tinc-test: prepare the test machine and wrote log procedure

This commit is contained in:
Ingolf Wagner 2020-01-07 17:47:25 +13:00
parent fe231d26b3
commit 10c334cd5d
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
12 changed files with 122 additions and 86 deletions

View file

@ -3,13 +3,22 @@
with lib; with lib;
{ {
imports = [
<test-config/nixserver-server/tinc.nix>
];
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {
enable = true; enable = false;
openPort = true; openPort = true;
connectTo = [ "sputnik" ]; connectTo = [ "sputnik" ];
}; };
"retiolum" = { "retiolum" = {
enable = false;
openPort = true;
};
"test" = {
enable = true; enable = true;
openPort = true; openPort = true;
}; };

View file

@ -71,6 +71,11 @@ let
pkgs.file = toString ./pkgs; pkgs.file = toString ./pkgs;
assets.file = toString ./assets; assets.file = toString ./assets;
# test-tinc
test-assets.file = toString ./terranix/tinc-test/02-build/assets;
test-config.file = toString ./terranix/tinc-test/02-build/configs;
test-generated.file = toString ./terranix/tinc-test/02-build/generated;
nix-writers.git = { nix-writers.git = {
url = "https://cgit.krebsco.de/nix-writers/"; url = "https://cgit.krebsco.de/nix-writers/";
ref = (ops.importJson ./.nix-writers.json).rev; ref = (ops.importJson ./.nix-writers.json).rev;
@ -117,7 +122,7 @@ let
}; };
hostPattern = name: "${name}.private"; hostPattern = name: "localhost";
serverDeployment = name: serverDeployment = name:
{ host ? (hostPattern name), user ? "root" }: { host ? (hostPattern name), user ? "root" }:

View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { { pkgs, ... }: {
services.tor = { services.tor = {
enable = true; enable = false;
client.enable = true; client.enable = false;
hiddenServices.liveos.map = [{ port = 1337; }]; hiddenServices.liveos.map = [{ port = 1337; }];
}; };

View file

@ -1,25 +1,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
hcloud-modules = pkgs.fetchgit { #hcloud-modules = pkgs.fetchgit {
#url = "https://github.com/mrVanDalo/terranix-hcloud.git"; # #url = "https://github.com/mrVanDalo/terranix-hcloud.git";
url = "https://git.ingolf-wagner.de/terranix/hcloud.git"; # url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b"; # rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85"; # sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
}; #};
#hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11; hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
in { in {
imports = [ imports = [ (toString hcloud-modules) ./config/ssh-setup.nix ];
(toString hcloud-modules)
./config/file-generation.nix hcloud.export.nix = "${toString ../02-build/generated}/nixos-machines.nix";
./config/ssh-setup.nix
];
#hcloud.export.nix = "${toString ../02-build/generated}/test.nix";
hcloud.nixserver.server = { hcloud.nixserver.server = {
configurationFile = pkgs.writeText "configuration.nix" '' configurationFile = pkgs.writeText "configuration.nix" ''

View file

@ -21,7 +21,7 @@ let
&& ${terraform}/bin/terraform apply && ${terraform}/bin/terraform apply
''; '';
clean = pkgs.writers.writeBashBin "clean" '' destroy = pkgs.writers.writeBashBin "destroy" ''
${terraform}/bin/terraform destroy ${terraform}/bin/terraform destroy
rm ${toString ./.}/config.tf.json rm ${toString ./.}/config.tf.json
rm ${toString ./.}/terraform.tfstate* rm ${toString ./.}/terraform.tfstate*
@ -29,6 +29,6 @@ let
in pkgs.mkShell { in pkgs.mkShell {
buildInputs = with pkgs; [ terranix terraform create clean ]; buildInputs = with pkgs; [ terranix terraform create destroy ];
} }

View file

@ -3,10 +3,16 @@
networking.hostName = "server"; networking.hostName = "server";
environment.systemPackages = with pkgs; [ htop git vim mosh ]; # ssh
networking.firewall.allowedUDPPorts = [ 60001 ]; environment.systemPackages = with pkgs; [ htop git vim mosh tmux ];
networking.firewall.allowedUDPPortRanges = [{
from = 60000;
to = 60100;
}];
services.sshd.enable = true; services.sshd.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ <generated/sshkey.pub> ]; users.users.root.openssh.authorizedKeys.keyFiles = [ <test-generated/sshkey.pub> ];
# wireshark
programs.wireshark.enable = true;
} }

