Installing SlapOS Node (Comp-0)

Installing a SlapOS Node

This tutorial will guide you through the process of installing a SlapOS node on a computer. This node is supposed to be the first node (COMP-0) to be created after installing the SlapOS Master (COMP-ROOT). The node is necessary to provide the following services to the Master and other nodes in the network (COMP-123):

  • Re6st Registry - a register to manage a network of nodes, provide IPv6 and issue access tokens
  • Frontend (Apache) - a gateway for user requests allowing to access network internal services via browser

For this tutorial you will require a SlapOS Master and (first) user account, which can either be your own installed SlapOS Master or a commercial service like Vifib to register your node and another computer on which to install the SlapOS node. The tutorial will use an arbitrary GNU/Linux server from a cloud provider (Debian8, available for example from OVH or Online.net) with wget installed.

Table of Content

  • Install SlapOS Node
  • Provide Frontend (Apache)
  • Provide Re6st Registry
  • Install Re6st on SlapOS node

Install SlapOS Node

This section will guide through the steps of installing the software for the SlapOS COMP-0 node. Most of the steps are similar to installing other nodes - however due to required services not existing at the point of installation, the order of steps differs.

SlapOS Dashboard - Login

SlapOS Interface - SlapOS Dashboard

Log into the SlapOS Master Dashboard at:

[master-instance-IPv4]/erp5/web_site_module/hostingjs/
and log in with first user credentials. Click on the Servers link in the side to go to your list of servers.

 

SlapOS Server List - Request Token

SlapOS Node Installation - Request Association Token

Adding new nodes to a network requires access tokens. These are X509 security tokens, that identify your new node with a SlapOS Master and enable it to manage it within a network. To get such a token, in the subheader, click Token.

Note, these are single use tokens. Should the installation of SlapOS fail due to some reasons, you need to request a new token.

Save SlapOS Association Token

SlapOS Node Installation - Association Token

Click Proceed to request a token. Once it's generated, copy the token for later.

Note: Now each time you click Proceed will generate a new token. And we only need one.

Add Temporary IPv6 Address


su -
# include temporary IPv6 on lo
ip -6 addr add fc01::1/32 dev lo

Head to the terminal and access the server you intend to be COMP-0. As COMP-0 will later provide Re6st and IPv6 to the SlapOS network, there likely is no IPv6 available at this point. You need to add a temporary IPv6 address range as shown in the code above.

Rationale: SlapOS requires IPv6 internally and uses Re6st, which will be installed later to enable IPv6 in heterogeneous environments (distributed machines, different types).

You will later deploy and instantiate a Re6st registry on COMP-0 to provide IPv6 and Re6st access tokens. However, in order to deploy it, SlapOS needs to be installed and to install SlapOS, IPv6 is required. Thus, we use a temporary IPv6 address range until the Registry is available, at which point it will be removed again before correctly installing Re6st with IPv6 automatically being added.

Single Line Installer

sudo su
# wget deploy.erp5.net/slapos && bash slapos

...

What is the url to the SlapOS Master API? [https://slap.vifib.com/]: 
What is the url to the SlapOS Master Website? [https://slapos.vifib.com/]: 
What is this computer name? [noname]:
If you have slapos token if you have? [notoken]:

Continue and use the single line installer. You will be asked several questions during the installation. You are connecting to your own master, so on the first question, please point to port 5443 of your master's IPv4 adress (https://[IPv4]:5443) and on the second question, please add your SlapOS Master dashboard url https://[IPv4]:443/erp5/web_site_module/hostingjs/

Choose a name for your computer to identify it in your network and finally enter the association token you have received earlier. The installation can be repeated in case something goes wrong or you would like to change some of the entered parameters.

Once the installation has finishes without errors, you should see:

...
PLAY RECAP *********************************************************************
127.0.0.1                  : ok=12   changed=4   unreachable=0   failed=0

In case installation fails and you want to start over, you need to request a new token as mentioned above and, depending on whether already created, remove any existing configuration in /etc/opt/slapos/slapos.cfg in COMP-0 before restarting.

