diff --git a/examples/command/portals/rendezvous/aws-aws-different-regions/administrator_bob/run.sh b/examples/command/portals/rendezvous/aws-aws-different-regions/administrator_bob/run.sh new file mode 100755 index 00000000000..fd132f04a19 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-different-regions/administrator_bob/run.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +set -ex + +export SET_AWS_REGION="us-west-2" +source ../../common/aws.sh + +run() { + common_create "$1" "../../common/admin.sh" "0" +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-different-regions-bob-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/aws-aws-different-regions/run.sh b/examples/command/portals/rendezvous/aws-aws-different-regions/run.sh new file mode 100755 index 00000000000..e33b1d6fc54 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-different-regions/run.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -ex + +# PROD RENDEZVOUS +export OCKAM_RENDEZVOUS_SERVER="rendezvous.orchestrator.ockam.io:4000" + +run() { + ockam enroll + + bob_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h --relay bob) + alice_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h) + + if [[ -n "$OCKAM_VERSION" ]]; then + export OCKAM_VERSION="v${OCKAM_VERSION}"; + fi + + echo; pushd administrator_bob; ./run.sh "$bob_ticket"; popd + echo; pushd user_alice; ./run.sh "$alice_ticket"; popd +} + + +# Cleanup after the example - `./run.sh cleanup` +# Remove all resources that were created in AWS. +cleanup() { + pushd administrator_bob; ./run.sh cleanup; popd + pushd user_alice; ./run.sh cleanup; popd +} + +# Check if Ockam Command is already installed and available in path. +# If it's not, then install it. +if ! type ockam &>/dev/null; then + curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash + source "$HOME/.ockam/env" +fi + +# Check that tools we we need installed. +for c in curl aws; do + if ! type "$c" &>/dev/null; then echo "ERROR: Please install: $c" && exit 1; fi +done + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then + cleanup; +else + run; +fi diff --git a/examples/command/portals/rendezvous/aws-aws-different-regions/user_alice/run.sh b/examples/command/portals/rendezvous/aws-aws-different-regions/user_alice/run.sh new file mode 100755 index 00000000000..a7c2f53453f --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-different-regions/user_alice/run.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -ex + +# Create AWS environment +export SET_AWS_REGION="us-east-2" +export ENABLE_SSH="1" +source ../../common/aws.sh + +run() { + ip=$(common_create "$1" "../../common/user.sh" "0") + + echo "IP address is $ip" + until nc -z -v -w5 $ip 22; do sleep 5; done + + ssh -o StrictHostKeyChecking=no -i ./key.pem "ec2-user@$ip" \ + 'bash -s' << 'EOS' + sleep 8s + curl --silent --show-error --fail 127.0.0.1:4000 +EOS +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-different-regions-alice-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/administrator_bob/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/administrator_bob/run.sh new file mode 100755 index 00000000000..db8e0eac1e2 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/administrator_bob/run.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -ex + +source ../../common/aws.sh + +run() { + common_create "$1" "../../common/admin.sh" "0" +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-same-region-different-zone-bob-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/run.sh new file mode 100755 index 00000000000..e33b1d6fc54 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/run.