Skip to content
/ epoxy Public

A system for safe boot management over the Internet, based on iPXE.

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

m-lab/epoxy

2 Branches11 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

stephen-solteszstephen-soltesz
Merge pull request #113 from m-lab/sandbox-soltesz-add-epoxy_certs
Jan 3, 2024
459c96b · Jan 3, 2024

History

316 Commits
cmd
cmd
Jan 3, 2024
datastorex
datastorex
May 19, 2019
extension
extension
Dec 2, 2022
handler
handler
Nov 11, 2020
metrics
metrics
Apr 1, 2019
nextboot
nextboot
Dec 2, 2022
storage
storage
Apr 27, 2023
template
template
May 5, 2021
.gitignore
.gitignore
Oct 19, 2015
.travis.yml
.travis.yml
Aug 24, 2023
AUTHORS
AUTHORS
Feb 6, 2017
Dockerfile
Dockerfile
Aug 24, 2023
LICENSE
LICENSE
Oct 19, 2015
README.md
README.md
Oct 28, 2020
cloudbuild.yaml
cloudbuild.yaml
May 21, 2019
deploy_epoxy_container.sh
deploy_epoxy_container.sh
Aug 24, 2023
go.mod
go.mod
Aug 24, 2023
go.sum
go.sum
Dec 2, 2022
setup_epoxy_dns.sh
setup_epoxy_dns.sh
Feb 22, 2019

Repository files navigation

ePoxy

A system for safe boot management over the Internet.

Building

To build the ePoxy boot server:

go get github.com/m-lab/epoxy/cmd/epoxy_boot_server

Deployment

The ePoxy server is designed to run from within a docker container. The M-Lab deployment targets a stand-alone GCE VM. The cloudbuild.yaml configuration embeds static zones for specific regional deployments for each GCP project.

Before deploying to a new Project complete the following steps in advance:

  • Allocate static IP address and register DNS

    PROJECT=mlab-sandbox ZONE=us-east1-c setup_epoxy_dns.sh

  • Allocate server certificte and key

    TODO: add steps to allocate server certs.

  • Create GCS bucket gs://epoxy-${PROJECT}-private and copy server certificate & key.

    gsutil mb -p mlab-sandbox gs://epoxy-mlab-sandbox-private
gsutil cp server-certs.pem server-key.pem gs://epoxy-mlab-sandbox-private

Testing

Testing Server

The datastore emulator depends on the Google Cloud SDK. After installing gcloud, install the datastore emulator component:

gcloud components install cloud-datastore-emulator

Next, start the datastore emulator:

gcloud beta emulators datastore start

Look for the DATASTORE_EMULATOR_HOST reported on stdout. This environment variable should be set for all subsequent commands.

Add a sample Host record to the Datastore emulator:

TODO(soltesz): create command to add a minimal host record directly to DS.

Start the epoxy server:

export DATASTORE_EMULATOR_HOST=< ... >
export PUBLIC_ADDRESS=localhost:8080
export GCLOUD_PROJECT="my-project"
./bin/epoxy_boot_server

The ePoxy server is now connected to the local datastore emulator, and can serve client requests.

Testing Client

After starting the datastore emuulator and a local epoxy boot server, you can simulate a client request using curl.

SERVER=localhost:8080
curl --dump-header - --location -XPOST --data-binary "{}" \
    https://${SERVER}/v1/boot/mlab4.iad1t.measurement-lab.org/stage1.ipxe

If the host record is found in Datastore, then a stage1 boot script should be returned. If the host record is not found, then:

TODO(soltesz): handle 404 cases with a valid ipxe script.

If developing with the mlab-sandbox GCP, then verify that the deployment was successful through travis and the AppEngine Cloud Console. Then set the SERVER address for the boot-api service. For example, for mlab-sandbox, use:

SERVER=boot-api-dot-mlab-sandbox.appspot.com

About

A system for safe boot management over the Internet, based on iPXE.

Topics

platform

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

9 watching

Forks

1 fork
Report repository

Releases 11

v1.2.6 / 2023-05-024 Latest
May 24, 2023
+ 10 releases

Packages

No packages published

Contributors 5

Languages