Infrastructure - Virtual Machines
We use Proxmox to run our VMs. To access the management interface you need to SSH tunnel to kvm1.hypha.coop
on port 34634
or connect over the VPN.
Proxmox
Proxmox is the hypervisor that all the virtual machines run on. There are two ways of accessing the Proxmox servers management interface. An inventory of machines running on this server can be found in the inventory-private repo.
SSH tunnel
- Tunnel the web interface over SSH with
ssh root@kvm1.hypha.coop -p 34634 -L 8006:127.0.0.1:8006
- Access the panel using https://127.0.0.1:8006
- The username is root and enter the password in our shared password manager Bitwarden.
- Tunnel the web interface over SSH with
VPN (Recommended)
- Connect to OpenVPN (If you do not already have access please ping someone in the infra for the OpenVPN config file.)
- Access the panel using https://kvm1.hypha.coop:8006
- The username is root and enter the password in our shared password manager Bitwarden.
Jump server
To be able to ssh into the different virtual machines running on the infrastructure, authentication must be done via the jump server
. This means you must first login to the jump server
with your ssh key, and once there, you can use the keys on the jump server
to connect and authenticate to the other virtual machines.
Connecting to staging Ansible1 (Our provisioning and jump server for staging machines) By default all members access to the production environment
- You'll need to ensure that your key has been added. You can do that by making a PR here.
ssh sysadmin@ansible1.hypha.stg -p 8002 -i ~/.ssh/id_rsa
(assuming~/.ssh/id_rsa
is your key you use to access Hypha's infra.)- From there you can SSH into the backend systems using their
.stg
hostnames or directly with their IP address. The passphase for~/.ssh/id_rsa
is here
Connecting to production Ansible1 (Our provisioning and jump server for production machines) By default only members that have a need to access have permissions to log in to the production environment
- You'll need to ensure that your key has been added. You can do that by making a PR here.
ssh sysadmin@ansible1.hypha.prod -p 9154 -i ~/.ssh/id_rsa
(assuming~/.ssh/id_rsa
is your key you use to access Hypha's infra.)- From there you can SSH into the backend systems using their
.prod
hostnames or directly with their IP address. The passphase for~/.ssh/id_rsa
is here
Alternatively, by adding a host profile for each hostname to ~/.ssh/config
, ssh will jump through the host and connect you to the target server automatically. Example of a profile that uses the ansible's keys below.
Host [[hostname]]
RemoteCommand ssh %n
HostName ansible1.hypha.prod
User sysadmin
Port 9154
RequestTTY yes