From f98525f127d909284507f37be5ec4e77857bde9a Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Wed, 7 Aug 2024 14:46:42 +0200 Subject: [PATCH 01/12] Prepare new stage DA addresses and fingerprints --- .gitignore | 1 + operations/anon-da-node-stage.hcl | 22 ++++++++-------- operations/run-gen-upload-cert.sh | 42 +++++++++++++++++++----------- src/app/config/auth_dirs_stage.inc | 18 ++++++------- 4 files changed, 48 insertions(+), 35 deletions(-) diff --git a/.gitignore b/.gitignore index 96b2b10ffb..314c263e73 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Operations /operations/da* +/operations/stage-da* # Editor droppings \#*\# .#* diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index 35772c2809..bbe96d979a 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -1,6 +1,6 @@ #TODO: use templating to avoid copypaste -job "ator-dir-auth-stage" { +job "dir-auth-stage" { datacenters = ["ator-fin"] type = "service" namespace = "ator-network" @@ -11,25 +11,26 @@ job "ator-dir-auth-stage" { spread { attribute = "${node.unique.id}" weight = 100 - target "067a42a8-d8fe-8b19-5851-43079e0eabb4" { + target "c8e55509-a756-0aa7-563b-9665aa4915ab" { percent = 34 } - target "16be0723-edc1-83c4-6c02-193d96ec308a" { + target "c2adc610-6316-cd9d-c678-cda4b0080b52" { percent = 33 } - target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" { + target "4aa61f61-893a-baf4-541b-870e99ac4839" { percent = 33 } } network { + mode = "bridge" + port "orport" { static = 9101 } port "dirport" { static = 9130 } - } volume "dir-auth-stage" { @@ -73,8 +74,8 @@ job "ator-dir-auth-stage" { } resources { - cpu = 256 - memory = 256 + cpu = 2560 + memory = 2560 } template { @@ -143,11 +144,10 @@ V3AuthoritativeDirectory 1 Address {{ key (env "node.unique.id" | printf "ator-network/stage/dir-auth-%s/public_ipv4") }} # Port to advertise for incoming Tor connections. -ORPort 9101 # common ports are 9101, 443 -#ORPort 1.1.1.1:9001 +ORPort {{ env `NOMAD_PORT_orport` }} # Mirror directory information for others (optional, not used on bridge) -DirPort 9130 # common ports are 9130, 80 +DirPort {{ env `NOMAD_PORT_dirport` }} # Run Tor only as a server (no local applications) SocksPort 0 @@ -184,7 +184,7 @@ V3BandwidthsFile /var/lib/sbws/v3bw/latest.v3bw port = "dirport" tags = ["logging"] check { - name = "dir auth alive" + name = "dir auth stage alive" type = "tcp" interval = "10s" timeout = "10s" diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh index 512af4d396..5eb21faeac 100644 --- a/operations/run-gen-upload-cert.sh +++ b/operations/run-gen-upload-cert.sh @@ -3,22 +3,30 @@ # consul env: CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_CACERT # STAGE by default in scripts -bash gencert.sh da1 49.13.145.234 ATORDAeucstage -bash gencert.sh da2 5.161.108.187 ATORDAusestage -bash gencert.sh da3 5.78.90.106 ATORDAuswstage -bash gencert.sh da4 5.161.228.187 AnyoneAshLive -bash gencert.sh da5 5.78.94.15 AnyoneHilLive -bash gencert.sh da6 95.216.32.105 AnyoneHelLive -bash gencert.sh da7 176.9.29.53 AnyoneFalLive +# bash gencert.sh da1 49.13.145.234 ATORDAeucstage +# bash gencert.sh da2 5.161.108.187 ATORDAusestage +# bash gencert.sh da3 5.78.90.106 ATORDAuswstage +# bash gencert.sh da4 5.161.228.187 AnyoneAshLive +# bash gencert.sh da5 5.78.94.15 AnyoneHilLive +# bash gencert.sh da6 95.216.32.105 AnyoneHelLive +# bash gencert.sh da7 176.9.29.53 AnyoneFalLive + +bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage +bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage +bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage # Check/update script for phase -bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage -bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage -bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage -bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive -bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive -bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive -bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive +# bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage +# bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage +# bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage +# bash uploadcert.