# Manage a FABRIC Slice using Tailscale

This Jupyter notebook provides a  guide to creating and managing your slices using Tailscale Mesh VPN. 
Watch this video for more details on [Tailscale](https://www.youtube.com/watch?v=oklvRBmEL4s&t=2s).

<img src="./figs/mesh_vpn.png" width="30%"><br>

 
### Pre-Requirements: 
- Completed "Hello FABRIC" tutorial 
- Install [Tailscale](https://login.tailscale.com/) on your Laptop. 

## Step 1: Import the FABlib Library

In [None]:
from fabrictestbed_extensions.fablib.fablib import FablibManager as fablib_manager

fablib = fablib_manager()

fablib.show_config();

## Step 2: Create the Experiment Slice

In this step, you will create an experiment slice consisting of a single node with basic compute capabilities at four randomly selected sites. The process involves creating a new slice, adding resources to it, and then submitting a request for the slice to be instantiated.

The submit function will, by default, block until the node is ready and display the progress of your slice being built.

First, create a Tailscale auth key in your [admin console](https://login.tailscale.com/admin/settings/keys). Ensure that the auth key is both "Reusable" and "Ephemeral."

<img src="./figs/authkey.png" width="40%"><br>

Next, set ts_key to the auth key you created.

In [None]:
# REQUIRED CHANGE!!!
# Tailscale authkey you created at http://tailscale.com
ts_key='tskey-auth-abcdefghijklCNTRL-abcdefghijklmnopqrstuvwxyz123456'

Next, pick random sites

In [None]:
sites=fablib.get_random_sites(count=4)

print(sites)

To manage your slice with a Tailscale VPN, follow these steps:

For each VM you wish to access using Tailscale, you need to install Tailscale and configure it to use the auth key you created.

#### Install and Start Tailscale
Run the following commands to install and start Tailscale:

- Install Tailscale: `curl -fsSL https://tailscale.com/install.sh | sh`
- Start Tailscale: `sudo tailscale up --authkey tskey-auth-abcdefghijklCNTRL-abcdefghijklmnopqrstuvwxyz123456}`

You can either execute these commands manually once the VM is available, or you can instruct fablib to execute them automatically as part of the post-boot configuration. The following cell creates a post-boot execute task that installs and starts Tailscale on each VM.

In [None]:
# Create a slice
slice = fablib.new_slice(name="Tailscale_Mesh_VPN")

# Add a node at each site
for site in sites:
    node = slice.add_node(name=f"{site}1",
                          site=site,
                          image="default_ubuntu_22" )
    node.add_fabnet(net_type="IPv4", nic_type='NIC_Basic')

    # Start Docker on the VMs 
    # Docker is only necessary to run Docker-based services such as Filebrower (Step 3c). 
    # Tailscale does not require Docker
    node.add_post_boot_upload_directory('node_tools','.')
    node.add_post_boot_execute(f'node_tools/enable_docker.sh {node.get_image()}')
    
    # Install Tailscale on Linux and bring up Tailscale using the authkey
    node.add_post_boot_execute(f'curl -fsSL https://tailscale.com/install.sh | sh ;'
                                f'sudo tailscale up --authkey {ts_key}')


# Submit the slice
slice.submit();


## Step 3: Run the Experiment(s)

### Step 3a: SSH Directly from Your Laptop

- Ensure you have a copy of your slice key on your laptop.
- SSH directly to the VM using that key, without needing to hop through a bastion host:

  `ssh -i /path/to/your/slice_key ubuntu@<node_name>`
  
### Step 3b: Install and Visit a Webserver

Install and run web services on each node in the slice.

- From your local machine, access the running web services on FABRIC VMs.

You will need to obtain the IP addresses listed under "Machines" on the Tailscale page. Access the web services using a URL formatted like this: `http://<node_name>`


In [None]:
# Install Basic web server
commands = ["sudo apt-get update",
            "sudo apt-get install -y apache2",
            "sudo systemctl start apache2",
            "sudo systemctl enable apache2"
           ]

for node in slice.get_nodes():
    print(f"Installing Apache on {node.get_name()}")
    for command in commands:
        print(f"   {command}")
        node.execute(command, quiet = True, output_file=f"{node.get_name()}.log")

In [None]:
# Create a webpage and configure firewall to allow access
for node in slice.get_nodes():
    print(f"Configuring Website on {node.get_name()}")
    node.execute(f"echo 'Hello from {node.get_name()}! (Accessed through Tailscale!)' | sudo tee /var/www/html/index.html > /dev/null", 
                 quiet = True, 
                 output_file=f"{node.get_name()}.log")
    node.execute("sudo ufw allow 'Apache'", quiet = True, output_file=f"{node.get_name()}.log")
    node.execute("sudo ufw reload", quiet = True, output_file=f"{node.get_name()}.log")   
    print(f"url: http://{node.get_name()}")


### Step 3c: Run a Filebrowser and Transfer Files

[Filebrowser](https://filebrowser.org/) is a simple service that allows you to browse and transfer files to and from a remote machine. Filebrowser can run in a Docker container using the Docker Compose file included in the folder with this example notebook. 

- Run the following cell to start a Filebrowser on each of your VMs.
- On your laptop, use a browser to navigate to `http://<node_name>:8989` and log in with the default username/password: `admin/admin`. You can now drag and drop files to your VM.

Note that this service will also be accessible by any VM on your data plane. If your VM uses FABnet, other users' VMs on FABRIC can access your Filebrowser. If you use Filebrowser in a real experiment, please set a new password or use another type of authorization.


In [None]:
#Run a Filebrowser container
for node in slice.get_nodes():
    print(f"Start Filebrowser on {node.get_name()}")
    node.upload_directory("filebrowser",".") 
    node.execute("cd filebrowser && docker compose up -d", quiet = True, output_file=f"{node.get_name()}.log")
    print(f"url: http://{node.get_name()}:8989")

## Step 4: Log each VM out of Tailscale and delete the Slice

Log out of Tailscale and delete your slice when you are done with your experiment.

Note that if you do not log out of Tailscale before deleting the slice, Tailscale will continue to include the VMs as part of your VPN until it has not seen your VM for an extended period. Generally, this is not a problem. However, if you reuse the same VM name while Tailscale still knows about the previous VM with that name, Tailscale will assign a unique name to the new VM. This may lead to confusion if you try to refer to a VM by a specific name.

If you log each VM out of Tailscale before deleting it, Tailscale will immediately remove the VM, allowing you to safely reuse the name.

In [None]:
for node in slice.get_nodes():
     print(f'{node.get_name()}')
     stdout, stderr = node.execute(f'sudo tailscale logout')
slice.delete()