Skip to content

Latest commit

 

History

History
135 lines (97 loc) · 5.32 KB

README.md

File metadata and controls

135 lines (97 loc) · 5.32 KB

Testbed

Container orchestration for the Global Named Data Networking Testbed.

Lint Docker Status Page Map

Overview

All services are run with Docker Compose and pull automatically built images from upstream repositories. A cron job in the master container polls this Git repository and deploys changes automatically.

The various components are:

  • framework: Template rendering (Jinja2) and service management (Docker Compose) framework
  • host_vars: Host-specific configuration
  • templates: Jinja2 templates for service configuration
  • scripts: Shell scripts and cron jobs
  • anchors: Testbed trust anchor certificates

The global services configuration is defined in docker-compose.yml and config.yml.

Usage

  1. A recent version of Docker must be installed on the target node.
  2. Clone this repository (conventionally to /home/ndnops/testbed).
  3. Define secrets in a .env file in the root directory of this repo..
  4. Add a MANAGED_HOST variable to the .env, e.g. MANAGED_HOST=UCLA.
  5. Define host-specific Docker Compose profiles as COMPOSE_PROFILES in .env.
  6. Run docker-compose up -d to start the node.

The master node starts first and renders the templates. After this, the master runs a cron job to poll the Git repository.

A cron job is required on the host for some tasks. Make sure the cron user is present in the docker group.

*/6 * * * * /bin/bash /home/ndnops/testbed/scripts/cron-host.sh

Certificate Management

The master container will automatically attempt to get certificates initiall if they don't exist. Certificates will not be automatically renewed. To renew certificates, run the following command:

# Renew certificates
docker compose exec master bash /testbed/dist/ndncert/renew.sh --force
docker compose exec master bash /testbed/dist/nlsr/renew.sh --force
docker compose exec master bash /testbed/dist/ndn-python-repo/renew.sh --force

# Restart containers
docker compose restart nlsr ndncert serve-certs ndn-python-repo

To get the list of currently installed certificates, run

docker compose exec -e HOME=/testbed/dist/ndncert master ndnsec list -c
docker compose exec -e HOME=/testbed/dist/nlsr master ndnsec list -c
docker compose exec -e HOME=/testbed/dist/ndn-python-repo master ndnsec list -c

# For root CA only
docker compose exec -e HOME=/testbed/root-ca-home master ndnsec list -c

Development

For debugging and development, you can define DEBUG=1 in your .env file. This will prevent the dist folder from auto-rendering and disable git polling. You can then use docker compose as usual to manage the containers.

Some helpful bash aliases are provided in bash_aliases.sh for executing ndn tools inside the running containers.

source bash_aliases.sh
echo -e "\nsource $(pwd)/bash_aliases.sh\n" >> ~/.bashrc  # make it permanent

# Now you can use nfdc or ndn-tools for debugging
nfdc status report
ndnpeek /ndn/edu/ucla/ping/test | ndn-dissect

The master service runs internal cron jobs for polling. You can trigger these manually during debugging (only when not in DEBUG mode).

# cron-master pulls the git repo and restarts containers if required
docker compose exec -e "SKIP_SLEEP=1" master bash /testbed/scripts/cron-master.sh

# cron-status regenerates status json
docker compose exec -e "SKIP_SLEEP=1" master bash /testbed/scripts/cron-status.sh

Unattended Upgrades

Set up unattended upgrades on the host to automatically install security updates.

sudo apt-get update && sudo apt-get install -y unattended-upgrades

The following configuration is recommended:

# /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
        "${distro_id}:${distro_codename}-proposed";
        "${distro_id}:${distro_codename}-backports";
        "Docker:${distro_codename}";
};

Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";

Enable automatic updates in the following file:

# /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

After this, enable the service and run the initial upgrade:

sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades
sudo unattended-upgrades --debug