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 5.161.228.187 AnyoneAshLive +# bash uploadcert.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 5.78.94.15 AnyoneHilLive +# bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive +# bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive + +bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzStage +bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive +bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive # mind the phase.... and by default only checks curl output # Move DA folders and script to server, login, run script @@ -29,4 +37,8 @@ bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFa # bash uploadsecrets.sh da4 5ace4a92-63c4-ac72-3ed1-e4485fa0d4a4 # bash uploadsecrets.sh da5 eb42c498-e7a8-415f-14e9-31e9e71e5707 # bash uploadsecrets.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 -# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 \ No newline at end of file +# bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 + +bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab +bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 +bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 \ No newline at end of file diff --git a/src/app/config/auth_dirs_stage.inc b/src/app/config/auth_dirs_stage.inc index e1a2db5f7a..81220f266a 100644 --- a/src/app/config/auth_dirs_stage.inc +++ b/src/app/config/auth_dirs_stage.inc @@ -1,9 +1,9 @@ -"ATORDAeucdev orport=9101 " - "v3ident=41609568DC029CCE0401B96CC2151535239E9A09 " - "49.13.145.234:9130 40E6B58C1BAD7572339201BE90818B406B3EED78", -"ATORDAusedev orport=9101 " - "v3ident=F59C1E996A103A4A1AD40520E5C8FF7BA9F7D4C7 " - "5.161.108.187:9130 0C4B4C71F531E9B3A7CB0B1D80D48371FB24AB59", -"ATORDAuswdev orport=9101 " - "v3ident=49E23B5D623ABFC8643B613504DBD8EBDDD02000 " - "5.78.90.106:9130 D1DC16BF9FE118E5A6C8D392993B1FB3673849BF", +"AnyoneDmzStage orport=9101 " + "v3ident=3368A4DB07FB4E76ABF72CCDF642F5659F48C378 " + "88.99.219.105:9130 81B9A6ACF2EE2717390F258C3E291BD7F3D80E34", +"AnyoneFalStage orport=9101 " + "v3ident=D5BFA1848F92CFD4A1F611984F11F282A04E54DE " + "176.9.29.53:9130 6A26840B4C58BEE44CF96C25A83CC84888B7AEC6", +"AnyoneHelStage orport=9101 " + "v3ident=34B71192F29063F70A2C5A7B3D39741F2C954191 " + "95.216.32.105:9130 0AC22EC8DC71A1EA4C78472A9A00F1F524C7C497", From d9f56cfe89b5e6d266a6ff90aeae42d2743a14ff Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:08:32 +0200 Subject: [PATCH 02/12] Update stage deploy workflow IPs --- .github/workflows/stage-build-and-deploy.yml | 6 +++--- .github/workflows/stage-deploy.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml index dc89ed9eaa..760ec7e2b9 100644 --- a/.github/workflows/stage-build-and-deploy.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -9,9 +9,9 @@ on: env: image-name: ghcr.io/ator-development/ator-protocol-stage image-tag: ${{ github.sha }} - da-1-hc-url: http://49.13.145.234:9130/tor/status-vote/current/consensus - da-2-hc-url: http://5.161.108.187:9130/tor/status-vote/current/consensus - da-3-hc-url: http://5.78.90.106:9130/tor/status-vote/current/consensus + da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus + da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus + da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus jobs: build-and-push: diff --git a/.github/workflows/stage-deploy.yml b/.github/workflows/stage-deploy.yml index 15460129e5..54d7201977 100644 --- a/.github/workflows/stage-deploy.yml +++ b/.github/workflows/stage-deploy.yml @@ -7,9 +7,9 @@ on: env: image-name: ghcr.io/ator-development/ator-protocol-stage image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }} - da-1-hc-url: http://49.13.145.234:9130/tor/status-vote/current/consensus - da-2-hc-url: http://5.161.108.187:9130/tor/status-vote/current/consensus - da-3-hc-url: http://5.78.90.106:9130/tor/status-vote/current/consensus + da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus + da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus + da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus jobs: push: From 7dc1a6d66a8a2041329ac364c3cfe7864d12dd0f Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Wed, 7 Aug 2024 18:11:04 +0200 Subject: [PATCH 03/12] Remove test against old dev DA --- src/test/test_bwmgt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/test_bwmgt.c b/src/test/test_bwmgt.c index 5e5c56569a..1034340f5e 100644 --- a/src/test/test_bwmgt.c +++ b/src/test/test_bwmgt.c @@ -402,10 +402,10 @@ test_bwmgt_dir_conn_global_write_low(void *arg) /* Now, lets try with a connection address from ATORDAeucdev. It should * always pass even though our limit is too low. */ - addr_family = tor_addr_parse(&conn->addr, "49.13.145.234"); - tt_int_op(addr_family, OP_EQ, AF_INET); - ret = connection_dir_is_global_write_low(conn, INT_MAX); - tt_int_op(ret, OP_EQ, 0); + // addr_family = tor_addr_parse(&conn->addr, "49.13.145.234"); + // tt_int_op(addr_family, OP_EQ, AF_INET); + // ret = connection_dir_is_global_write_low(conn, INT_MAX); + // tt_int_op(ret, OP_EQ, 0); /* IPv6 testing of ATORDAeucdev. */ // TODO(ator): uncoment once we have DA with ipv6 From 68a80086cd1366f02437738c2f4651017c411f84 Mon Sep 17 00:00:00 2001 From: Saundr21 Date: Sun, 11 Aug 2024 03:06:23 +0100 Subject: [PATCH 04/12] Prepare increase in stage DAs --- .github/workflows/stage-build-and-deploy.yml | 4 + .github/workflows/stage-deploy.yml | 4 + operations/anon-da-node-stage.hcl | 421 ++++++++++++++++--- 3 files changed, 370 insertions(+), 59 deletions(-) diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml index 760ec7e2b9..c3dca8a379 100644 --- a/.github/workflows/stage-build-and-deploy.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -12,6 +12,10 @@ env: da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus + da-4-hc-url: http://176.9.29.53:9131/tor/status-vote/current/consensus + da-5-hc-url: http://176.9.29.53:9132/tor/status-vote/current/consensus + da-6-hc-url: http://95.216.32.105:9131/tor/status-vote/current/consensus + da-7-hc-url: http://95.216.32.105:9132/tor/status-vote/current/consensus jobs: build-and-push: diff --git a/.github/workflows/stage-deploy.yml b/.github/workflows/stage-deploy.yml index 54d7201977..82f8d84fee 100644 --- a/.github/workflows/stage-deploy.yml +++ b/.github/workflows/stage-deploy.yml @@ -10,6 +10,10 @@ env: da-1-hc-url: http://88.99.219.105:9130/tor/status-vote/current/consensus da-2-hc-url: http://176.9.29.53:9130/tor/status-vote/current/consensus da-3-hc-url: http://95.216.32.105:9130/tor/status-vote/current/consensus + da-4-hc-url: http://176.9.29.53:9131/tor/status-vote/current/consensus + da-5-hc-url: http://176.9.29.53:9132/tor/status-vote/current/consensus + da-6-hc-url: http://95.216.32.105:9131/tor/status-vote/current/consensus + da-7-hc-url: http://95.216.32.105:9132/tor/status-vote/current/consensus jobs: push: diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index bbe96d979a..b30be5d4c0 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -1,30 +1,66 @@ -#TODO: use templating to avoid copypaste - job "dir-auth-stage" { datacenters = ["ator-fin"] type = "service" namespace = "ator-network" - group "dir-auth-stage-group" { - count = 3 + meta { + anonrc_template = < Date: Mon, 12 Aug 2024 12:16:12 +0200 Subject: [PATCH 05/12] Adds certgen commands for stage --- operations/run-gen-upload-cert.sh | 34 +++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh index 5eb21faeac..50b57d374d 100644 --- a/operations/run-gen-upload-cert.sh +++ b/operations/run-gen-upload-cert.sh @@ -3,6 +3,8 @@ # consul env: CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_CACERT # STAGE by default in scripts + +## LIVE # bash gencert.sh da1 49.13.145.234 