From 3ac86e07cf81c4f1d18c52c830ed16bcdf87e25d Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Wed, 2 Nov 2022 14:34:40 +0100 Subject: [PATCH] Use yaml instead of tgz for bootstrap file --- default.nix | 2 +- docs/admin/adding-a-host-to-the-network.md | 26 +-- docs/dev/daemon-process-tree.plantuml | 4 +- docs/dev/daemon-process-tree.svg | 10 +- docs/roadmap.md | 2 +- docs/user/getting-started.md | 2 +- entrypoint/src/bootstrap/bootstrap.go | 152 +++--------------- entrypoint/src/bootstrap/garage.go | 9 +- .../src/bootstrap/garage_global_bucket.go | 8 +- entrypoint/src/bootstrap/hosts.go | 49 ------ entrypoint/src/bootstrap/nebula.go | 8 - entrypoint/src/cmd/entrypoint/admin.go | 30 ++-- entrypoint/src/cmd/entrypoint/daemon.go | 10 +- entrypoint/src/cmd/entrypoint/garage.go | 6 +- entrypoint/src/cmd/entrypoint/garage_util.go | 10 +- entrypoint/src/cmd/entrypoint/nebula_util.go | 6 +- entrypoint/src/tarutil/tarutil.go | 24 --- entrypoint/src/tarutil/tgz_writer.go | 112 ------------- 18 files changed, 81 insertions(+), 389 deletions(-) delete mode 100644 entrypoint/src/bootstrap/nebula.go delete mode 100644 entrypoint/src/tarutil/tarutil.go delete mode 100644 entrypoint/src/tarutil/tgz_writer.go diff --git a/default.nix b/default.nix index 525ff1a..2a8e24a 100644 --- a/default.nix +++ b/default.nix @@ -17,7 +17,7 @@ in rec { builder = builtins.toFile "builder.sh" '' source $stdenv/setup mkdir -p "$out"/share - cp "$src" "$out"/share/bootstrap.tgz + cp "$src" "$out"/share/bootstrap.yml ''; }; diff --git a/docs/admin/adding-a-host-to-the-network.md b/docs/admin/adding-a-host-to-the-network.md index 03a126e..a14c5b1 100644 --- a/docs/admin/adding-a-host-to-the-network.md +++ b/docs/admin/adding-a-host-to-the-network.md @@ -7,12 +7,12 @@ wishes to add. There are two ways for a user to add a host to the cryptic-net network. - If the user is savy enough to obtain their own `cryptic-net` binary, they can - do so. The admin can then generate a `bootstrap.tgz` file for their host, + do so. The admin can then generate a `bootstrap.yml` file for their host, give that to the user, and the user can run `cryptic-net daemon` using that bootstrap file. - If the user is not so savy, the admin can generate a custom `cryptic-net` - binary with the `bootstrap.tgz` embedded into it. The user can be given this + binary with the `bootstrap.yml` embedded into it. The user can be given this binary and run `cryptic-net daemon` without any configuration on their end. From the admin's perspective the only difference between these cases is one @@ -35,11 +35,11 @@ The admin should choose an IP for the host. The IP you choose for the new host should be one which is not yet used by any other host, and which is in subnet which was configured when creating the network. -## Step 3: Create a `bootstrap.tgz` File +## Step 3: Create a `bootstrap.yml` File Access to an `admin.yml` file is required for this step. -To create a `bootstrap.tgz` file for the new host, the admin should perform the +To create a `bootstrap.yml` file for the new host, the admin should perform the following command from their own host: ``` @@ -47,15 +47,15 @@ cryptic-net hosts make-bootstrap \ --name \ --ip \ --admin-path \ - > bootstrap.tgz + > bootstrap.yml ``` -The resulting `bootstrap.tgz` file should be treated as a secret file that is -shared only with the user it was generated for. The `bootstrap.tgz` file should +The resulting `bootstrap.yml` file should be treated as a secret file that is +shared only with the user it was generated for. The `bootstrap.yml` file should not be re-used between hosts either. If the user already has access to a `cryptic-net` binary then the new -`bootstrap.tgz` file can be given to them as-is, and they can proceed with +`bootstrap.yml` file can be given to them as-is, and they can proceed with running their host's `cryptic-net daemon`. ### Encrypted `admin.yml` @@ -63,14 +63,14 @@ running their host's `cryptic-net daemon`. If `admin.yml` is kept in an encrypted format on disk (it should be!) then the decrypted form can be piped into `make-bootstrap` over stdin. For example, if GPG is being used to secure `admin.yml` then the following could be used to -generate a `bootstrap.tgz`: +generate a `bootstrap.yml`: ``` gpg -d | cryptic-net hosts make-boostrap \ --name \ --ip \ --admin-path - \ - > bootstrap.tgz + > bootstrap.yml ``` Note that the value of `--admin-path` is `-`, indicating that `admin.yml` should @@ -78,14 +78,14 @@ be read from stdin. ## Step 4: Optionally, Build Binary -If you wish to embed the `bootstrap.tgz` into a custom binary for the user (to +If you wish to embed the `bootstrap.yml` into a custom binary for the user (to make installation _extremely_ easy for them) then you can run the following: ``` -nix-build --arg bootstrap -A appImage +nix-build --arg bootstrap -A appImage ``` The resulting binary can be found in the `result` directory which is created. -This binary should be treated like a `bootstrap.tgz` in terms of its uniqueness +This binary should be treated like a `bootstrap.yml` in terms of its uniqueness and sensitivity. diff --git a/docs/dev/daemon-process-tree.plantuml b/docs/dev/daemon-process-tree.plantuml index c44ba0d..b508c53 100644 --- a/docs/dev/daemon-process-tree.plantuml +++ b/docs/dev/daemon-process-tree.plantuml @@ -15,8 +15,8 @@ state AppDir { entrypoint : * Create runtime dir at $_RUNTIME_DIR_PATH entrypoint : * Lock runtime dir entrypoint : * Merge given and default daemon.yml files - entrypoint : * Copy bootstrap.tgz into $_DATA_DIR_PATH, if it's not there - entrypoint : * Merge daemon.yml config into bootstrap.tgz + entrypoint : * Copy bootstrap.yml into $_DATA_DIR_PATH, if it's not there + entrypoint : * Merge daemon.yml config into bootstrap.yml entrypoint : * Create $_RUNTIME_DIR_PATH/dnsmasq.conf entrypoint : * Create $_RUNTIME_DIR_PATH/nebula.yml entrypoint : * Create $_RUNTIME_DIR_PATH/garage-N.toml\n (one per storage allocation) diff --git a/docs/dev/daemon-process-tree.svg b/docs/dev/daemon-process-tree.svg index a64a983..1a64e63 100644 --- a/docs/dev/daemon-process-tree.svg +++ b/docs/dev/daemon-process-tree.svg @@ -1,10 +1,10 @@ AppDirAll relative paths are relative to the root of the AppDir./bin/dnsmasq -d -C $_RUNTIME_DIR_PATH/dnsmasq.conf./bin/nebula -config $_RUNTIME_DIR_PATH/nebula.yml./bin/garage -c $_RUNTIME_DIR_PATH/garage-N.toml server./AppRunSet PATH to APPDIR/bin./bin/entrypoint daemon -c ./daemon.ymlCreate runtime dir at $_RUNTIME_DIR_PATHLock runtime dirMerge given and default daemon.yml filesCopy bootstrap.tgz into $_DATA_DIR_PATH, if it's not thereMerge daemon.yml config into bootstrap.tgzCreate $_RUNTIME_DIR_PATH/dnsmasq.confCreate $_RUNTIME_DIR_PATH/nebula.ymlCreate $_RUNTIME_DIR_PATH/garage-N.toml(one per storage allocation)Run child processes(in the background) Updates garage cluster layout(in the background) Stores host info in global bucket./cryptic-net daemon -c ./daemon.ymlAppDirAll relative paths are relative to the root of the AppDir./bin/dnsmasq -d -C $_RUNTIME_DIR_PATH/dnsmasq.conf./bin/nebula -config $_RUNTIME_DIR_PATH/nebula.yml./bin/garage -c $_RUNTIME_DIR_PATH/garage-N.toml server./AppRunSet PATH to APPDIR/bin./bin/entrypoint daemon -c ./daemon.ymlCreate runtime dir at $_RUNTIME_DIR_PATHLock runtime dirMerge given and default daemon.yml filesCopy bootstrap.yml into $_DATA_DIR_PATH, if it's not thereMerge daemon.yml config into bootstrap.ymlCreate $_RUNTIME_DIR_PATH/dnsmasq.confCreate $_RUNTIME_DIR_PATH/nebula.ymlCreate $_RUNTIME_DIR_PATH/garage-N.toml(one per storage allocation)Run child processes(in the background) Updates garage cluster layout(in the background) Stores host info in global bucket./cryptic-net daemon -c ./daemon.ymlexecexecchildchildchildchild (one per storage allocation)child (one per storage allocation)