Page MenuHomePhabricator

Ensure that scap3 from tin can access californium
Closed, ResolvedPublic


Striker will be deployed using Scap. The production scap3 deploy host is tin. The striker target host is californium.

I'm fairly certain that this will be the first scap3 deployment into the labs support vlan. We need to investigate what network changes will be needed to allow the ssh command-and-control connection from tin to californium and the subsequent http(s?) git fetch to californium from tin.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bd808 claimed this task.

It looks like this should "just work" once all of the puppet rules are in place. service::uwsgi includes scap::target which in turn includes scap::ferm. scap::ferm opens up ssh from $DEPLOYMENT_SERVERS.

With some help from @yuvipanda I verified that ssh gets from tin to californium once californium accepts the connection.