ATORDAeucstage # bash gencert.sh da2 5.161.108.187 ATORDAusestage # bash gencert.sh da3 5.78.90.106 ATORDAuswstage @@ -11,11 +13,18 @@ # bash gencert.sh da6 95.216.32.105 AnyoneHelLive # bash gencert.sh da7 176.9.29.53 AnyoneFalLive +## STAGE bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage +bash gencert.sh stage-da2-fal-2 176.9.29.53 AnyoneFal2Stage +bash gencert.sh stage-da3-hel-2 95.216.32.105 AnyoneHel2Stage +bash gencert.sh stage-da2-fal-3 176.9.29.53 AnyoneFal2Stage +bash gencert.sh stage-da3-hel-3 95.216.32.105 AnyoneHel2Stage + # Check/update script for phase +## LIVE # bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage # bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage # bash uploadcert.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 5.78.90.106 ATORDAuswstage @@ -24,13 +33,20 @@ bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage # bash uploadcert.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive # bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive -bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzStage -bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive -bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelLive +## STAGE +bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 88.99.219.105 AnyoneDmzStage +bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 176.9.29.53 AnyoneFalLive +bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 95.216.32.105 AnyoneHelLive + +bash uploadcert.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 176.9.29.53 AnyoneFalLive +bash uploadcert.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 95.216.32.105 AnyoneHelLive +bash uploadcert.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 176.9.29.53 AnyoneFalLive +bash uploadcert.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 95.216.32.105 AnyoneHelLive # mind the phase.... and by default only checks curl output # Move DA folders and script to server, login, run script +## LIVE # bash uploadsecrets.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 # bash uploadsecrets.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a # bash uploadsecrets.sh da3 e6e0baed-8402-fd5c-7a15-8dd49e7b60d9 @@ -39,6 +55,12 @@ bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32. # bash uploadsecrets.sh da6 4aa61f61-893a-baf4-541b-870e99ac4839 # bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 -bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab -bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 -bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 \ No newline at end of file +## STAGE +bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 +bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 +bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 + +bash uploadsecrets.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 +bash uploadsecrets.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 +bash uploadsecrets.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 +bash uploadsecrets.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9103 \ No newline at end of file From 15dd6154756b6aebd2d43688f140b1213ba1d5cd Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:17:21 +0200 Subject: [PATCH 06/12] Fix auth_cert path --- operations/anon-da-node-stage.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index b30be5d4c0..92efd7df2a 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -117,7 +117,7 @@ EOF template { change_mode = "noop" data = < Date: Mon, 12 Aug 2024 13:44:24 +0200 Subject: [PATCH 07/12] Updates of stage ops scripts --- operations/anon-da-node-stage.hcl | 28 ++++++++++++++-------------- operations/run-gen-upload-cert.sh | 18 +++++++++--------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index 92efd7df2a..c060d522df 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -219,29 +219,29 @@ Nickname {{ key (printf "ator-network/stage/dir-auth-%s-%d/nickname" (env "node. } } - volume "dir-auth-stage-group-2" { + volume "dir-auth-stage-2" { type = "host" read_only = false - source = "dir-auth-stage-group-2" + source = "dir-auth-stage-2" } - volume "sbws-stage-group-2" { + volume "sbws-stage-2" { type = "host" read_only = false - source = "sbws-stage-group-2" + source = "sbws-stage-2" } task "dir-auth-stage-task" { driver = "docker" volume_mount { - volume = "dir-auth-stage-group-2" + volume = "dir-auth-stage-2" destination = "/var/lib/anon/" read_only = false } volume_mount { - volume = "sbws-stage-group-2" + volume = "sbws-stage-2" destination = "/var/lib/sbws/" read_only = false } @@ -267,7 +267,7 @@ Nickname {{ key (printf "ator-network/stage/dir-auth-%s-%d/nickname" (env "node. template { change_mode = "noop" data = < Date: Mon, 12 Aug 2024 13:58:23 +0200 Subject: [PATCH 08/12] Update auth_dirs with new stage instances --- src/app/config/auth_dirs_stage.inc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/app/config/auth_dirs_stage.inc b/src/app/config/auth_dirs_stage.inc index 81220f266a..78d118fb12 100644 --- a/src/app/config/auth_dirs_stage.inc +++ b/src/app/config/auth_dirs_stage.inc @@ -7,3 +7,15 @@ "AnyoneHelStage orport=9101 " "v3ident=34B71192F29063F70A2C5A7B3D39741F2C954191 " "95.216.32.105:9130 0AC22EC8DC71A1EA4C78472A9A00F1F524C7C497", +"AnyoneFal2Stage orport=9102 " + "v3ident=D20E95E4FD8D43854669F2287A947F2986E11865 " + "176.9.29.53:9131 9C272EBF3DB8EDC626C1AD8D70B2DE86E516BF0B", +"AnyoneHel2Stage orport=9102 " + "v3ident=87C0401B24D42D2E9B8A936A90FCA49B4CCC65B3 " + "95.216.32.105:9131 0AF25C2C41D785D3955B09D9BF88EC000ECDF7A5", +"AnyoneFal3Stage orport=9103 " + "v3ident=610EAE6C20797144AE0F167893B8025519BAAFA4 " + "176.9.29.53:9132 C026936168E1DEE39775921EAE4D38D62AD1C722", +"AnyoneHel3Stage orport=9103 " + "v3ident=A82C2500F24834B9A696E25247DF03B48F3A2D50 " + "95.216.32.105:9132 1C1E478151FBD968D8ACB9E69CAD396E853FF007", From 8efee5006eaec8048047f1d034889fecc6149b96 Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:09:58 +0200 Subject: [PATCH 09/12] Fix typing in stage template --- operations/anon-da-node-stage.hcl | 60 +++++++++++++++---------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index c060d522df..10547f6db2 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -117,50 +117,50 @@ EOF template { change_mode = "noop" data = < Date: Tue, 13 Aug 2024 13:37:47 +0200 Subject: [PATCH 10/12] Migrate dev away from live --- .github/workflows/dev-build-and-deploy.yml | 6 +- .github/workflows/live-build-and-deploy.yml | 6 +- .github/workflows/stage-build-and-deploy.yml | 2 +- .gitignore | 1 + operations/anon-da-node-dev.hcl | 10 +-- operations/run-gen-upload-cert.sh | 69 +++++++++++++------- operations/uploadcert.sh | 14 ++-- 7 files changed, 67 insertions(+), 41 deletions(-) diff --git a/.github/workflows/dev-build-and-deploy.yml b/.github/workflows/dev-build-and-deploy.yml index 55a4ab4f51..8cd208acb5 100644 --- a/.github/workflows/dev-build-and-deploy.yml +++ b/.github/workflows/dev-build-and-deploy.yml @@ -9,9 +9,9 @@ on: env: image-name: ghcr.io/ator-development/ator-protocol-dev image-tag: ${{ github.sha }} - da-1-hc-url: http://49.13.145.234:9030/tor/status-vote/current/consensus - da-2-hc-url: http://5.161.108.187:9030/tor/status-vote/current/consensus - da-3-hc-url: http://5.78.90.106:9030/tor/status-vote/current/consensus + da-1-hc-url: http://88.99.219.105:9030/tor/status-vote/current/consensus + da-2-hc-url: http://176.9.29.53:9030/tor/status-vote/current/consensus + da-3-hc-url: http://95.216.32.105:9030/tor/status-vote/current/consensus jobs: build-and-push: diff --git a/.github/workflows/live-build-and-deploy.yml b/.github/workflows/live-build-and-deploy.yml index 389259034e..241e2604b2 100644 --- a/.github/workflows/live-build-and-deploy.yml +++ b/.github/workflows/live-build-and-deploy.yml @@ -12,6 +12,10 @@ env: da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus da-3-hc-url: http://5.78.90.106:9230/tor/status-vote/current/consensus + da-4-hc-url: http://5.161.228.187:9230/tor/status-vote/current/consensus + da-5-hc-url: http://5.78.94.15:9230/tor/status-vote/current/consensus + da-6-hc-url: http://95.216.32.105:9230/tor/status-vote/current/consensus + da-7-hc-url: http://176.9.29.53:9230/tor/status-vote/current/consensus jobs: build-and-push: @@ -66,7 +70,7 @@ jobs: with: image-tag: ${{ env.image-tag }} nomad-job-file: anon-da-node-live.hcl - health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" + health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}|${{ env.da-4-hc-url }}|${{ env.da-5-hc-url }}|${{ env.da-6-hc-url }}|${{ env.da-7-hc-url }}" nomad-cacert: operations/admin-ui-ca.crt nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml index c3dca8a379..19081625c9 100644 --- a/.github/workflows/stage-build-and-deploy.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -70,7 +70,7 @@ jobs: with: image-tag: ${{ env.image-tag }} nomad-job-file: anon-da-node-stage.hcl - health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" + health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}|${{ env.da-4-hc-url }}|${{ env.da-5-hc-url }}|${{ env.da-6-hc-url }}|${{ env.da-7-hc-url }}" nomad-cacert: operations/admin-ui-ca.crt nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} diff --git a/.gitignore b/.gitignore index 314c263e73..f33ae90895 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # Operations /operations/da* /operations/stage-da* +/operations/dev-da* # Editor droppings \#*\# .#* diff --git a/operations/anon-da-node-dev.hcl b/operations/anon-da-node-dev.hcl index 931c3547db..1fde293b7c 100644 --- a/operations/anon-da-node-dev.hcl +++ b/operations/anon-da-node-dev.hcl @@ -1,4 +1,4 @@ -job "ator-dir-auth-dev" { +job "dir-auth-dev" { datacenters = ["ator-fin"] type = "service" namespace = "ator-network" @@ -9,13 +9,13 @@ job "ator-dir-auth-dev" { spread { attribute = "${node.unique.id}" weight = 100 - target "067a42a8-d8fe-8b19-5851-43079e0eabb4" { + target "c8e55509-a756-0aa7-563b-9665aa4915ab" { percent = 34 } - target "16be0723-edc1-83c4-6c02-193d96ec308a" { + target "c2adc610-6316-cd9d-c678-cda4b0080b52" { percent = 33 } - target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" { + target "4aa61f61-893a-baf4-541b-870e99ac4839" { percent = 33 } } @@ -183,7 +183,7 @@ V3BandwidthsFile /var/lib/sbws/v3bw/latest.v3bw port = "dirport" tags = ["logging"] check { - name = "dir auth alive" + name = "dir-auth-dev-alive" type = "tcp" interval = "10s" timeout = "10s" diff --git a/operations/run-gen-upload-cert.sh b/operations/run-gen-upload-cert.sh index 244dbc4a93..ada9bce0df 100644 --- a/operations/run-gen-upload-cert.sh +++ b/operations/run-gen-upload-cert.sh @@ -1,9 +1,10 @@ # Requirements: # access to: consul, vault # consul env: CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_CACERT - # STAGE by default in scripts +### -- STEP 1 --- + ## LIVE # bash gencert.sh da1 49.13.145.234 ATORDAeucstage # bash gencert.sh da2 5.161.108.187 ATORDAusestage @@ -14,16 +15,24 @@ # bash gencert.sh da7 176.9.29.53 AnyoneFalLive ## STAGE -bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage -bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage -bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage +# bash gencert.sh stage-da1-dmz 88.99.219.105 AnyoneDmzStage +# bash gencert.sh stage-da2-fal 176.9.29.53 AnyoneFalStage +# bash gencert.sh stage-da3-hel 95.216.32.105 AnyoneHelStage + +# bash gencert.sh stage-da2-fal-2 176.9.29.53 AnyoneFal2Stage +# bash gencert.sh stage-da3-hel-2 95.216.32.105 AnyoneHel2Stage +# bash gencert.sh stage-da2-fal-3 176.9.29.53 AnyoneFal3Stage +# bash gencert.sh stage-da3-hel-3 95.216.32.105 AnyoneHel3Stage -bash gencert.sh stage-da2-fal-2 176.9.29.53 AnyoneFal2Stage -bash gencert.sh stage-da3-hel-2 95.216.32.105 AnyoneHel2Stage -bash gencert.sh stage-da2-fal-3 176.9.29.53 AnyoneFal3Stage -bash gencert.sh stage-da3-hel-3 95.216.32.105 AnyoneHel3Stage +## DEV +bash gencert.sh dev-da1-dmz 88.99.219.105 AnyoneDmzDev +bash gencert.sh dev-da2-fal 176.9.29.53 AnyoneFalDev +bash gencert.sh dev-da3-hel 95.216.32.105 AnyoneHelDev + +### -- STEP 2 --- # Check/update script for phase + ## LIVE # bash uploadcert.sh da1 067a42a8-d8fe-8b19-5851-43079e0eabb4 49.13.145.234 ATORDAeucstage # bash uploadcert.sh da2 16be0723-edc1-83c4-6c02-193d96ec308a 5.161.108.187 ATORDAusestage @@ -34,16 +43,23 @@ bash gencert.sh stage-da3-hel-3 95.216.32.105 AnyoneHel3Stage # bash uploadcert.