ATOR-173 - Add volume and network

docker/relay/anonrc

@@ -7,4 +7,13 @@ DataDirectory /var/lib/anon
 ControlPort 0.0.0.0:9051
 HashedControlPassword 16:3ACE689A3BC1B7D06025EA6BC9CB1C9B99EB21FE4877ECD803E6EAD9BE
 
+SocksPort auto
+SafeLogging 1
+UseEntryGuards 0
+ProtocolWarnings 1
+FetchDirInfoEarly 1
+LogTimeGranularity 1
+UseMicrodescriptors 0
+FetchDirInfoExtraEarly 1
 FetchUselessDescriptors 1
+LearnCircuitBuildTimeout 0

docker/scanner/.sbws.ini

@@ -19,7 +19,7 @@ foo = on
 
 [destinations.foo]
 # the domain and path to the 1GB file or POST URL.
-url = http://5.78.90.106:8888/1GiB
+url = http://5.78.90.106:9077/1GiB
 # Whether to verify or not the TLS certificate. Default True
 verify = False
 # ISO 3166-1 alpha-2 country code where the Web server destination is located.

operations/deploy-dev.hcl

@@ -4,21 +4,41 @@ job "sbws-dev" {
   namespace   = "ator-network"
 
   group "sbws-dev-group" {
-    count = 1
+    count = 3
 
-#    volume "dir-auth-dev" {
-#      type      = "host"
-#      read_only = false
-#      source    = "dir-auth-dev"
-#    }
+    spread {
+      attribute = "${node.unique.id}"
+      weight    = 100
+      target "067a42a8-d8fe-8b19-5851-43079e0eabb4" {
+        percent = 34
+      }
+      target "16be0723-edc1-83c4-6c02-193d96ec308a" {
+        percent = 33
+      }
+      target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" {
+        percent = 33
+      }
+    }
+
+    volume "dir-auth-dev" {
+      type      = "host"
+      read_only = false
+      source    = "dir-auth-dev"
+    }
 
     network {
-      #      mode = "bridge"
+      mode = "bridge"
+
       port "http-port" {
-        static = 8888
+        static = 9077
         to     = 80
         #        host_network = "wireguard"
       }
+
+      port "control-port" {
+        static = 9051
+        host_network = "wireguard"
+      }
     }
 
     ephemeral_disk {
@@ -29,12 +49,6 @@ job "sbws-dev" {
     task "sbws-relay-dev-task" {
       driver = "docker"
 
-#      volume_mount {
-#        volume      = "anon-check-data"
-#        destination = "/var/lib/anon"
-#        read_only   = false
-#      }
-
       config {
         image      = "svforte/anon-dev"
         force_pull = true
@@ -57,30 +71,44 @@ Nickname AnonSBWS
 
 DataDirectory /var/lib/anon
 
-ControlPort 0.0.0.0:9051
-HashedControlPassword 16:3ACE689A3BC1B7D06025EA6BC9CB1C9B99EB21FE4877ECD803E6EAD9BE
+ControlPort {{ env `NOMAD_PORT_control_port` }}
 
+SocksPort auto
+SafeLogging 1
+UseEntryGuards 0
+ProtocolWarnings 1
+FetchDirInfoEarly 1
+LogTimeGranularity 1
+UseMicrodescriptors 0
+FetchDirInfoExtraEarly 1
 FetchUselessDescriptors 1
+LearnCircuitBuildTimeout 0
         EOH
         destination = "local/anonrc"
       }
+
+      service {
+        name     = "sbws-relay-dev"
+        provider = "nomad"
+        tags     = ["sbws"]
+        port     = "control-port"
+      }
     }
 
     task "sbws-scanner-dev-task" {
       driver = "docker"
 
-      #      volume_mount {
-      #         volume      = "sbws-data"
-      #         destination = "/srv/sbws/data"
-      #         read_only   = false
-      #      }
+      volume_mount {
+        volume      = "dir-auth-dev"
+        destination = "/root/.sbws"
+        read_only   = false
+      }
 
       config {
         image   = "svforte/sbws-scanner:latest-dev"
         force_pull = true
         volumes = [
-          "local/.sbws.ini:/root/.sbws.ini:ro",
-          "local/data:/root/.sbws"
+          "local/.sbws.ini:/root/.sbws.ini:ro"
         ]
       }
 
@@ -96,7 +124,7 @@ FetchUselessDescriptors 1
 [scanner]
 # ISO 3166-1 alpha-2 country code where the scanner is located.
 # Default AA, to detect it was not edited.
-country = DE
+country = ZZ
 # A human-readable string with chars in a-zA-Z0-9 to identify the dirauth
 # nickname that will publish the BandwidthFiles generated from this scanner.
 # Default to a non existing dirauth_nickname to detect it was not edited.
@@ -108,7 +136,7 @@ dest = on
 
 [destinations.dest]
 # the domain and path to the 1GB file.
-url = http://5.78.90.106:8888/1GiB
+url = http://{{ env `NOMAD_HOST_ADDR_http-port` }}/1GiB
 # Whether to verify or not the TLS certificate. Default True.
 verify = False
 # ISO 3166-1 alpha-2 country code where the Web server destination is located.
@@ -117,8 +145,8 @@ verify = False
 country = ZZ
 
 [tor]
-external_control_ip = 127.0.0.1
-external_control_port = 9051
+external_control_ip = {{ env `NOMAD_IP_control_port` }}
+external_control_port = {{ env `NOMAD_PORT_control_port` }}
         EOH
         destination = "local/.sbws.ini"
       }
@@ -128,12 +156,6 @@ external_control_port = 9051
     task "sbws-destination-dev-task" {
       driver = "docker"
 
