SCIONLab Coordination service
Setup and configuration
Setup go, scion, and scion-coord
Make sure that you have
Make sure that you have a Go workspace setup, and that
$GOPATH/bin can be found in your
$PATH variable. For example:
echo 'export GOPATH="$HOME/go"' >> ~/.profile echo 'export PATH="$HOME/.local/bin:$GOPATH/bin:$PATH"' >> ~/.profile source ~/.profile mkdir -p "$GOPATH"
Then, check out the
scionlab branch of
netsec-scion into the appropriate directory inside your go workspace:
mkdir -p "$GOPATH/src/github.com/scionproto" cd "$GOPATH/src/github.com/scionproto" git clone --recursive -b scionlab email@example.com:netsec-ethz/netsec-scion scion cd scion
If you don't have a github account, or haven't setup ssh access to it, this command will make git use https instead:
git config --global url.https://github.com/.insteadOf firstname.lastname@example.org:
Then, download this repository either by cloning it or by using
go get github.com/netsec-ethz/scion-coord.
The application uses govendor. You need to install govendor via:
go get github.com/kardianos/govendor
After this step, you can go to the
$GOPATH/src/github.com/netsec-ethz/scion-coord) and populate the dependencies in the
Copy the default configuration file using
cp conf/development.conf.default conf/development.conf
and adjust the settings to fit your setup.
Make sure that you set
captcha.secret_key as described below.
SCIONLab Coordination service uses Postmark to send emails. You will need an account token and a server token which are obtained by signing up to their service. Set the corresponding fields in the configuration file accordingly.
In the configuration file also populate the captcha fields with the keys generated
on this site.
For a quick start and for testing the keys in the
development.conf.default can be used.
Warning: Use these keys only for testing purposes as they circumvent the captcha.
The project needs a working MySQL server instance running locally. Under Ubuntu, you can install MySQL server with the following command:
sudo apt-get install mysql-server
Refer to the
conf/development.conf regarding how to set your root password
for MySQL server installation. You also need to ensure that there is a
You can do this by first logging into your
MySQL server by
mysql -h 127.0.0.1 -u root -p
and then executing the following command:
CREATE DATABASE scion_coord_test;
In order for the configurations to be generated, for each ISD with an Attachment Point the following files must exist (here shown for ISD1):
credentials/ISD1.crt (certificate of one core AS in the ISD) credentials/ISD1.key (signing key of one core AS in the ISD) credentials/ISD1.trc (TRC of the ISD)
Certificate authority setup
In order to use OpenVPN inside the generated SCIONLab ASes, it is necessary to set up a certificate
authority. We use the tool
easy-rsa for this.
easy-rsa (version 2.x) using your package manager or download it from the
easy-rsa directory to the PACKAGE_DIRECTORY (we assume you are using the default
~/scionLabConfigs). If you installed it via the package manager, you can usually do this by
mkdir -p ~/scionLabConfigs cp -r /usr/share/easy-rsa ~/scionLabConfigs
Now, copy the default configuration
cp conf/easy-rsa_vars.default ~/scionLabConfigs/easy-rsa/vars
and adjust the parameters if necessary. You may have to specify the openssl executable (be sure to
use openssl 0.9.6, 0.9.8, or 1.0.x).
Now you can initialize your certificate authority by issuing (use the default for all prompts):
cd ~/scionLabConfigs/easy-rsa source vars ./clean-all ./build-ca
In order to setup OpenVPN on the server machine, generate keys using
./build-key-server myservername ./build-dh
Then, you have to transfer files
located in the
keys directory to the machine running the OpenVPN server. You should delete
the server key from this machine.
Afterwards, you can run
go run main.go from the root folder.
Otherwise you can also run the application via:
go build ./scion-coord
The APIs are defined in the
Additional documentation can be found under Wiki.