ss/sovereign-stack
ss/sovereign-stack
1
1
Fork 1
Code Releases Activity

Compare commits

base: ss:03d669750c005895e7e77a5959e0c323265e3139
Branches Tags
ss:incus
ss:master
ss:23.08
ss:v0.1.1
ss:v0.1.0
ss:v0.0.24
ss:v0.0.22
ss:v0.0.21
ss:v0.0.20
ss:list
ss:v0.0.19
ss:v0.0.18
ss:v0.0.17
ss:v0.0.16
ss:v0.0.15
...
compare: ss:f1abfd77af3074392576e3a7ec4325b2143ce720
Branches Tags
ss:incus
ss:master
ss:23.08
ss:v0.1.1
ss:v0.1.0
ss:v0.0.24
ss:v0.0.22
ss:v0.0.21
ss:v0.0.20
ss:list
ss:v0.0.19
ss:v0.0.18
ss:v0.0.17
ss:v0.0.16
ss:v0.0.15

6 Commits
03d669750c ... f1abfd77af

Author SHA1 Message Date
Derek Smith
f1abfd77af
Project Updates. 2023-03-18 18:18:21 -04:00
Derek Smith
de6f078774
Update informational messages and whitespace. 2023-03-18 11:15:07 -04:00
Derek Smith
18fb5a1fe0
Move code block farther down. 2023-03-18 11:14:36 -04:00
Derek Smith
731639bc4b
Add default data plane. 2023-03-18 11:14:01 -04:00
Derek Smith
a3ea78cfe2
Mount management machine .ssh into ss-mgmt 2023-03-18 11:12:14 -04:00
Derek Smith
8aef17fa00
Add jammy image disk caching. 2023-03-18 11:11:12 -04:00
6 changed files with 60 additions and 43 deletions
Show Stats Expand all files Collapse all files

15
defaults.sh
View File

@ -47,7 +47,7 @@ export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
export NEXTCLOUD_SPACE_GB=10
DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
DEFAULT_DB_IMAGE="mariadb:10.11.2-jammy"
# run the docker stack.
@ -100,10 +100,19 @@ export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
export ROOT_DISK_SIZE_GB=20
export REGISTRY_URL="https://index.docker.io/v1/"
export REGISTRY_URL="https://index.docker.io/v1"
export PRIMARY_DOMAIN=
# this is the git commit of the project/ sub git repo.
# used in the migration script to switch into past for backup
# then back to present (TARGET_PROJECT_GIT_COMMIT) for restore.
export TARGET_PROJECT_GIT_COMMIT=c661ac0be91276593f718debe1266e8bab3a3c65
export TARGET_PROJECT_GIT_COMMIT=6a97c0d3f439d71be8242522d440affbe335e406
#
export TESTNET_BLOCK_HASH=00000000d8277ba1ca66b40b3e3476629e6f0f97c5b8cfaeabfe402e55db223a
export MAINNET_BLOCK_HASH=000000000000000000047941e3a6102e8896a4ae66b962599568eb25abd6b405
export SS_CACHE_PATH="$SS_ROOT_PATH/cache"
export SS_JAMMY_PATH="$SS_CACHE_PATH/$UBUNTU_BASE_IMAGE_NAME"

32
deployment/remote.sh
View File

@ -87,25 +87,13 @@ if ! lxc remote list | grep -q "$REMOTE_NAME"; then
# first let's copy our ssh pubkey to the remote server so we don't have to login constantly.
ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN"
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
echo " We need to know which interface that is! Enter it here now."
echo ""
ssh "ubuntu@$FQDN" ip link
echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
read -r DATA_PLANE_MACVLAN_INTERFACE
fi
if [ -z "$DISK_TO_USE" ]; then
echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
echo ""
ssh "ubuntu@$FQDN" lsblk --paths
echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
echo "Please enter the disk or partition that Sovereign Stack will use to store data: "
read -r DISK_TO_USE
fi
@ -128,12 +116,6 @@ if [ "$DISK_TO_USE" != loop ]; then
fi
fi
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens
# to be the same as whichever SSH connection you're coming in on.
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# error out if the remote password is unset.
if [ -z "$LXD_REMOTE_PASSWORD" ]; then
@ -172,14 +154,18 @@ ssh -t "ubuntu@$FQDN" "sudo apt-get install -y ovn-host ovn-central"
ssh -t "ubuntu@$FQDN" "sudo ovs-vsctl set open_vswitch . external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1"
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
# just attach VMs to the network interface used for for the default route.
# if the user did not specify the interface, we just use whatever is used for the default route.
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
DATA_PLANE_MACVLAN_INTERFACE="$(ssh ubuntu@"$FQDN" ip route | grep "default via" | awk '{print $5}')"
fi
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# run lxd init on the remote server.
cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
config:
@ -235,7 +221,7 @@ if wait-for-it -t 20 "$FQDN:8443"; then
lxc remote add "$REMOTE_NAME" "$FQDN" --password="$LXD_REMOTE_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
lxc remote switch "$REMOTE_NAME"
echo "INFO: You have create a new remote named '$REMOTE_NAME'. Great! We switched your lxd remote to it."
echo "INFO: You have create a new remote named '$REMOTE_NAME'. Your lxc client is now target it."
else
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
exit 1

