Files
trade-gitops/environments/sol/trade-infra/scripts/prepare-sol-agave-access.sh
mpabi e1e993e2ac
Some checks failed
deploy-trade-r001-canary / apply (push) Failing after 5m41s
feat(sol): add agave-backed dlob hot path for canary
2026-04-12 18:10:42 +02:00

97 lines
2.4 KiB
Bash
Executable File

#!/usr/bin/env bash
set -euo pipefail
TARGET_HOST="${TARGET_HOST:-mevnode}"
HOST_IP="${HOST_IP:-149.50.96.162}"
POD_CIDR="${POD_CIDR:-10.42.0.0/24}"
ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
install_unit() {
local unit_path="$1"
ssh_target "sudo tee ${unit_path} >/dev/null"
}
cat <<EOF | install_unit /etc/systemd/system/agave-rpc-k3s.socket
[Unit]
Description=Expose Agave RPC on host IP for k3s pods
[Socket]
ListenStream=${HOST_IP}:8899
NoDelay=true
[Install]
WantedBy=sockets.target
EOF
cat <<'EOF' | install_unit /etc/systemd/system/agave-rpc-k3s.service
[Unit]
Description=Proxy Agave RPC from host IP to localhost
[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8899
PrivateNetwork=no
EOF
cat <<EOF | install_unit /etc/systemd/system/agave-ws-k3s.socket
[Unit]
Description=Expose Agave websocket on host IP for k3s pods
[Socket]
ListenStream=${HOST_IP}:8900
NoDelay=true
[Install]
WantedBy=sockets.target
EOF
cat <<'EOF' | install_unit /etc/systemd/system/agave-ws-k3s.service
[Unit]
Description=Proxy Agave websocket from host IP to localhost
[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8900
PrivateNetwork=no
EOF
cat <<EOF | install_unit /etc/systemd/system/agave-grpc-k3s.socket
[Unit]
Description=Expose Agave Yellowstone gRPC on host IP for k3s pods
[Socket]
ListenStream=${HOST_IP}:10000
NoDelay=true
[Install]
WantedBy=sockets.target
EOF
cat <<'EOF' | install_unit /etc/systemd/system/agave-grpc-k3s.service
[Unit]
Description=Proxy Agave Yellowstone gRPC from host IP to WireGuard IP
[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 10.91.0.1:10000
PrivateNetwork=no
EOF
ssh_target "sudo systemctl daemon-reload"
ssh_target "sudo systemctl enable --now agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket"
ensure_ufw_rule() {
local port="$1"
local comment="$2"
if ! ssh_target "sudo ufw status numbered | grep -Fq '${port}/tcp on cni0'"; then
ssh_target "sudo ufw allow in on cni0 from ${POD_CIDR} to any port ${port} proto tcp comment '${comment}' >/dev/null"
fi
}
ensure_ufw_rule 8899 k3s-pods-agave-rpc
ensure_ufw_rule 8900 k3s-pods-agave-ws
ensure_ufw_rule 10000 k3s-pods-agave-grpc
ssh_target "sudo systemctl status --no-pager agave-rpc-k3s.socket agave-ws-k3s.socket agave-grpc-k3s.socket | sed -n '1,80p'"
ssh_target "sudo ss -ltnp | egrep ':(8899|8900|10000)\\b' | sed -n '1,40p'"