# FRR, SiteRM, XrootD on Fabric

This setup will install the following:
* 1 Router VM with FRR.
* 4 Hosts (XRootD) and all will point as GW to Router;
* SiteRM Frontend (optional) + Agent's will be installed on Router and Host VMs
* Monitoring node with Grafana/Prometheus and full ELStack.

In [None]:
import os
import json
import traceback
from ipaddress import ip_address, IPv4Address, IPv6Address, IPv4Network, IPv6Network
import ipaddress

from fabrictestbed_extensions.fablib.fablib import FablibManager as fablib_manager
import mflib 
from mflib.mflib import MFLib

fablib = fablib_manager()
                     
fablib.show_config();
# Check version
print(f"MFLib version  {mflib.__version__} " )


## Create the Experiment Slice

# Configuration parameters

In [None]:
site = 'CERN'
slice_name = f'FRR-{site.lower()}'
routername = f'frr-{site.lower()}'
image_name = "docker_ubuntu_22"
host_image = 'docker_ubuntu_22'


site_ranges = {'CERN': '2602:fcfb:001d',
               'LOSA': '2602:fcfb:0012',
               'NEWY': '2602:fcfb:0013',
               'UCSD': '2602:fcfb:000d'}
router_asns = {'CERN': 64518,
               'LOSA': 64519,
               'NEWY': 64520,
               'UCSD': 64521}

routerasn = router_asns[site]
rangestart = site_ranges[site]


# fff0::/64 - is used for Peering with Cisco Fabric;
frr_config = {'range': f'{rangestart}:fff0::/64',
              'ip':  f'{rangestart}:fff0::2/64',
              'gw':  f'{rangestart}:fff0::1',
              'vlan': 99}

# :fff1::64, :fff2::/64, :fff3::/64 
# Those IP Ranges uses for FRR node
ip_ranges = { f'{rangestart}:fff1::/64': {
    'frr':  f'{rangestart}:fff1::1/64',
    'vlan': 100,
    'name': 'frr-net0'},
         f'{rangestart}:fff2::/64': {
    'frr':  f'{rangestart}:fff2::1/64',
    'vlan': 101,
    'name': 'frr-net1'},
         f'{rangestart}:fff3::/64': {
    'frr':  f'{rangestart}:fff3::1/64',
    'vlan': 102,
    'name': 'frr-net2'}}

# Used to map same frr network to iprange used on host
ip_range_to_net = {'host1_n1': 'frr-net0',
                  'host1_n2': 'frr-net1',
                  'host1_n3': 'frr-net2',
                  'host2_n1': 'frr-net0',
                  'host2_n2': 'frr-net1',
                  'host2_n3': 'frr-net2',
                  'host3_n1': 'frr-net0',
                  'host3_n2': 'frr-net1',
                  'host3_n3': 'frr-net2',
                  'host4_n1': 'frr-net0',
                  'host4_n2': 'frr-net1',
                  'host4_n3': 'frr-net2'}


# Host IPs and corresponding gateways (pointing to FRR)
hosts = {"host1": {
    'host1_n1': { f'{rangestart}:fff1::2/64':  f'{rangestart}:fff1::1'},
    'host1_n2': { f'{rangestart}:fff2::2/64':  f'{rangestart}:fff2::1'},
    'host1_n3': { f'{rangestart}:fff3::2/64':  f'{rangestart}:fff3::1'},
}, "host2": {
    'host2_n1': { f'{rangestart}:fff1::3/64':  f'{rangestart}:fff1::1'},
    'host2_n2': { f'{rangestart}:fff2::3/64':  f'{rangestart}:fff2::1'},
    'host2_n3': { f'{rangestart}:fff3::3/64':  f'{rangestart}:fff3::1'},
}, "host3": {
    'host3_n1': { f'{rangestart}:fff1::4/64':  f'{rangestart}:fff1::1'},
    'host3_n2': { f'{rangestart}:fff2::4/64':  f'{rangestart}:fff2::1'},
    'host3_n3': { f'{rangestart}:fff3::4/64':  f'{rangestart}:fff3::1'},
}, "host4": {
    'host4_n1': { f'{rangestart}:fff1::5/64':  f'{rangestart}:fff1::1'},
    'host4_n2': { f'{rangestart}:fff2::5/64':  f'{rangestart}:fff2::1'},
    'host4_n3': { f'{rangestart}:fff3::5/64':  f'{rangestart}:fff3::1'},
}}


# List of destinations, for which to add static routes and use dataplane interface
# Most are needed for XRootD communications, except:
#2620:f:a:50::/64 - Nycernet - for communications with FE running on NRP (Issue with SENSE-O and IPv6)
#2601:0249:187f:cf74::/64 - Home Range to access Frontpage
use_dataplane_routes = {"2602:fcfb::/36": "Fabric",
                        "2001:1458::/32": "Cern",
                        "2620:6a::/48": "Fermilab",
                        "2605:d9c0::/32": "Caltech",
                        "2600:900::/28": "Nebraska",
                        "2001:48d0::/32": "SDSC",
                        "2620:f:a:50::/64": "NyCerNet",
                        "2601:0249:187f:cf74::/64": "JustasHome",
                        "2607:f720::/32": "UCSD"}

# XRootd configurations
# Location of XRootD Redirector (only passed as env parameter to xrootd)
xrd_redir = f"{site.lower()}-sub1-host1-redir.exp.fabric-testbed.net"
# XRootD HTTP Requires to provide secret (and must be equal between all xrootd servers).
# Modify as you see it fit.
xrd_http_secret = "pYrySWhj4BftwJkSbMyAk8ha3p5YXsAt7g3mFzx7Vkg"


# Helper Functions
import subprocess
import shlex

def runcmd(nodes, commands):
    print("RUN COMMANDS")
    for command in commands:
        for nodename in nodes:
            node = slice.get_node(name=nodename)
            print(f'Execute: {command} on {nodename}')
            stdout, stderr = node.execute(command)

def runonecmd(node, nodename, command):
    print(f'Execute: {command} on {nodename}')
    stdout, stderr = node.execute(command)

def runIntfTuning(nodes):
    print("NODE INTERFACE TUNING")
    for nodename in nodes:
        node = slice.get_node(name=nodename)
        for intf in node.get_interfaces():
            command = f"sudo sh vpp-frr/interface-tuning.sh {intf.get_device_name()}"
            print(f'Execute: {command} on {nodename}')
            stdout, stderr = node.execute(command)

def localcmd(command):
    """Execute command locally and return stdout and stderr."""
    print(f'Execute local cmd: {command}')
    command = shlex.split(str(command))
    proc = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    return proc.communicate()





# Create Slice

In [None]:
#Create Slice
slice = fablib.new_slice(name=slice_name)

# Add Router;
router = slice.add_node(name=routername, site=site, cores=48, ram=128, disk=100, image=image_name)
routernic = router.add_component(model='NIC_ConnectX_6', name='nic_local').get_interfaces()
# This will get dedicated NIC with 2 ports.
# Port-1 - Is used for Peering with Fabric Cisco
# Port-2 - Is used for hosts (L2 Network)
# For SENSE Needs - everything uses sub-interfaces;
subnet = IPv6Network(frr_config['range'])
vlan = frr_config['vlan']
net1 = slice.add_l3network(name=f'pub-0', type='IPv6Ext', subnet=subnet)
ciface = routernic[1].add_sub_interface(f"vlan{vlan}", vlan=str(vlan), bw=100)
ciface.set_mode('manual')
net1.add_interface(ciface)

# Add Networks and interfaces to FRR
for iprange, rangeitems in ip_ranges.items():
    subnet = IPv6Network(iprange)
    vlan = rangeitems['vlan']
    gateway = subnet[1]
    net1 = slice.add_l2network(name=rangeitems['name'], subnet=subnet, gateway=gateway)
    ciface = routernic[0].add_sub_interface(f"vlan{vlan}", vlan=str(vlan), bw=100)
    ciface.set_mode('manual')
    net1.add_interface(ciface)

# Add Network and interfaces to Hosts
for host, rangeitems in hosts.items():
    node = slice.add_node(name=f"{host}", site=site, cores=16, ram=32, disk=1000, image=host_image)
    counter = 0
    for hostnet, hostrange in rangeitems.items():
        for hostip, hostgw in hostrange.items():
            iface = node.add_component(model='NIC_Basic', name=hostnet).get_interfaces()[0]
            iface.set_mode('manual')
            net1 = slice.get_network(name=ip_range_to_net[hostnet])
            net1.add_interface(iface)

# Add Measurement node:
MFLib.addMeasNode(slice, site=site, disk=100)

slice.submit()

