systems

This is an old revision of the document!


PHP Systems

PHP is supported by a number of machines provided by a number of generous sponsors. This is a basic inventory of those machines and what services they provide.

History

Machine Access

SSH jump hosts

People with SSH accounts on the above machines must use one of our jump hosts to connect to them. Add this to your ~/.ssh/config:

  Host git.php.net americas.jump.php.net europe.jump.php.net
      ProxyJump none
  
  Host *.php.net
      ProxyJump <USERID>@europe.jump.php.net:9022
      User <USERID>

Replace americas with europe depending on where you are. The jump hosts require 2FA using Google Authenticator.

Reference: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts

2FA setup instructions

  1. Install the https://github.com/google/google-authenticator-libpam package on a local machine (I used a docker container to avoid contaminating my real machine, but it's probably not necessary).
  2. Run google-authenticator command (select to use time based token and rate limiting if asked) and create a new entry in your OTP app (Google Authenticator or Authy work) using the QR code.
  3. Email the .google-authenticator file to someone with root access on jumphost machines. I'm nominating Derick for this since he's been awesome and shall be rewarded with further work.
  4. Wait until the admin puts that file into your homedir with 0600 perms and chown'd to you.
  5. Connect to jumphost using the new authenticator code.
  6. Remove ~/.google_authenticator
  7. Generate a new config profile locally on the jumphost.
  8. Ask Derick to then copy that new config to other jumphosts so that you can use NA as well as EU.

Note: You'll need to find someone who can replicate your account to europe.jump.php.net so you can use it there, too.

Tip, you can tell ssh to use a php-specific key for php-related things by adding something like this to your Host *.php.net section:

IdentityFile /Users/bjori/.ssh/php_id_rsa

Machine Status

We use Nagios and Munin to monitor the machines. There is a public network status page as well as a protected area (log in with your SVN credentials) with more detailed information. The Munin web interface is available here.

FreeBSD upgrades

Note regarding FreeBSD machines: Upgrades should be performed according to this guide.

Social Networks

systems.1714568830.txt.gz · Last modified: 2024/05/01 13:07 by derick