5
deployment/reset.sh
View File

@ -43,7 +43,6 @@ if lxc network list --format csv | grep -q lxdbr1; then
lxc network delete lxdbr1
fi
# create the testnet/mainnet blocks/chainstate subvolumes.
for CHAIN in mainnet testnet; do
for DATA in blocks chainstate; do
@ -53,16 +52,14 @@ for CHAIN in mainnet testnet; do
done
done
if lxc storage list --format csv | grep -q ss-base; then
lxc storage delete ss-base
fi
CURRENT_REMOTE="$(lxc remote get-default)"
if ! lxc remote get-default | grep -q "local"; then
lxc remote switch local
lxc remote remove "$CURRENT_REMOTE"
echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are currenly controlling your local instance."
echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are now controlling your local instance."
fi

1
deployment/show.sh
View File

@ -5,6 +5,7 @@ echo "LXD REMOTE: $(lxc remote get-default)"
lxc project list
lxc storage list
lxc storage volume list ss-base
lxc image list
lxc project list
lxc network list

46
install.sh
View File

@ -71,14 +71,27 @@ EOF
fi
SS_ROOT_PATH="$HOME/.ss"
# pull the image down if it's not there.
# we need to get the base image. IMport it if it's cached, else download it then cache it.
if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update
# if the image if cached locally, import it from disk, otherwise download it from ubuntu
if [ -d "$SS_JAMMY_PATH" ]; then
lxc image import "$SS_JAMMY_PATH/meta-bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.tar.xz" \
"$SS_JAMMY_PATH/bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.qcow2" \
--alias "$UBUNTU_BASE_IMAGE_NAME"
else
lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update
fi
fi
# export the image if it's not cached.
if [ ! -d "$SS_JAMMY_PATH" ]; then
mkdir "$SS_JAMMY_PATH"
lxc image export "$UBUNTU_BASE_IMAGE_NAME" "$SS_JAMMY_PATH" --vm
fi
# if the ss-mgmt doesn't exist, create it.
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
if ! lxc list --format csv | grep -q ss-mgmt; then
lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
@ -90,6 +103,23 @@ if ! lxc list --format csv | grep -q ss-mgmt; then
if [ -d "$SS_ROOT_PATH" ]; then
lxc config device add ss-mgmt ssroot disk source="$SS_ROOT_PATH" path=/home/ubuntu/.ss
fi
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
BITCOIN_TESTNET_BLOCKS_PATH="$HOME/.bitcoin/testnet3/blocks"
if [ -d "$BITCOIN_TESTNET_BLOCKS_PATH" ]; then
lxc config device add ss-mgmt ss-testnet-blocks disk source="$BITCOIN_TESTNET_BLOCKS_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/blocks
fi
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
BITCOIN_TESTNET_CHAINSTATE_PATH="$HOME/.bitcoin/testnet3/chainstate"
if [ -d "$BITCOIN_TESTNET_CHAINSTATE_PATH" ]; then
lxc config device add ss-mgmt ss-testnet-chainstate disk source="$BITCOIN_TESTNET_CHAINSTATE_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/chainstate
fi
# mount the ssh directory in there.
if [ -f "$SSH_PUBKEY_PATH" ]; then
lxc config device add ss-mgmt ss-ssh disk source="$HOME/.ssh" path=/home/ubuntu/.ssh
fi
fi
# start the vm if it's not already running
@ -106,16 +136,6 @@ while lxc exec ss-mgmt -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
sleep 1
done
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
if [ ! -f "$SSH_PUBKEY_PATH" ]; then
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
fi
# place the bare metal mgmt machine ssh pubkey on the remote host in the authorzed_keys section
if [ -f "$SSH_PUBKEY_PATH" ]; then
lxc file push "$SSH_PUBKEY_PATH" ss-mgmt/home/ubuntu/.ssh/authorized_keys
fi
# do some other preparations for user experience
lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile
lxc file push ./management/bashrc ss-mgmt/home/ubuntu/.bashrc

4
uninstall.sh
View File

@ -38,6 +38,10 @@ if lxc list --format csv | grep -q "ss-mgmt"; then
lxc config device remove ss-mgmt ssroot
fi
if [ -d "$HOME/.ssh" ]; then
lxc config device remove ss-mgmt ss-ssh
fi
lxc delete ss-mgmt
fi