7c9f9582ca
Implements the deployment loop end-to-end on the CIS490 side:
shipper/
config.py ShipperConfig (host_id, paths, receiver endpoint, mTLS)
transport.py httpx-based PUT + ping with mTLS + bearer support
queue.py scan data/episodes/, tar+zstd via system zstd, ship,
retire to data/shipped/. Idempotent across crashes per
the state machine in docs/transport.md.
__main__.py CLI: --ping (smoke test), --once (one pass), or daemon
receiver/app.py: new POST /v1/ping that requires the same auth as PUT
/v1/episodes but writes nothing. Used by `cis490-shipper --ping`
during lab-host bring-up to verify the WG/Caddy/mTLS path before
shipping any real bytes.
etc/
cis490-shipper.service systemd unit for the lab-host shipper
cis490-orchestrator.service systemd unit for the lab-host queue
(kept disabled by default until queue
mode lands)
lab-host.toml.example config template
scripts/
install-lab-host.sh idempotent installer; verifies prereqs,
creates cis490 service user, syncs repo to
/opt/cis490, builds venv, drops systemd units
and config template
install-receiver.sh same, for the receiver role on the central WG
node (Pi5 in our setup)
tests/test_shipper.py 11 end-to-end tests against a real Uvicorn
server hosting the receiver app. Exercises
ping, tar+ship, idempotent re-ship, 409
conflict, transient (receiver down), tarball
round-trip via system zstd.
AGENTS.md guidance for AI agents working on this and sibling repos.
Headline: when you hit an issue you can't fully fix in
scope, file a Forgejo issue rather than leaving a TODO.
51/51 tests pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
50 lines
1.6 KiB
Text
50 lines
1.6 KiB
Text
# CIS490 lab-host — copy to /etc/cis490/lab-host.toml and edit.
|
|
#
|
|
# This config drives BOTH the orchestrator (which runs episodes) and
|
|
# the shipper (which uploads completed episodes to the central
|
|
# receiver over WG).
|
|
|
|
# Stable identity for this lab host. Used in the receiver path
|
|
# (/v1/episodes/<host_id>/...) and in the X-Lab-Host header. Pick
|
|
# something short, stable, and DNS-safe — letters, digits, _.- only.
|
|
host_id = "REPLACE_ME"
|
|
|
|
[paths]
|
|
data_root = "/var/lib/cis490/data"
|
|
samples_store = "/var/lib/cis490/samples/store"
|
|
qcow_image = "/var/lib/cis490/vm/images/metasploitable2.qcow2"
|
|
|
|
[receiver]
|
|
# The receiver lives behind Caddy on the WG-side collector host. The
|
|
# hostname must resolve over WG (collector.wg in the canonical
|
|
# spectral lab). The wg-pki CA must be on every lab-host so the
|
|
# Caddy-issued internal cert validates.
|
|
url = "https://collector.wg"
|
|
ca_bundle = "/etc/cis490/certs/wg-ca.pem"
|
|
|
|
# mTLS: leaf cert + private key issued by wg-pki for THIS host_id.
|
|
# Comment these out to fall back to bearer-token auth during early
|
|
# bring-up.
|
|
client_cert = "/etc/cis490/certs/lab-host.pem"
|
|
client_key = "/etc/cis490/certs/lab-host.key"
|
|
|
|
# Bearer is optional and only used if mTLS isn't yet configured. When
|
|
# both are set, mTLS does the actual authn and the bearer is a
|
|
# belt-and-suspenders check.
|
|
# bearer_token = "REPLACE_ME_WITH_SECRET"
|
|
|
|
# Set to false ONLY for local-loopback dev against an unsigned cert.
|
|
# verify_tls = true
|
|
|
|
[shipper]
|
|
scan_interval_s = 5.0
|
|
request_timeout_s = 60.0
|
|
|
|
[episode]
|
|
baseline_seconds = 30
|
|
infected_seconds = 90
|
|
dormant_seconds = 60
|
|
|
|
[retention]
|
|
keep_local_for_days = 7
|
|
prune_at_disk_pct = 80
|