Project

General

Profile

Actions
Copy link

action #138488

closed

[qe-core] Create production proxy connected to QE-Core AD server to allow ntlm authorization for installations from openQA

Added by JERiveraMoya 7 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
rfan1
Category:
Infrastructure
Target version:
QA - QE-Core: Ready
Start date:
2023-10-25
Due date:
% Done:

0%

Estimated time:
Difficulty:
Sprint:
QE-Core: December Sprint 23 (Dec 13 - Jan 10)
Tags:
qe-core-december-sprint, qe-core-november-sprint

Description

Motivation

Installations using ntlm stopped working a time ago (see #137666) getting stuck in this point:
https://openqa.suse.de/tests/12426861#step/bootloader_start/40 which looking at the openQA logs and searching for proxy= we can see where proxy is specified.

There is an additional document "ntlm.docx) that has been forwarded to Santiago via email (not sure if should be attached here due to password and other information) explaining the architecture and how to troubleshot it.
IPs of the two server are wrong in that document, as they change recently due to moving of the server, which it might be the cause of this architecture to stop working but might be other issues.
Those two VMs are VMs in server 10.168.192.198, "ad-proxy" and "ad-server'win2k19". Currently the proxy ip is change to 10.168.194.181, and ad server is 10.168.194.187.

In general, how it works, is that the machine in openQA specify a proxy pointing to that linux VM proxy and that proxy communicate with the AD server, but we should use the AD server maintained by QE-Core and not the current one which is really hard to say how was configured (it didn't have even a license when inspecting it...).

What was tried, but unsuccesfully was to try to connect the existing proxy to the QE-Core server but some proxy auth error was hit and didn't find the expertise to move forward.

The idea of this ticket would be to create in a similar fashion than exists a well-maintained QE-Core AD server (described here) to create a production proxy well maintained to be able to connect to QE-Core AD server and allow installations, so in the future we easily recover from some problem we find and we can still keep testing this requested feature.

Additional information

See this Slack thread with part of the investigation: https://suse.slack.com/archives/C02CANHLANP/p1697776437770419
Current QE-Core test module to connect to AD Server: https://openqa.suse.de/tests/12632174#step/samba_adcli/147
https://progress.opensuse.org/issues/108134
https://jira.suse.com/browse/SLE-22181

Related issues 2 (1 open1 closed)

Related to openQA Tests - action #137666: [security] Installation_ntlm_s390x_zkvm doesn't boot in any productBlocked2023-10-10

Actions
Related to qe-yam - action #151567: Need configure one proxy server to do RMT proxy test.Resolvedleli2023-11-28

Actions
Actions
Copy link

Also available in: Atom PDF