## Deploy monitoring (Takes long time to install)

In [None]:
print(f"MFLib version  {mflib.__version__} " )
# Import MFLib Class
from mflib.mflib import MFLib
# The slice name of the slice with which you want to interact.
mf = MFLib(slice_name, mf_repo_branch="main")
print(mf.grafana_tunnel)
instrumetize_results = mf.instrumentize()
print(mf.grafana_tunnel)

print(f"Browse to https://localhost:{mf.grafana_tunnel_local_port}/grafana/dashboards?query=%2A")

# All node tuning for high throughput

In [None]:
commands = ["sudo apt update",
            "sudo apt install -y docker-compose-plugin", 
            "sudo usermod -aG docker ubuntu",
            "git clone https://github.com/sdn-sense/vpp-frr",
            "sudo sh vpp-frr/tuning.sh"]
runcmd([routername], commands)
print('-'*100)
runIntfTuning([routername])
print('Run tuning on all hosts')
runcmd(list(hosts.keys()), commands)
print('-'*100)
runIntfTuning(list(hosts.keys()))

## Configure IPs on Hosts (set GWs)

In [None]:
# Set IPs on Hosts;
for host, rangeitems in hosts.items():
    node1 = slice.get_node(name=host)
    counter = 0
    intfdone = []
    for hostnet, hostrange in rangeitems.items():
        for hostip, hostgw in hostrange.items():
            node1_iface = node1.get_interface(name=f'{host}-{hostnet}-p1')
            intf_name = node1_iface.get_device_name()
            net1 = slice.get_network(name=ip_range_to_net[hostnet])
            if intf_name not in intfdone:
                runonecmd(node1, host, f"sudo sysctl -w net.ipv6.conf.{intf_name.replace('.', '/')}.accept_ra=0")
                runonecmd(node1, host, f"sudo ip link set {intf_name} down")
                runonecmd(node1, host, f"sudo ip link set {intf_name} up")
                intfdone.append(intf_name)
            command = f"sudo ip addr add {hostip} dev {intf_name}"
            runonecmd(node1, host, command)

In [None]:
# Create routing tables and set default gws for each.
for host, rangeitems in hosts.items():
    node1 = slice.get_node(name=host)
    counter = 1
    intfdone = []
    for hostnet, hostrange in rangeitems.items():
        for hostip, hostgw in hostrange.items():
            node1_iface = node1.get_interface(name=f'{host}-{hostnet}-p1')
            intf_name = node1_iface.get_device_name()
            hostipnomask = hostip.split('/')[0]
            hostgwnomask = hostgw.split('/')[0]
            runonecmd(node1, host, f'grep -qF "{intf_name}" /etc/iproute2/rt_tables || echo "{counter} {intf_name}" | sudo tee -a /etc/iproute2/rt_tables > /dev/null')
            runonecmd(node1, host, f'sudo ip -6 r add {hostipnomask} dev {intf_name} table {intf_name}')
            runonecmd(node1, host, f'sudo ip -6 route add default via {hostgwnomask} dev {intf_name} table {intf_name}')
            runonecmd(node1, host, f'sudo ip -6 rule add from {hostipnomask}/128 table {intf_name}')
            runonecmd(node1, host, f'sudo ip -6 rule add to {hostipnomask}/128 table {intf_name}')
            runonecmd(node1, host, f'sudo ping6 -c2 {hostgwnomask} -I {intf_name}')
            counter += 1

# (Option 1) Deploy FRR and configure FRR to be a router. (No-DPDK)

## Set IPs on Router

In [None]:
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
iface = router_iface.get_physical_os_interface_name()
runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
runonecmd(router, routername, f"sudo ip link set {iface} down")
runonecmd(router, routername, f"sudo ip link set {iface} up")
# 2. Disable accept_ra also for vlan device
iface = router_iface.get_device_name()
runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
runonecmd(router, routername, f"sudo ip link set {iface} down")
runonecmd(router, routername, f"sudo ip link set {iface} up")
# 3. Set IP and default routes as defined in configuration
#   Issue is on Fabric IPv6 Mgmt hosts - default route will be via mgmt;
# Deleting it will restore back. Would need explicit routing, but at the same time
# need a way to control mgmt interface setup. Best would be if there is an option
# to say that mgmt interface - do not set default route and use only explicit routing.
# If we want to make it static - we also need to modify netplan (which is also controlled by fabric)
iface = router_iface.get_device_name()
command = f"sudo ip addr add {frr_config['ip']} dev {iface}"
runonecmd(router, routername, command)


# For all other L2 networks for Hosts - Move interfaces on FRR also to Net-NS and set IPs;
counter=0
intfdone = []
for iprange, rangeitems in ip_ranges.items():
    router_iface = router.get_interface(network_name=rangeitems['name'])
    # Disable accept_ra
    iface = router_iface.get_physical_os_interface_name()
    if iface not in intfdone:
        runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
        runonecmd(router, routername, f"sudo ip link set {iface} down")
        runonecmd(router, routername, f"sudo ip link set {iface} up")
        intfdone.append(iface)
    # Disable accept_ra for sub device
    iface = router_iface.get_device_name()
    if iface not in intfdone:
        runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
        runonecmd(router, routername, f"sudo ip link set {iface} down")
        runonecmd(router, routername, f"sudo ip link set {iface} up")
        intfdone.append(iface)
    command = f"sudo ip addr add {rangeitems['frr']} dev {iface}"
    runonecmd(router, routername, command)
    counter+=1




router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
iface = router_iface.get_physical_os_interface_name()
# 4. Set default routes for all our known ranges (CERN,Fabric,Caltech,SDSC,Fermilab,Nebraska, etc..)
for iprange, name in use_dataplane_routes.items():
    command = f"sudo ip -6 route add {iprange} via {frr_config['gw']} dev {iface}.{frr_config['vlan']}"
    runonecmd(router, routername, command)

## Deploy FRR

In [None]:
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)

# If we have frrsshkey and frrsshkey.pub on Jupyter notebook dir, we copy it to router machine.
# Otherwise generate new one. In case new one, SiteRM FE will need to update credentials to access device.
if os.path.isfile('frrsshkey') and os.path.isfile('frrsshkey.pub'):
    runcmd([routername], ["mkdir -p ~/.ssh", "chmod 700 ~/.ssh"])
    scp_cmd = "scp -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config "
    user = router.get_username()
    mgmtip = router.get_management_ip()
    for dest, srcfile in {'~/.ssh/frrsshkey': 'frrsshkey',
                          '~/.ssh/frrsshkey.pub': 'frrsshkey.pub'}.items():
        cmd = f"{scp_cmd} {srcfile} {user}@[{mgmtip}]:{dest}"
        print(localcmd(cmd))
    runcmd([routername], ["chmod 600 ~/.ssh/frrsshkey"])


# Flush nftables and start frr container
commands = ["sudo nft flush ruleset",
    f'cd vpp-frr/frr/ && sed -e "s/REPLACEME_HOSTNAME/`hostname`/" -e "s/REPLACEME_ASN/{routerasn}/" etc/frr/frr.conf-template > etc/frr/frr.conf',
    "cd vpp-frr/frr/ && sudo docker compose up -d",
    "sh vpp-frr/frr/keygen.sh"]
runcmd([routername], commands)

## Add default routes

In [None]:
slice = fablib.get_slice(name=slice_name)
# This is default routes, once VPP, FRR is running;
router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
iface = router_iface.get_physical_os_interface_name()
# 4. Set default routes for all our known ranges (CERN,Fabric,Caltech,SDSC,Fermilab,Nebraska, etc..)
for iprange, name in use_dataplane_routes.items():
    command = f"sudo ip -6 route add {iprange} via {frr_config['gw']} dev {iface}.{frr_config['vlan']}"
    print(command)
    runonecmd(router, routername, command)

# (Option 2) Deploy FRR with VPP and configure FRR to be a router. (DPDK)

## Disable accept_ra on all interfaces, set them down, remove vlans

In [None]:
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
iface = router_iface.get_physical_os_interface_name()
runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
runonecmd(router, routername, f"sudo ip link set {iface} down")
# 2. Disable accept_ra also for vlan device
iface = router_iface.get_device_name()
runonecmd(router, routername, f"sudo ip link del {iface}")

# For all other L2 networks for Hosts - Move interfaces on FRR also to Net-NS and set IPs;
counter=0
intfdone = []
for iprange, rangeitems in ip_ranges.items():
    router_iface = router.get_interface(network_name=rangeitems['name'])
    # Disable accept_ra
    iface = router_iface.get_physical_os_interface_name()
    if iface not in intfdone:
        runonecmd(router, routername, f"sudo sysctl -w net.ipv6.conf.{iface.replace('.', '/')}.accept_ra=0")
        runonecmd(router, routername, f"sudo ip link set {iface} down")
        intfdone.append(iface)
    # Disable accept_ra for sub device
    iface = router_iface.get_device_name()
    if iface not in intfdone:
        runonecmd(router, routername, f"sudo ip link del {iface}")
        intfdone.append(iface)
    counter+=1

