# Installation
## TODO
- [x] Add installation instructions for Enarx
- [x] Add running instructions for Enarx
- [x] Explain the CMAKE Options that can be used when compiling the CCIPS
- [ ] Provide CCIPS WASM docker compiler (To reduce steps and Prevent errors)
# Installing from source
When installing the version directly in a Server or VM it is important to install all the necessary dependencies from the Sysrepo framework:
## Some dependencies (debian/ubuntu)
```bash
sudo apt update
sudo apt install -y curl wget git build-essential automake autoconf gcc tar make zlib1g-dev libssl-dev clang
```
## Install latest cmake version
You can follow the guide provided in [here](https://askubuntu.com/a/1157132). Latest repositories versions of Ubuntu and Debian already have a compatible version of Ubuntu.
## PCRE2
```bash
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.42/pcre2-10.42.tar.bz2
tar -xvf pcre2-10.42.tar.bz2
cd pcre2-10.42
./configure
make && make install
```
## Libssh
```bash
git clone https://gitlab.com/libssh/libssh-mirror.git
cd libssh-mirror && mkdir build
cd build
cmake ..
make
make install
ldconfig
```
## Libyang
```bash
git clone --single-branch --branch v2.1.30 https://github.com/CESNET/libyang
cd libyang
mkdir build && cd build
cmake ..
make install
ldconfig
```
## Sysrepo
```bash
git clone --single-branch --branch v2.2.36 https://github.com/sysrepo/sysrepo
cd sysrepo && mkdir build && cd build
cmake ..
make install
ldconfig
```
### Libnetconf2
```bash
git clone --single-branch --branch v2.1.28 https://github.com/CESNET/libnetconf2.git
cd libnetconf2
mkdir build && cd build
cmake ..
make -j2 && make install
ldconfig
```
## Netopeer2
```bash
git clone --single-branch --branch v2.1.49 https://github.com/CESNET/Netopeer2.git
cd Netopeer2
mkdir build && cd build
cmake ..
make -j2 && make install
```
## Enarx
When running the version using enarx we need to install some tools. The clang wasm version to compile the CCIPS libraries and the cargo compiler to compile the RUST application into a wasm binary.
It is important to have glibc >= 2.34 installed. Otherwise the compiler wont work
### WASM-SDK (CLANG)
```bash
wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-17/wasi-sdk-17.0-linux.tar.gz
tar -xvzf wasi-sdk-17.0-linux.tar.gz
# Set WASI Home directory in env variables
export WASI_SDK_PATH=/home/ubuntu/wasi-sdk-17.0/
# For later compilation
export WASI_CLANG=${WASI_SDK_PATH}/bin/clang
```
After extracting all the files, inside the `wasi-sdk-17.0/bin` we have the `clang` binary needed to compile the cfgipsec libraries to Enarx. Now, for the CMAKE, we need to add the following variable to the Environments variables of the system.
```bash
export WASI_CLANG={WASI-}/wasi-sdk-17.0/bin/clang
```
### RUST
You can follow this [guide](https://www.digitalocean.com/community/tutorials/install-rust-on-ubuntu-linux)
```bash
# Go for default installation
curl --proto '=https' --tlsv1.3 https://sh.rustup.rs -sSf | sh
```
Then add the following command to your `~/.bashrc` file
`source $HOME/.cargo/env`.
## Enarx runtime
If you also like to run Enarx without using docker, you can follow their [guide](https://enarx.dev/docs/install) to install their framework on your setup.
## Installing ccips
### Configure first sysrepo
You need to install first the necessary YANG modules:
```bash
# In the same ccips repository
sysrepoctl -i yang/ietf-inet-types.yang --permissions=666 -v3
sysrepoctl -i yang/ietf-netconf-acm.yang --permissions=666 -v3
sysrepoctl -i yang/ietf-yang-types.yang --permissions=666 -v3
sysrepoctl -i yang/ietf-i2nsf-ikec.yang --permissions=666 -v3
sysrepoctl -i yang/ietf-i2nsf-ikeless.yang --permissions=666 -v3
```
Now you need to activate IKE-LESS case
```bash
# Enable ike-less case
sysrepoctl -c ietf-i2nsf-ikeless -e ikeless-notification -v3
```
We also need to disable the netconf-acm
```bash
echo '<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"><enable-nacm>false</enable-nacm></nacm>' > /disable-acm.xml
sysrepocfg --import=/disable-acm.xml -f xml --datastore startup --module ietf-netconf-acm -v3 && \
sysrepocfg --import=/disable-acm.xml -f xml --datastore running --module ietf-netconf-acm -v3
```
### Configure NETCONF access
If you dont have a user with right access to sysrepo you cand add one as follows
```bash
adduser --system netconf
mkdir -p /home/netconf/.ssh
echo "netconf:netconf" | chpasswd && adduser netconf sudo;
```
After this, there should be a user "netconf" with password "netconf" with the necessary rights to add/modify/delete something from the Sysrepo datastore by interacting with Netopeer.