View file

@ -3,6 +3,7 @@
module.cluster.services.tinc = { module.cluster.services.tinc = {
"test" = { "test" = {
debugLevel = 5;
enable = true; enable = true;
openPort = true; openPort = true;
}; };

View file

@ -1,9 +1,12 @@
# shared tinc file between client and server # shared tinc file between client and server
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
nixosMachines = import <test-generated/nixos-machines.nix>;
in {
{ imports = [
<cluster-module>
imports = [ <cluster-module> ]; ];
networking.firewall.trustedInterfaces = [ "tinc.private" ]; networking.firewall.trustedInterfaces = [ "tinc.private" ];
@ -14,16 +17,19 @@
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
''; '';
privateEd25519KeyFile = toString <assets/tinc/ed25519_key>; privateEd25519KeyFile = toString <test-assets/tinc/ed25519_key>;
privateRsaKeyFile = toString <assets/tinc/rsa_key>; privateRsaKeyFile = toString <test-assets/tinc/rsa_key>;
hosts = { hosts = {
server = { server = {
tincIp = "10.123.142.1"; tincIp = "10.123.142.1";
publicKey = lib.fileContents <assets/tinc/server_host_file>; realAddress = [
nixosMachines.nixserver-server.host.ipv4
];
publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
}; };
client = { sterni = {
tincIp = "10.123.142.100"; tincIp = "10.123.142.100";
publicKey = lib.fileContents <assets/tinc/client_host_file>; publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
}; };
}; };
}; };

View file

@ -32,8 +32,8 @@ let
system = name: { system = name: {
configs.file = toString ./configs; configs.file = toString ./configs;
assets.file = toString ./assets; test-assets.file = toString ./assets;
generated.file = toString ./generated; test-generated.file = toString ./generated;
nixos-config.symlink = "configs/${name}/configuration.nix"; nixos-config.symlink = "configs/${name}/configuration.nix";
}; };
@ -47,9 +47,9 @@ let
servers = import ./generated/nixos-machines.nix; servers = import ./generated/nixos-machines.nix;
deployServer = name: deployServer = name:
{ user, host, ... }: { user ? "root", host, ... }:
with ops; with ops;
jobs "deploy-${name}" "${user}@${host}" [ jobs "deploy-${name}" "${user}@${host.ipv4}" [
(populate (source.system name)) (populate (source.system name))
(populate source.nixPkgs) (populate source.nixPkgs)
(populate source.modules) (populate source.modules)
@ -57,13 +57,13 @@ let
]; ];
moshServer = name: moshServer = name:
{ user, host, ... }: { user ? "root", host, ... }:
pkgs.writers.writeDashBin "mosh-${name}" '' pkgs.writers.writeDashBin "mosh-${name}" ''
${pkgs.mosh}/bin/mosh \ ${pkgs.mosh}/bin/mosh \
--ssh="${pkgs.openssh}/bin/ssh -F ${ --ssh="${pkgs.openssh}/bin/ssh -F ${
toString ./generated/ssh-configuration toString ./generated/ssh-configuration
}" \ }" \
"${user}@${host}" "${user}@${host.ipv4}"
''; '';
in pkgs.mkShell { in pkgs.mkShell {

View file

@ -31,6 +31,41 @@ cd ./02-build
nix-shell --run deploy-server nix-shell --run deploy-server
``` ```
## tracking and collecting
```
dumpcap \
-i ens3 \
-w /root/hardware-device_working.dcap
dumpcap \
-i tinc.test \
-w /root/tinc-device_working.dcap
```
and for the not working experiment
```
dumpcap \
-i ens3 \
-w /root/hardware-device_not-working.dcap
dumpcap \
-i tinc.test \
-w /root/tinc-device_not-working.dcap
```
logs
```
systemctl --from "2020-01-04 15:00" --until "2020-01-04 16:00" -o json > working-logs.json
systemctl --from "2020-01-04 17:00" --until "2020-01-04 18:00" -o json > nog-working-logs.json
```
and setup
```
tar cvzf etc.tgz /etc/tinc
```
## cleanup ## cleanup
```sh ```sh

