diff options
| -rw-r--r-- | ship/lib/retiolum | 72 | ||||
| -rw-r--r-- | ship/src/refresh-super-keys | 5 | ||||
| -rw-r--r-- | ship/src/refresh-supers | 9 | ||||
| -rw-r--r-- | sites/tahoe.retiolum/README.md | 13 |
4 files changed, 71 insertions, 28 deletions
diff --git a/ship/lib/retiolum b/ship/lib/retiolum index 2a5c7338..1e55041c 100644 --- a/ship/lib/retiolum +++ b/ship/lib/retiolum @@ -1,38 +1,31 @@ #!/bin/sh # retiolum host functions #@include core +#@include network tinc_path=${tinc_path:-/etc/tinc} netname=${netname:-retiolum} hosts_dir=${hosts_dir:-$tinc_path/$netname/hosts} +supernode_urls="http://euer.krebsco.de/retiolum/supernodes.tar.gz" +reload_tinc(){ + info "reloading tinc configuration" + pkill -HUP tincd || tinc -n $netname reload; +} -check_free_v4(){ - myipv4=${1-10.243.0.-1} - v4num=${myipv4##*.} - printf "Retard check: " - if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ]; - then - info "No retard detected\n" - cd $hosts_dir - info "Check if ip is still free: " - for i in `ls -1`; do - if grep -q -e $myipv4\$ $i ;then - warn "Host IP already taken by $i! " - return 1 - fi - done - info "Passed\n" - return 0 - else - error "you are made of stupid. bailing out\n" - return 1 - fi - cd - >/dev/null +refresh_supernode_keys(){ + for url in $supernode_urls;do + info "Trying $url to retrieve supernodes" + if http_get "$url" \ + | tar xvz -C $hosts_dir | xargs -n1 echo "refreshed:" ;then + info "refreshed supernode keys" + return 0 + else + error "$url unusable for retrieving supernode host files" + fi + done && return 1 } -find_active_nodes(){ - # TODO this function currently only supports a single address for a host +find_supernodes(){ cd $hosts_dir - # posix grep does not support [[:space:]] set +f for name in ` grep '^[ ]*Address[ ]*=' * | @@ -54,8 +47,11 @@ find_active_nodes(){ wait cd - >/dev/null } -find_supernodes(){ + +find_active_nodes(){ + # TODO this function currently only supports a single address for a host cd $hosts_dir + # posix grep does not support [[:space:]] set +f for name in ` grep '^[ ]*Address[ ]*=' * | @@ -77,3 +73,27 @@ find_supernodes(){ wait cd - >/dev/null } + +check_free_v4(){ + myipv4=${1-10.243.0.-1} + v4num=${myipv4##*.} + printf "Retard check: " + if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ]; + then + info "No retard detected\n" + cd $hosts_dir + info "Check if ip is still free: " + for i in `ls -1`; do + if grep -q -e $myipv4\$ $i ;then + error "Host IP already taken by $i! " + return 1 + fi + done + info "Passed\n" + return 0 + else + error "you are made of stupid. bailing out\n" + return 1 + fi + cd - >/dev/null +} diff --git a/ship/src/refresh-super-keys b/ship/src/refresh-super-keys new file mode 100644 index 00000000..dddbe846 --- /dev/null +++ b/ship/src/refresh-super-keys @@ -0,0 +1,5 @@ +#!/bin/sh +#@info +#@include retiolum +#@mainifyme +refresh_supernode_keys diff --git a/ship/src/refresh-supers b/ship/src/refresh-supers index 26909a94..af31a5df 100644 --- a/ship/src/refresh-supers +++ b/ship/src/refresh-supers @@ -1,6 +1,9 @@ #!/bin/sh #@info # usage: [DEBUG=1] [tincconf=/not/tinc/retiolum/tinc.conf] $0 +# This is the implementation of the proposal how to update tinc supernode +# connections + #@include core #@include retiolum # using find_supernodes @@ -10,12 +13,14 @@ #@strict #@mainifyme +refresh_supernode_keys + max_connect_to=${max_connect_to:-5} tincconf=${tincconf:-$tinc_path/$netname/tinc.conf} tmp_tincconf=$(mktemp) defer "rm -f $tmp_tincconf" -sed '/[ ]*ConnectTo=/d' "$tincconf" > "$tmp_tincconf" +sed '/^[ ]*ConnectTo/d' "$tincconf" > "$tmp_tincconf" find_supernodes | cut -d\ -f 1 | shuf \ | head -n "${max_connect_to}" \ @@ -24,3 +29,5 @@ find_supernodes | cut -d\ -f 1 | shuf \ info "replacing old tinc.conf with one" test "${DEBUG:-}" && diff "$tincconf" "$tmp_tincconf" mv "$tmp_tincconf" "$tincconf" + +tinc_reload diff --git a/sites/tahoe.retiolum/README.md b/sites/tahoe.retiolum/README.md index 01e8ed03..2d3b3e12 100644 --- a/sites/tahoe.retiolum/README.md +++ b/sites/tahoe.retiolum/README.md @@ -5,6 +5,17 @@ introducer and a number of tahoe bricks. # Adding new bricks & clients see //cholerab/tahoe/{brick,client}\_installation + +# Migration of the Introducer +At some point it is necessary to migrate the tahoe introducer. +To keep everything running just take the tahoe introducer configuration from +the old host or from krebs:tahoe/introducer AND the original tinc configuration +of the tahoe host. +After that, set the tahoe.krebsco.de ip in the krebs zone. + + +If you need to re + # Replacing the introducer if the introducer may die off, all crypto material is saved in krebs:tahoe/introducer. There will be a backup somewhere, but bootstrapping @@ -13,4 +24,4 @@ always sucks. Follow the generic brick installation, use the configuration file at conf/tahoe.cfg and copy the crypto material in the private folder of the installation. -autostart that shit +autostart that shit. |