I2P support forum

Help, support, and discussion about I2P
https://i2pforum.net/

Massive I2P router family deployment

https://i2pforum.net/viewtopic.php?t=373

Page 1 of 1

Massive I2P router family deployment

Posted: 20 Jul 2018 05:39
by villain
If you have many remote hosts and wish to run a big I2P family, you may want to automate the process of it's deployment and maintenance.

I've created
family-manager-master.zip
(5.25 KiB) Downloaded 929 times
for that purpose, a basic bash script for your local (Linux) PC which supports Debian/Ubuntu as remote hosts. It allows you to generate family certificates locally, to deploy new family routers by SSH and to keep those routers updated.

To install requirements on your local computer (Ubuntu), run:

Code: Select all

    apt install ansible openssl openjdk-8-jdk libbcprov-java
All remote hosts must have a root (or sudo) account with SSH keys set up.

Usage
  1. Generate family certificates:

    Code: Select all

        ./family-manager keygen
    Script will ask you for your family name, and create the following files:
    • keystore/family-<family_name>.ks
    • certificates/family/<family_name>.crt
    • .config
  2. Edit .config file if you need to. Available settings:
    • BECOME, set to BECOME=yes if you use a regular user with sudo on a remote host
    • PYTHON2, set to PYTHON2=yes if remote host doesn't have python3 (e.g. Debian 8)
    • ANSIBLE_HOST_KEY_CHECKING, set to ANSIBLE_HOST_KEY_CHECKING=False, if you want to skip SSH fingerprints verification for every remote host
  3. Deploy to remote hosts:

    There are two ways to specify remote hosts list:
    • As a comma separated list, like:

      Code: Select all

          ./family-manager deploy 123.4.5.6,some.hostname.com,other.host.name
    • As Ansible inventory file, which has special .ini syntax:

      Code: Select all

          ./family-manager deploy inventory.ini
      Example inventory.ini contents:

      Code: Select all

          [all]
    123.4.5.6
    some.hostname.com
    other.host.name
  4. Update your nodes periodically:

    Code: Select all

        ./family-manager update 123.4.5.6,some.hostname.com,other.host.name

    or

    Code: Select all

        ./family-manager update inventory.ini
    Note: you can have one inventory file for maintaining your family, and use other temporary files when deploying new routers.
family-manager-master.zip
(5.25 KiB) Downloaded 929 times
GitLab Project page

Re: Massive I2P router family deployment

Posted: 12 Sep 2018 00:12
by spammywindy
Thanks for sharing the script. I had a look at your script, but couldn't understand this block in i2p.yml:
- name: Copy certificate
copy:
src: certificates/family/{{ family_name }}.crt
dest: /var/lib/i2p/i2p-config/certificates/family/{{ family_name }}.crt
owner: i2psvc
group: i2psvc
mode: 0600
I guess you are trying to copy the .crt file into the ../certificates/family/ dir. However, I don't see the I2P software does this if I import the key using the Web interface. When I import the key from the web interface, only the .ks file is generated inside ../keystore dir, but nothing is generated in ../certificates/family/. Can you please explain?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited