diff --git a/contrib b/contrib new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/contrib @@ -0,0 +1 @@ + diff --git a/network-configs/netplan-55-scionwan.yaml b/network-configs/netplan-55-scionwan.yaml new file mode 100644 index 0000000..e1493dc --- /dev/null +++ b/network-configs/netplan-55-scionwan.yaml @@ -0,0 +1,35 @@ +# +# This a Netplan configuration file used to create the "scionwan" bridged network used by the Edge VM appliance on a Sui Fullnode/Validator +# +# Copy this file as /etc/netplan/55-scionwan.yaml +# change the interface name [eno1] to match your interface +# add in the IPv4 and/or IPv6 address under "addresses" +# add in the IPv4 and/or IPv6 default gateways under "routes" +# remove the IPv4 and/or IPv6 addresses and routes from the existing interface on the existing netplan configuration file +# +# run "netplan apply" to create the bridge +# +# This configuration has been tested on Ubuntu 24 +# +# +network: + bridges: + scionwan: + dhcp4: no + dhcp6: no + interfaces: [eno1] + addresses: + - 10.0.0.2/31 + - 2001:0DB8::/32 + routes: + - to: default + via: 10.0.0.1 + - to: default + via: 2001:0DB8::1 + nameservers: + addresses: + - 8.8.8.8 + - 1.1.1.1 + - 2001:4860:4860::8888 + - 2606:4700:4700::1111 + version: 2 diff --git a/support/getValidatorList.sh b/support/getValidatorList.sh new file mode 100644 index 0000000..a015ea6 --- /dev/null +++ b/support/getValidatorList.sh @@ -0,0 +1,70 @@ +# pull down the latest mainnet and testnet validators via API in JSON and output a CSV with IPs +# this can then be used to compute ASN for network planning for the SCION Sui network +# +# Notes +# some hosts have IPv4 addresses but not DNS (~4) +# most hosts have DNS addresses but no IPv4 so a DNS resolution is done +# some hosts have an IPv4 address stored within the DNS field. Someone should probably talk to those Validators and have them update their records. +# +VALIDATOR_LIST=/tmp/$0_ALL_$$ +VALIDATOR_IP_ONLY_LIST=/tmp/$0_IP_$$ +VALIDATOR_DNS_ONLY_LIST=/tmp/$0_DNS_$$ +VALIDATOR_COMBINED_LIST=/tmp/$0_COMBINED_$$ + +echo > ${VALIDATOR_LIST} +echo > ${VALIDATOR_IP_ONLY_LIST} +echo > ${VALIDATOR_DNS_ONLY_LIST} +echo > ${VALIDATOR_COMBINED_LIST} + + +# rev | cut strips off leaving/trailing double quotes + +curl --location 'https://fullnode.testnet.sui.io/' \ +--header 'Content-Type: application/json' \ +--data '{ + "jsonrpc": "2.0", + "id": 1, + "method": "suix_getLatestSuiSystemState", + "params": [] +}' | jq '.result.activeValidators[] | "testnet,\(.name),\(.netAddress)"' | rev | cut -c2- | rev | + cut -c2- >> ${VALIDATOR_LIST} + + +curl --location 'https://fullnode.mainnet.sui.io/' \ +--header 'Content-Type: application/json' \ +--data '{ + "jsonrpc": "2.0", + "id": 1, + "method": "suix_getLatestSuiSystemState", + "params": [] +}' | jq '.result.activeValidators[] | "mainnet,\(.name),\(.netAddress)"' | rev | cut -c2- | rev | + cut -c2- >> ${VALIDATOR_LIST} + +grep '\/ip4\/' ${VALIDATOR_LIST} > ${VALIDATOR_IP_ONLY_LIST} + +# clean up by renaming with straight IP +# put in place an extra comma to indicate there is no DNS entry +sed -i 's/,\/ip4\//,no-dns,/' ${VALIDATOR_IP_ONLY_LIST} +sed -i 's/\/tcp.*//' ${VALIDATOR_IP_ONLY_LIST} + +cat ${VALIDATOR_IP_ONLY_LIST} >> ${VALIDATOR_COMBINED_LIST} + +rm ${VALIDATOR_DNS_ONLY_LIST} +grep '\/dns\/' ${VALIDATOR_LIST} > ${VALIDATOR_DNS_ONLY_LIST} +sed -i 's/,\/dns\//,/' ${VALIDATOR_DNS_ONLY_LIST} +sed -i 's/\/tcp.*//' ${VALIDATOR_DNS_ONLY_LIST} + + +cat ${VALIDATOR_DNS_ONLY_LIST} | while read line; do +HOSTNAME=$(echo $line | cut -d',' -f3) +IP=$(host $HOSTNAME | grep -m1 "has address" | rev | cut -d' ' -f1 | rev) +if [ -z "${IP}" ]; then + echo $line | sed "s/\(.*,.*,\)\(.*\)/\1\\2\,${HOSTNAME}/g" >> ${VALIDATOR_COMBINED_LIST} +else + echo $line | sed "s/\(.*,.*,\)\(.*\)/\1\\2\,${IP}/g" >> ${VALIDATOR_COMBINED_LIST} +fi +done + +cat ${VALIDATOR_COMBINED_LIST} + + diff --git a/support/setup-latitude-host.sh b/support/setup-latitude-host.sh new file mode 100644 index 0000000..a9c6f59 --- /dev/null +++ b/support/setup-latitude-host.