You can verify that SlapOS was installed by trying:

# slapos node
watchdog                   RUNNING   pid 13270, uptime 0:00:03

And (re)formatting the SlapOS node:

# slapos node format --now
2020-09-22 17:36:01 slapos[20980] INFO Updating computer
2020-09-22 17:36:07 slapos[20980] INFO Posting information to 'https://51.159.66.10:5443'
2020-09-22 17:36:08 slapos[20980] INFO slapos successfully prepared the computer.

SlapOS Dashboard - Registered Servers

SlapOS - Server List

Head back to your SlapOS Dashboard's server list and it now includes your new node which was associated to the network using the token you created. You may have to refresh the page for the server to show up.

Note, the server entry has three clickable areas:

  • The line itself (click server name for example). It points to the server configuration
  • The computer button. It will open the monitor - the green color indicates the server is active and contacting the Master.
  • The partition button. As there are no partitions used yet, the button is still inactive.

Regarding the colored indicators:

  • Green - server/partitions is contacting the SlapOS Master regularly
  • Yellow - one of the server/partition processes is experiencing problems
  • Red - server no longer connects to the SlapOS Master

Provide Frontend (Caddy)

The first software to be installed on the COMP-0 node is a Frontend (Caddy). To instantiate the Frontend, you need a wildcard domain with a wildcard SSL certificate. If you do not have a domain, you can get one at Gandi. If you do not have a certificate, you can get one Let'sencrypt certificate by following the steps in how to request a wildcard SSL certificate (letsencrypt). Your wildcard domain should point to COMP-0 IPv4 address.

Frontends are available in SlapOS because they:

  • prevent end users from having to use IPv6
  • provide secure https connections with valid certificate
  • route access through a central, auditable entry point
  • give meaningful urls internally instead of displaying IPv6 addresses

Supply Service Frontend

Slapos Dashboard - Supply Service Frontend Apache on COMP-0

Pick any of the available Slave nodes and click on the server (not the green 'computer' or 'partitions' buttons). In our example we currently only have a single node registered without any active partitions, so select this node to open it's configuration. You can see in the bottom table Supplied Software that this node does currently not have any software installed.

To continue, click the Supply button in the subheader to open the list of available software (releases) that can be installed on this node.

Select Frontend Software Release

SlapOS Dashboard - Select Software Release to supply

Select the Frontend software release, which is preinstalled on SlapOS (see how to add a software to SlapOS Master for more info).

Select Frontend Software Release Version

SlapOS Dashboard - Select Software Release Version

Select the latest version if there are multiple versions here.

Launch Frontend Software Release Installation

SlapOS Dashboard - Launch Software Release Installation

The following dialog summarizes the software release to be installed including the computer it will be installed on. Click Proceed to continue.

Wait for Frontend Installation

SlapOS Dashboard - Access Computer

You will be forwarded to the installation status page. Installation will take some time depending on the software you are installing, so either refresh the current page or check the installation status directly by either going to your Servers list and selecting the machine you chose during installation or clicking directly on Computer Reference.

You can follow the compilation and installing by looking at the slapos-node-software.log on COMP-0 using:

# tail /opt/slapos/log/slapos-node-software.log -f
in your terminal or using # slapos node software directly.

Verify Frontend Installation

SlapOS Dashboard - Verify Installation Success

You can see the installed service is now available in the bottom list. The indicator will stay red until the software has finished compiling and installing. Once the installation status bar changes to green on a refresh of the page, the installation has finished. This node can now provide Frontend instances.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu. The list will show all services currently instantiated (not the softwares currently installed!). To create an instance of an installed software, click the Add button in the subheader.

Create Frontend Slave Service

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select Frontend as this is the service we want to provide.

Select Frontent Service Version

SlapOS Dashboard - Select Service Version

Please choose the latest version if there are multiple versions here.