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalLive ## STAGE -bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 88.99.219.105 AnyoneDmzStage -bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 176.9.29.53 AnyoneFalLive -bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 95.216.32.105 AnyoneHelLive +# bash uploadcert.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 88.99.219.105 AnyoneDmzStage +# bash uploadcert.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 176.9.29.53 AnyoneFalStage +# bash uploadcert.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 95.216.32.105 AnyoneHelStage -bash uploadcert.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 176.9.29.53 AnyoneFal2Live -bash uploadcert.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 95.216.32.105 AnyoneHel2Live -bash uploadcert.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 176.9.29.53 AnyoneFal3Live -bash uploadcert.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 95.216.32.105 AnyoneHel3Live +# bash uploadcert.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 176.9.29.53 AnyoneFal2Stage +# bash uploadcert.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 95.216.32.105 AnyoneHel2Stage +# bash uploadcert.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 176.9.29.53 AnyoneFal3Stage +# bash uploadcert.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 95.216.32.105 AnyoneHel3Stage -# mind the phase.... and by default only checks curl output +## DEV +bash uploadcert.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab 88.99.219.105 AnyoneDmzDev +bash uploadcert.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 176.9.29.53 AnyoneFalDev +bash uploadcert.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 95.216.32.105 AnyoneHelDev + + +### -- STEP 3 --- +# mind the phase.... # Move DA folders and script to server, login, run script ## LIVE @@ -56,11 +72,16 @@ bash uploadcert.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 95. # bash uploadsecrets.sh da7 c2adc610-6316-cd9d-c678-cda4b0080b52 ## STAGE -bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 -bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 -bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 - -bash uploadsecrets.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 -bash uploadsecrets.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 -bash uploadsecrets.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 -bash uploadsecrets.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 \ No newline at end of file +# bash uploadsecrets.sh stage-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab-9101 +# bash uploadsecrets.sh stage-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52-9101 +# bash uploadsecrets.sh stage-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839-9101 + +# bash uploadsecrets.sh stage-da2-fal-2 c2adc610-6316-cd9d-c678-cda4b0080b52-9102 +# bash uploadsecrets.sh stage-da3-hel-2 4aa61f61-893a-baf4-541b-870e99ac4839-9102 +# bash uploadsecrets.sh stage-da2-fal-3 c2adc610-6316-cd9d-c678-cda4b0080b52-9103 +# bash uploadsecrets.sh stage-da3-hel-3 4aa61f61-893a-baf4-541b-870e99ac4839-9103 + +## DEV +bash uploadsecrets.sh dev-da1-dmz c8e55509-a756-0aa7-563b-9665aa4915ab +bash uploadsecrets.sh dev-da2-fal c2adc610-6316-cd9d-c678-cda4b0080b52 +bash uploadsecrets.sh dev-da3-hel 4aa61f61-893a-baf4-541b-870e99ac4839 \ No newline at end of file diff --git a/operations/uploadcert.sh b/operations/uploadcert.sh index 21c7dfe962..7b6a577d78 