User Tools

Site Tools


soft:server-apps-nodes

Nodes Application

Register and Manage Confine Nodes.

Settings

  • NODES_NODE_ARCHS available node architectures, by default: (
    ('x86_64', 'x86_64'),
    ('i586', 'i586'),
    ('i686', 'i686'),)
  • NODES_NODE_ARCH_DFLT default node architecture, by default 'x86_64'.
  • NODES_NODE_LOCAL_IFACE_DFLT default node local network interface, 'eth0' by default.
  • NODES_NODE_SLIVER_PUB_IPV4_DFLT default sliver public IPv4 configuration, 'dhcp' by default.
  • NODES_NODE_SLIVER_PUB_IPV4_RANGE_DFLT default sliver public IPv4 range '#8' by default.
  • NODES_NODE_DIRECT_IFACES_DFLT, list of default node direct interfaces, [] by default.
  • NODES_MGMT_BACKEND is the management backend which basically provides per node mgmt addresss, 'mgmtnetworks.tinc.backend' by default
  • NODES_NODE_API_NODE_BASE_URL, node API base url schema, by default 'http://[%(mgmt_addr)s]/confine/api'.

Actions

  • Reboot
  • Certificate Signing Request
  • Virtual Machine management (*only in VCT*)

Certificate Signing Request

Generate Certificate Request

The node owner should create a certiticate request with these two mandatory entries

  1. Common Name (CN): node’s RD management address (2001:db8:cafe::2) (the domain that we want to secure)
  2. Email Address: node admin’s e-mail address for contact

The following command can be used for generating the requests and also generate the key pair:

openssl req -nodes -newkey rsa:2048 -keyout mynode.key -out mynode.csr

But of course you can reuse your existing Tinc key:

openssl req -new -key /etc/tinc/confine/rsa_key.priv -out mynode.csr

Signing Request

Two ways (1) web interface and (2) REST API:

  1. The node admin can upload the certificate request (csr file) through the node management section:
    https://controller.confine-project.eu/admin/nodes/node/12345/request-cert/
  2. The node admin can POST its cert request using this API endpoint
    POST https://[2001:db8:cafe::2]/confine/api/nodes/12345/ctl/request-cert

Virtual Machine management

This feature is only available at VCT (Virtual CONFINE Testbed) environment.

Web interface

The node admin can manage (create, start, stop and destroy) the node virtual machine through the virtual machine section:

https://vct/admin/nodes/node/12345/vm/

Controller API

The node admin has the possibility to manage the virtual machine via controller API:

  1. GET: obtain current status of the node virtual machine (404 if doesn't exists).
  2. POST (with no data): create the virtual machine for a node.
  3. PUT, PATCH: update the virtual machine status. Params start OR stop boolean.
  4. DELETE: remove the node virtual machine.

Examples of API usage and responses:

1. Get VM information

# Running vm
GET /api/nodes/1234/ctl/vm/
HTTP 200 OK
{
    "start": false, 
    "stop": false, 
    "state": "running"
}
 
# Non existent vm
GET /api/nodes/4444/ctl/vm/
HTTP 404 NOT FOUND
{
    "detail": "Not found"
}

2. Create a new VM

# Create a VM
POST /api/nodes/206/ctl/vm/
HTTP 201 CREATED
{
    "start": false, 
    "stop": false, 
    "state": "down"
}
 
# Try to create a VM for a node without firmware generated
POST /api/nodes/7/ctl/vm/
HTTP 500 INTERNAL SERVER ERROR
{
    "detail": "run() encountered an error (return code -15) while executing 
              '/home/vct/confine-dist/utils/vct/vct_node_create 0007' VCT  ERROR vct_node_create():
              Missing firmware=/var/lib/vct/images/confine-firmware-7.img.gz for rd-id=0007"
}

3. Update VM state

# Start a VM
PATCH /api/nodes/4/ctl/vm/
{"start": true}
 
# Stop a VM
PATCH /api/nodes/4/ctl/vm/
{"stop": true}
soft/server-apps-nodes.txt · Last modified: 2014/07/16 10:49 by santiago