Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@ services:
template_path: templates/file-server
render_path: dist/file-server

trace-collector:
template_path: templates/trace-collector
render_path: dist/trace-collector

# Global variables that are available in all templates
globals:
ndnNetwork: /ndn
Expand Down
23 changes: 23 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -220,3 +220,26 @@ services:
nfd: { condition: service_healthy }
logging:
driver: local

trace-collector:
image: ghcr.io/sankalpatimilsina12/trace-collector:20250328
init: true
network_mode: service:nfd
volumes:
- trace-collector-ssh:/root/.ssh # SSH keys
- trace-collector-dump:/root/dump # Dumps
- ${PWD}/dist/trace-collector:/config # Entrypoint
- ${PWD}/dist/file-server/trace-collector-pubkey:/file-server/trace-collector-pubkey # Publish public key
entrypoint: /bin/bash
command: /config/entrypoint.sh
restart: unless-stopped
depends_on:
nfd: { condition: service_healthy }
file-server: { condition: service_healthy }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there an actual dependency on the file server?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put this there I think from a documentary perspective, there is no actual dependency. It should be just nfd.

logging:
driver: local

# Persist trace-collector's SSH keys and dump files
volumes:
trace-collector-ssh:
trace-collector-dump:
31 changes: 31 additions & 0 deletions templates/trace-collector/entrypoint.sh.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash
set -e

# Variables
SITE="{{ site }}"
SITE_CLEAN=$(echo "$SITE" | sed 's#^/##; s#/#_#g') # Eg. /edu/memphis get converted to edu_memphis
SSH_DIR="/root/.ssh"
PRIVATE_KEY="$SSH_DIR/id_rsa"
PUBLIC_KEY="$SSH_DIR/id_rsa.pub"
PUBKEY_EXPORT_PATH="/file-server/trace-collector-pubkey/id_rsa.pub"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just set this to the directory instead of the file name, it seems simpler. The file name should just be the standard one used by openssh (e.g. id_rsa.pub or id_ed25519.pub).

The same applies to the previous two variables. Specifying the file name seems pointless unless there's a way to pass a different identity to the container. If we don't have a use case for this, just keep it simple and use the default openssh naming conventions.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file name has been referenced multiple times in the script: Checking existence, non-interactive generation with the file name specified, and during copying. Should we keep the private and public key variables? The export path I believe can just be a directory name.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we keep the private and public key variables?

If you prefer to use a variable, that's fine. But one variable for the private key should be enough, the public key name should always be privatekey + .pub per openssh conventions.

The export path I believe can just be a directory name.

On second thought, we should really avoid using a dot in the NDN name of the pubkey (e.g. id_rsa.pub) because one dot becomes four dots in NDN URI syntax, which is quite ugly. I'd say just use the directory name trace-collector-pubkey as the actual key name. I don't think we need a subdir for this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one dot becomes four dots in NDN URI syntax

False.
One dot becomes four dots only if the component consists solely of dots.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you prefer to use a variable, that's fine. But one variable for the private key should be enough, the public key name should always be privatekey + .pub per openssh conventions.

Sure.


# Ensure permissions
mkdir -p "$SSH_DIR"
chmod 700 "$SSH_DIR"
Comment on lines +12 to +14
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ssh-keygen should already take care of this, no?


# Generate SSH key pair if not already present
if [[ ! -f "$PRIVATE_KEY" || ! -f "$PUBLIC_KEY" ]]; then
echo "[trace-collector] No SSH key pair found. Generating a new one..."
ssh-keygen -t rsa -b 4096 -N "" -f "$PRIVATE_KEY"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use ed25519 instead of rsa?

else
echo "[trace-collector] SSH key pair already exists."
fi

# Always export the public key
mkdir -p "$(dirname "$PUBKEY_EXPORT_PATH")"
cp "$PUBLIC_KEY" "$PUBKEY_EXPORT_PATH"
echo "[trace-collector] Public key copied to $PUBKEY_EXPORT_PATH"

# Run
echo "[trace-collector] Starting trace collector..."
exec python3.10 /app/scheduler.py --site "$SITE_CLEAN"