The PLC4X Project VM
As, especially for the raw socket functionality of PLC4X, our project had higher demands on the infrastructure as other projects. Apache Infra kindly provided us with a dedicated VM.
This is included as build agent into Apache’s Jenkins with the label plc4x2 and is marked for exclusive usage by our project.
The host name of this machine is: plc4x-vm2.apache.org
On this machine we can even sudo to perform operations only available to root.
Project members can request access to the machine.
Requesting access
In order to be able to log in, users need to add their SSH public key to their Apache ID first.
This is done under the following url: https://id.apache.org/
Here just add the content in the following format to one of the SSH Key (authorized_keys line) fields:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd10ykYAZLxHJVTER71IrrVVpyR8OBdlJd1aVwb67Ts+ueJjzo8ofQKLASaQw9EQOSfprGZW0sfzhepeJvbX0n1IfsRexoyIGlD8WzyX/UoLiRLPHFv+eSGJVlN90x/l+zps+yo3lq6qfuIqkXQQvB4aJBYsYC/jifpMLvx06zaUBPfdWIaGiBgaWbX/59Q0QsSpX5r8tgdA+XLw/8Zg5AbKazuS2Cm/soJCfQQ7km4bd/WtF5R5xvakVbyILMT8Dk9Hs9OfVL/RFGLYqX4bjy5uCTwPBrwlWqFyq1u7JR39i870XNgn+bIeChaZU098BGyBH/cWMGt7bTJQSKxksF2SZAHjt8Ga2Pl+J6MTW6/EPzIYENgvfOBVSlVaz9SlM26nel1+SHDND9dK/4gRNbujbmzHZLfTjMk7oc4R+WPCBIw99CFeShTKHSxhJKz/3KmcmuEHhNRBdMy+xHecr/r/Pax58a9VHXQqHbwES6tvC1gvM2uFSMKoaKtNkME4V7bPLbQcEF8tKz7/gKp6vp1IL0BdDMwZPodFPmbiJzqjvC38A++B5k0GAgWKYPVsenamZviFhRNGjjum/qxBnAF1FjpIocsEA0zQBYvvOPDpKl9KPRZ32ALHztnRfCEwltgnM1Sjinn4zQjxQs5mJBz2rjMGlkSzVjLoSo7khiBQ== my@email-address.com
(I just had to copy this line from my ~/.ssh/id_rsa.pub file)
| Note, the Email Address in the end doesn’t seem to matter, I simply added it for the sake of completeness. So if this doesn’t match your Apache email, this is not a problem. |
As soon as that’s done, access needs to be requested from Apache Infra.
This is done using the Infra Jira at: https://issues.apache.org/jira
Here make sure to select the Project Infrastructure (INFRA).
As soon as that’s handled by the Infra team, you should be ready to log-in on the machine.
Login to the machine
Using SSH we should now be able to log in to the VM.
ssh apacheId@plc4x-vm2.apache.org
Be sure to use the username matching your Apache ID or the login will fail.
If all went well you should now be able to log in to the machine using your apache user.
Doing things as root
Apache Infra is great at keeping things safe.
Providing a sudo password directly would increase the danger of having this intercepted, therefore they are using a tool called opiepasswd.
Instead of now entering a password, a challenge is displayed:
myid@plc4x-vm2:~$ sudo apt-get update otp-md5 496 pl8230 Password:
If you now enter your normal password, you’ll simply get permission denied errors.
In order to execute operations as root on the machine, you firstly need to run ortpasswd to generate a new seed.
ortpasswd
You can then use an opie client on your local machine or online at https://selfserve.apache.org/otp-calculator.html
otp-md5 496 pl8230
into OPIE client’s challenge field.
In the password field you provide your Apache LDAP password.
When hitting enter or clicking on Compute the tool should automatically generate a response.
Now all you need to do is copy & paste that as password into your SSH client session.
| As with the latest version of Mac Catalina the existing clients no longer work and using a public web service is a bad idea, Apache has its own service to calculate it: https://selfserve.apache.org/otp-calculator.html |
| More help can be found for Apache committers at https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=122916896 |