The goal of this repository is to deploy a minimal eVoting service based on the [dvoting][dvoting-repo] system with Ansible. This includes N (N>=4) conodes and a web frontend. This is an attempt to ansibilize Linus's [scripts][linus-scripts]
# ./votsibleWe have a number of VMs that can be used to demo the system. It will not be suitable for production as all the nodes are in our hands, but it is easier to setup and enables fast setup of a nice test bed.
Start by resetting everything on the demo target machines:
./votsible.sh --demo -t reset -t reset_docker_yes_yes_please -t yes_please_reset_docker_volumes_tooThe installation in steps:
- install traefik
- install and start all conodes
- configure the node network by exchanging the node configs and keys. This
can be done in three ways:
- fully automatic (but apparently not yet working) where the commands on the nodes are run by ansible itself;
- fully automatic where ansible first generate bash scripts and then execute them
- manually by ruinning the scripts that are generated by ansible. The
scripts can be found on each machine at
/srv/dela_demo/init/
- install and configure the web interface
- configure the proxy address (used by the browser to contact the nodes)
# Destroy everything
# ./votsible.sh --demo -t reset -t reset_docker_yes_yes_please -t yes_please_reset_docker_volumes_too
# Or just clear data
# RUNENV=demo ./bin/cleardata.sh
./votsible.sh --demo -t traefik
./votsible.sh --demo -t dela
# check content of /srv/dela_demo/init/keys. If it contains error messages then
# redo
# ./votsible.sh --demo -t dela
./votsible.sh --demo -t dela -t dela.manual_join
./votsible.sh --demo -t dvoting
./bin/fix_proxies_demo.sh
For development / testing purposes, in non-prod environments, login is faked
and the same person will cast a new vote each time so that one can easily
simulate many people voting with a single faked login.
In production off-course this is not activated and people will have to login via tequila and, in case they vote multiple times, only the last vote will be retained.
In order to test the production configuration in the demo environment, you have to disable the default behaviour by re-reconfiguing the backend with
RANDOMIZE=false DEVLOGIN=false ./votsible.sh --demo -t dvoting.runTraefik console for the web app should be visible here__
An ssl certificate valid for all hosts (nodes, proxies, frontend) is request to
EPFL via https://rauth.epfl.ch/certReq/ using the cerificate signing requst
generate by the go.sh script that can be found in the certs directory within
the keybase secrets directory.
TODO: We had to add a symlink to the directory containing the certs for
fsd.team to enable the traefik dashboard as well as the copresence of a demo
deployment in the same machine set as the prod because the current ansible
scripts support a single config for the certificates. We should make each
run env have its own config file for certificates and add the option to specify
a full directory for the certs instead of havint it relative to the base certs
source dir.
The following dns aliases are set:
- for the various frontend
voting2.epfl.ch(voting.epfl.chwill be transferred later)voting-test.epfl.chvoting-qualif.epfl.ch
- for the various (possible) node proxies:
dvot03.epfl.chdvot04.epfl.chdvot05.epfl.chdvot06.epfl.chdvot08.epfl.chdvot09.epfl.chdvot10.epfl.chdvot11.epfl.ch
- for the various nodes proxies:
nvot03.epfl.chnvot04.epfl.chnvot05.epfl.chnvot06.epfl.chnvot08.epfl.chnvot09.epfl.chnvot10.epfl.chnvot11.epfl.chThe various{dn}votNNpoint to the correspondingitsevoting00NN.xaas.epfl.ch
# Destroy everything
# ./votsible.sh --prod -t reset -t reset_docker_yes_yes_please -t yes_please_reset_docker_volumes_too
# Or just clear data
# RUNENV=prod ./bin/cleardata.sh
./votsible.sh --prod -t traefik
./votsible.sh --prod -t dela
./votsible.sh --prod -t dela -t dela.manual_join
./votsible.sh --prod -t dvoting
./bin/fix_proxies_prod.sh
./votsible --prod
./votsible --qual
./votsible --test
./votsible --demo
#./votsible --dev./votsible --test -t "test"./votsible --test -t "tag1,tag2,tag3"./votsible --test --skip-tags "github_key_import"./votsible --test -skip-tags "tag1,tag2,tag3"Get the list of all scipers of VPSI:
ldapsearch -x -h ldap.epfl.ch -b 'ou=vpo-si,o=epfl,c=ch' organizationalStatus=Personnel uniqueIdentifier | awk '/^uniqueIdentifier/{print $2;}' | sort -u > vpsi.txt
truncate -s -1 vpsi.txtGet the list of all scipers of students:
ldapsearch -x -h ldap.epfl.ch -b 'ou=etu,o=epfl,c=ch' objectClass=person uniqueIdentifier | awk '/^uniqueIdentifier/{print $2;}' > students.txt
truncate -s -1 students.txtFor generating the certificates for epfl.ch see certs/generated directory
in the project's keybase folder.
Essentially, a certicate signing request has to be generated with
openssl req -new -nodes -config cert-req.cnf -keyout privkey.pem -out voting_cert_request.csr
Then its content is to be copied in the form here where also the email ([email protected]) of the group has to be entered.
Within few minutes the certificate is delivered by e-mail. There will be a zip file
containing a directory named voting2_epfl_ch_XXXXXXXXX. Within the directory:
cat {voting2_epfl_ch.crt,DigiCertCA.crt,TrustedRoot.crt} > fullchain.pem
Then copy the fullchain.pem and privkey.pem into the epfl.ch directory
where ansible will go looking for the certificates.
More infos on the EPFL page dedicated to certificate generation. epfl_evoti
TODO
| TAG | Short | Description |
|---|---|---|
| add | When the project welcome new files | |
| btf | Changes that do not affect the meaning of the code (beautifulage) | |
| cnf | Changes in app configuration files | |
| doc | Documentation only changes | |
| fix | A bug fix | |
| fea | A new feature | |
| hoc | Repository cleanup (HouseCleaning) | |
| ign | When adding a .gitignore file or similar | |
| oth | Other changes that don't modify src or test files | |
| rfa | A code change (refactor) that neither fixes bug nor adds a feature | |
| rvt | Reverts a previous commit | |
| tag | When adding a tag reference | |
| tst | Adding missing tests or correcting existing tests | |
| wip | Work in progress. E.g. in case of fire |
- C4DT D-Voting GitHub fork [repository][dvoting-repo]
- C4DT Dela GitHub fork [repository][dela-repo]
- D-Voting [Kanban][dvoting-kanban] and [issues][dvoting-issues]
- Current [demo][dedis-demo] hosted by dedis
- Reference [scripts][linus-scripts] [linus-scripts]: https://github.com/c4dt/dela-scripts [dvoting-repo]: https://github.com/c4dt/d-voting [dela-repo]: https://github.com/c4dt/dela [dvoting-issues]: https://github.com/c4dt/d-voting/issues [dvoting-kanban]: https://github.com/orgs/c4dt/projects/6 [dedis-demo]: https://dvoting.c4dt.org