Frontend Slave Configuration Parameters

SlapOS Interface - Service Frontend Slave Configuration Parameters

Select Software-Type Custom Personal (Slave) and give your Frontend slave a recognizable name. Add the Backend Url you want this Frontend to connect to. In the screenshot pictured, this is the url to a SlapOS Master Dashboard. The backend url

https://51.159.66.10/erp5/web_site_module/hostingjs/

points to this Dashboard. Set Custom Domain to the domain you want to use. For example:

master.host.daetalus.cn

Set the "Enable Cache" to "true". Then scroll down to the bottom of the page and (don't forget) to select the computer to provide the Frontend slave.

Click Proceed to continue and request instantiation.

Create Frontend Service

SlapOS Dashboard - Select Service

After Frontend Slave service was configured, we leave it for now and going to create the Frontend service. So select Services menu and click Add another time.

Select Frontend Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version if there are multiple versions.

Frontend Service Configuration

SlapOS Dashboard - Frontend Instance Configuration

You will reach the Frontend configuration menu. It contains a form of software-specific parameters as well as a generic XML configuration field (hidden by default - click the "Show Parameter XML" button to display).

Select Software-Type custom personal, then fill the form. Don't forget to give the Frontend a title and make sure you select the computer you created at the end of the form. Otherwise the SlapOS Master will look by itself on which node the instance should be created (not relevant in this case as there is only one computer).

Fill the form like this :

  • Title: FRONTEND
  • Software type: Custom Personal
  • Public IPv4: [IP_OF_YOUR_SERVER]
  • Test Verification URL: https://www.erp5.com/getId
  • [DEPRECATED] SSL Certificate, with optional CA certificate: [AAA]
  • [DEPRECATED] SSL Key: [BBB] 
  • Domain: [domain]
  • Computer: [COMP-XXXX]

Alternatively, you can choose to click on the "Show parameter XML" button and fill the following XML configuration parameters:

<?xml version="1.0" encoding="utf-8"?>
<instance>
    <parameter id="public-ipv4">[IP_OF_YOUR_SERVER]</parameter>
    <parameter id="re6st-verification-url">https://www.erp5.com/getId</parameter>
    <parameter id="apache-key">[AAA]</parameter>
    <parameter id="apache-certificate">[BBB]</parameter>
    <parameter id="domain">[domain]</parameter>
</instance>

using:

  • [IP_OF_YOUR_SERVER]: IPv4 address of your slave server (debian@xxx.this.one.xxx)
  • [AAA]: SSL Key (privkey.pem)
  • [BBB]: SSL CA certificate (fullchain.pem)
  • [domain]: the domain you are using (here: slaptest.erp5.net)
  • [COMP-XXXX]: computer where the partition for this Frontend will be created.

Click Proceed to start instantiation.

Instantiation and Port Forwarding

SlapOS Dashboard - Socat Port Forwarding

Refresh the list of current services to show the new service and status.

You can follow the compilation progress by looking at the slapos-node-instance.log using:

# tail /opt/slapos/log/slapos-node-instance.log -f
or calling # slapos node instance in the terminal directly.

The Frontend will be installed inside a computer partition and will listen on ports 8080 and 4443. Since permissions in Linux systems prevent users from accessing ports smaller than 1024, incoming traffic on public ports 80 and 443 has to be forwarded to the correct ports the Frontend is listening on.

So wait for the instantiation of the frontend, watch the log (as mentioned above). At the end, you should only see errors like: ERROR connection not possible while accessing 'https://softinst1.host.daetalus.cn/'. Those errors will disappear when you install socat and configure with it.

On your frontend server, use a Firewall with NAT traversal or use Socat. We will use Socat, a relay for bidirectional data transfer between two independent data channels. Data channels can be files, pipes, devices (terminal or modem, etc.), or sockets (Unix, IP4, IP6 - raw, UDP, TCP), etc. For more information, please refer to the Free Software Directory).

