/4506 to request static ip address for vm