1
1

Compare commits

..

No commits in common. "f1abfd77af3074392576e3a7ec4325b2143ce720" and "03d669750c005895e7e77a5959e0c323265e3139" have entirely different histories.

6 changed files with 43 additions and 60 deletions

View File

@ -47,7 +47,7 @@ export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
export NEXTCLOUD_SPACE_GB=10 export NEXTCLOUD_SPACE_GB=10
DEFAULT_DB_IMAGE="mariadb:10.11.2-jammy" DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
# run the docker stack. # run the docker stack.
@ -100,19 +100,10 @@ export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA. # this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
export ROOT_DISK_SIZE_GB=20 export ROOT_DISK_SIZE_GB=20
export REGISTRY_URL="https://index.docker.io/v1" export REGISTRY_URL="https://index.docker.io/v1/"
export PRIMARY_DOMAIN= export PRIMARY_DOMAIN=
# this is the git commit of the project/ sub git repo. # this is the git commit of the project/ sub git repo.
# used in the migration script to switch into past for backup # used in the migration script to switch into past for backup
# then back to present (TARGET_PROJECT_GIT_COMMIT) for restore. # then back to present (TARGET_PROJECT_GIT_COMMIT) for restore.
export TARGET_PROJECT_GIT_COMMIT=6a97c0d3f439d71be8242522d440affbe335e406 export TARGET_PROJECT_GIT_COMMIT=c661ac0be91276593f718debe1266e8bab3a3c65
#
export TESTNET_BLOCK_HASH=00000000d8277ba1ca66b40b3e3476629e6f0f97c5b8cfaeabfe402e55db223a
export MAINNET_BLOCK_HASH=000000000000000000047941e3a6102e8896a4ae66b962599568eb25abd6b405
export SS_CACHE_PATH="$SS_ROOT_PATH/cache"
export SS_JAMMY_PATH="$SS_CACHE_PATH/$UBUNTU_BASE_IMAGE_NAME"

View File

@ -87,13 +87,25 @@ if ! lxc remote list | grep -q "$REMOTE_NAME"; then
# first let's copy our ssh pubkey to the remote server so we don't have to login constantly. # first let's copy our ssh pubkey to the remote server so we don't have to login constantly.
ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN" ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN"
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
echo " We need to know which interface that is! Enter it here now."
echo ""
ssh "ubuntu@$FQDN" ip link
echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
read -r DATA_PLANE_MACVLAN_INTERFACE
fi
if [ -z "$DISK_TO_USE" ]; then if [ -z "$DISK_TO_USE" ]; then
echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now." echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
echo "" echo ""
ssh "ubuntu@$FQDN" lsblk --paths ssh "ubuntu@$FQDN" lsblk --paths
echo "Please enter the disk or partition that Sovereign Stack will use to store data: " echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
read -r DISK_TO_USE read -r DISK_TO_USE
fi fi
@ -116,6 +128,12 @@ if [ "$DISK_TO_USE" != loop ]; then
fi fi
fi fi
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens
# to be the same as whichever SSH connection you're coming in on.
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# error out if the remote password is unset. # error out if the remote password is unset.
if [ -z "$LXD_REMOTE_PASSWORD" ]; then if [ -z "$LXD_REMOTE_PASSWORD" ]; then
@ -154,18 +172,14 @@ ssh -t "ubuntu@$FQDN" "sudo apt-get install -y ovn-host ovn-central"
ssh -t "ubuntu@$FQDN" "sudo ovs-vsctl set open_vswitch . external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1" ssh -t "ubuntu@$FQDN" "sudo ovs-vsctl set open_vswitch . external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1"
# if the user did not specify the interface, we just use whatever is used for the default route. # if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
# just attach VMs to the network interface used for for the default route.
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
DATA_PLANE_MACVLAN_INTERFACE="$(ssh ubuntu@"$FQDN" ip route | grep "default via" | awk '{print $5}')" DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
fi fi
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE" export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# run lxd init on the remote server. # run lxd init on the remote server.
cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
config: config:
@ -221,7 +235,7 @@ if wait-for-it -t 20 "$FQDN:8443"; then
lxc remote add "$REMOTE_NAME" "$FQDN" --password="$LXD_REMOTE_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate lxc remote add "$REMOTE_NAME" "$FQDN" --password="$LXD_REMOTE_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
lxc remote switch "$REMOTE_NAME" lxc remote switch "$REMOTE_NAME"
echo "INFO: You have create a new remote named '$REMOTE_NAME'. Your lxc client is now target it." echo "INFO: You have create a new remote named '$REMOTE_NAME'. Great! We switched your lxd remote to it."
else else
echo "ERROR: Could not detect the LXD endpoint. Something went wrong." echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
exit 1 exit 1

View File

@ -43,6 +43,7 @@ if lxc network list --format csv | grep -q lxdbr1; then
lxc network delete lxdbr1 lxc network delete lxdbr1
fi fi
# create the testnet/mainnet blocks/chainstate subvolumes. # create the testnet/mainnet blocks/chainstate subvolumes.
for CHAIN in mainnet testnet; do for CHAIN in mainnet testnet; do
for DATA in blocks chainstate; do for DATA in blocks chainstate; do
@ -52,14 +53,16 @@ for CHAIN in mainnet testnet; do
done done
done done
if lxc storage list --format csv | grep -q ss-base; then if lxc storage list --format csv | grep -q ss-base; then
lxc storage delete ss-base lxc storage delete ss-base
fi fi
CURRENT_REMOTE="$(lxc remote get-default)" CURRENT_REMOTE="$(lxc remote get-default)"
if ! lxc remote get-default | grep -q "local"; then if ! lxc remote get-default | grep -q "local"; then
lxc remote switch local lxc remote switch local
lxc remote remove "$CURRENT_REMOTE" lxc remote remove "$CURRENT_REMOTE"
echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are now controlling your local instance." echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are currenly controlling your local instance."
fi fi

View File

@ -5,7 +5,6 @@ echo "LXD REMOTE: $(lxc remote get-default)"
lxc project list lxc project list
lxc storage list lxc storage list
lxc storage volume list ss-base
lxc image list lxc image list
lxc project list lxc project list
lxc network list lxc network list

View File

@ -71,27 +71,14 @@ EOF
fi fi
SS_ROOT_PATH="$HOME/.ss"
# we need to get the base image. IMport it if it's cached, else download it then cache it. # pull the image down if it's not there.
if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
# if the image if cached locally, import it from disk, otherwise download it from ubuntu
if [ -d "$SS_JAMMY_PATH" ]; then
lxc image import "$SS_JAMMY_PATH/meta-bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.tar.xz" \
"$SS_JAMMY_PATH/bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.qcow2" \
--alias "$UBUNTU_BASE_IMAGE_NAME"
else
lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update
fi fi
fi
# export the image if it's not cached.
if [ ! -d "$SS_JAMMY_PATH" ]; then
mkdir "$SS_JAMMY_PATH"
lxc image export "$UBUNTU_BASE_IMAGE_NAME" "$SS_JAMMY_PATH" --vm
fi
# if the ss-mgmt doesn't exist, create it. # if the ss-mgmt doesn't exist, create it.
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
if ! lxc list --format csv | grep -q ss-mgmt; then if ! lxc list --format csv | grep -q ss-mgmt; then
lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
@ -103,23 +90,6 @@ if ! lxc list --format csv | grep -q ss-mgmt; then
if [ -d "$SS_ROOT_PATH" ]; then if [ -d "$SS_ROOT_PATH" ]; then
lxc config device add ss-mgmt ssroot disk source="$SS_ROOT_PATH" path=/home/ubuntu/.ss lxc config device add ss-mgmt ssroot disk source="$SS_ROOT_PATH" path=/home/ubuntu/.ss
fi fi
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
BITCOIN_TESTNET_BLOCKS_PATH="$HOME/.bitcoin/testnet3/blocks"
if [ -d "$BITCOIN_TESTNET_BLOCKS_PATH" ]; then
lxc config device add ss-mgmt ss-testnet-blocks disk source="$BITCOIN_TESTNET_BLOCKS_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/blocks
fi
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
BITCOIN_TESTNET_CHAINSTATE_PATH="$HOME/.bitcoin/testnet3/chainstate"
if [ -d "$BITCOIN_TESTNET_CHAINSTATE_PATH" ]; then
lxc config device add ss-mgmt ss-testnet-chainstate disk source="$BITCOIN_TESTNET_CHAINSTATE_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/chainstate
fi
# mount the ssh directory in there.
if [ -f "$SSH_PUBKEY_PATH" ]; then
lxc config device add ss-mgmt ss-ssh disk source="$HOME/.ssh" path=/home/ubuntu/.ssh
fi
fi fi
# start the vm if it's not already running # start the vm if it's not already running
@ -136,6 +106,16 @@ while lxc exec ss-mgmt -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
sleep 1 sleep 1
done done
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
if [ ! -f "$SSH_PUBKEY_PATH" ]; then
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
fi
# place the bare metal mgmt machine ssh pubkey on the remote host in the authorzed_keys section
if [ -f "$SSH_PUBKEY_PATH" ]; then
lxc file push "$SSH_PUBKEY_PATH" ss-mgmt/home/ubuntu/.ssh/authorized_keys
fi
# do some other preparations for user experience # do some other preparations for user experience
lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile
lxc file push ./management/bashrc ss-mgmt/home/ubuntu/.bashrc lxc file push ./management/bashrc ss-mgmt/home/ubuntu/.bashrc

View File

@ -38,10 +38,6 @@ if lxc list --format csv | grep -q "ss-mgmt"; then
lxc config device remove ss-mgmt ssroot lxc config device remove ss-mgmt ssroot
fi fi
if [ -d "$HOME/.ssh" ]; then
lxc config device remove ss-mgmt ss-ssh
fi
lxc delete ss-mgmt lxc delete ss-mgmt
fi fi