97 lines
2.4 KiB
Bash
Executable File
97 lines
2.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
TARGET_HOST="${TARGET_HOST:-mevnode}"
|
|
HOST_IP="${HOST_IP:-149.50.96.162}"
|
|
POD_CIDR="${POD_CIDR:-10.42.0.0/24}"
|
|
|
|
ssh_target() {
|
|
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
|
|
}
|
|
|
|
install_unit() {
|
|
local unit_path="$1"
|
|
ssh_target "sudo tee ${unit_path} >/dev/null"
|
|
}
|
|
|
|
cat <<EOF | install_unit /etc/systemd/system/agave-rpc-k3s.socket
|
|
[Unit]
|
|
Description=Expose Agave RPC on host IP for k3s pods
|
|
|
|
[Socket]
|
|
ListenStream=${HOST_IP}:8899
|
|
NoDelay=true
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
EOF
|
|
|
|
cat <<'EOF' | install_unit /etc/systemd/system/agave-rpc-k3s.service
|
|
[Unit]
|
|
Description=Proxy Agave RPC from host IP to localhost
|
|
|
|
[Service]
|
|
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8899
|
|
PrivateNetwork=no
|
|
EOF
|
|
|
|
cat <<EOF | install_unit /etc/systemd/system/agave-ws-k3s.socket
|
|
[Unit]
|
|
Description=Expose Agave websocket on host IP for k3s pods
|
|
|
|
[Socket]
|
|
ListenStream=${HOST_IP}:8900
|
|
NoDelay=true
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
EOF
|
|
|
|
cat <<'EOF' | install_unit /etc/systemd/system/agave-ws-k3s.service
|
|
[Unit]
|
|
Description=Proxy Agave websocket from host IP to localhost
|
|
|
|
[Service]
|
|
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8900
|
|
PrivateNetwork=no
|
|
EOF
|
|
|
|
cat <<EOF | install_unit /etc/systemd/system/agave-grpc-k3s.socket
|
|
[Unit]
|
|
Description=Expose Agave Yellowstone gRPC on host IP for k3s pods
|
|
|
|
[Socket]
|
|
ListenStream=${HOST_IP}:10000
|
|
NoDelay=true
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
EOF
|
|
|
|
cat <<'EOF' | install_unit /etc/systemd/system/agave-grpc-k3s.service
|
|
[Unit]
|
|
Description=Proxy Agave Yellowstone gRPC from host IP to WireGuard IP
|
|
|
|
[Service]
|
|
ExecStart=/lib/systemd/systemd-socket-proxyd 10.91.0.1:10000
|
|
PrivateNetwork=no
|
|
EOF
|
|
|
|
ssh_target "sudo systemctl daemon-reload"
|
|
ssh_target "sudo systemctl enable --now agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket"
|
|
|
|
ensure_ufw_rule() {
|
|
local port="$1"
|
|
local comment="$2"
|
|
if ! ssh_target "sudo ufw status numbered | grep -Fq '${port}/tcp on cni0'"; then
|
|
ssh_target "sudo ufw allow in on cni0 from ${POD_CIDR} to any port ${port} proto tcp comment '${comment}' >/dev/null"
|
|
fi
|
|
}
|
|
|
|
ensure_ufw_rule 8899 k3s-pods-agave-rpc
|
|
ensure_ufw_rule 8900 k3s-pods-agave-ws
|
|
ensure_ufw_rule 10000 k3s-pods-agave-grpc
|
|
|
|
ssh_target "sudo systemctl status --no-pager agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket | sed -n '1,80p'"
|
|
ssh_target "sudo ss -ltnp | egrep ':(8899|8900|10000)\\b' | sed -n '1,40p'"
|