The functionality of scion-web and scion-coord has been combined into a new web app in the netsec-ethz/scionlab repository. As a consequence, this repository will be archived.
SCIONLab Coordination service
Make sure that you have go
and python3
installed.
Make sure that you have a Go workspace setup, and that ~/.local/bin
, and $GOPATH/bin
can be found in your $PATH
variable. For example:
echo 'export GOPATH="$HOME/go"' >> ~/.profile
echo 'export PATH="$HOME/.local/bin:$GOPATH/bin:$PATH"' >> ~/.profile
source ~/.profile
mkdir -p "$GOPATH"
Then, check out the scionlab
branch of netsec-scion
into the appropriate directory inside your go workspace:
mkdir -p "$GOPATH/src/github.com/scionproto"
cd "$GOPATH/src/github.com/scionproto"
git clone --recursive -b scionlab [email protected]:netsec-ethz/netsec-scion scion
cd scion
If you don't have a github account, or haven't setup ssh access to it, this command will make git use https instead: git config --global url.https://github.com/.insteadOf [email protected]:
Then, download this repository either by cloning it or by using
go get github.com/netsec-ethz/scion-coord
.
The application uses govendor. You need to install govendor via:
go get github.com/kardianos/govendor
After this step, you can go to the scion-coord
directory
($GOPATH/src/github.com/netsec-ethz/scion-coord
) and populate the dependencies in the vendor
folder using govendor sync
.
Copy the default configuration file using cp conf/development.conf.default conf/development.conf
and adjust the settings to fit your setup.
Make sure that you set email.pm_server_token
, email.pm_account_token
, captcha.site_key
, and
captcha.secret_key
as described below.
SCIONLab Coordination service uses Postmark to send emails. You will need an account token and a server token which are obtained by signing up to their service. Set the corresponding fields in the configuration file accordingly.
In the configuration file also populate the captcha fields with the keys generated
on this site.
For a quick start and for testing the keys in the development.conf.default
can be used.
Warning: Use these keys only for testing purposes as they circumvent the captcha.
The project needs a working MySQL server instance running locally. Under Ubuntu, you can install MySQL server with the following command:
sudo apt-get install mysql-server
Refer to the conf/development.conf
regarding how to set your root password
for MySQL server installation. You also need to ensure that there is a
database named scion_coord_test
.
You can do this by first logging into your
MySQL server by
mysql -h 127.0.0.1 -u root -p
and then executing the following command:
CREATE DATABASE scion_coord_test;
In order for the configurations to be generated, for each ISD with an Attachment Point the following files must exist (here shown for ISD1):
credentials/ISD1.crt (certificate of one core AS in the ISD)
credentials/ISD1.key (signing key of one core AS in the ISD)
credentials/ISD1.trc (TRC of the ISD)
In order to use OpenVPN inside the generated SCIONLab ASes, it is necessary to set up a certificate
authority. We use the tool easy-rsa
for this.
Install easy-rsa
(version 2.x) using your package manager or download it from the
github repository.
Copy the easy-rsa
directory to the PACKAGE_DIRECTORY (we assume you are using the default
~/scionLabConfigs
). If you installed it via the package manager, you can usually do this by
mkdir -p ~/scionLabConfigs
cp -r /usr/share/easy-rsa ~/scionLabConfigs
Now, copy the default configuration cp conf/easy-rsa_vars.default ~/scionLabConfigs/easy-rsa/vars
and adjust the parameters if necessary. You may have to specify the openssl executable (be sure to
use openssl 0.9.6, 0.9.8, or 1.0.x).
Now you can initialize your certificate authority by issuing (use the default for all prompts):
cd ~/scionLabConfigs/easy-rsa
source vars
./clean-all
./build-ca
In order to setup OpenVPN on the server machine, generate keys using
./build-key-server myservername
./build-dh
Then, you have to transfer files ca.crt
, myservername.crt
, myservername.key
, and dh4096.pem
located in the keys
directory to the machine running the OpenVPN server. You should delete
the server key from this machine.
Afterwards, you can run go run main.go
from the root folder.
Otherwise you can also run the application via:
go build
./scion-coord
The APIs are defined in the main.go
file.
Additional documentation can be found under Wiki.