### Running NETOPEER2 service
In the same repository there is a supervisord.conf which enables the netopeer2 service as a background service.
```bash
sudo apt update && sudo apt install -y supervisor
sudo cp supervisord.conf /etc/supervisord.conf
systemctl start supervisor
```
If you dont want to run it with supervisor, you can run the netopeer2 service like:
```bash
sudo netopeer2 -v3 -d
```
## Compiling standalone CCIPS
When running the standalone version of the ccips in the same directory as the ccips repository
```bash
mkdir build
cd build
cmake ..
make
```
This will generate an executable named i2nsf_cfgipsec2.
## Compiling Enarx RA
When running the RA application of the ccips in the same directory as the ccips repository
```bash
mkdir build
cd build
cmake DENARX_RA=ON ..
make
```
## Compiling Enarx TA
When running the RA application of the ccips in the same directory as the ccips repository
```bash
mkdir build && cd build
cmake DENARX_TA=ON ..
make && make install
```
The latest will generate the necessary static libraries and headers that will be used by the Cargo compiler to generate the wasm binary for the Enarx solution
To do this, go to the directory `cmd/i2nsf_enarx/enar` and run the following command
```
cargo build --release --target=wasm32-wasi
```
# Installing from Docker
We only need to have the repository downloaded and a functional version of docker
## Standalone
To build the Docker image simply run in the same repository of the Dockerfile of the CCIPS
```bash
sudo docker build -t ccips_agent .
```
## Docker Enarx RA
To build the Docker image simply run in the same repository of the Dockerfile of the CCIPS
```bash
sudo docker build -t ccips_agent_enarx --build-arg ENARX_RA=ON .
```
# Running CCIPS standalone
## With the binary compiled from source
Supposing that we have an already functional sysrepo database and netopeer2 working. We can just run the command
```bash
./i2nsf_cfgipsec2
# or with a maximum debug level of 5
i2nsf_cfgipsec2 -l 5
```
## With the docker image
Assuming that the namie of the image is ccips_agent
```bash
docker run -it --network host --cap-add ALL --name ccips_agent --rm ccips_agent
```
# Running CCIPS with Enarx
When running the CCIPS using Enarx first it is mandatory to run th TA and then RA sinc the TA at the moment the TA works as a TCP server and the RA connects to it.
## Enarx configuration
The file that configures some of the options of the TA for CCIPS can be found at `./cmd/i2nsf_enarx/enarx/Enarx.toml`. Here it is defined at which TCP port will the TA application listening to the incoming requests. By default it is setup to port **10000**. If you modify this option, you must also change the port in file `src/trust_client.c`
## Running Enarx TA
### Without docker
If you have installed enarx from source and you have add their binary to the PATH environment variable. In side the `cmd/i2nsf_enarx/enarx`
```bash
enarx run run --wasmcfgfile enarx.toml ./target/wasm32-wasi/release/enarx.wasm
```
### Docker Enarx TA
Go to the directory `cmd/i2nsf_enarx/enarx` and run the following.
```bash
sudo docker run --rm --name enarx_ccips -v `pwd`/Enarx.toml:/enarx.toml -p 10000:10000 -v `pwd`/target/wasm32-wasi/release/enarx.wasm:/i2nsf_enarx.wasm enarx/enarx:0.6.3 enarx run --wasmcfgfile /enarx.toml /i2nsf_enarx.wasm
```
To stop it, if ctrl+c is not working you can kill the container by
```bash
sudo docker rm -f enarx_ccips
```
## Running RA
### Without docker
Supposing that we have an already functional sysrepo database and netopeer2 working. We can just run the command
```bash
./i2nsf_cfgipsec2
# or with a maximum debug level of 5
i2nsf_cfgipsec2 -l 5
```
### With docker
To run it using docker, it must have acceess to the port exposed by the Enarx TA. The most easy way to run it is by having the docker image compiled with the `ENARX_RA` option as explained in this [section](#Docker-Enarx-RA)
You can then run it as follows
```bash
docker run -it --network host --cap-add ALL --name ccips_agent --rm ccips_agent_enarx
```
# CMAKE Options
## Enarx RA
The option `ENARX_RA` enables the compiler options `Trusted` and `Enarx` and compiles using the entry point of `cmd/i2nsf_ra/main.c`. It includes all the necessary libraries of `sysrepo`, `parson` and `pf_key` to manage the logic of the Rich Application.
## Enarx TA
The option `ENARX_TA` enables als othe compiler options `Trusted` and `Enarx`, but the main difference that it only compiles the libraries necessary for the Enarx runtime under the `libs` directory.
Sign in with Wallet
Connect another wallet