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# sets up virtualization on a host in preparation for running the Edge appliance +# this includes setting up the various networks (physical and virtual) +# the appliance image is pulled down and made into an image ready for provisioning + +# TOKEN must be set to download the appliance image +TOKEN="" + +wget https://dl.cloudsmith.io/$TOKEN/anapaya/stable/raw/names/anapaya-appliance-base-uefi-qcow2/versions/sys_v2.10.0-scion_v0.36.0-1/anapaya-appliance-base-sys_v2.10.0-scion_v0.36.0-1-uefi.qcow2 -O appliance-uefi.qcow2 + +apt update + +cat << EOF > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg +network: {config: disabled} +EOF + +mv /etc/netplan/50-cloud-init.yaml /etc/netplan/50-scionsui.yaml + +echo "Please update /etc/netplan/50-scionsui.yaml to create scionwan" + +apt install incus qemu-utils qemu-system-x86 -y +adduser studarus incus-admin + +# non root from here down +newgrp incus-admin +incus admin init --minimal + +incus network create virbr0 + +ls -l appliance-uefi.qcow2 + +cat << EOF > metadata.yaml +architecture: x86_64 +creation_date: 1731113903 +properties: +EOF +tar -cvzf metadata.tar.gz metadata.yaml + +incus image import metadata.tar.gz appliance-uefi.qcow2 --alias edge diff --git a/support/start-edge-instance.sh b/support/start-edge-instance.sh new file mode 100644 index 0000000..cc31386 --- /dev/null +++ b/support/start-edge-instance.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# starts an instance of the Edge appliance as a VM +# pre-req: +# Edge Appliance UEFI QCOW2 must already be loaded as an image called edge +# virbr0 must be configured as a managed local bridged network (dhcp) +# scionwan must be configured as a unmanaged bridge network +# an extra IP on the scionwan must be available for the Edge +# +# This has only been tested on the Latitude m3.large.x86 hardware +# +# notes: +# after install, it takes a few minutes for the appliance to come online as it does updates +# the web GUI and the appliance-cli tool will not be available until this completes +# +# instance will be connected to the scionwan network for SCION connectivity via the Edge +# instance will be connected to the virbr0 network for private connectivity to the host and NAT'd Internet connectivity +EDGE_NAME=edge01 + +incus init edge $EDGE_NAME \ + --vm \ + --config limits.cpu=4 \ + --config limits.memory=4096MiB + +incus start $EDGE_NAME + +sleep 20 + +incus config device add $EDGE_NAME eth0 nic nictype=bridged parent=virbr0 +incus config device add $EDGE_NAME eth1 nic nictype=bridged parent=scionwan + +NETPLAN_CONFIG=/tmp/scionsui-edge-netplan.$$ + +cat < $NETPLAN_CONFIG +network: + version: 2 + ethernets: + enp5s0: + dhcp4: true + enp6s0: + addresses: + - 45.250.253.165/31 + routes: + - to: default + via: 45.250.253.164 + nameservers: + addresses: + - 8.8.8.8 + - 8.8.4.4 +EOF + +incus exec $EDGE_NAME -- rm /etc/netplan/00-installer-config.yaml +incus file push $NETPLAN_CONFIG $EDGE_NAME/etc/netplan/10-scionsui.yaml --mode 600 +rm $NETPLAN_CONFIG +incus exec $EDGE_NAME -- netplan apply + +# configure the appliance as an Edge +incus exec $EDGE_NAME -- mkdir /home/anapaya/.appliance-cli +#incus file push appliances.json $EDGE_NAME/home/anapaya/.appliance-cli/appliances.json +#incus file push context.json $EDGE_NAME/home/anapaya/.appliance-cli/context.json +#incus file push edge-config.json $EDGE_NAME/home/anapaya/edge-config.json + diff --git a/support/start-ubuntu-instance.sh b/support/start-ubuntu-instance.sh new file mode 100644 index 0000000..6d884d4 --- /dev/null +++ b/support/start-ubuntu-instance.sh @@ -0,0 +1,59 @@ +# starts a generic Ubuntu instance for use as a generic end point for SCION testing +# instance will be connected to the scionwan network for SCION connectivity via the Edge +# instance will be connected to the virbr0 network for private connectivity to the host and NAT'd Internet connectivity + +#IPV6_ADDRESS="2605:6440:a002:44::4/64" +#IPV6_GATEWAY="2605:6440:a002:44::1/64" + +if [ -z "${IPV6_ADDRESS}" ] ; then + echo "set IPV6_ADDRESS before proceeding" + exit -1 +fi + + +if [ -z "${IPV6_GATEWAY}" ] ; then + echo "set IPV6_GATEWAY before proceeding" + exit -1 +fi + + + +INSTANCE_NAME=ubuntu + +incus init images:ubuntu/24.04 $INSTANCE_NAME \ + --vm + +incus start $INSTANCE_NAME + +sleep 20 + +incus config device add $INSTANCE_NAME eth0 nic nictype=bridged parent=virbr0 +incus config device add $INSTANCE_NAME eth1 nic nictype=bridged parent=scionwan + +NETPLAN_CONFIG=/tmp/scionsui-edge-netplan.$$ + +cat < $NETPLAN_CONFIG +network: + version: 2 + ethernets: + enp5s0: + dhcp4: true + enp6s0: + addresses: + - ${IPV6_ADDRESS} + routes: + - to: default + via: ${IPV6_GATEWAY} + nameservers: + addresses: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + - 2606:4700:4700::1111 +EOF + +incus exec $INSTANCE_NAME -- rm /etc/netplan/10-lxc.yaml +incus file push $NETPLAN_CONFIG $INSTANCE_NAME/etc/netplan/10-scionsui.yaml --mode 600 +rm $NETPLAN_CONFIG +incus exec $INSTANCE_NAME -- netplan apply +incus exec $INSTANCE_NAME -- apt install apache2 -y