View file

@ -1,49 +1,27 @@
-----BEGIN OPENSSH PRIVATE KEY----- -----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y NhAAAAAwEAAQAAAQEAqD70wK7MGSV6uBaP/IWxgr/eWm/LXsVu0rLOF8/VQdcPZgVw8eo6
bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy ZyDnfJpSvaYMknP9JlaiawMTpwrON8A5y8i2prQDhdO8Uz1pK+VXfZgY6hEOcs1UJmacsV
wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl 82oyaYAHg8gYUsRp8FOYQUCyZPrVlQMJN4F854sCugVr9Zfgc8B3Q+zoLX13jO+QLCTefI
uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I BRkKwBDHK3lGrNYyJ6qSTV/gA6LruwglPlK5BQsyB7djoLRgi7eNmJRyFqH7SotY40TzZR
5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1 w3BF7ssW4DFfqCXw/OtuOKls7+uivQgfUkAKvhGVbFbGRdEzRKTmgMzUNVXILZ5CYoTjEJ
0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl FGzrB6APwQAAA8A3cOj/N3Do/wAAAAdzc2gtcnNhAAABAQCoPvTArswZJXq4Fo/8hbGCv9
/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M 5ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF
Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp 07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6
kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIH
c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB t2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVs
cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI VsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/BAAAAAwEAAQAAAQBwNZTNEYeD2fBP6JRd
TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX adkrB8ZHcLolWe4AzkoPrYhgogteEpDydzI+Z76b5tz6KU3HO16B/FPUpTetN9KzchvZ4u
AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/ KWqgaTcdTve0yyfwHr/M3ZBkkpnfHarqMg1Qy+oVXNMmPASk5uR06XvpQTn5iSV7fYvfHh
16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5 hs4NSPtl/7azCxFK6PnQSKoUz1FSSdV/JT1Iptw5pSASMv6qCPWK04tIpfV9kVnxJMDRuD
OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv f8DZqxhruien6YjIKaP2UOvVIj2cog5siELmkRN56naPEXdEKs2heSnQ1NtjexmKkzEJM7
qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6 vAbZJ1EBT2c4UbmLlCJ/M+3wgjTdDIzjUK7WHVRD1Mh1AAAAgBfcHhwEwStAZ2DUgrOFYE
LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW kBUWZzBUmnFIK/HB0SX7CGk7V1I3PhpG8TF2PhC85dcC44i/wYdrEC/R+zA/iOf/94tO3l
CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV T0pksYewfk+1uUPWxJtBLzDpYJk/RfskA+K5aLw1UI+4kGdtaoia/Y1qbHmwrBfNUYUZx6
Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc NDo7X5teQKAAAAgQDTBDReUialFX046Qq6CXinMpvprgwKNaWgdUfnZ6ihKye3IoLkVqYk
Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y IkIJDcDzyPiekJc2Xwi2uFVo//2T02aeisYgkOmFYYNXM4eHQfsEQyt6SqtpvlsoZ6BF7z
4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS sB4QQsYnuwxsO6vbQSKItlX5qrodbnldNqjqwU9Eiz6S+5XwAAAIEAzByjPznLIcsYAk/u
1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3 bZ8TyX2Iigd8WAmuauvhfHJ9o65AQM1D5kYytD8c3Zn64iZxPaZX1UK9T5gkSQETJz/Ix8
KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh EEulFiWyS1GtGImykJ1E32zM06xS+nMDKrbvQbAsUPDD0u52eMMLwex1GG8YWxcRKZyDL2
eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo jz63bvm/l1vcKt8AAAALcGFsb0BzdGVybmk=
/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P
hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50
AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC
BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws
t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4
uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW
VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp
CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG
y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp
uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw
A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm
vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z
8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ
vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud
DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM
gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw
/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ
oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1
0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49
WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01
fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9
E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI=
-----END OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY-----

View file

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPvTArswZJXq4Fo/8hbGCv95ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIHt2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVsVsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/B palo@sterni