···
# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst
2
-
import ../../make-test-python.nix (
5
-
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
4
+
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
8
+
} (builtins.readFile ./bootstrap.sh);
14
+
bypassBootstrapWarning = true;
20
+
systemd.network.networks."01-eth1" = {
22
+
networkConfig.Address = "192.168.1.${toString hostId}/24";
25
+
"scion/topology.json".source = ./topology + "${toString hostId}.json";
26
+
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
27
+
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
28
+
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
29
+
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
31
+
environment.systemPackages = [
9
-
} (builtins.readFile ./bootstrap.sh);
15
-
bypassBootstrapWarning = true;
21
-
systemd.network.networks."01-eth1" = {
23
-
networkConfig.Address = "192.168.1.${toString hostId}/24";
26
-
"scion/topology.json".source = ./topology + "${toString hostId}.json";
27
-
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
28
-
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
29
-
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
30
-
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
32
-
environment.systemPackages = [
39
-
name = "scion-test";
44
-
imports = (imports 1);
49
-
imports = (imports 2);
38
+
name = "scion-test";
41
+
imports = (imports 1);
44
+
imports = (imports 2);
47
+
imports = (imports 3);
50
+
imports = (imports 4);
51
+
networking.interfaces."lo".ipv4.addresses = [
54
-
imports = (imports 3);
53
+
address = "172.16.1.1";
57
+
services.scion.scion-ip-gateway = {
61
+
src_ipv4 = "172.16.1.1";
59
-
imports = (imports 4);
60
-
networking.interfaces."lo".ipv4.addresses = [
62
-
address = "172.16.1.1";
66
-
services.scion.scion-ip-gateway = {
70
-
src_ipv4 = "172.16.1.1";
81
-
ConfigVersion = 9001;
72
+
ConfigVersion = 9001;
77
+
imports = (imports 5);
78
+
networking.interfaces."lo".ipv4.addresses = [
88
-
imports = (imports 5);
89
-
networking.interfaces."lo".ipv4.addresses = [
91
-
address = "172.16.100.1";
95
-
services.scion.scion-ip-gateway = {
99
-
src_ipv4 = "172.16.100.1";
110
-
ConfigVersion = 9001;
80
+
address = "172.16.100.1";
84
+
services.scion.scion-ip-gateway = {
88
+
src_ipv4 = "172.16.100.1";
99
+
ConfigVersion = 9001;
117
-
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
118
-
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
124
-
scion showpaths $as --no-probe > /dev/null
126
-
if [ "$ret" -ne "0" ]; then
136
-
scion ping "$as,127.0.0.1" -c 3
138
-
if [ "$ret" -ne "0" ]; then
144
-
for i in $(seq 0 $timeout); do
146
-
wait_for_all $addresses || continue
147
-
ping_all $addresses && exit 0
106
+
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
107
+
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
113
+
scion showpaths $as --no-probe > /dev/null
115
+
if [ "$ret" -ne "0" ]; then
125
+
scion ping "$as,127.0.0.1" -c 3
127
+
if [ "$ret" -ne "0" ]; then
153
-
# List of AS instances
154
-
machines = [scion01, scion02, scion03, scion04, scion05]
133
+
for i in $(seq 0 $timeout); do
135
+
wait_for_all $addresses || continue
136
+
ping_all $addresses && exit 0
142
+
# List of AS instances
143
+
machines = [scion01, scion02, scion03, scion04, scion05]
156
-
# Functions to avoid many for loops
157
-
def start(allow_reboot=False):
159
-
i.start(allow_reboot=allow_reboot)
145
+
# Functions to avoid many for loops
146
+
def start(allow_reboot=False):
148
+
i.start(allow_reboot=allow_reboot)
161
-
def wait_for_unit(service_name):
163
-
i.wait_for_unit(service_name)
150
+
def wait_for_unit(service_name):
152
+
i.wait_for_unit(service_name)
165
-
def succeed(command):
154
+
def succeed(command):
177
-
# Start all machines, allowing reboot for later
178
-
start(allow_reboot=True)
166
+
# Start all machines, allowing reboot for later
167
+
start(allow_reboot=True)
180
-
# Wait for scion-control.service on all instances
181
-
wait_for_unit("scion-control.service")
169
+
# Wait for scion-control.service on all instances
170
+
wait_for_unit("scion-control.service")
183
-
# Ensure cert is valid against TRC
184
-
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
172
+
# Ensure cert is valid against TRC
173
+
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
186
-
# Execute pingAll command on all instances
187
-
succeed("${pingAll} >&2")
175
+
# Execute pingAll command on all instances
176
+
succeed("${pingAll} >&2")
189
-
# Execute ICMP pings across scion-ip-gateway
190
-
scion04.succeed("ping -c 3 172.16.100.1 >&2")
191
-
scion05.succeed("ping -c 3 172.16.1.1 >&2")
178
+
# Execute ICMP pings across scion-ip-gateway
179
+
scion04.succeed("ping -c 3 172.16.100.1 >&2")
180
+
scion05.succeed("ping -c 3 172.16.1.1 >&2")
193
-
# Restart all scion services and ping again to test robustness
194
-
succeed("systemctl restart scion-* >&2")
195
-
succeed("${pingAll} >&2")
182
+
# Restart all scion services and ping again to test robustness
183
+
succeed("systemctl restart scion-* >&2")
184
+
succeed("${pingAll} >&2")
197
-
# Reboot machines, wait for service, and ping again
199
-
wait_for_unit("scion-control.service")
200
-
succeed("${pingAll} >&2")
186
+
# Reboot machines, wait for service, and ping again
188
+
wait_for_unit("scion-control.service")
189
+
succeed("${pingAll} >&2")
202
-
# Crash, start, wait for service, and ping again
205
-
wait_for_unit("scion-control.service")
206
-
succeed("pkill -9 scion-* >&2")
207
-
wait_for_unit("scion-control.service")
208
-
succeed("${pingAll} >&2")
191
+
# Crash, start, wait for service, and ping again
194
+
wait_for_unit("scion-control.service")
195
+
succeed("pkill -9 scion-* >&2")
196
+
wait_for_unit("scion-control.service")
197
+
succeed("${pingAll} >&2")
pyrox.dev