To install socat, head to your terminal and:

su -
# apt-get install socat

Find the local IPv4 addresses used by the Frontend in its configuration folder:

root@comp-0:~# grep '^:\|bind' /srv/slapgrid/slappart*/etc/Caddyfile
:4443 {
bind 10.0.97.156
:8080 {
bind 10.0.97.156
bind 10.0.97.156
ERROR while connecting to ('10.0.5.157', 26012): [Errno 111] Connection refused

Then call socat:

root@comp-0:~# socat  TCP4-LISTEN:80,fork TCP4:10.0.97.156:8080 &
socat TCP4-LISTEN:443,fork TCP4:10.0.97.156:4443 &

To see whether your bindings are active, you can

root@comp-0:~# ps aux | grep socat
root     17629  0.0  0.0   6824  1960 pts/1    S    14:46   0:00 socat TCP4-LISTEN:80,fork TCP4:10.0.97.156:8080
root     17664  0.0  0.0   6824  3188 pts/1    S    14:46   0:00 socat TCP4-LISTEN:443,fork TCP4:10.0.97.156:4443
root     22300  0.0  0.0   6208   892 pts/1    S+   15:08   0:00 grep socat

You can also verify that the port forwarding is working by accessing your Frontend url (in our case) foobar.slaptest.erp5.net in a browser. If successful, the listener should forward to the IPv4 address the Frontend is listening on and you should see the following:

This instance has not been found.

If this error persists, please check your instance URL and status on SlapOS Master.

 

In case the Frontend is not or no longer accessible, you can check on your node by:

 

sudo su
# slapos node
slappart7:6tunnel-26011-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27308, uptime 2:17:11
slappart7:6tunnel-26012-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27321, uptime 2:17:11
slappart7:6tunnel-4443-022ff02cd2a2f17a06435e15dcfcc561-on-watch             RUNNING   pid 27296, uptime 2:17:12
slappart7:6tunnel-8080-022ff02cd2a2f17a06435e15dcfcc561-on-watch             RUNNING   pid 27303, uptime 2:17:12
slappart7:bootstrap-monitor                                                  EXITED    Sep 23 03:08 PM
slappart7:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 27314, uptime 2:17:11
slappart7:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 27329, uptime 2:17:11
slappart7:expose-csr_id-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27332, uptime 2:17:11
slappart7:frontend-caddy-safe-graceful                                       EXITED    Sep 23 03:08 PM
slappart7:frontend_caddy-db7c769e88f575f3926f31d8948f5fb9-on-watch           RUNNING   pid 27299, uptime 2:17:12
slappart7:kedifa-login-certificate-caucase-updater-on-watch                  RUNNING   pid 28552, uptime 2:11:12
slappart7:kedifa-updater-022ff02cd2a2f17a06435e15dcfcc561-on-watch           RUNNING   pid 28556, uptime 2:11:12
slappart7:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27337, uptime 2:17:11
slappart7:monitor-httpd-graceful                                             EXITED    Sep 23 03:08 PM
slappart7:trafficserver-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27305, uptime 2:17:11
slappart7:trafficserver-reload                                               EXITED    Sep 23 03:08 PM
slappart8:bootstrap-monitor                                                  EXITED    Sep 23 02:46 PM
slappart8:caucase-updater-on-watch                                           RUNNING   pid 28026, uptime 2:13:44
slappart8:caucased-022ff02cd2a2f17a06435e15dcfcc561-on-watch                 RUNNING   pid 26938, uptime 2:18:46
slappart8:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 26924, uptime 2:18:47
slappart8:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 26925, uptime 2:18:47
slappart8:expose-csr_id-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 26923, uptime 2:18:47
slappart8:kedifa-022ff02cd2a2f17a06435e15dcfcc561-on-watch                   RUNNING   pid 28024, uptime 2:13:44
slappart8:kedifa-reloader                                                    EXITED    Sep 23 02:46 PM
slappart8:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 26939, uptime 2:18:46
slappart8:monitor-httpd-graceful                                             EXITED    Sep 23 02:46 PM
slappart9:bootstrap-monitor                                                  EXITED    Sep 23 02:46 PM
slappart9:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 27075, uptime 2:18:00
slappart9:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 27076, uptime 2:18:00
slappart9:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27080, uptime 2:18:00
slappart9:monitor-httpd-graceful                                             EXITED    Sep 23 02:46 PM
slappart9:rejected-slave-publish-3df716aba73e4f0d660c97cd4a62564e-on-watch   RUNNING   pid 27079, uptime 2:18:00
watchdog                                                                     RUNNING   pid 19821, uptime 22:03:17

