Головна сторінка Огляд Довідка
Реєстрація Увійти
AFS
/
infrastructure-notes
2
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 8675129403
Гілки Теги
infrastructure-...
/
OpenVPN Notes.md

OpenVPN Notes.md 2.4 KB
Історія Запис

To admin openvpn, SSH into the openvpn server and use the admin user that is located in Vault.

the admin username is openvpn

Reset ldap.read

ldap.read@defpoint.com is the okta user that openvpn uses to auth to okta. the ldap.read account's password expires atfer 60 days. to see when the password will expire, go to Reports -> Okta Password Health. Don't open with EXCEL!

  1. Log into OKTA in an incognito window using the ldap.read username and the current password from Vault. Brad's phone is currently setup with the Push notification for the account. The MFA is required for the account. To change the password without Brad, remove MFA with your account in OKTA and set it up on your own phone.
  2. Once the password has been updated, update vault in this location, engineering/root with a key of ldap.read@defpoint.com. You will have to create a new version of engineering/root to save the password.
  3. Store the new password and the creds for openvpn and drop off the VPN. Log into the openVPN web GUI (https://openvpn.mdr.defpoint.com/admin/) as the openvpn user (password in Vault) and update the credentials for ldap.read. Authentication -> ldap -> update password -> Save Settings. Then update running server. Repeat this for the test environment (https://openvpn.mdr-test.defpoint.com/admin/)
  4. Verify that you are able to login to the VPN.
  5. Update the Sensu ldap.read password in salt/pillar/sensu_master.sls. It will need to be encypted prior to being used.
  6. put the password in a deleteme.txt file and run this command (see google doc for additional info)
  7. cat deleteme.txt | gpg -easr salt | gpg -d 7.5 paste in file and use tab to indent correctly. No indent = salt errors.
  8. commit to git
  9. push to sensu & restart 9.1 salt sensu* state.sls sensu_master 9.2 salt sensu* cmd.run 'systemctl restart sensu-backend'

when okta push is slow, get the 6 digits from your okta app and put into viscosity your password as password,123456 clearly your password should have no commas in it

LDAP config

Primary server: mdr-multipass.ldap.okta.com Bind Anon? NO Use creds? YES

BIND DN: uid=ldap.read@defpoint.com, dc=mdr-multipass, dc=okta, dc=com

BASE DN for Users ou=users, dc=mdr-multipass, dc=okta, dc=com

Usernaem Attribute uid

OpenVPN License

TEST -> YOLO via web interface. This means i did not take the time to reconfigure the Salt states to handle a prod and test license.