Shift stage DAs to new machines

anyone-protocol · Oct 28, 2024 · 6ff8ebe · 6ff8ebe
2 parents bc57a7c + 3e2e463
commit 6ff8ebe
Show file tree

Hide file tree

Showing 8 changed files with 94 additions and 88 deletions.
diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml
@@ -9,13 +9,13 @@ on:
 env:
   image-name: ghcr.io/anyone-protocol/ator-protocol-stage
   image-tag: ${{ github.sha }}
-  da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus
-  da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus
-  da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus
-  da-4-hc-url: http://176.9.29.53:9131/tor/status-vote/current/consensus
-  da-5-hc-url: http://176.9.29.53:9132/tor/status-vote/current/consensus
-  da-6-hc-url: http://95.216.32.105:9131/tor/status-vote/current/consensus
-  da-7-hc-url: http://95.216.32.105:9132/tor/status-vote/current/consensus
+  da-1-hc-url: http://135.181.231.123:9130/tor/status-vote/current/consensus
+  da-2-hc-url: http://148.251.23.105:9130/tor/status-vote/current/consensus
+  da-3-hc-url: http://65.21.12.154:9130/tor/status-vote/current/consensus
+  da-4-hc-url: http://148.251.23.105:9131/tor/status-vote/current/consensus
+  da-5-hc-url: http://148.251.23.105:9132/tor/status-vote/current/consensus
+  da-6-hc-url: http://65.21.12.154:9131/tor/status-vote/current/consensus
+  da-7-hc-url: http://65.21.12.154:9132/tor/status-vote/current/consensus
 
 jobs:
   build-and-push:

diff --git a/.github/workflows/stage-deploy.yml b/.github/workflows/stage-deploy.yml
@@ -7,13 +7,13 @@ on:
 env:
   image-name: ghcr.io/anyone-protocol/ator-protocol-stage
   image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }}
-  da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus
-  da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus
-  da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus
-  da-4-hc-url: http://176.9.29.53:9131/tor/status-vote/current/consensus
-  da-5-hc-url: http://176.9.29.53:9132/tor/status-vote/current/consensus
-  da-6-hc-url: http://95.216.32.105:9131/tor/status-vote/current/consensus
-  da-7-hc-url: http://95.216.32.105:9132/tor/status-vote/current/consensus
+  da-1-hc-url: http://135.181.231.123:9130/tor/status-vote/current/consensus
+  da-2-hc-url: http://148.251.23.105:9130/tor/status-vote/current/consensus
+  da-3-hc-url: http://65.21.12.154:9130/tor/status-vote/current/consensus
+  da-4-hc-url: http://148.251.23.105:9131/tor/status-vote/current/consensus
+  da-5-hc-url: http://148.251.23.105:9132/tor/status-vote/current/consensus
+  da-6-hc-url: http://65.21.12.154:9131/tor/status-vote/current/consensus
+  da-7-hc-url: http://65.21.12.154:9132/tor/status-vote/current/consensus
 
 jobs:
   push:

diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl
@@ -45,20 +45,25 @@ EOF
   spread {
     attribute = "${node.unique.id}"
     weight    = 100
-    target "c8e55509-a756-0aa7-563b-9665aa4915ab" {
+    target "f3f664d6-7d65-be58-4a2c-4c66e20f1a9f" {
       percent = 14
     }
-    target "c2adc610-6316-cd9d-c678-cda4b0080b52" {
+    target "232ea736-591c-4753-9dcc-3e815c4326af" {
       percent = 43
     }
-    target "4aa61f61-893a-baf4-541b-870e99ac4839" {
+    target "4ca2fc3c-8960-6ae7-d931-c0d6030d506b" {
       percent = 43
     }
   }
 
   group "dir-auth-stage" {
     count = 3
 
+    constraint {
+      operator = "distinct_hosts"
+      value    = "true"
+    }
+
     network {
       mode = "bridge"
       port "orport" {

diff --git a/operations/gencert.sh b/operations/gencert.sh
@@ -3,10 +3,10 @@
 
 mkdir -p $1 && cd $1
 
-cat > torrc << EOL
+cat > anonrc << EOL
 # Run Tor as a regular user (do not change this)
-User atord
-DataDirectory /var/lib/tor
+User anond
+DataDirectory /var/lib/anon
 