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -ex + +# PROD RENDEZVOUS +export OCKAM_RENDEZVOUS_SERVER="rendezvous.orchestrator.ockam.io:4000" + +run() { + ockam enroll + + bob_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h --relay bob) + alice_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h) + + if [[ -n "$OCKAM_VERSION" ]]; then + export OCKAM_VERSION="v${OCKAM_VERSION}"; + fi + + echo; pushd administrator_bob; ./run.sh "$bob_ticket"; popd + echo; pushd user_alice; ./run.sh "$alice_ticket"; popd +} + + +# Cleanup after the example - `./run.sh cleanup` +# Remove all resources that were created in AWS. +cleanup() { + pushd administrator_bob; ./run.sh cleanup; popd + pushd user_alice; ./run.sh cleanup; popd +} + +# Check if Ockam Command is already installed and available in path. +# If it's not, then install it. +if ! type ockam &>/dev/null; then + curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash + source "$HOME/.ockam/env" +fi + +# Check that tools we we need installed. +for c in curl aws; do + if ! type "$c" &>/dev/null; then echo "ERROR: Please install: $c" && exit 1; fi +done + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then + cleanup; +else + run; +fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/user_alice/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/user_alice/run.sh new file mode 100755 index 00000000000..b773357b168 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-different-zone/user_alice/run.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -ex + +# Create AWS environment +export ENABLE_SSH="1" +source ../../common/aws.sh + +run() { + ip=$(common_create "$1" "../../common/user.sh" "1") + + echo "IP address is $ip" + until nc -z -v -w5 $ip 22; do sleep 5; done + + ssh -o StrictHostKeyChecking=no -i ./key.pem "ec2-user@$ip" \ + 'bash -s' << 'EOS' + sleep 8s + curl --silent --show-error --fail 127.0.0.1:4000 +EOS +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-same-region-different-zone-alice-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/administrator_bob/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/administrator_bob/run.sh new file mode 100755 index 00000000000..aa2d3157d09 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/administrator_bob/run.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -ex + +source ../../common/aws.sh + +run() { + common_create "$1" "../../common/admin.sh" "0" +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-same-region-same-zone-bob-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/run.sh new file mode 100755 index 00000000000..e33b1d6fc54 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/run.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -ex + +# PROD RENDEZVOUS +export OCKAM_RENDEZVOUS_SERVER="rendezvous.orchestrator.ockam.io:4000" + +run() { + ockam enroll + + bob_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h --relay bob) + alice_ticket=$(ockam project ticket --usage-count 1 --expires-in 100h) + + if [[ -n "$OCKAM_VERSION" ]]; then + export OCKAM_VERSION="v${OCKAM_VERSION}"; + fi + + echo; pushd administrator_bob; ./run.sh "$bob_ticket"; popd + echo; pushd user_alice; ./run.sh "$alice_ticket"; popd +} + + +# Cleanup after the example - `./run.sh cleanup` +# Remove all resources that were created in AWS. +cleanup() { + pushd administrator_bob; ./run.sh cleanup; popd + pushd user_alice; ./run.sh cleanup; popd +} + +# Check if Ockam Command is already installed and available in path. +# If it's not, then install it. +if ! type ockam &>/dev/null; then + curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash + source "$HOME/.ockam/env" +fi + +# Check that tools we we need installed. +for c in curl aws; do + if ! type "$c" &>/dev/null; then echo "ERROR: Please install: $c" && exit 1; fi +done + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then + cleanup; +else + run; +fi diff --git a/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/user_alice/run.sh b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/user_alice/run.sh new file mode 100755 index 00000000000..86f33dc4063 --- /dev/null +++ b/examples/command/portals/rendezvous/aws-aws-same-region-same-zone/user_alice/run.