If the Frontend is running check if socat is working:

# ps aux | grep "socat"
root     17629  0.0  0.0   6824  1960 pts/1    S    14:46   0:00 socat TCP4-LISTEN:80,fork TCP4:10.0.97.156:8080
root     17664  0.0  0.0   6824  3188 pts/1    S    14:46   0:00 socat TCP4-LISTEN:443,fork TCP4:10.0.97.156:4443
root     22300  0.0  0.0   6208   892 pts/1    S+   15:08   0:00 grep socat

If socat is not running anymore, redo the socat binding to reach the Frontend again.

Monitor Url Connection Parameter

SlapOS Dashboard - Service Frontend Apache Connection Parameters

After setting up port forwarding on your Dashboard, click on the Services menu and select the Frontend entry to re-open its configuration page.

If port forwarding was set correctly, your instance should now have a green status.

Verify Service Frontend Is Accessible

Monitor Interface - Add OPML

Once the status turns green and instantiation finished successfully, there should be a number of connection parameters available when you scroll down beyond the configuration form. Click on the monitor-setup-url and then Save.

Monitor Interface - Hosting Subscriptions List

Click on Hosting Subscriptions to see the list of all instances that you are monitoring. Click on Synchronize to refresh the list and the status of all your monitored instances.

Monitor Interface - Hosting Subscription Detail

If you click on your instance, you will land on this instance detail. Please note that a "SlapOS instance" (that you see on "Hosting Subscriptions" list) is an instance of a SlapOS service and can be made of several smaller instances that we can call "software instances".

Monitor Interface - Instance View

If you click on a software instance, you will see all the available information for this instance. You need to click on "Synchronize" in order to have the latest status. When you click on "Synchronize", the monitor will fetch the latest information for all the subscribed instances. When you have many subscribed instances, that can take a long time.

Verify the Instantiated Services

SlapOS Interface - Instantiate Service Frontend Slave

You will be forwarded back to the list of deployed services. You might have to refresh the page for your new instance to appear. Once you can see it, click on entry to open the connection parameters of the Frontend Slave.

Frontend Slave Connection Parameters

SlapOS Interface - Service Frontend Slave Connection Parameters

Because we had create the Frontend Slave service first, then create the Frontend service. So now the Frontend Slave should be available. If not, refresh the page from time to time until the connection parameter table shows parameters. Once the Secure Access entry shows the url, the Frontend Slave is setup and working.

Frontend Slave Running

SlapOS Interface - Verify Frontend Slave Accessability

If you go to your requested URL (master.host.datetalus.cn in here) you can see that it points to the selected backend URL.

Should you have problems in loading the page, try restarting the Frontend by ssh-ing into your node, locating the frontend_apache-on-watch process and restarting it.

