#395: Allow access to production and staging machines outside of Red Hat network ------------------------+---------------------------------------------- Reporter: kparal | Owner: Type: task | Status: new Priority: minor | Milestone: Packaging, Review, & Deployment Component: production | Resolution: Keywords: | Blocked By: Blocking: | ------------------------+---------------------------------------------- Description changed by kparal:
Old description:
Currently we can access http://autoqa.fedoraproject.org and http ://autoqa-stg.fedoraproject.org only from internal Red Hat network. But we are often connected through VPN (some of us all the time) and those IP address ranges are not allowed to connect to those machines (either it is configured locally on those machines or it is configured somewhere inside the Fedora infrastructure, I have no idea). That causes us problems.
Investigate this problem and if possible add Red Hat VPN IP ranges into the trusted IP pool (at least for these two machines). The best contact point here is James Laska.
New description:
Currently we can access autotest instances at http://autoqa.fedoraproject.org and http://autoqa-stg.fedoraproject.org only from internal Red Hat network (other access is banned). We are often connected through VPN (some of us all the time), but requests to aforementioned machines are not routed through it, because the machines are outside of Red Hat network. That makes the machines deny our connections.
There are two possible approaches: 1. Investigate how to route requests for those two machines through the VPN (but the rest of the requests outside of VPN if possible) 2. Dispose of the IP blocking mechanism and set up some authentication instead (ideally against FAS).
The best contact point here is James Laska: {{{ <jlaska> I experimented with setting up autotest to use Django FAS auth ... but was unsuccessful <jlaska> that would need to be revisited (and possibly fixed/patched) <jlaska> fallback would be http FAS auth, but that's kind of lame }}}
--