## Deploy VPP

In [None]:
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)

# TODO: VPP Requires to identify PCI Device. Need a way to find it and modify vpp configuration.

# Identify public interface and add it to env;
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
pub_iface = router_iface.get_physical_os_interface_name()


# Identify private interface and add it to env file;
# For all other L2 networks for Hosts - Move interfaces on FRR also to Net-NS and set IPs;
counter=0
for iprange, rangeitems in ip_ranges.items():
    router_iface = router.get_interface(network_name=rangeitems['name'])
    # Disable accept_ra
    priv_iface = router_iface.get_physical_os_interface_name()
    break

print(pub_iface, priv_iface)

# Flush nftables and start vpp container
commands = ["sudo nft flush ruleset",
            f"cp vpp-frr/siterm/{site}/fe/startup.gate vpp-frr/vpp/etc/vpp/startup.gate",
            f"cd vpp-frr/vpp/ && sh find_interfaces.sh {pub_iface} PUBLIC",
            f"cd vpp-frr/vpp/ && sh find_interfaces.sh {priv_iface} PRIVATE",
            "cd vpp-frr/vpp/ && sh start.sh"]
runcmd([routername], commands)

## Deploy FRR

In [None]:
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)

# If we have frrsshkey and frrsshkey.pub on Jupyter notebook dir, we copy it to router machine.
# Otherwise generate new one. In case new one, SiteRM FE will need to update credentials to access device.
if os.path.isfile('frrsshkey') and os.path.isfile('frrsshkey.pub'):
    runcmd([routername], ["mkdir -p ~/.ssh", "chmod 700 ~/.ssh"])
    scp_cmd = "scp -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config "
    user = router.get_username()
    mgmtip = router.get_management_ip()
    for dest, srcfile in {'~/.ssh/frrsshkey': 'frrsshkey',
                          '~/.ssh/frrsshkey.pub': 'frrsshkey.pub'}.items():
        cmd = f"{scp_cmd} {srcfile} {user}@[{mgmtip}]:{dest}"
        print(localcmd(cmd))
    runcmd([routername], ["chmod 600 ~/.ssh/frrsshkey"])


# Flush nftables and start frr container
commands = ["sudo nft flush ruleset",
    f'cd vpp-frr/frr/ && sed -e "s/REPLACEME_HOSTNAME/`hostname`/" -e "s/REPLACEME_ASN/{routerasn}/" etc/frr/frr.conf-template > etc/frr/frr.conf',
    "cd vpp-frr/frr/ && sudo docker compose up -d",
    "sh vpp-frr/frr/keygen.sh"]
runcmd([routername], commands)

In [None]:
slice = fablib.get_slice(name=slice_name)
# This is default routes, once VPP, FRR is running;
router = slice.get_node(name=routername)
# 1. Disable accept_ra for the first interface. That add a default route and we want to avoid that
router_iface = router.get_interface(network_name=f'pub-0')
iface = router_iface.get_physical_os_interface_name()
# 4. Set default routes for all our known ranges (CERN,Fabric,Caltech,SDSC,Fermilab,Nebraska, etc..)
for iprange, name in use_dataplane_routes.items():
    #command = f"sudo ip -6 route add {iprange} via {frr_config['gw']} dev {iface}.{frr_config['vlan']}"
    command = f"sudo ip -6 route add {iprange} via {frr_config['gw']} dev e2.99"
    print(command)
    runonecmd(router, routername, command)

## Download SiteRM Repo to all nodes

In [None]:
slice = fablib.get_slice(name=slice_name)
commands = ["sudo nft flush ruleset",
            "git clone https://github.com/sdn-sense/siterm-startup"]
node1 = slice.get_node(name=routername)
runcmd([routername], commands)
for host in list(hosts.keys()):
    runcmd([host], commands)

## Copy Certificates, creds from your bastion node

In [None]:
commands = ["cd ~/vpp-frr && git pull"]
runcmd([routername], commands)
print('-'*100)

# Install docker, clone tuning, and tune node;
commands = ["cd ~/vpp-frr && git pull"]
runcmd(list(hosts.keys()), commands)
print('-'*100)

# Generate and print commands to copy cert's to required locations
import os

if not os.path.isfile('macaroon-secret'):
    print('If you dont have macaroon secret, generate it using the following command')
    print('openssl rand -base64 -out macaroon-secret 64')
    print('This file will need to be equal between all nodes')
    print('-'*80)

scp_cmd = "scp -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config "

# frr node for SiteRM FE
# hosts - for SiteRM Agent;
#         for XRootD;
slice = fablib.get_slice(name=slice_name)
router = slice.get_node(name=routername)
user = router.get_username()
mgmtip = router.get_management_ip()
for dest, srcfile in {'~/siterm-startup/fe/conf/etc/httpd/certs/cert.pem': 'hostcert.pem',
                      '~/siterm-startup/fe/conf/etc/grid-security/hostcert.pem': 'hostcert.pem',
                      '~/siterm-startup/fe/conf/etc/httpd/certs/privkey.pem': 'hostkey.pem',
                      '~/siterm-startup/fe/conf/etc/grid-security/hostkey.pem': 'hostkey.pem'}.items():
    cmd = f"{scp_cmd} {srcfile} {user}@[{mgmtip}]:{dest}"
    print(localcmd(cmd))
# Print host commands
for hostname in list(hosts.keys()):
    node = slice.get_node(name=hostname)
    user = node.get_username()
    mgmtip = node.get_management_ip()
    for dest, srcfile in {'~/siterm-startup/agent/conf/etc/grid-security/hostcert.pem': 'hostcert.pem',
                          '~/siterm-startup/agent/conf/etc/grid-security/hostkey.pem': 'hostkey.pem',
                          '~/vpp-frr/xrootd/priv/xrootdcert.pem': 'hostcert.pem',
                          '~/vpp-frr/xrootd/priv/xrootdkey.pem': 'hostkey.pem',
                          '~/vpp-frr/xrootd/priv/macaroon-secret': 'macaroon-secret'}.items():
        cmd = f"{scp_cmd} {srcfile} {user}@[{mgmtip}]:{dest}"
        print(localcmd(cmd))


## Deploy SiteRM Frontend

In [None]:
slice = fablib.get_slice(name=slice_name)
commands = ["cd siterm-startup && git pull",
            "cd vpp-frr && git pull",
            f"cp vpp-frr/siterm/{site}/fe/ansible-conf.yaml siterm-startup/fe/conf/etc/ansible-conf.yaml",
            f"cp vpp-frr/siterm/{site}/fe/siterm.yaml siterm-startup/fe/conf/etc/siterm.yaml",
            f"cp vpp-frr/siterm/{site}/fe/environment siterm-startup/fe/conf/environment",
            f'cp ~/.ssh/frrsshkey siterm-startup/fe/conf/opt/siterm/config/ssh-keys/frrsshkey',
            "cd siterm-startup/fe/docker/ && ./run.sh -i dev -n host"]
node1 = slice.get_node(name=routername)
runcmd([routername], commands)

## Restart SiteRM Frontend with new image (if needed)

In [None]:
slice = fablib.get_slice(name=slice_name)
commands = ["cd siterm-startup && git pull",
            "cd siterm-startup/fe/docker/ && ./restart-new-image.sh -i dev -n host"]
node1 = slice.get_node(name=routername)
runcmd([routername], commands)

## Deploy SiteRM Agent(s)

In [None]:
slice = fablib.get_slice(name=slice_name)
for host in list(hosts.keys()):
    commands = ["cd siterm-startup && git pull",
                "cd vpp-frr/ && git pull",
                f"cp vpp-frr/siterm/{site}/{host}/siterm.yaml siterm-startup/agent/conf/etc/siterm.yaml",
                 "cd siterm-startup/agent/docker/ && sudo ./run.sh -i dev"]
    runcmd([host], commands)

## Restart all SiteRM Agents with new image (if needed)

In [None]:
slice = fablib.get_slice(name=slice_name)
for host in list(hosts.keys()):
    commands = ["cd siterm-startup && git pull",
                 "cd siterm-startup/agent/docker/ && sudo ./restart-new-image.sh -i dev"]
    runcmd([host], commands)

# Deploy XRootD on all Hosts

## Configure certs, users, dir and config file for xrootd;

In [None]:
slice = fablib.get_slice(name=slice_name)
commands = ["cd ~/vpp-frr && git pull"]
runcmd(list(hosts.keys()), commands)
print('-'*100)


commands = ["sudo python3 ~/vpp-frr/xrootd/config/default/opt/usergroupchecker.py --notimeout",
            "sudo chown xrootd:xrootd ~/vpp-frr/xrootd/priv/*.pem",
            "sudo chmod 600 ~/vpp-frr/xrootd/priv/xrootdkey.pem",
            "sudo mkdir -p /storage/cms/store/",
            "sudo chown cmsuser:cmsuser /storage/cms/store/",
            "sed -i 's|XRD_HTTP_SECRET_KEY=.*|XRD_HTTP_SECRET_KEY=%s|' ~/vpp-frr/xrootd/.env" % xrd_http_secret,
            "sed -i 's|XRD_REDIR=.*|XRD_REDIR=%s|' ~/vpp-frr/xrootd/.env" % xrd_redir]

for host in list(hosts.keys()):
    runcmd([host], commands)

# Start XRootD Process on all nodes;

In [None]:
commands = ["cd vpp-frr/xrootd/ && sudo docker compose up -d"]
for host in list(hosts.keys()):
    runcmd([host], commands)

# Install FDT

In [None]:
slice = fablib.get_slice(name=slice_name)
for host in list(hosts.keys()):
    commands = ["sudo apt update", "sudo apt install -y default-jre",
                "wget --no-check-certificate http://monalisa.cern.ch/FDT/lib/fdt.jar"]
    runcmd([host], commands)

# Run FDT in nohup

In [None]:
slice = fablib.get_slice(name=slice_name)
for host in list(hosts.keys()):
    commands = ["sudo nft flush ruleset", "nohup java -jar fdt.jar &"]
    runcmd([host], commands)

## Extend slice to max (2 weeks)

Extend slice for another two weeks to keep it active

In [12]:
# Extend slice (if already present)
from datetime import datetime
from datetime import timezone
from datetime import timedelta
from fabrictestbed_extensions.fablib.fablib import FablibManager as fablib_manager

fablib = fablib_manager()
                     
fablib.show_config();

#Set end host to now plus 1 day
end_date = (datetime.now(timezone.utc) + timedelta(days=14)).strftime("%Y-%m-%d %H:%M:%S %z")

try:
    slice = fablib.get_slice(name=slice_name)
    slice.show()
    slice.list_slivers()
    slice.list_interfaces()
    slice.renew(end_date)
except Exception as e:
    print(f"Exception: {e}")

# Check slice end date
try:
    slice = fablib.get_slice(name=slice_name)
    print(f"Lease End (UTC)        : {slice.get_lease_end()}")
       
except Exception as e:
    print(f"Exception: {e}")


Retry: 1, Time: 81 sec


0,1
ID,b2eb7a5d-6162-4cb7-9f9e-c4143ed0bf11
Name,FRR-cern
Lease Expiration (UTC),2024-11-17 13:47:18 +0000
Lease Start (UTC),2024-11-01 14:26:49 +0000
Project ID,a57c7715-d871-4369-82e6-408c9a57a6e7
State,StableOK


ID,Name,Cores,RAM,Disk,Image,Image Type,Host,Site,Username,Management IP,State,Error,SSH Command,Public SSH Key File,Private SSH Key File
f81aa851-f519-4af3-b501-188e6e958046,frr-cern,48,128,100,docker_ubuntu_22,qcow2,cern-w2.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fe14:e350,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fe14:e350,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key
53ec8e91-66a9-4e6d-ac33-133590bb70f0,host1,16,32,1000,docker_ubuntu_22,qcow2,cern-w6.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fea1:a841,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fea1:a841,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key
781bd7fa-9449-4635-8722-2f991251df4e,host2,16,32,1000,docker_ubuntu_22,qcow2,cern-w2.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fe1f:21cf,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fe1f:21cf,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key
64f2b494-9240-4580-adcc-246c9043c415,host3,16,32,1000,docker_ubuntu_22,qcow2,cern-w4.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fe3d:19b2,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fe3d:19b2,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key
5b781afd-afd1-4763-bcd6-ed42658fb741,host4,16,32,1000,docker_ubuntu_22,qcow2,cern-w4.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fe62:5c9d,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fe62:5c9d,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key
b73e725b-ae14-4191-bcbc-d98d234dc4a4,meas-node,4,16,100,docker_ubuntu_20,qcow2,cern-w1.fabric-testbed.net,CERN,ubuntu,2001:400:a100:3090:f816:3eff:fed1:683a,Active,,ssh -i /home/fabric/work/fabric_config/slice_key -F /home/fabric/work/fabric_config/ssh_config ubuntu@2001:400:a100:3090:f816:3eff:fed1:683a,/home/fabric/work/fabric_config/slice_key.pub,/home/fabric/work/fabric_config/slice_key


