Opened 7 years ago
Closed 7 years ago
#1931 closed task (fixed)
Add public SSH key for new community build server and build.geoserver.org redirect
| Reported by: | jive | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | geotools, geoserver |
| Cc: | warmerdam |
Description
The legacy Ares server is being replaced by a new/improved build server known as Apollo. We're unable to deploy build artifacts to "geotools.org" at this time. From what I can gather, the server there uses a public key file /etc/ssh/ssh_host_rsa_key.
1) We need the Apollo public key added to this file to deliver the builds. The key has been added to /home/geotools/.ssh/authorized_keys. It is also below:
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDpAbNuNhile/uGIp/yzBJqVFl1Ce2kwLp1gun21j/x+mIj4W4QdpF5nmfkY2LJCa+Al/dtgmKtgnCzIouNiUw9OEZGmFRxx3M3Lv8XkyGaNlasgDlzP0sLryjSzv2dlcRsTLpk2JHEWQrz1eBjMv/J1Bt0EVZwJd3kfxJEPdroRCNG/V96O9ULEhXUHnJlr3XJLbfY+hDpbY1Ockq1V26xw8dP35rywAHLSnPRcgSm6cMadfevx+wlQLbHmScbV0GYNmzyfym3PWmJnOWaoI3e39y/aU8sJAzsuL3qq5hfBvEI3uAwPWse77SdIlpiXh6Ve6TJ3RTt8a5aXQj5luY7 root@…
2) Secondly we would ask build.geoserver.org to be redirected to this new build sever.
See https://osgeo-org.atlassian.net/browse/GEOT-5745 for details
Change History (12)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Checking geotools build https://github.com/geotools/geotools/blob/master/pom.xml#L1897
We are deploying to:
<url>dav:http://download.osgeo.org/webdav/geotools/</url>
So I am not quite sure what to make of this request.
comment:4 by , 7 years ago
- geoserver.org is not managed by OSGeo, the Whois is protected so hopefully you know who actually maintains it's registration.
- Authentication over webdav is not handled by ssh keys but OSGeo LDAP. Did you want access to the folder on the server with ssh?
comment:5 by , 7 years ago
| Cc: | added |
|---|---|
| Owner: | changed from to |
comment:6 by , 7 years ago
I am guessing the related LDAP user is:
https://www2.osgeo.org/cgi-bin/auth/ldap_edit_user.py?userid=geotools
I also see:
/etc/apache2/include.d/webdav/geotools.conf
<Location /webdav/geotools>
Dav on
<LimitExcept GET PROPFIND OPTIONS REPORT>
Include include.d/ldap_auth_url.inc
Require ldap-group cn=geotools,ou=svn,dc=osgeo,dc=org
</LimitExcept>
</Location>
comment:7 by , 7 years ago
digging into an example failure:
+ scp javadocs.zip geotools.org:/home/geotools/latest Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). lost connection Build step 'Execute shell' marked build as failure
So this is a step that deploys docs via scp, rather than a maven deploy step.
comment:8 by , 7 years ago
It seems the key was updating this to operate as user geotools at the other end (ie. scp javadocs.zip geotools@…:/..
As wildintellect observed, we (OSGeo) do not appear to control the geotools.org domain so not much we can do on that.
comment:9 by , 7 years ago
I have email from 2014 indicating that osgeo has renewed the geotools.org domain name.
comment:10 by , 7 years ago
On review, I do see geotools.org managed on the OSGeo pairnic account. I'll try to do the requested updates.
comment:11 by , 7 years ago
OK, I have added an "A" record like:
build » 34.204.115.146
It looks like the TTL is less than one hour so hopefully it will be propogated fairly soon.
Let me know if there is anything else needed.
comment:12 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
From Nick:
For build.geoserver.org would need an "A" record added for build dot geoserver dot org to 34.204.115.146