diff --git a/cloudbuild.yaml b/cloudbuild.yaml new file mode 100644 index 0000000..db664ac --- /dev/null +++ b/cloudbuild.yaml @@ -0,0 +1,8 @@ +steps: +# Run the deployment script. NOTE: the IATA depends on the region where the +# VM is deployed. Our testing VM is always in us-central1, which is CBF. +- name: gcr.io/$PROJECT_ID/gcloud-jsonnet-cbif + dir: '/workspace/' + args: [ + '/workspace/deploy.sh $PROJECT_ID mlab ${_API_KEY}' + ] diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..efdb03d --- /dev/null +++ b/deploy.sh @@ -0,0 +1,69 @@ +#!/bin/bash +set -euxo pipefail + +USAGE="$0 " +PROJECT=${1:?Please provide the GCP project (e.g., mlab-sandbox): ${USAGE}} +ORG=${2:?Please provide the organization (e.g., mlab): ${USAGE}} +API_KEY=${3:?Please provide the API key: ${USAGE}} + +IATA="cbf" +VM_ZONE="us-central1-a" +VM_NAME="autonode" +DOCKER_COMPOSE_FILE_PATH="examples/ndt-fullstack.yml" +LOCATE_URL="locate-dot-${PROJECT}.appspot.com" +PROBABILITY="1.0" +INTERFACE_NAME="ens4" +INTERFACE_MAXRATE="150000000" +SA_ACCOUNT="autonode@${PROJECT}.iam.gserviceaccount.com" + +# NOTE: We don't use the VM's default credentials because we want to simulate +# how a non-GCP user would set up an autonode. Instead, we generate a temporary +# key for the autonode service account that will only exist until the next +# deployment. + +# Delete any existing keys for the autonode SA. Ignore failures due to +# system-managed keys that cannot be deleted. +for key in $(gcloud iam service-accounts keys list \ + --iam-account=${SA_ACCOUNT} \ + --created-before=$(date --iso-8601=seconds -d "10 mins ago") | \ + cut -f1 -d " " | tail -n +2) +do + gcloud iam service-accounts keys delete --iam-account=${SA_ACCOUNT} ${key} -q || true +done + +# Create a new key. +gcloud iam service-accounts keys create key.json \ + --iam-account=${SA_ACCOUNT} +SA_KEY=$(> .env + echo "ORGANIZATION=${ORG}" >> .env + echo "PROJECT=${PROJECT}" >> .env + echo "IATA=${IATA}" >> .env + echo "LOCATE_URL=${LOCATE_URL}" >> .env + echo "PROBABILITY=${PROBABILITY}" >> .env + echo "INTERFACE_NAME=${INTERFACE_NAME}" >> .env + echo "INTERFACE_MAXRATE=${INTERFACE_MAXRATE}" >> .env + + # Write service account key to the expected file. + echo "${SA_KEY}" > certs/service-account-autojoin.json + + # Start the docker compose again. + docker compose -f docker-compose.yml up -d +EOF + diff --git a/examples/ndt-fullstack.yml b/examples/ndt-fullstack.yml index 13609ad..3fcb761 100644 --- a/examples/ndt-fullstack.yml +++ b/examples/ndt-fullstack.yml @@ -15,6 +15,7 @@ services: - -output=/autonode - -healthcheck-addr=:8001 - -ports=9990,9991,9992,9993 + - -probability=${PROBABILITY} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8001/ready"] interval: 3s @@ -24,6 +25,8 @@ services: ndt-server: image: measurementlab/ndt-server:v0.22.0 network_mode: host + cap_add: + - NET_BIND_SERVICE volumes: - ./certs:/certs - ./html:/html @@ -31,10 +34,6 @@ services: - ./resultsdir:/resultsdir - ./autonode:/autonode - ./autocert:/autocert - cap_drop: - - ALL - cap_add: - - NET_BIND_SERVICE depends_on: generate-schemas-ndt7: condition: service_completed_successfully @@ -76,15 +75,13 @@ services: # Allow ndt7 data to be autoloaded. - -compress-results=false # TODO(host): confirm device name. - - -txcontroller.device=eth0 - - -txcontroller.max-rate=150000000 + - -txcontroller.device=${INTERFACE_NAME} + - -txcontroller.max-rate=${INTERFACE_MAXRATE} - -prometheusx.listen-address=:9990 # Add server metadata. - -label=type=virtual - -label=deployment=byos - -label=managed=none - # TODO(host): add helpful server location metadata labels. - #- -label=region=TODO # Effectively disable ndt5. - -ndt5_addr=127.0.0.1:3002 - -ndt5_ws_addr=127.0.0.1:3001 @@ -115,7 +112,6 @@ services: volumes: - ./resultsdir:/resultsdir - ./schemas:/schemas - - ./testdata:/testdata - ./certs:/certs - ./autonode:/autonode depends_on: