Other HUB nodes: Difference between revisions

From XPUB & Lens-Based wiki
No edit summary
m (Andre Castro moved page XPUB other HUB nodes to Other HUB nodes)
(No difference)

Revision as of 15:47, 28 May 2020


Adding new Node to HUB

For graduation projects or some Special issues, the XPUB HUB Node: Sandbox might not be adequate, new nodes (normally Pis) can be added the XPUB HUB Tinc network, making them publicly accessible via ssh and http protocols.

This page describes how to do it

Steps to add a new Node to HUB

Use this template to fill in all the fields and you go through the process

    user: psc
    Node name: ?XYZ?
    IP: 10.0.0.???
    url: https://hub.xpub.nl/?XYZ?
    ssh public key:
    ?????????@??

In the project Pi (@user with sudo/root)

In your Pi: (or other Unix machine connected to the internet) create a user adduser with same username as used in the Sandbox Pi

  • Keeping it the same as in the sandbox - will make things easier for us and gnd (no need to give him again your public ssh key)

In your Pi: Add your laptop's user's public ssh key to your Pi user account in ~/.ssh/authorized_keys

In your Pi: Install Tinc on the Pi. The instructions can be found in the Tinc page

Add your chosen Node name and IP to HUB#IP_allocation

  • Student project IPs last number should have 3 digits

In your Pi: Add your laptop's ssh public key

  • getting and copying your laptop's ssh public key
    • cat ~/.ssh/id_ed25519.pub
  • add it to Pi's ~/.ssh/authorized_keys:
    • sudo nano ~/.ssh/authorized_keys


In your Pi: Disable ssh with password (allow ssh with sshkey only):

  • edit sshd_config file:
    • sudo nano /etc/ssh/sshd_config
  • uncomment the line: #PasswordAuthentication no
    • so it becomes: PasswordAuthentication no
  • reload ssh:
    • sudo systemctl reload ssh

In XVM (@xpub staff with sudo)

As root:

Create a Tinc invitation links to each node HUB#Adding_a_new_thing

Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP

Back to the PI (@user)

With the invitation link

The Pi user needs to get the Pi to join the HUB network:

  • by using the invitation to join the network
    • sudo tinc join INVITATION_LINK
  • add itself to the HUB network
    • sudo tinc -n hub add subnet NODE.IP.ADDR.ESS
  • edit tinc-up file
    • sudo nano /usr/local/etc/tinc/hub/tinc-up
    • Add: ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0
    • Comment: the echo line
    • Save and exit

After this process is important to test that the Pi is now part of the TINC network:

  • On a Pi ssh session, start tinc:
    • sudo tincd -n hub -D -d3
  • On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back:
    • Ping XVM ping 10.0.0.1
    • Or ping Sandbox: ping 10.0.0.11

Because you want to have TINC running at all times on the Pi and starting when the Pi boots, it is important to configure and enable Tinc's systemd files as described in Tinc#tincd_service_file

Back to XVM (@xpub staff)

In /etc/nginx/sites-available/hub.xpub.nl create a new location entry, following the template

        location /nodename {
                proxy_pass http://10.0.0.10?/; 
                client_max_body_size 200M;
        }

Test the site configuration

  • nginx -t -c /etc/nginx/sites-available/hub.xpub.nl

In no errors are found, reload nginx:

  • systemctl nginx reload

Check the web location by going to https://hub.xpub.nl/NODENAME

Write your changes to the server's log with

rtlg


In users laptop (@user)

Add a new entry to your laptop ~/.ssh/config by following the template:

Host hub.NODE_NAME 
User PI_USERNAME
Hostname NODE.IP.ADDR.ESS
ProxyJump yourname@xpub.nl:2501
Identityfile ~/.ssh/id_rsa
Serveraliveinterval 30

Once gnd has associated the Pi user's username + ssh pubkey with the Pi IP

You can now try to ssh with

ssh hub.NODE_NAME 

If sshing fails:

  • ssh with verbose mode
    • ssh hub.NODE_NAME -vvv
  • send the output to xpub staff
  • send also the .ssh/config to the Node
  • if staff cannot figure out the issue contact gnd