Prepare new stage DA addresses and fingerprints

anyone-protocol · Aug 7, 2024 · 3699526 · 3699526
1 parent 6166782
commit 3699526
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Operations
 /operations/da*
+/operations/stage-da*
 # Editor droppings
 \#*\#
 .#*

diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl
@@ -1,6 +1,6 @@
 #TODO: use templating to avoid copypaste
 
-job "ator-dir-auth-stage" {
+job "dir-auth-stage" {
   datacenters = ["ator-fin"]
   type = "service"
   namespace = "ator-network"
@@ -11,25 +11,26 @@ job "ator-dir-auth-stage" {
     spread {
       attribute = "${node.unique.id}"
       weight    = 100
-      target "067a42a8-d8fe-8b19-5851-43079e0eabb4" {
+      target "c8e55509-a756-0aa7-563b-9665aa4915ab" {
         percent = 34
       }
-      target "16be0723-edc1-83c4-6c02-193d96ec308a" {
+      target "c2adc610-6316-cd9d-c678-cda4b0080b52" {
         percent = 33
       }
-      target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" {
+      target "4aa61f61-893a-baf4-541b-870e99ac4839" {
         percent = 33
       }
     }
 
     network  {
+      mode = "bridge"
+
       port "orport" {
         static = 9101
       }
       port "dirport" {
         static = 9130
       }
-
     }
 
     volume "dir-auth-stage" {
@@ -73,8 +74,8 @@ job "ator-dir-auth-stage" {
       }
 
       resources {
-        cpu = 256
-        memory = 256
+        cpu = 2560
+        memory = 2560
       }
 
       template {
@@ -143,11 +144,10 @@ V3AuthoritativeDirectory 1
 Address {{ key (env "node.unique.id" | printf "ator-network/stage/dir-auth-%s/public_ipv4") }}
 
 # Port to advertise for incoming Tor connections.
-ORPort 9101                  # common ports are 9101, 443
-#ORPort 1.1.1.1:9001
+ORPort {{ env `NOMAD_PORT_orport` }}
 
 # Mirror directory information for others (optional, not used on bridge)
-DirPort 9130                 # common ports are 9130, 80
+DirPort {{ env `NOMAD_PORT_dirport` }}
 
 # Run Tor only as a server (no local applications)
 SocksPort 0
@@ -184,7 +184,7 @@ V3BandwidthsFile /var/lib/sbws/v3bw/latest.v3bw
         port = "dirport"
         tags     = ["logging"]
         check {
-          name     = "dir auth alive"
+          name     = "dir auth stage alive"
           type     = "tcp"
           interval = "10s"
           timeout  = "10s"

diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh
@@ -3,22 +3,30 @@
 # consul env: CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_CACERT
 
 # STAGE by default in scripts
-bash gencert.sh da1 49.13.145.234 ATORDAeucstage
-bash gencert.sh da2 5.161.108.187 ATORDAusestage
-bash gencert.sh da3 5.78.90.106 ATORDAuswstage
-bash gencert.sh da4 5.161.228.187 AnyoneAshLive
-bash gencert.sh da5 5.78.94.15 AnyoneHilLive
-bash gencert.sh da6 95.216.32.105 AnyoneHelLive
-bash gencert.sh da7 176.9.29.53 AnyoneFalLive
+# bash gencert.sh da1 49.13.145.234 ATORDAeucstage
+# bash gencert.sh da2 5.161.108.187 ATORDAusestage
+# bash gencert.sh da3 5.78.90.106 ATORDAuswstage
+# bash gencert.sh da4 5.161.228.187 AnyoneAshLive
+# bash gencert.sh da5 5.78.94.15 AnyoneHilLive
+# bash gencert.sh da6 95.216.32.105 AnyoneHelLive
+# bash gencert.sh da7 176.9.29.53 AnyoneFalLive
+
+bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage
+bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage
+bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage
 
 # Check/update script for phase
-bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage
-bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage
-bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage
-bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive
-bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive
-bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive
-bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive
+# bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage
+# bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage
+# bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage
+# bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive
+# bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive
+# bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive
+# bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive
+
+bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzStage
+bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive
+bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive
 
 # mind the phase.... and by default only checks curl output
 # Move DA folders and script to server, login, run script
@@ -29,4 +37,8 @@ bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFa
 # bash uploadsecrets.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4
 # bash uploadsecrets.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707
 # bash uploadsecrets.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839
-# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52
+# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52
+
+bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab
+bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52
+bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839
diff --git a/src/app/config/auth_dirs_stage.inc b/src/app/config/auth_dirs_stage.inc
@@ -1,9 +1,9 @@
-"ATORDAeucdev orport=9101 "
-  "v3ident=41609568DC029CCE0401B96CC2151535239E9A09 "
-  "49.13.145.234:9130 40E6B58C1BAD7572339201BE90818B406B3EED78",
-"ATORDAusedev orport=9101 "
-  "v3ident=F59C1E996A103A4A1AD40520E5C8FF7BA9F7D4C7 "
-  "5.161.108.187:9130 0C4B4C71F531E9B3A7CB0B1D80D48371FB24AB59",
-"ATORDAuswdev orport=9101 "
-  "v3ident=49E23B5D623ABFC8643B613504DBD8EBDDD02000 "
-  "5.78.90.106:9130 D1DC16BF9FE118E5A6C8D392993B1FB3673849BF",
+"AnyoneDmzStage orport=9101 "
+  "v3ident=3368A4DB07FB4E76ABF72CCDF642F5659F48C378 "
+  "88.99.219.105:9130 81B9A6ACF2EE2717390F258C3E291BD7F3D80E34",
+"AnyoneFalStage orport=9101 "
+  "v3ident=D5BFA1848F92CFD4A1F611984F11F282A04E54DE "
+  "176.9.29.53:9130 6A26840B4C58BEE44CF96C25A83CC84888B7AEC6",
+"AnyoneHelStage orport=9101 "
+  "v3ident=34B71192F29063F70A2C5A7B3D39741F2C954191 "
+  "95.216.32.105:9130 0AC22EC8DC71A1EA4C78472A9A00F1F524C7C497",