feat(sol): add agave-backed dlob hot path for canary
Some checks failed
deploy-trade-r001-canary / apply (push) Failing after 5m41s
Some checks failed
deploy-trade-r001-canary / apply (push) Failing after 5m41s
This commit is contained in:
96
environments/sol/trade-infra/scripts/prepare-sol-agave-access.sh
Executable file
96
environments/sol/trade-infra/scripts/prepare-sol-agave-access.sh
Executable file
@@ -0,0 +1,96 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
TARGET_HOST="${TARGET_HOST:-mevnode}"
|
||||
HOST_IP="${HOST_IP:-149.50.96.162}"
|
||||
POD_CIDR="${POD_CIDR:-10.42.0.0/24}"
|
||||
|
||||
ssh_target() {
|
||||
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
|
||||
}
|
||||
|
||||
install_unit() {
|
||||
local unit_path="$1"
|
||||
ssh_target "sudo tee ${unit_path} >/dev/null"
|
||||
}
|
||||
|
||||
cat <<EOF | install_unit /etc/systemd/system/agave-rpc-k3s.socket
|
||||
[Unit]
|
||||
Description=Expose Agave RPC on host IP for k3s pods
|
||||
|
||||
[Socket]
|
||||
ListenStream=${HOST_IP}:8899
|
||||
NoDelay=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
EOF
|
||||
|
||||
cat <<'EOF' | install_unit /etc/systemd/system/agave-rpc-k3s.service
|
||||
[Unit]
|
||||
Description=Proxy Agave RPC from host IP to localhost
|
||||
|
||||
[Service]
|
||||
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8899
|
||||
PrivateNetwork=no
|
||||
EOF
|
||||
|
||||
cat <<EOF | install_unit /etc/systemd/system/agave-ws-k3s.socket
|
||||
[Unit]
|
||||
Description=Expose Agave websocket on host IP for k3s pods
|
||||
|
||||
[Socket]
|
||||
ListenStream=${HOST_IP}:8900
|
||||
NoDelay=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
EOF
|
||||
|
||||
cat <<'EOF' | install_unit /etc/systemd/system/agave-ws-k3s.service
|
||||
[Unit]
|
||||
Description=Proxy Agave websocket from host IP to localhost
|
||||
|
||||
[Service]
|
||||
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8900
|
||||
PrivateNetwork=no
|
||||
EOF
|
||||
|
||||
cat <<EOF | install_unit /etc/systemd/system/agave-grpc-k3s.socket
|
||||
[Unit]
|
||||
Description=Expose Agave Yellowstone gRPC on host IP for k3s pods
|
||||
|
||||
[Socket]
|
||||
ListenStream=${HOST_IP}:10000
|
||||
NoDelay=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
EOF
|
||||
|
||||
cat <<'EOF' | install_unit /etc/systemd/system/agave-grpc-k3s.service
|
||||
[Unit]
|
||||
Description=Proxy Agave Yellowstone gRPC from host IP to WireGuard IP
|
||||
|
||||
[Service]
|
||||
ExecStart=/lib/systemd/systemd-socket-proxyd 10.91.0.1:10000
|
||||
PrivateNetwork=no
|
||||
EOF
|
||||
|
||||
ssh_target "sudo systemctl daemon-reload"
|
||||
ssh_target "sudo systemctl enable --now agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket"
|
||||
|
||||
ensure_ufw_rule() {
|
||||
local port="$1"
|
||||
local comment="$2"
|
||||
if ! ssh_target "sudo ufw status numbered | grep -Fq '${port}/tcp on cni0'"; then
|
||||
ssh_target "sudo ufw allow in on cni0 from ${POD_CIDR} to any port ${port} proto tcp comment '${comment}' >/dev/null"
|
||||
fi
|
||||
}
|
||||
|
||||
ensure_ufw_rule 8899 k3s-pods-agave-rpc
|
||||
ensure_ufw_rule 8900 k3s-pods-agave-ws
|
||||
ensure_ufw_rule 10000 k3s-pods-agave-grpc
|
||||
|
||||
ssh_target "sudo systemctl status --no-pager agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket | sed -n '1,80p'"
|
||||
ssh_target "sudo ss -ltnp | egrep ':(8899|8900|10000)\\b' | sed -n '1,40p'"
|
||||
Reference in New Issue
Block a user