sudo su
# slapos node 
slappart7:6tunnel-26011-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27308, uptime 3:42:54
slappart7:6tunnel-26012-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27321, uptime 3:42:54
slappart7:6tunnel-4443-022ff02cd2a2f17a06435e15dcfcc561-on-watch             RUNNING   pid 27296, uptime 3:42:55
slappart7:6tunnel-8080-022ff02cd2a2f17a06435e15dcfcc561-on-watch             RUNNING   pid 27303, uptime 3:42:55
slappart7:bootstrap-monitor                                                  EXITED    Sep 23 04:32 PM
slappart7:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 27314, uptime 3:42:54
slappart7:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 27329, uptime 3:42:54
slappart7:expose-csr_id-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27332, uptime 3:42:54
slappart7:frontend-caddy-safe-graceful                                       EXITED    Sep 23 04:32 PM
slappart7:frontend_caddy-db7c769e88f575f3926f31d8948f5fb9-on-watch           RUNNING   pid 27299, uptime 3:42:55
slappart7:kedifa-login-certificate-caucase-updater-on-watch                  RUNNING   pid 28552, uptime 3:36:55
slappart7:kedifa-updater-022ff02cd2a2f17a06435e15dcfcc561-on-watch           RUNNING   pid 28556, uptime 3:36:55
slappart7:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27337, uptime 3:42:54
slappart7:monitor-httpd-graceful                                             EXITED    Sep 23 04:32 PM
slappart7:trafficserver-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27305, uptime 3:42:54
slappart7:trafficserver-reload                                               EXITED    Sep 23 04:32 PM
slappart8:bootstrap-monitor                                                  EXITED    Sep 23 04:32 PM
slappart8:caucase-updater-on-watch                                           RUNNING   pid 28026, uptime 3:39:27
slappart8:caucased-022ff02cd2a2f17a06435e15dcfcc561-on-watch                 RUNNING   pid 26938, uptime 3:44:29
slappart8:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 26924, uptime 3:44:30
slappart8:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 26925, uptime 3:44:30
slappart8:expose-csr_id-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 26923, uptime 3:44:30
slappart8:kedifa-022ff02cd2a2f17a06435e15dcfcc561-on-watch                   RUNNING   pid 28024, uptime 3:39:27
slappart8:kedifa-reloader                                                    EXITED    Sep 23 04:32 PM
slappart8:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 26939, uptime 3:44:29
slappart8:monitor-httpd-graceful                                             EXITED    Sep 23 04:32 PM
slappart9:bootstrap-monitor                                                  EXITED    Sep 23 04:31 PM
slappart9:certificate_authority-022ff02cd2a2f17a06435e15dcfcc561-on-watch    RUNNING   pid 27075, uptime 3:43:43
slappart9:crond-022ff02cd2a2f17a06435e15dcfcc561-on-watch                    RUNNING   pid 27076, uptime 3:43:43
slappart9:monitor-httpd-022ff02cd2a2f17a06435e15dcfcc561-on-watch            RUNNING   pid 27080, uptime 3:43:43you are waiting for,
slappart9:monitor-httpd-graceful                                             EXITED    Sep 23 04:31 PM
slappart9:rejected-slave-publish-3df716aba73e4f0d660c97cd4a62564e-on-watch   RUNNING   pid 27079, uptime 3:43:43
watchdog                                                                     RUNNING   pid 19821, uptime 23:29:00

To restart a service you can use slapos node restart slappart7:frontend_caddy-db7c769e88f575f3926f31d8948f5fb9-on-watch.

Provide Re6st Registry

This section will cover the steps required to supply and instantiate a Re6st Registry.

Re6st is used in SlapOS to create a mesh network and route traffic through available nodes. To setup Re6st while configuring COMP-0, it is first required to instantiate a Re6st Registry - a register which manages Re6st all nodes in a network and issues tokens for new nodes to join (Note, that Re6st tokens are not SlapOS X509 tokens).

Install Re6st Software Release on Node

Slapos Dashboard - Supply Service Re6st Registry on COMP-0

Pick any of the available Slave nodes. You can see in the bottom table Supplied Software that this node now has the Frontend software release installed. We will add Re6st in the same way.

Click the Supply button.

Select Re6st Software Release

SlapOS Dashboard - Select Software Release to supply

Select the Re6st software release.

Select Re6st Software Release Version

SlapOS Dashboard - Select Software Release Version

Select the latest version.

Launch Re6st Software Release Installation

SlapOS Dashboard - Launch Software Release Installation

The following dialog summarizes the software release to be installed as well as the computer it will be installed on. Click Proceed to launch instantiation.

Wait for Re6st Installation

SlapOS Dashboard - Access Computer

Installation will take some time depending on the software you are installing, so either refresh the current page or check installation status directly by either going to your Servers list and selecting the machine you chose during installation or clicking directly on Computer Reference.

Verify Re6st Installation

SlapOS Dashboard - Verify Installation Success

You can see the installed service now includes Re6st. The indicator will stay red until the software has finished compiling and installing. Once the installation status bar changes to green on a refresh of the page, the installation has finished.

You can follow the compilation by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f

in your terminal or calling slapos node software directly.

List of Instantiated Services

SlapOS Dashboard - Add Service

Once installed, head to the list of services by clicking on Services in the side menu. Then click add.