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -ex + +# Create AWS environment +export ENABLE_SSH="1" +source ../../common/aws.sh + +run() { + ip=$(common_create "$1" "../../common/user.sh" "0") + + echo "IP address is $ip" + until nc -z -v -w5 $ip 22; do sleep 5; done + + ssh -o StrictHostKeyChecking=no -i ./key.pem "ec2-user@$ip" \ + 'bash -s' << 'EOS' + sleep 8s + curl --silent --show-error --fail 127.0.0.1:4000 +EOS +} + +cleanup() { + common_cleanup +} + +export AWS_PAGER=""; +export AWS_DEFAULT_OUTPUT="text"; + +user="" +command -v sha256sum &>/dev/null && user=$(aws sts get-caller-identity | sha256sum | cut -c 1-20) +command -v shasum &>/dev/null && user=$(aws sts get-caller-identity | shasum -a 256 | cut -c 1-20) +export name="ockam-ex-rendezvous-aws-aws-same-region-same-zone-alice-$user" + +# Check if the first argument is "cleanup" +# If it is, call the cleanup function. If not, call the run function. +if [ "$1" = "cleanup" ]; then cleanup; else run "$1"; fi diff --git a/examples/command/portals/rendezvous/common/admin.sh b/examples/command/portals/rendezvous/common/admin.sh new file mode 100644 index 00000000000..061da6bf65b --- /dev/null +++ b/examples/command/portals/rendezvous/common/admin.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -ex + +# Change into ec2-user's home directory and use sudo to run the commands as ec2-user +sudo bash << 'EOS' +set -ex + +# Install Ockam Command +export OCKAM_VERSION="$OCKAM_VERSION" +curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash +source "$HOME/.ockam/env" + +# PROD RENDEZVOUS +export OCKAM_RENDEZVOUS_SERVER="rendezvous.orchestrator.ockam.io:443" + +ockam identity create bob + +ockam project enroll "$ENROLLMENT_TICKET" --identity bob + +python3 -m http.server --bind 127.0.0.1 8000 & + +ockam node create bob --identity bob --enable-udp +ockam tcp-outlet create --ebpf --at bob --to 127.0.0.1:8000 +ockam relay create bob --to /node/bob + +EOS diff --git a/examples/command/portals/rendezvous/common/aws.sh b/examples/command/portals/rendezvous/common/aws.sh new file mode 100644 index 00000000000..48e01c6538c --- /dev/null +++ b/examples/command/portals/rendezvous/common/aws.sh @@ -0,0 +1,130 @@ +set -e + +if [[ -n $SET_AWS_REGION ]]; then + export AWS_DEFAULT_REGION="$SET_AWS_REGION" +fi + +if [[ -n $ENABLE_SSH ]]; then + set +x +fi + +common_create(){ + enrollment_ticket="$1" + file_name="$2" + zone_id="$3" + + # ---------------------------------------------------------------------------------------------------------------- + # CREATE NETWORK + + # Create a new VPC and tag it. + vpc_id=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --query 'Vpc.VpcId') + aws ec2 create-tags --resources "$vpc_id" --tags "Key=Name,Value=${name}-vpc" >/dev/null + + # Create an Internet Gateway and attach it to the VPC. + gw_id=$(aws ec2 create-internet-gateway --query 'InternetGateway.InternetGatewayId') + aws ec2 attach-internet-gateway --vpc-id "$vpc_id" --internet-gateway-id "$gw_id" >/dev/null + + # Create a route table and a route to the Internet through the Gateway. + rtb_id=$(aws ec2 create-route-table --vpc-id "$vpc_id" --query 'RouteTable.RouteTableId') + aws ec2 create-route --route-table-id "$rtb_id" --destination-cidr-block 0.0.0.0/0 --gateway-id "$gw_id" >/dev/null + + # Create a subnet and associate the route table + az=$(aws ec2 describe-availability-zones --query "AvailabilityZones[${zone_id}].ZoneName") + subnet_id=$(aws ec2 create-subnet --vpc-id "$vpc_id" --cidr-block 10.0.0.0/25 \ + --availability-zone "$az" --query 'Subnet.SubnetId') + aws ec2 modify-subnet-attribute --subnet-id "$subnet_id" --map-public-ip-on-launch >/dev/null + aws ec2 associate-route-table --subnet-id "$subnet_id" --route-table-id "$rtb_id" >/dev/null + + # Create a security group to allow: + # - TCP egress to the Internet + # - SSH ingress from the Internet if ENABLE_SSH is set + sg_id=$(aws ec2 create-security-group --group-name "${name}-sg" --vpc-id "$vpc_id" --query 'GroupId' \ + --description "Allow TCP egress and Postgres ingress") + aws ec2 authorize-security-group-egress --group-id "$sg_id" --cidr 0.0.0.0/0 --protocol tcp --port 0-65535 >/dev/null + aws ec2 authorize-security-group-egress --group-id "$sg_id" --cidr 0.0.0.0/0 --protocol udp --port 0-65535 >/dev/null + + if [[ -n $ENABLE_SSH ]]; then + aws ec2 authorize-security-group-ingress --group-id "$sg_id" --cidr 0.0.0.0/0 --protocol tcp --port 22 >/dev/null + + aws ec2 create-key-pair --key-name "${name}-key" --query 'KeyMaterial' > key.pem + chmod 400 key.pem + fi + + # ---------------------------------------------------------------------------------------------------------------- + # CREATE INSTANCE + + ami_id=$(aws ec2 describe-images --owners 137112412989 --query "Images | sort_by(@, &CreationDate) | [-1].ImageId" \ + --filters "Name=name,Values=al2023-ami-2023*" "Name=architecture,Values=x86_64" \ + "Name=virtualization-type,Values=hvm" "Name=root-device-type,Values=ebs" ) + + sed "s/\$ENROLLMENT_TICKET/${enrollment_ticket}/g" ${file_name} > user_data1.sh + sed "s/\$OCKAM_VERSION/${OCKAM_VERSION}/g" user_data1.sh > user_data.sh + + if [[ -n $ENABLE_SSH ]]; then + instance_id=$(aws ec2 run-instances --image-id "$ami_id" --instance-type c5n.large \ + --subnet-id "$subnet_id" --security-group-ids "$sg_id" \ + --key-name "${name}-key" --user-data file://user_data.sh --query 'Instances[0].InstanceId') + else + instance_id=$(aws ec2 run-instances --image-id "$ami_id" --instance-type c5n.large \ + --subnet-id "$subnet_id" --security-group-ids "$sg_id" \ + --user-data file://user_data.sh --query 'Instances[0].InstanceId') + fi + + aws ec2 create-tags --resources "$instance_id" --tags "Key=Name,Value=${name}-ec2-instance" >/dev/null + aws ec2 wait instance-running --instance-ids "$instance_id" >/dev/null + + if [[ -n $ENABLE_SSH ]]; then + ip=$(aws ec2 describe-instances --instance-ids "$instance_id" --query 'Reservations[0].Instances[0].PublicIpAddress') + echo "$ip" + fi +} + +common_cleanup() { + # ---------------------------------------------------------------------------------------------------------------- + # DELETE INSTANCE + + rm -rf user_data*.sh + instance_ids=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=${name}-ec2-instance" \ + --query "Reservations[*].Instances[*].InstanceId") + for i in $instance_ids; do + aws ec2 terminate-instances --instance-ids "$i" >/dev/null + aws ec2 wait instance-terminated --instance-ids "$i" >/dev/null + done + + if [[ -n $ENABLE_SSH ]]; then + if aws ec2 describe-key-pairs --key-names "${name}-key" >/dev/null; then + aws ec2 delete-key-pair --key-name "${name}-key" >/dev/null + fi + rm -f key.pem + fi + + + # ---------------------------------------------------------------------------------------------------------------- + # DELETE NETWORK + + vpc_ids=$(aws ec2 describe-vpcs --query 'Vpcs[*].VpcId' --filters "Name=tag:Name,Values=${name}-vpc") + + for vpc_id in $vpc_ids; do + internet_gateways=$(aws ec2 describe-internet-gateways --query "InternetGateways[*].InternetGatewayId" \ + --filters Name=attachment.vpc-id,Values="$vpc_id") + for i in $internet_gateways; do + aws ec2 detach-internet-gateway --internet-gateway-id "$i" --vpc-id "$vpc_id" + aws ec2 delete-internet-gateway --internet-gateway-id "$i" + done + + subnet_ids=$(aws ec2 describe-subnets --query "Subnets[*].SubnetId" --filters Name=vpc-id,Values="$vpc_id") + for i in $subnet_ids; do aws ec2 delete-subnet --subnet-id "$i"; done + + route_tables=$(aws ec2 describe-route-tables --filters Name=vpc-id,Values="$vpc_id" \ + --query 'RouteTables[?length(Associations[?Main!=`true`]) > `0` || length(Associations) == `0`].RouteTableId') + for i in $route_tables; do aws ec2 delete-route-table --route-table-id "$i" || true; done + + security_groups=$(aws ec2 describe-security-groups --filters Name=vpc-id,Values="$vpc_id" \ + --query "SecurityGroups[?!contains(GroupName, 'default')].[GroupId]") + for i in $security_groups; do aws ec2 delete-security-group --group-id "$i"; done + + if aws ec2 describe-vpcs --vpc-ids "$vpc_id" &>/dev/null; then + aws ec2 delete-vpc --vpc-id "$vpc_id" + fi + done +} \ No newline at end of file diff --git a/examples/command/portals/rendezvous/common/user.sh b/examples/command/portals/rendezvous/common/user.sh new file mode 100755 index 00000000000..8e12f5fdfd7 --- /dev/null +++ b/examples/command/portals/rendezvous/common/user.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + +sudo bash << 'EOS' +set -ex + +# Install Ockam Command +export OCKAM_VERSION="$OCKAM_VERSION" +curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash +source "$HOME/.ockam/env" + +# PROD RENDEZVOUS +export OCKAM_RENDEZVOUS_SERVER="rendezvous.orchestrator.ockam.io:443" + +ockam identity create alice + +ockam project enroll "$ENROLLMENT_TICKET" --identity alice + +ockam node create alice --identity alice --enable-udp +ockam tcp-inlet create --ebpf --at alice --enable-udp-puncture --disable-tcp-fallback --from 0.0.0.0:4000 --via bob + +EOS