 # Server's public IP Address (usually automatic)
 Address $2
@@ -48,12 +48,13 @@ IPv6Exit 0
 
 Nickname $3
 
-EOL
+AgreeToTerms 1
 
+EOL
 
-docker run -i -w /var/lib/tor/keys -v ./torrc:/etc/tor/torrc -v ./tor-data:/var/lib/tor/ svforte/ator-protocol:latest tor-gencert --create-identity-key
+docker run -i -w /var/lib/anon/keys -v ./anonrc:/etc/anon/anonrc -v ./anon-data:/var/lib/anon/ ghcr.io/anyone-protocol/ator-protocol-stage:latest anon-gencert --create-identity-key
 
-ATOR_CONTAINER=$(docker create -v ./torrc:/etc/tor/torrc -v ./tor-data:/var/lib/tor/ svforte/ator-protocol:latest)
+ATOR_CONTAINER=$(docker create -v ./anonrc:/etc/anon/anonrc -v ./anon-data:/var/lib/anon/ ghcr.io/anyone-protocol/ator-protocol-stage:latest)
 docker start $ATOR_CONTAINER 
 sleep 5 
 docker stop $ATOR_CONTAINER

diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh
@@ -15,19 +15,19 @@
 # bash gencert.sh da7 176.9.29.53 AnyoneFalLive
 
 ## STAGE
-# bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage
-# bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage
-# bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage
+bash gencert.sh stage-da1-hel-test-1a 135.181.231.123 AnyoneHel1aStage
+bash gencert.sh stage-da2-hel-test-2a 148.251.23.105 AnyoneHel2aStage
+bash gencert.sh stage-da3-hel-test-3a 65.21.12.154 AnyoneHel3aStage
 
-# bash gencert.sh stage-da2-fal-2 176.9.29.53 AnyoneFal2Stage
-# bash gencert.sh stage-da3-hel-2 95.216.32.105 AnyoneHel2Stage
-# bash gencert.sh stage-da2-fal-3 176.9.29.53 AnyoneFal3Stage
-# bash gencert.sh stage-da3-hel-3 95.216.32.105 AnyoneHel3Stage
+bash gencert.sh stage-da2-hel-test-2b 148.251.23.105 AnyoneHel2bStage
+bash gencert.sh stage-da3-hel-test-3b 65.21.12.154 AnyoneHel3bStage
+bash gencert.sh stage-da2-hel-test-2c 148.251.23.105 AnyoneHel2cStage
+bash gencert.sh stage-da3-hel-test-3c 65.21.12.154 AnyoneHel3cStage
 
 ## DEV
-bash gencert.sh dev-da1-dmz 88.99.219.105 AnyoneDmzDev
-bash gencert.sh dev-da2-fal 176.9.29.53 AnyoneFalDev
-bash gencert.sh dev-da3-hel 95.216.32.105 AnyoneHelDev
+# bash gencert.sh dev-da1-dmz 88.99.219.105 AnyoneDmzDev
+# bash gencert.sh dev-da2-fal 176.9.29.53 AnyoneFalDev
+# bash gencert.sh dev-da3-hel 95.216.32.105 AnyoneHelDev
 
 
 ### -- STEP 2 ---
@@ -43,19 +43,19 @@ bash gencert.sh dev-da3-hel 95.216.32.105 AnyoneHelDev
 # bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive
 
 ## STAGE
-# bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 88.99.219.105 AnyoneDmzStage
-# bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 176.9.29.53 AnyoneFalStage
-# bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 95.216.32.105 AnyoneHelStage
+bash uploadcert.sh stage-da1-hel-test-1a 4ca2fc3c-8960-6ae7-d931-c0d6030d506b-9101 88.99.219.105 AnyoneHel1aStage
+bash uploadcert.sh stage-da2-hel-test-2a 232ea736-591c-4753-9dcc-3e815c4326af-9101 176.9.29.53 AnyoneHel2aStage
+bash uploadcert.sh stage-da3-hel-test-3a f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9101 95.216.32.105 AnyoneHel3aStage
 
-# bash uploadcert.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 176.9.29.53 AnyoneFal2Stage
-# bash uploadcert.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 95.216.32.105 AnyoneHel2Stage
-# bash uploadcert.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 176.9.29.53 AnyoneFal3Stage
-# bash uploadcert.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 95.216.32.105 AnyoneHel3Stage
+bash uploadcert.sh stage-da2-hel-test-2b 232ea736-591c-4753-9dcc-3e815c4326af-9102 176.9.29.53 AnyoneHel2bStage
+bash uploadcert.sh stage-da3-hel-test-3b f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9102 95.216.32.105 AnyoneHel3bStage
+bash uploadcert.sh stage-da2-hel-test-2c 232ea736-591c-4753-9dcc-3e815c4326af-9103 176.9.29.53 AnyoneHel2cStage
+bash uploadcert.sh stage-da3-hel-test-3c f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9103 95.216.32.105 AnyoneHel3cStage
 
 ## DEV
-bash uploadcert.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzDev
-bash uploadcert.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalDev
-bash uploadcert.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelDev
+# bash uploadcert.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzDev
+# bash uploadcert.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalDev
+# bash uploadcert.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelDev
 
 
 ### -- STEP 3 ---
@@ -72,16 +72,16 @@ bash uploadcert.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.10
 # bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52
 
 ## STAGE
-# bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101
-# bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101
-# bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101
+bash uploadsecrets.sh stage-da1-hel-test-1a 4ca2fc3c-8960-6ae7-d931-c0d6030d506b-9101
+bash uploadsecrets.sh stage-da2-hel-test-2a 232ea736-591c-4753-9dcc-3e815c4326af-9101
+bash uploadsecrets.sh stage-da3-hel-test-3a f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9101
 
-# bash uploadsecrets.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102
-# bash uploadsecrets.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102
-# bash uploadsecrets.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103
-# bash uploadsecrets.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103
+bash uploadsecrets.sh stage-da2-hel-test-2b 232ea736-591c-4753-9dcc-3e815c4326af-9102
+bash uploadsecrets.sh stage-da3-hel-test-3b f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9102
+bash uploadsecrets.sh stage-da2-hel-test-2c 232ea736-591c-4753-9dcc-3e815c4326af-9103
+bash uploadsecrets.sh stage-da3-hel-test-3c f3f664d6-7d65-be58-4a2c-4c66e20f1a9f-9103
 
 ## DEV
-bash uploadsecrets.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab
-bash uploadsecrets.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52
-bash uploadsecrets.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839
+# bash uploadsecrets.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab
+# bash uploadsecrets.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52
+# bash uploadsecrets.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839
diff --git a/operations/uploadcert.sh b/operations/uploadcert.sh
@@ -1,10 +1,10 @@
 #arguments folder node-id ip nickname
 
-consul kv put ator-network/dev/dir-auth-$2/authority_certificate "$(cat $1/tor-data/keys/authority_certificate)"
-consul kv put ator-network/dev/dir-auth-$2/ed25519_master_id_public_key_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_master_id_public_key)"
-consul kv put ator-network/dev/dir-auth-$2/ed25519_signing_cert_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_signing_cert)"
-consul kv put ator-network/dev/dir-auth-$2/fingerprint "$(cat $1/tor-data/fingerprint)"
-consul kv put ator-network/dev/dir-auth-$2/fingerprint-ed25519 "$(cat $1/tor-data/fingerprint-ed25519)"
-consul kv put ator-network/dev/dir-auth-$2/nickname "$4"
-consul kv put ator-network/dev/dir-auth-$2/public_ipv4 "$3"
+consul kv put ator-network/stage/dir-auth-$2/authority_certificate "$(cat $1/anon-data/keys/authority_certificate)"
+consul kv put ator-network/stage/dir-auth-$2/ed25519_master_id_public_key_base64 "$(base64 -w 0 $1/anon-data/keys/ed25519_master_id_public_key)"
+consul kv put ator-network/stage/dir-auth-$2/ed25519_signing_cert_base64 "$(base64 -w 0 $1/anon-data/keys/ed25519_signing_cert)"
+consul kv put ator-network/stage/dir-auth-$2/fingerprint "$(cat $1/anon-data/fingerprint)"
+consul kv put ator-network/stage/dir-auth-$2/fingerprint-ed25519 "$(cat $1/anon-data/fingerprint-ed25519)"
+consul kv put ator-network/stage/dir-auth-$2/nickname "$4"
+consul kv put ator-network/stage/dir-auth-$2/public_ipv4 "$3"
 
diff --git a/operations/uploadsecrets.sh b/operations/uploadsecrets.sh
@@ -1,10 +1,10 @@
 #arguments folder node-id
 
 vault kv put -output-curl-string -mount=kv ator-network/stage/dir-auth-$2 \
-            authority_identity_key="$(cat $1/tor-data/keys/authority_identity_key)" \
-            authority_signing_key="$(cat $1/tor-data/keys/authority_signing_key)" \
-            ed25519_master_id_secret_key_base64="$(base64 -w 0 $1/tor-data/keys/ed25519_master_id_secret_key)" \
-            ed25519_signing_secret_key_base64="$(base64 -w 0 $1/tor-data/keys/ed25519_signing_secret_key)" \
-            secret_id_key_base64="$(base64 -w 0 $1/tor-data/keys/secret_id_key)" \
-            secret_onion_key_base64="$(base64 -w 0 $1/tor-data/keys/secret_onion_key)" \
-            secret_onion_key_ntor_base64="$(base64 -w0 $1/tor-data/keys/secret_onion_key_ntor)"
+            authority_identity_key="$(cat $1/anon-data/keys/authority_identity_key)" \
+            authority_signing_key="$(cat $1/anon-data/keys/authority_signing_key)" \
+            ed25519_master_id_secret_key_base64="$(base64 -w 0 $1/anon-data/keys/ed25519_master_id_secret_key)" \
+            ed25519_signing_secret_key_base64="$(base64 -w 0 $1/anon-data/keys/ed25519_signing_secret_key)" \
+            secret_id_key_base64="$(base64 -w 0 $1/anon-data/keys/secret_id_key)" \
+            secret_onion_key_base64="$(base64 -w 0 $1/anon-data/keys/secret_onion_key)" \
+            secret_onion_key_ntor_base64="$(base64 -w0 $1/anon-data/keys/secret_onion_key_ntor)"
diff --git a/src/app/config/auth_dirs_stage.inc b/src/app/config/auth_dirs_stage.inc
@@ -1,21 +1,21 @@
-"AnyoneDmzStage orport=9101 "
-  "v3ident=3368A4DB07FB4E76ABF72CCDF642F5659F48C378 "
-  "88.99.219.105:9130 81B9A6ACF2EE2717390F258C3E291BD7F3D80E34",
-"AnyoneFalStage orport=9101 "
-  "v3ident=D5BFA1848F92CFD4A1F611984F11F282A04E54DE "
-  "176.9.29.53:9130 6A26840B4C58BEE44CF96C25A83CC84888B7AEC6",
-"AnyoneHelStage orport=9101 "
-  "v3ident=34B71192F29063F70A2C5A7B3D39741F2C954191 "
-  "95.216.32.105:9130 0AC22EC8DC71A1EA4C78472A9A00F1F524C7C497",
-"AnyoneFal2Stage orport=9102 "
-  "v3ident=D20E95E4FD8D43854669F2287A947F2986E11865 "
-  "176.9.29.53:9131 9C272EBF3DB8EDC626C1AD8D70B2DE86E516BF0B",
-"AnyoneHel2Stage orport=9102 "
-  "v3ident=87C0401B24D42D2E9B8A936A90FCA49B4CCC65B3 "
-  "95.216.32.105:9131 0AF25C2C41D785D3955B09D9BF88EC000ECDF7A5",
-"AnyoneFal3Stage orport=9103 "
-  "v3ident=610EAE6C20797144AE0F167893B8025519BAAFA4 "
-  "176.9.29.53:9132 C026936168E1DEE39775921EAE4D38D62AD1C722",
-"AnyoneHel3Stage orport=9103 "
-  "v3ident=A82C2500F24834B9A696E25247DF03B48F3A2D50 "
-  "95.216.32.105:9132 1C1E478151FBD968D8ACB9E69CAD396E853FF007",
+"AnyoneHel1aStage orport=9101 "
+  "v3ident=35BF8B795989B7CD4D43588C9A15171C1A5B4A98 "
+  "135.181.231.123:9130 D684B877417A224B727C04714ECF04A95987FD36",
+"AnyoneHel2aStage orport=9101 "
+  "v3ident=1D80F66A55345FFAB00F08C3A8E60338844890C1 "
+  "148.251.23.105:9130 9578CA946B1AEAB730ECF474590C9A29A6D3A16C",
+"AnyoneHel3aStage orport=9101 "
+  "v3ident=85372240705967FECF5D1FDFB8C0BF78601670A3 "
+  "65.21.12.154:9130 55F541EAE4429C650CB3A7569AE08F4C8A200D53",
+"AnyoneHel2bStage orport=9102 "
+  "v3ident=035B63F11DF6D2EDEA0CC66A29AB0B41221A97D4 "
+  "148.251.23.105:9131 4FD213ABF97101D4AE3A63CB602F4C09BD71EAEC",
+"AnyoneHel3bStage orport=9102 "
+  "v3ident=3413AAEBAFC6EC4D6DEB7482BED5A302771F06FD "
+  "65.21.12.154:9131 94421420BAEC4F35E6C1B257B87D5397FC77C3C2",
+"AnyoneHel2cStage orport=9103 "
+  "v3ident=C0B51A0BDB0FC484DB2F4DBDBFCB2548D7F51452 "
+  "148.251.23.105:9132 468F3D7ACB8F57B6450154BB18DB4E4D4C4E8FE8",
+"AnyoneHel3cStage orport=9103 "
+  "v3ident=F279D7110816AD4274BDF63834376340D604EC9F "
+  "65.21.12.154:9132 E33E6491E3856683B1B0F6E31940C536B80E1485",