Create New Res6st Registry Instance

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select Re6st as this is the service we want to provide.

Select Re6st Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Re6st Registry Configuration

SlapOS Dashboard - Re6st Registry Service Configuration Parameters

After adding a recognizable name, select the software-type Default, then provide the following parameters:

IPv6 prefix: fc01::/7
Default length of allocated prefix: 16

Don't forget to select your computer at the end of the form to prevent the SlapOS Master allocating the Registry on a computer of its choice.

Click Proceed to start instantiation. This will forward you to the list of current services.

Socat Port Forwarding

SlapOS Interface - Re6st Service Instantiation

Refresh the page to show your instance and installation status.

You can follow the compilation by looking at the slapos-node-instance.log using:

# tail /opt/slapos/log/slapos-node-instance.log -f
or using slapos node instance directly.

As the Registry is listening on port 19201 and permissions in Linux systems prevent users from accessing ports below 1024, traffic must be forwarded.

This can be done using a Firewall with NAT traversal or using Socat. We will use Socat, a relay for bidirectional data transfer between two independent data channels. Data channels can be files, pipes, devices (terminal or modem, etc.), or sockets (Unix, IP4, IP6 - raw, UDP, TCP), etc. For more information, please refer to the Free Software Directory).

To install socat in case required, head to your terminal and:

sudo su # or su -
# apt install socat

Still in your terminal, start to see whether the Registry has finished installing (use # slapos node instance to follow installation):

root@comp-0:~# netstat -natp | grep 9201
tcp        0      0 10.0.175.168:9201       0.0.0.0:*               LISTEN      11958/python2.7     
tcp6       0      0 :::9201                 :::*                    LISTEN      11958/python2.7  

Find the IP using: 

root@comp-0:~#  ip -4 address show dev enp1s0
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 51.159.66.11/24 brd 51.159.66.255 scope global enp1s0
       valid_lft forever preferred_lft forever

 

Then call Socat with the listening tcp entry and the inet addr:   

    # socat TCP4-LISTEN:9201,fork,bind=51.159.66.11 TCP4:10.0.175.168:9201 &

Note, that your Registry master-url in the example is 51.159.66.11:9201. SAVE # THIS URL. You will need to provide it whenever you want to connect a new node to the network.

 

To verify whether port forwarding works, you can:

root@comp-0:~# ps aux | grep socat
root     17629  0.0  0.0   6824  3256 ?        S    Sep23   0:00 socat TCP4-LISTEN:80,fork TCP4:10.0.97.156:8080
root     17664  0.0  0.0   6824  3136 ?        S    Sep23   0:01 socat TCP4-LISTEN:443,fork TCP4:10.0.97.156:4443
root     27099  0.0  0.0   6824   452 ?        S    17:08   0:00 socat TCP4-LISTEN:443,fork TCP4:10.0.97.156:4443
root     28530  0.0  0.0   6824  1900 pts/5    S    17:17   0:00 socat TCP4-LISTEN:9201,fork,bind=51.159.66.11 TCP4:10.0.175.168:9201
root     28539  0.0  0.0   6208   896 pts/5    S+   17:17   0:00 grep socat

Before finishing make sure that any temporary IPv6 address space added during installation of the SlapOS node itself is removed. On your terminal, run:

sudo su
# ip -6 addr del fc01::1/32 dev lo

IPv6 will be reset when the first (gateway) node is being created.

Verify Re6st Is Accessible

SlapOS Re6st Registry Service Accessability

Once port forwarding is setup, try accessing the registry over the Registry master-url 51.159.66.11:9201. Note down this URL, it needs to be provided every time Re6st is installed on a new server to be added to the network.

Install Re6st on SlapOS Node

After instantiating the Registry on the node, it is now time, to install Re6st on the node itself which is covered in this section. This includes getting a Re6st access token and running the single line installer.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu, then click the Add button in the subheader.

Create New Res6st Token Instance

SlapOS Dashboard - Select Service

Select Re6st as this is the service we want to provide. The differentiation between Registry and Token will be made via the configuration parameter Software-Type.