ID,Name,Layer,Type,Site,Subnet,Gateway,State,Error
d6056495-b758-4248-ad78-2bd35f608858,frr-net0,L2,L2Bridge,CERN,2602:fcfb:1d:fff1::/64,2602:fcfb:1d:fff1::1,Active,
8963ac1a-509a-426e-a291-aa6c82bbe8eb,frr-net1,L2,L2Bridge,CERN,2602:fcfb:1d:fff2::/64,2602:fcfb:1d:fff2::1,Active,
707b4a8b-8183-42de-99a6-2480634a5717,frr-net2,L2,L2Bridge,CERN,2602:fcfb:1d:fff3::/64,2602:fcfb:1d:fff3::1,Active,
636ab434-2919-4fcf-ae33-08d68778c2bd,l3_meas_net_CERN,L3,FABNetv4,CERN,10.143.3.0/24,10.143.3.1,Active,
7664331d-e996-499b-9256-31a2a15cbb3b,pub-0,L3,FABNetv6Ext,CERN,2602:fcfb:1d:fff0::/64,2602:fcfb:1d:fff0::1,Active,


Name,Short Name,Node,Network,Bandwidth,Mode,VLAN,MAC,Physical Device,Device,IP Address,Numa Node,Switch Port
frr-cern-nic_local-p1,p1,frr-cern,,100,config,,10:70:FD:E5:B6:50,enp8s0np0,enp8s0np0,fe80::1270:fdff:fee5:b650,6,
frr-cern-nic_local-p1-vlan100,frr-cern-nic_local-p1-vlan100,frr-cern,frr-net0,100,manual,100.0,10:70:FD:E5:B6:50,enp8s0np0,enp8s0np0.100,,6,HundredGigE0/0/0/4
frr-cern-nic_local-p1-vlan102,frr-cern-nic_local-p1-vlan102,frr-cern,frr-net2,100,manual,102.0,10:70:FD:E5:B6:50,enp8s0np0,enp8s0np0.102,,6,HundredGigE0/0/0/4
frr-cern-nic_local-p1-vlan101,frr-cern-nic_local-p1-vlan101,frr-cern,frr-net1,100,manual,101.0,10:70:FD:E5:B6:50,enp8s0np0,enp8s0np0.101,,6,HundredGigE0/0/0/4
frr-cern-nic_local-p2,p2,frr-cern,,100,config,,10:70:FD:E5:B6:51,enp9s0np0,enp9s0np0,fe80::1270:fdff:fee5:b651,6,
frr-cern-nic_local-p2-vlan99,frr-cern-nic_local-p2-vlan99,frr-cern,pub-0,100,manual,99.0,10:70:FD:E5:B6:51,enp9s0np0,enp9s0np0.99,,6,HundredGigE0/0/0/6
frr-cern-meas_nic_frr-cern_CERN-p1,p1,frr-cern,l3_meas_net_CERN,100,auto,,02:E1:A2:04:48:A3,enp7s0,enp7s0,10.143.3.4,4,HundredGigE0/0/0/7
host1-host1_n3-p1,p1,host1,frr-net2,100,manual,,0A:14:55:F7:C4:3C,enp7s0,enp7s0,2602:fcfb:1d:fff3::2,4,HundredGigE0/0/0/15
host1-host1_n2-p1,p1,host1,frr-net1,100,manual,,0A:BA:A6:36:AB:6B,enp8s0,enp8s0,2602:fcfb:1d:fff2::2,4,HundredGigE0/0/0/15
host1-meas_nic_host1_CERN-p1,p1,host1,l3_meas_net_CERN,100,auto,,0A:CE:97:5A:09:A9,enp9s0,enp9s0,10.143.3.7,4,HundredGigE0/0/0/15



Time to print interfaces 151 seconds
Lease End (UTC)        : 2024-11-17 13:47:18 +0000


## Print slice SSH Commands

In [None]:
slice_name = f'FRR-{site.lower()}'
slice = fablib.get_slice(name=slice_name)

for node in slice.get_nodes():
    print(node)
