From 3699526b23a5d354811c22c0f7730423b0724d4a Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Wed, 7 Aug 2024 14:46:42 +0200 Subject: [PATCH] Prepare new stage DA addresses and fingerprints --- .gitignore | 1 + operations/anon-da-node-stage.hcl | 22 ++++++++-------- operations/run-gen-upload-cert.sh | 42 +++++++++++++++++++----------- src/app/config/auth_dirs_stage.inc | 18 ++++++------- 4 files changed, 48 insertions(+), 35 deletions(-) diff --git a/.gitignore b/.gitignore index 96b2b10ffb..314c263e73 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Operations /operations/da* +/operations/stage-da* # Editor droppings \#*\# .#* diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index 35772c2809..bbe96d979a 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -1,6 +1,6 @@ #TODO: use templating to avoid copypaste -job "ator-dir-auth-stage" { +job "dir-auth-stage" { datacenters = ["ator-fin"] type = "service" namespace = "ator-network" @@ -11,25 +11,26 @@ job "ator-dir-auth-stage" { spread { attribute = "${node.unique.id}" weight = 100 - target "067a42a8-d8fe-8b19-5851-43079e0eabb4" { + target "c8e55509-a756-0aa7-563b-9665aa4915ab" { percent = 34 } - target "16be0723-edc1-83c4-6c02-193d96ec308a" { + target "c2adc610-6316-cd9d-c678-cda4b0080b52" { percent = 33 } - target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" { + target "4aa61f61-893a-baf4-541b-870e99ac4839" { percent = 33 } } network { + mode = "bridge" + port "orport" { static = 9101 } port "dirport" { static = 9130 } - } volume "dir-auth-stage" { @@ -73,8 +74,8 @@ job "ator-dir-auth-stage" { } resources { - cpu = 256 - memory = 256 + cpu = 2560 + memory = 2560 } template { @@ -143,11 +144,10 @@ V3AuthoritativeDirectory 1 Address {{ key (env "node.unique.id" | printf "ator-network/stage/dir-auth-%s/public_ipv4") }} # Port to advertise for incoming Tor connections. -ORPort 9101 # common ports are 9101, 443 -#ORPort 1.1.1.1:9001 +ORPort {{ env `NOMAD_PORT_orport` }} # Mirror directory information for others (optional, not used on bridge) -DirPort 9130 # common ports are 9130, 80 +DirPort {{ env `NOMAD_PORT_dirport` }} # Run Tor only as a server (no local applications) SocksPort 0 @@ -184,7 +184,7 @@ V3BandwidthsFile /var/lib/sbws/v3bw/latest.v3bw port = "dirport" tags = ["logging"] check { - name = "dir auth alive" + name = "dir auth stage alive" type = "tcp" interval = "10s" timeout = "10s" diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh index 512af4d396..5eb21faeac 100644 --- a/operations/run-gen-upload-cert.sh +++ b/operations/run-gen-upload-cert.sh @@ -3,22 +3,30 @@ # consul env: CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_CACERT # STAGE by default in scripts -bash gencert.sh da1 49.13.145.234 ATORDAeucstage -bash gencert.sh da2 5.161.108.187 ATORDAusestage -bash gencert.sh da3 5.78.90.106 ATORDAuswstage -bash gencert.sh da4 5.161.228.187 AnyoneAshLive -bash gencert.sh da5 5.78.94.15 AnyoneHilLive -bash gencert.sh da6 95.216.32.105 AnyoneHelLive -bash gencert.sh da7 176.9.29.53 AnyoneFalLive +# bash gencert.sh da1 49.13.145.234 ATORDAeucstage +# bash gencert.sh da2 5.161.108.187 ATORDAusestage +# bash gencert.sh da3 5.78.90.106 ATORDAuswstage +# bash gencert.sh da4 5.161.228.187 AnyoneAshLive +# bash gencert.sh da5 5.78.94.15 AnyoneHilLive +# bash gencert.sh da6 95.216.32.105 AnyoneHelLive +# bash gencert.sh da7 176.9.29.53 AnyoneFalLive + +bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage +bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage +bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage # Check/update script for phase -bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage -bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage -bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage -bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive -bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive -bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive -bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive +# bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage +# bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage +# bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage +# bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive +# bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive +# bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive +# bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive + +bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzStage +bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive +bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive # mind the phase.... and by default only checks curl output # Move DA folders and script to server, login, run script @@ -29,4 +37,8 @@ bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFa # bash uploadsecrets.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 # bash uploadsecrets.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 # bash uploadsecrets.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 -# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 \ No newline at end of file +# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 + +bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab +bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 +bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 \ No newline at end of file diff --git a/src/app/config/auth_dirs_stage.inc b/src/app/config/auth_dirs_stage.inc index e1a2db5f7a..81220f266a 100644 --- a/src/app/config/auth_dirs_stage.inc +++ b/src/app/config/auth_dirs_stage.inc @@ -1,9 +1,9 @@ -"ATORDAeucdev orport=9101 " - "v3ident=41609568DC029CCE0401B96CC2151535239E9A09 " - "49.13.145.234:9130 40E6B58C1BAD7572339201BE90818B406B3EED78", -"ATORDAusedev orport=9101 " - "v3ident=F59C1E996A103A4A1AD40520E5C8FF7BA9F7D4C7 " - "5.161.108.187:9130 0C4B4C71F531E9B3A7CB0B1D80D48371FB24AB59", -"ATORDAuswdev orport=9101 " - "v3ident=49E23B5D623ABFC8643B613504DBD8EBDDD02000 " - "5.78.90.106:9130 D1DC16BF9FE118E5A6C8D392993B1FB3673849BF", +"AnyoneDmzStage orport=9101 " + "v3ident=3368A4DB07FB4E76ABF72CCDF642F5659F48C378 " + "88.99.219.105:9130 81B9A6ACF2EE2717390F258C3E291BD7F3D80E34", +"AnyoneFalStage orport=9101 " + "v3ident=D5BFA1848F92CFD4A1F611984F11F282A04E54DE " + "176.9.29.53:9130 6A26840B4C58BEE44CF96C25A83CC84888B7AEC6", +"AnyoneHelStage orport=9101 " + "v3ident=34B71192F29063F70A2C5A7B3D39741F2C954191 " + "95.216.32.105:9130 0AC22EC8DC71A1EA4C78472A9A00F1F524C7C497",