Try   HackMD

SSH - Proxy Jump

Problem

The servers in the .6 subnet can not directly access the gerrit.gemteks.com, except the HANA server.

We can clone the git repository from the gerrit into the HANA server, but there is not enough space on that server.

The new server CYBERTRUNK has a lot of space and we plan to use it to store the git repository.

Created with Raphaël 2.2.0CYBERTRUNKCYBERTRUNKGERRITGERRITHANAHANASSH RequestNo ResponseSSH RequestSSH Response

Solution - SSH Proxy Jump

In this senario, we could use the HANA server as the jump host so that we could jump to accessGERRIT.

Created with Raphaël 2.2.0CYBERTRUNKCYBERTRUNKHANAHANAGERRITGERRITSSH RequestSSH RequestSSH ResponseSSH Response

Steps

1. Setup the SSH key in the Gerrit

After adding the SSH key of HANA in the GERRIT user setting, we could test it with the following command.

jeff_shiu@hana:~$ ssh -p 29418 gerrituser@gerrit.gemteks.com
ssh: Could not resolve hostname gerrit.gemteks.com: Name or service not known

The DNS name gerrit.gemteks.com cannot be resolved in the HANA server, so we use the IP instead.

jeff_shiu@hana:~$ ssh -p 29418 jeff_shiu@10.5.1.61

  ****    Welcome to Gerrit Code Review    ****

  Hi Jeff_Shiu-徐逢鈞, you have successfully connected over SSH.

  Unfortunately, interactive shells are disabled.
  To clone a hosted Git repository, use:

  git clone ssh://jeff_shiu@gerrit.gemteks.com:29418/REPOSITORY_NAME.git

Connection to 10.5.1.61 closed.

2. Setup the SSH key between HANA and CYBERTRUNK

We could add the pubkey of the CYBERTRUNK to the authorized_keys file in the HANA server, so we could access the HANA server without typing the password.

jeff_shiu@cybertruck:~$ ssh jeff_shiu@192.168.6.223
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-39-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue May  7 15:35:06 CST 2024

  System load:  0.24                Users logged in:        3
  Usage of /:   78.1% of 195.73GB   IP address for eth0:    192.168.6.223
  Memory usage: 9%                  IP address for eth1:    10.5.160.8
  Swap usage:   0%                  IP address for docker0: 172.17.0.1
  Processes:    324

  => /mnt/sdb1 is using 91.4% of 5.41TB

  Graph this data and manage this system at:
    https://landscape.canonical.com/

452 packages can be updated.
386 updates are security updates.

New release '16.04.7 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Tue May  7 14:58:47 2024 from 192.168.6.236

3. Use the SSH jump host

The J option could be used to specify the jump host.
Now we could access the GERRIT server from the CYBERTURNK.

Before that, We also need to add the SSH key of CYBERTRUNK in the GERRIT like the HANA.

In fact, it will use the CYBERTRUNK SSH key to establish the connection with the GERRIT.

jeff_shiu@cybertruck:~$ ssh -J jeff_shiu@192.168.6.223 -p 29418 jeff_shiu@10.5.1.61

  ****    Welcome to Gerrit Code Review    ****

  Hi Jeff_Shiu-徐逢鈞, you have successfully connected over SSH.

  Unfortunately, interactive shells are disabled.
  To clone a hosted Git repository, use:

  git clone ssh://jeff_shiu@gerrit.gemteks.com:29418/REPOSITORY_NAME.git

Connection to 10.5.1.61 closed.

4. Setup the SSH config

We could use the SSH config to simplify every operation of accessing the server through ssh.

jeff_shiu@cybertruck:~$ cat ~/.ssh/config
Host    HANA
        HostName 192.168.6.223

Host    gerrit.gemteks.com
        Hostname        10.5.1.61
        User            jeff_shiu
        ProxyJump       HANA

5. Test with the git clone

Once everything is set up, we can use the git command to directly clone the repository from the GERRIT on the CYPERTRUNK server.

jeff_shiu@cybertruck:~/gitrepos$ git clone ssh://jeff_shiu@gerrit.gemteks.com:29418/CTO/SRDD2/SW2/BCRM_CPE.git
Cloning into 'BCRM_CPE'...
remote: Counting objects: 231968, done
remote: Finding sources:  15% (33636/231968)
Last changed by 
gtknw
Gemtek Neworking Team
0
320

Read more

IPA Issue - Unable to learn MAC address of ethernet client

When testing the downlink throughput using iperf, we found that traffic can not go through the IPA.

Jul 29, 2024
AIROHA - VLAN Mapping Implementation

The patch to implements the VLAN mapping is located at the~/AIROHA_CPE/airoha_feeds/target/linux/airoha/patches/900-airoha_allinone_patch.patch

Jul 23, 2024
IPA Issue - Downlink Throughput Degradation

In the customer environment, the downlink throughput will drop to 30% after 8-12 hours.

Jul 23, 2024
IPA - Introduction

Structure Diagram IPA_Structure.drawio The ipacm is a user space daemon that controls the IPA HW. It will monitors the kernel network event through netlink and sets corresponding rules to the IPA driver through ioctl. The ipacm has a configuration file which is located in the /etc/data/ipa/IPACM_cfg.xml. The detailed instructions can be found in Modem_IPA_Configuration_Manager.pdf . We have implemeted a script ipacm_cfg_QCM.sh used for modifying the config. This script will be called when the network settings has changed.

Jul 23, 2024
Read more from gtknw
Published on HackMD