-      #      volume_mount {
-      #        volume      = "sbws-data"
-      #        destination = "/var/www/sbws-destination/data"
-      #        read_only   = true
-      #      }
-
       config {
         image   = "svforte/sbws-destination:latest-dev"
         force_pull = true

operations/deploy-stage.hcl

@@ -4,48 +4,111 @@ job "sbws-stage" {
   namespace   = "ator-network"
 
   group "sbws-stage-group" {
-    count = 1
+    count = 3
 
-    #    volume "sbws-data" {
-    #       type      = "host"
-    #       read_only = false
-    #       source    = "sbws-stage"
-    #    }
+    spread {
+      attribute = "${node.unique.id}"
+      weight    = 100
+      target "067a42a8-d8fe-8b19-5851-43079e0eabb4" {
+        percent = 34
+      }
+      target "16be0723-edc1-83c4-6c02-193d96ec308a" {
+        percent = 33
+      }
+      target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" {
+        percent = 33
+      }
+    }
+
+    volume "dir-auth-stage" {
+      type      = "host"
+      read_only = false
+      source    = "dir-auth-stage"
+    }
 
     network {
-      #      mode = "bridge"
+      mode = "bridge"
+
       port "http-port" {
-        static = 9888
+        static = 9177
         to     = 80
         #        host_network = "wireguard"
       }
+
+      port "control-port" {
+        static = 9051
+        host_network = "wireguard"
+      }
     }
 
     ephemeral_disk {
       migrate = true
       sticky  = true
     }
 
-    task "sbws-scanner-stage-task" {
+    task "sbws-relay-stage-task" {
       driver = "docker"
 
-      #      env {
-      #        LOGBASE = "data/logs"
-      #      }
+      config {
+        image      = "svforte/anon-stage"
+        force_pull = true
+        volumes    = [
+          "local/anonrc:/etc/anon/anonrc"
+        ]
+      }
+
+      resources {
+        cpu    = 256
+        memory = 256
+      }
+
+      template {
+        change_mode = "noop"
+        data        = <<EOH
+User anond
+
+Nickname AnonSBWS
+
+DataDirectory /var/lib/anon
+
+ControlPort {{ env `NOMAD_PORT_control_port` }}
+
+SocksPort auto
+SafeLogging 1
+UseEntryGuards 0
+ProtocolWarnings 1
+FetchDirInfoEarly 1
+LogTimeGranularity 1
+UseMicrodescriptors 0
+FetchDirInfoExtraEarly 1
+FetchUselessDescriptors 1
+LearnCircuitBuildTimeout 0
+        EOH
+        destination = "local/anonrc"
+      }
+
+      service {
+        name     = "sbws-relay-stage"
+        provider = "nomad"
+        tags     = ["sbws"]
+        port     = "control-port"
+      }
+    }
 
-      #      volume_mount {
-      #         volume      = "sbws-data"
-      #         destination = "/srv/sbws/data"
-      #         read_only   = false
-      #      }
+    task "sbws-scanner-stage-task" {
+      driver = "docker"
+
+      volume_mount {
+        volume      = "dir-auth-stage"
+        destination = "/root/.sbws"
+        read_only   = false
+      }
 
       config {
-        image   = "svforte/sbws-scanner:latest"
+        image   = "svforte/sbws-scanner"
         force_pull = true
         volumes = [
-          "local/.sbws.ini:/root/.sbws.ini:ro",
-          "local/anonrc:/etc/anon/anonrc:ro",
-          "local/data:/root/.sbws"
+          "local/.sbws.ini:/root/.sbws.ini:ro"
         ]
       }
 
@@ -61,7 +124,7 @@ job "sbws-stage" {
 [scanner]
 # ISO 3166-1 alpha-2 country code where the scanner is located.
 # Default AA, to detect it was not edited.
-country = DE
+country = ZZ
 # A human-readable string with chars in a-zA-Z0-9 to identify the dirauth
 # nickname that will publish the BandwidthFiles generated from this scanner.
 # Default to a non existing dirauth_nickname to detect it was not edited.
@@ -73,7 +136,7 @@ dest = on
 
 [destinations.dest]
 # the domain and path to the 1GB file.
-url = http://5.78.90.106:9888/1GiB
+url = http://{{ env `NOMAD_HOST_ADDR_http-port` }}/1GiB
 # Whether to verify or not the TLS certificate. Default True.
 verify = False
 # ISO 3166-1 alpha-2 country code where the Web server destination is located.
@@ -82,35 +145,19 @@ verify = False
 country = ZZ
 
 [tor]
-control_socket = /var/lib/anon/control
+external_control_ip = {{ env `NOMAD_IP_control_port` }}
+external_control_port = {{ env `NOMAD_PORT_control_port` }}
         EOH
         destination = "local/.sbws.ini"
       }
 
-      template {
-        change_mode = "noop"
-        data        = <<EOH
-User debian-anon
-DataDirectory /var/lib/anon
-ControlSocket /var/lib/anon/control
-Nickname AnonSBWS
-FetchUselessDescriptors 1
-        EOH
-        destination = "local/anonrc"
-      }
     }
 
     task "sbws-destination-stage-task" {
       driver = "docker"
 
-      #      volume_mount {
-      #        volume      = "sbws-data"
-      #        destination = "/var/www/sbws-destination/data"
-      #        read_only   = true
-      #      }
-
       config {
-        image   = "svforte/sbws-destination:latest"
+        image   = "svforte/sbws-destination"
         force_pull = true
         volumes = [
           "local/nginx-sbws:/etc/nginx/conf.d/default.conf:ro"