100644 --- a/operations/uploadcert.sh +++ b/operations/uploadcert.sh @@ -1,10 +1,10 @@ #arguments folder node-id ip nickname -consul kv put ator-network/stage/dir-auth-$2/authority_certificate "$(cat $1/tor-data/keys/authority_certificate)" -consul kv put ator-network/stage/dir-auth-$2/ed25519_master_id_public_key_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_master_id_public_key)" -consul kv put ator-network/stage/dir-auth-$2/ed25519_signing_cert_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_signing_cert)" -consul kv put ator-network/stage/dir-auth-$2/fingerprint "$(cat $1/tor-data/fingerprint)" -consul kv put ator-network/stage/dir-auth-$2/fingerprint-ed25519 "$(cat $1/tor-data/fingerprint-ed25519)" -consul kv put ator-network/stage/dir-auth-$2/nickname "$4" -consul kv put ator-network/stage/dir-auth-$2/public_ipv4 "$3" +consul kv put ator-network/dev/dir-auth-$2/authority_certificate "$(cat $1/tor-data/keys/authority_certificate)" +consul kv put ator-network/dev/dir-auth-$2/ed25519_master_id_public_key_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_master_id_public_key)" +consul kv put ator-network/dev/dir-auth-$2/ed25519_signing_cert_base64 "$(base64 -w 0 $1/tor-data/keys/ed25519_signing_cert)" +consul kv put ator-network/dev/dir-auth-$2/fingerprint "$(cat $1/tor-data/fingerprint)" +consul kv put ator-network/dev/dir-auth-$2/fingerprint-ed25519 "$(cat $1/tor-data/fingerprint-ed25519)" +consul kv put ator-network/dev/dir-auth-$2/nickname "$4" +consul kv put ator-network/dev/dir-auth-$2/public_ipv4 "$3" From fee10ff6226718197abdb8c29f95bf85921a11ec Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:43:22 +0200 Subject: [PATCH 11/12] Update dev DA include --- src/app/config/auth_dirs_dev.inc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/app/config/auth_dirs_dev.inc b/src/app/config/auth_dirs_dev.inc index c7be6dc5ac..7ca34644b3 100644 --- a/src/app/config/auth_dirs_dev.inc +++ b/src/app/config/auth_dirs_dev.inc @@ -1,9 +1,9 @@ -"ATORDAeucdev orport=9001 " - "v3ident=4ECBB2E310BEE9D3E840F569747CFB55DEB6B00F " - "49.13.145.234:9030 7652FE7D5B120F1D6A747FF11FF2F423C6428789", -"ATORDAusedev orport=9001 " - "v3ident=5CECD90F9BF611E5010F718FC0FC12C1B470B746 " - "5.161.108.187:9030 108915505A15CAF5DF9DDEC3FCB498953419D1F9", -"ATORDAuswdev orport=9001 " - "v3ident=A6BFD7BA6F41883E044B5429788FFA4E47DD1257 " - "5.78.90.106:9030 54FC95706E969D4FC46974439D1D698AD1C84B64", +"AnyoneDmzDev orport=9001 " + "v3ident=B4962270303E4566EF7326A0B3E57FE32EC0859E " + "88.99.219.105:9030 148206F447039632ACC1BFE35C57E6106CF6E5E3", +"AnyoneFalDev orport=9001 " + "v3ident=7C8C4C3BB0A20AFFC82BB483950A6520B8B1930B " + "176.9.29.53:9030 4B509397F5D55A8DEE015AAE062F787182A90849", +"AnyoneHelDev orport=9001 " + "v3ident=D00F551C2E6084AA23B685B32C398CF00969DF27 " + "95.216.32.105:9030 A4B75BC005B7211F0A2E3DEA479D631BEF30CA8C", From 2874d7ced7100184985fa8d21bae7d833921887b Mon Sep 17 00:00:00 2001 From: kanshi <46557+kanshi@users.noreply.github.com> Date: Tue, 13 Aug 2024 14:45:38 +0200 Subject: [PATCH 12/12] Reenable test against dev/dmz --- src/test/test_bwmgt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/test_bwmgt.c b/src/test/test_bwmgt.c index 1034340f5e..2949003f00 100644 --- a/src/test/test_bwmgt.c +++ b/src/test/test_bwmgt.c @@ -402,10 +402,10 @@ test_bwmgt_dir_conn_global_write_low(void *arg) /* Now, lets try with a connection address from ATORDAeucdev. It should * always pass even though our limit is too low. */ - // addr_family = tor_addr_parse(&conn->addr, "49.13.145.234"); - // tt_int_op(addr_family, OP_EQ, AF_INET); - // ret = connection_dir_is_global_write_low(conn, INT_MAX); - // tt_int_op(ret, OP_EQ, 0); + addr_family = tor_addr_parse(&conn->addr, "88.99.219.105"); + tt_int_op(addr_family, OP_EQ, AF_INET); + ret = connection_dir_is_global_write_low(conn, INT_MAX); + tt_int_op(ret, OP_EQ, 0); /* IPv6 testing of ATORDAeucdev. */ // TODO(ator): uncoment once we have DA with ipv6