hi, did I miss anything? vbenes at benjoband:~$ ssh networkmanager at ci-slave03 kex_exchange_identification: Connection closed by remote host are these node not accessible anymore? Do I just need to update some details? Thanks, Vladimir On Wed, 2020-09-02 at 15:33 +0200, Fabian Arrotin wrote: > On 13/08/2020 16:46, Fabian Arrotin wrote: > > Hi, > > > > As you noticed recently, we started to refresh the infra used for > > CentOS > > CI (not the hardware, still the same, but the software stack and > > the way > > to control/manage it). > > > > One of the identified nodes still being used and that needs to be > > converted to the new infra layout is the ssh jumphost (see > > https://wiki.centos.org/QaWiki/CI/GettingStarted#How_to_use_it) > > > > Normally, some of you have switched to OpenShift workload, > > (including to > > the new Openshift 4/OCP setup that went live recently) but some > > Projects > > are still on the old setup with sometimes a need to reach > > dedicated/shared VMs acting as Jenkins agent[s], connected to > > Jenkins > > behind https://ci.centos.org. > > > > We have already provisioned a new VM in the new setup (that can > > reach > > the whole CI subnet and VLAN) but here are some points to consider, > > reason why we wanted to pre-announce long time in advance before we > > do > > the real switch) : > > > > * New ssh jump host is CentOS 8 based, versus CentOS 6, meaning > > that if > > you used ssh-dss key (instead of ssh-rsa), you'll *not* be able to > > connect through that new host. We already identified such keys and > > Vipul > > will try (when it's tied to a real email address for the project) > > to > > reach out. But better to announce it here too, so that you have > > time to > > ask us to reflect a change (through ticket on > > https://pagure.io/centos-infra/issues) > > > > * Old VM allowed shell access, but it will be disallowed on the > > new one > > (there is no need for shell on that intermediate node anyway). > > Reminder > > that you can configure your ssh config to directly use ProxyCommand > > or > > even now ProxyJump (on recent openssh-client). See > > https://wiki.centos.org/TipsAndTricks/SshTips/JumpHost) > > > > * Because the host has a new sshd_host_key, it will come with a > > new > > fingerprint too, so if you have automation and that you don't trust > > our > > CA already, the fingerprint for new host will be : > > > > [fingerprint] > > rsa=3072 SHA256:n7y0qZS/FvhjaskOBds3TTKQh5EtgNQ25E7cmTNBATg (RSA) > > rsa_md5=3072 > > MD5:9e:83:46:d0:c5:8a:a0:94:50:10:58:9d:af:ca:50:19 (RSA) > > ecdsa=256 > > SHA256:ZQacwDsWkKBYL9HJJYwHr94Ny1sMhHMDnz9GiLFb8Uc (ECDSA) > > ecdsa_md5=256 > > MD5:dd:24:ea:6a:fd:8b:29:3d:1d:d0:a9:32:8c:b2:ea:62 (ECDSA) > > > > As we know that it's August and that some of you are probably on > > PTO > > (coming back or leaving soon), after discussion with Vipul , David > > and > > myself, we considered that we'll probably go live around beginning > > of > > September. > > > > Should you have any question around that migration, feel free to > > reply > > to this thread (ideally on dedicated ci-users mailing list), or on > > irc.freenode.net (#centos-ci) > > > > On behalf of the CentOS CI infra team, > > > > Hi all, > > As announced (see below), we (CentOS CI infra team) decided to > implement > that change next week : > > Migration is scheduled for """"Monday 7th, 7:00 am UTC time"""". > You can convert to local time with $(date -d '2020-09-07 7:00 UTC') > > On behalf of the CentOS CI infra team, > _______________________________________________ > CI-users mailing list > CI-users at centos.org > https://lists.centos.org/mailman/listinfo/ci-users