Select Re6st Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Re6st Registry Configuration

SlapOS Dashboard - Re6st Token Service Configuration Parameters

Select Software Type Re6st Token which will load a form with instance-specific parameters. As mentioned, the token is actually a slave instance of the Registry (and in case of COMP-0 a first gateway node).

Every new node will require a token, so give this token a recognizable name (Re6st-COMP-0 for example).

Select the Computer on which the Registry of your SlapOS Master is to be installed on at the bottom of the page, then click Proceed to instantiate the service and be forwarded to the list of current services. Refresh the page, it may take a few minute for the node to be instantiated and the token to appear. It is a single use token to connect one other node to the network.

Instantiate Re6st Token

SlapOS Dashboard - Service Re6st Token Instantiation

Click Proceed to instantiate a new token. Refresh the list of instantiated services to make the token appear. Click on it to access the connection parameters.

Token Connection Parameters

SlapOS Interface - Re6st Token Connection Parameters

Locate the token in the Connection Parameters. It might require a few minutes to show up. Refresh the page to see whether the token has been instantiated.

You can now install Re6st on this machine. It will add back actual IPv6 after the temporary IPv6 has been removed again.

Installing Re6st

sudo su
# wget https://deploy.erp5.net/re6st && bash re6st

ssh back into the terminal of COMP-0 and install Re6st using wget as shown above. At some point the script will ask you to:

What is the Url of the Re6st registry [https://re6stnet.nexedi.com]:
Please insert your re6stnet token [notoken]:

Provide the master_url noted earlier (http://[your_IPv4]:9201) along with the token created in the previous steps and continue. The setup should finish without errors:

...
PLAY RECAP *******************************************************************************************************************************
127.0.0.1                  : ok=25   changed=9    unreachable=0    failed=0   

Verify Files Created

sudo su
# ls /etc/re6stnet/
ca.crt     cert.cert     cert.key     re6stnet.conf     README

Verify that the configuration files were created.

Update Re6st Configuration File

sudo su
# nano /etc/re6stnet/re6stnet.conf
registry http://51.159.66.11:9201/
ca ca.crt
cert cert.crt
key cert.key
# increase re6stnet verbosity:
#verbose 3
# enable OpenVPN logging:
#ovpnlog
# increase OpenVPN verbosity:
#O--verb
#O3
O--socket-flags
O"TCP_NODELAY"
...

You need to add the master_url IPv4 adress to the Re6st configuraiton file as it is the first gateway node. In this example, add:

# added the following to the end of the file first node
ip 51.159.66.11
gateway

Then restart Re6st afterwards using service re6stnet restart.

Verify Re6st is Running

sudo su
# service re6stnet status

You can use the above command to see whether Re6st is working. The output should be similar to:

root@comp-0:~# service re6stnet status
● re6stnet.service
   Loaded: loaded (/etc/init.d/re6stnet; generated)
   Active: active (running) since Fri 2020-09-25 16:06:07 CEST; 5min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 29287 ExecStart=/etc/init.d/re6stnet start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4696)
   Memory: 18.1M
   CGroup: /system.slice/re6stnet.service
           ├─29294 /opt/re6st/parts/python2.7/bin/python2.7 /usr/sbin/re6stnet @re6stnet.conf
           ├─29310 openvpn --dev-type tap --dev re6stnet-tcp --persist-tun --persist-key --script-security 2 --up /opt/re6st/eggs/re6stnet
           └─29322 babeld -h 15 -H 15 -L /var/log/re6stnet/babeld.log -S /var/lib/re6stnet/babeld.state -I /var/run/re6stnet/babeld.pid -s

Sep 25 16:06:07 comp-0 systemd[1]: Starting re6stnet.service...
Sep 25 16:06:07 comp-0 systemd[1]: Started re6stnet.service.

At this point the COMP-0 node is completely setup and working. You can now continue to add additional nodes to the network.

Thank You

Image Nexedi Office
  • Nexedi SA
  • 147 Rue du Ballon
  • 59110 La Madeleine
  • France